I have been using certificate pinning. But now the requirement is to change to public key pinning. I took the project from someone else. I can implement public key pinning using Trustkit. But If I am going to use TrustKit, I have to change a lot of implementations. I have added the code for certificate pinning.
I wanted to use .pinPublicKeys instead of .pinCertificates. But in this implementation, I have to add the certificate to the build, which is what I am trying to avoid. I just want to use the public key hash. For .pinPublicKey, I have to add [secKey]. I couldn't find solutions for converting public hash key to SecKey. Please help with this issue.
class Client {
static let shared = Client()
var manager:SessionManager?
init() {
let certificates: [SecCertificate] = getCertificates()
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"app.###.com": .pinCertificates(
certificates: certificates,//ServerTrustPolicy.certificates(),
validateCertificateChain: true,
validateHost: true
)
]
manager = Alamofire.SessionManager(
configuration: URLSessionConfiguration.default,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
private func getCertificates() -> [SecCertificate] {
let url = Bundle.main.url(forResource: "certificate", withExtension: "der")!
let localCertificate = try! Data(contentsOf: url) as CFData
guard let certificate = SecCertificateCreateWithData(nil, localCertificate)
else { return [] }
return [certificate]
}
}
