ssl pinning in Swift AlamoFire

swift ssl certificate alamofire pinning
user3412996 picture user3412996 · Feb 17, 2015 · Viewed 15k times · Source

Im a newb here but I have an app that is subject to MITM attacks.

After I bit of research it sounds like I need to do SSL Pining, i.e keep a copy of my servers public key/certificate so the can determine if the response came from it.

I have no idea how to do this, I am using AlamoFire in Swift to handle the networking.

Answer

Antzi picture Antzi · Dec 8, 2015

Alamofire now implemented the certificate pinning. The documentation you need is in the Readme.md

https://github.com/Alamofire/Alamofire

See their example implementation:

let serverTrustPolicies: [String: ServerTrustPolicy] = [
    "test.example.com": .PinCertificates(
        certificates: ServerTrustPolicy.certificatesInBundle(),
        validateCertificateChain: true,
        validateHost: true
    ),
    "insecure.expired-apis.com": .DisableEvaluation
]

let manager = Manager(
    serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)

Related questions

iOS certificate pinning with Swift and NSURLSession

Howto add certificate pinning to a NSURLSession in Swift? The OWASP website contains only an example for Objective-C and NSURLConnection.

Read More
How do I accept a self-signed SSL certificate using iOS 7's NSURLSession

I have the following code (swift implementation): func connection(connection: NSURLConnection, canAuthenticateAgainstProtectionSpace protectionSpace: NSURLProtectionSpace) -> Bool { return protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust } func connection(connection: NSURLConnection, didReceiveAuthenticationChallenge challenge: NSURLAuthenticationChallenge) { if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust { if challenge.protectionSpace.host == "myDomain" { let credentials = …

Read More
Swift iOS Client Certificate Authentication

The web service I want to consume requires a client certificate. How can I send my certificate to it? To further elaborate I don't understand how to create the SecIdentityRef. In my NSURLConnection didReceiveAuthenticationChallenge I've got this conditional after ServerTrust: …

Read More