Menu
I use AFNetworking 2.3.1, I have a trusted certificate for which I'd like to pin the public key.
I have the crt, key, pfx files, so I imagine I have to add them into my bundle.
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc]
initWithRequest:request];
[operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation,
id responseObject) {
NSLog(@"Success");
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
return [self processError:[operation response]];
}];
[operation start];
Now how can I tell AFNetworking to use the AFSSLPinningModePublicKey mode ?
(I don't see the setSSLPinningMode method from AFHTTPRequestOperation)
And how do I tell AFNetworking to use the added key ? I can't find any example on the documentation.
263
SSL Pinning is the process of associating a host with their expected X509 certificate or a public key. Once a host's certificate or public key is known or identified, the certificate or public key is associated or 'pinned' to the host. This offers protection against certificate forgery.
SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime.
Google was one of the first to use pinning in 2011, when they pinned the issuing CAs for their main websites in the Chrome browser. When Chrome connected to google.com, it already knew which CAs to accept. If a certificate from any other CA was presented, the connection would be blocked.
What Is Certificate Pinning? Certificate pinning forces your client app to validate the server's certificate against a known copy. After pinning your server's certificate inside your client app, your client should check the basic validity of the cert as in No.
AFNetworking has an AFSecurityPolicy object has values for security features, including the SSL pinning mode.
You can set the securityPolicy on an AFHTTPRequestOperation:
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
operation.securityPolicy = securityPolicy;
Your certificate must have the extension cer not crt and should be in DER format. Add it to your bundle. You can convert it to the correct format in a terminal with the following command:
openssl x509 -in domain.crt -out domain.cer -outform der
You should not include keys in your app bundle, only the certificate is required.
131
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
/**** SSL Pinning ****/
AFSecurityPolicy *securityPolicy = [[self alloc] init];
securityPolicy.SSLPinningMode = AFSSLPinningModePublicKey;
[manager setSecurityPolicy:securityPolicy];
/**** SSL Pinning ****/
[manager GET:WEBSITE_URL parameters:params
success:^(AFHTTPRequestOperation *operation, NSDictionary* responseObject) {
//..... beautiful code here
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
//..... beautiful code here
}];
Hope this help
Check the link here: Also, refer AFNetworking Documents
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
