How to incorporate SSL pinning in React Native using axios for api calls.
I came across TrustKit but my continues efforts to use the same ends up crashing my app. I tried both the ways of adding TrustKit.
- Via Info.list
<key>TSKConfiguration</key>
<dict>
<key>TSKSwizzleNetworkDelegates</key>
<true/>
<key>TSKPinnedDomains</key>
<dict>
<key>yourDomain.com</key>
<dict>
<key>TSKPublicKeyHashes</key>
<array>
<string>public key 1</string>
<string>public key 2</string>
</array>
<key>TSKPublicKeyAlgorithms</key>
<array>
<string>TSKAlgorithmRsa2048</string>
</array>
<key>TSKIncludeSubdomains</key>
<true/>
<key>TSKEnforcePinning</key>
<true/>
</dict>
</dict>
</dict>
- Via AppDelegate.mm within
didFinishLaunchingWithOptions
// Override TrustKit's logger method, useful for local debugging
void (^loggerBlock)(NSString *) = ^void(NSString *message)
{
NSLog(@"TrustKit log: %@", message);
};
[TrustKit setLoggerBlock:loggerBlock];
NSDictionary *trustKitConfig =
@{
// Swizzling because we can't access the NSURLSession instance used in React Native's fetch method
kTSKSwizzleNetworkDelegates: @YES,
kTSKPinnedDomains: @{
@"busdue.com" : @{
kTSKIncludeSubdomains: @YES, // Pin all subdomains
kTSKEnforcePinning: @YES, // Block connections if pinning validation failed
kTSKDisableDefaultReportUri: @YES,
kTSKPublicKeyHashes : @[
@"dz0GbS1i4LnBsJwhRw3iuZmVcgqpn+AlxSBRxUbOz0k=",
@"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=", // Fake backup key but we need to provide 2 pins
],
},
}};
[TrustKit initSharedInstanceWithConfiguration:trustKitConfig];
[TrustKit sharedInstance].pinningValidatorCallback = ^(TSKPinningValidatorResult *result, NSString *notedHostname, TKSDomainPinningPolicy *policy) {
if (result.finalTrustDecision == TSKTrustEvaluationFailedNoMatchingPin) {
NSLog(@"TrustKit certificate matching failed");
// Add more logging here. i.e. Sentry, BugSnag etc
}
};
I always end up getting this crash (https://i.stack.imgur.com/673OW.png)
Any suggestions are appreciated.
