5

I'm trying to implement SSL pinning in a react-native application (RN 0.60) and I'm using Trustkit.

Following the guide posted in https://github.com/datatheorem/TrustKit these are the step that I've done:

1) Install TrustKit pod using pod 'TrustKit' and pod install

2) Added to my AppDelegate.m this piece of code:

#import <TrustKit/TrustKit.h>

//inside didFinishLaunchingWithOptions

NSDictionary *trustKitConfig =
  @{
    kTSKSwizzleNetworkDelegates: @YES,
    kTSKPinnedDomains: @{
        @"www.datatheorem.com" : @{
            kTSKEnforcePinning:@YES,
            kTSKIncludeSubdomains:@YES,
            //Using wrong hashes so it fails
            kTSKPublicKeyHashes : @[
                @"Ca5gV6n7OVx4AxtEaIk8NI9qyKBTtKJjwqullb/v9hh=",
                @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihh="
                ]
            }}};

  [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];

When i try to do 

 RNFetchBlob.fetch('GET', "https://www.datatheorem.com", {})    //tried using standard fetch() but gives same results
    .then(async(res) => {
        console.log('RES => ' ,res)
    })
    // Something went wrong:
    .catch((err) => {
        console.log('ERROR =>', err);
    })

It goes inside then and doesn't give any error but responds with a 200 status code (using wrong Hashes).

Otherwise, using Android it works correctly, going inside the catch and saying:

Error: Pin verification failed
Auticcat
  • 4,359
  • 2
  • 13
  • 28

2 Answers2

3

So, I've came back to this and tried it out again and got it working. The only difference from my current code to the one i posted some time ago is that i added kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa2048] inside a specific pinned domain.

I've followed the same steps i posted in the question. The final AppDelegate looks like:

Inside didFinishLaunchingWithOptions before the return YES, i added:

  [self initTrustKit];

Then after the enclosing parenthesis of the didFinishLaunchingWithOptions i added:

- (void)initTrustKit {
      NSDictionary *trustKitConfig =
  @{
    kTSKSwizzleNetworkDelegates: @YES,                    
    kTSKPinnedDomains : @{
            @"www.datatheorem.com" : @{
              kTSKEnforcePinning : @YES,
              kTSKIncludeSubdomains:@YES,
                    kTSKPublicKeyHashes : @[
                        @"Ca5gV6n7OVx4AxtEaIk8NI9qyKBTtKJjwqullb/v9hh=",
                        @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihh="
                            ],
              kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa2048],
                    },
            }};
    [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];
}

Not it works in iOS returning going in the catch and printing : ERROR => cancelled

Auticcat
  • 4,359
  • 2
  • 13
  • 28
0

I have configure the TrustKit in the Info.plist. Also I notice that even though you have only 1 PublicKeyHash, you have to provide a dummy one as well for Trustkit to work in iOS apps.

Kalana
  • 5,631
  • 7
  • 30
  • 51
kam89
  • 1
  • 2
  • In the example I posted there are 2 hashes. I used the appDelegate method as it’s more readable (for me) than using the info.plist . Or were you talking about something else? – Auticcat Dec 28 '19 at 07:07
  • Yes. Your example is correct. I mean when I doing my project, I just put 1 hash and the app is crashes upon build. After checking for few hours and found out that the app crashes due to missing backup hash. Just to share my experience that 2 hashes must be provided. – kam89 Dec 29 '19 at 04:48