How to add SSL Certificate pinning in Parse Configuration (Parse SDK iOS) #1587
Comments
amitpristyn
changed the title
amitpristyn
changed the title
|
This type of functionality could be added if you want to take on the task. My initial thoughts are you conform to the didReceiveChallenge delegate method here: Then you need to pass the |
cbaker6
added
Enhancement
type:feature
I don't know where I use this please check my code given below class func setParserClientConfigAndInit() {
// let session = URLSession(
// configuration: URLSessionConfiguration.ephemeral,
// delegate: URLSessionPinningDelegate(),
// delegateQueue: nil)
let configuration = ParseClientConfiguration {
$0.applicationId = KAPI.applicationId
$0.clientKey = ""
$0.server = KAPI.applicationServer
$0.urlSessionConfiguration.httpAdditionalHeaders = setParseHeader()
#if DEBUG
// not used
#else
// $0.urlSessionConfiguration = session.configuration
#endif
}
//Parse initilize
Parse.initialize(with: configuration)
}I don't know where I pass or where I use it on the given class NSURLSessionPinningDelegate: NSObject, URLSessionDelegate {
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
// Adapted from OWASP https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#iOS
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
if let serverTrust = challenge.protectionSpace.serverTrust {
let isServerTrusted = SecTrustEvaluateWithError(serverTrust, nil)
if(isServerTrusted) {
if let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) {
let serverCertificateData = SecCertificateCopyData(serverCertificate)
let data = CFDataGetBytePtr(serverCertificateData);
let size = CFDataGetLength(serverCertificateData);
let cert1 = NSData(bytes: data, length: size)
let file_der = Bundle.main.path(forResource: "certificateFile", ofType: "der")
if let file = file_der {
if let cert2 = NSData(contentsOfFile: file) {
if cert1.isEqual(to: cert2 as Data) {
completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust:serverTrust))
return
}
}
}
}
}
}
}
// Pinning failed
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
}
} |
|
You have the right idea, but the code you listed is what you would use as a developer. You need to open a PR, add the delegate method I mentioned and add the new configuration parameter. You can use what I did in ParseSwift as a reference https://github.com/parse-community/Parse-Swift/pull/45/files Though the structure is different. |
|
You will also need to do more If you want to pass in your own headers. You won't be able to use your own delegate because Parse already has one. You should only need to respond to the challenge and maybe pass in headers which can be two different parameters that can be passed into the config assuming you add the capability to the SDK. |
Any method to add SSL pinning certificate in parse request and response handle like an error in parse query |
I am working as an iOS developer and I don't know how to add a certificate in Parse initialization SDK because for security purpose any middle attack all data is exposed in front of Charles or any other so the client requirement is to add a certificate in parse request in Android, it is used in request but no any option in iOS SWIFT |
|
The links and comments I posted are in reference to how to do it. iOS allows it via |
|
dup #1103 |
|
#1598 |
|
This issue has been automatically marked as stale because it has not had recent activity. If you believe it should stay open, please let us know! As always, we encourage contributions, check out the Contributing Guide |
There is no option to add certificate pinning and verify can you please help
The text was updated successfully, but these errors were encountered: