diff --git a/AXWebViewController.xcodeproj/project.pbxproj b/AXWebViewController.xcodeproj/project.pbxproj index b79d748..88c3637 100644 --- a/AXWebViewController.xcodeproj/project.pbxproj +++ b/AXWebViewController.xcodeproj/project.pbxproj @@ -19,7 +19,7 @@ 01CDC1511C2A3C9100D9AF53 /* AXWebViewController.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 01CDC1501C2A3C9100D9AF53 /* AXWebViewController.bundle */; }; 01CDC15D1C2A41DF00D9AF53 /* TableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 01CDC15C1C2A41DF00D9AF53 /* TableViewController.m */; }; 97F6BE6D557C0BB485DDCF88 /* libPods-AXWebViewController.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 2642E682614F41BF460E7673 /* libPods-AXWebViewController.a */; }; - DCABA01B1EC5EE2A005C7D31 /* AFSecurityPolicy.m in Sources */ = {isa = PBXBuildFile; fileRef = DCABA01A1EC5EE2A005C7D31 /* AFSecurityPolicy.m */; }; + DCABA01B1EC5EE2A005C7D31 /* AXSecurityPolicy.m in Sources */ = {isa = PBXBuildFile; fileRef = DCABA01A1EC5EE2A005C7D31 /* AXSecurityPolicy.m */; }; DCABA0231EC5FDFF005C7D31 /* AXWebViewControllerActivity.m in Sources */ = {isa = PBXBuildFile; fileRef = DCABA01E1EC5FDFF005C7D31 /* AXWebViewControllerActivity.m */; }; DCCF48241E7987C9009CF38E /* Swift.pdf in Resources */ = {isa = PBXBuildFile; fileRef = DCCF48231E7987C9009CF38E /* Swift.pdf */; }; /* End PBXBuildFile section */ @@ -50,8 +50,8 @@ 3B7311EC599653BFAAF42107 /* Pods-AXWebViewController.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AXWebViewController.debug.xcconfig"; path = "Pods/Target Support Files/Pods-AXWebViewController/Pods-AXWebViewController.debug.xcconfig"; sourceTree = ""; }; A13CC1551E977227003AC1B2 /* zh-Hant */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hant"; path = "zh-Hant.lproj/Main.strings"; sourceTree = ""; }; A13CC1561E977227003AC1B2 /* zh-Hant */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hant"; path = "zh-Hant.lproj/LaunchScreen.strings"; sourceTree = ""; }; - DCABA0191EC5EE2A005C7D31 /* AFSecurityPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AFSecurityPolicy.h; sourceTree = ""; }; - DCABA01A1EC5EE2A005C7D31 /* AFSecurityPolicy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AFSecurityPolicy.m; sourceTree = ""; }; + DCABA0191EC5EE2A005C7D31 /* AXSecurityPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AXSecurityPolicy.h; sourceTree = ""; }; + DCABA01A1EC5EE2A005C7D31 /* AXSecurityPolicy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AXSecurityPolicy.m; sourceTree = ""; }; DCABA01D1EC5FDFF005C7D31 /* AXWebViewControllerActivity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AXWebViewControllerActivity.h; sourceTree = ""; }; DCABA01E1EC5FDFF005C7D31 /* AXWebViewControllerActivity.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AXWebViewControllerActivity.m; sourceTree = ""; }; DCCF48231E7987C9009CF38E /* Swift.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = Swift.pdf; sourceTree = ""; }; @@ -151,8 +151,8 @@ DCABA0181EC5EE2A005C7D31 /* Security */ = { isa = PBXGroup; children = ( - DCABA0191EC5EE2A005C7D31 /* AFSecurityPolicy.h */, - DCABA01A1EC5EE2A005C7D31 /* AFSecurityPolicy.m */, + DCABA0191EC5EE2A005C7D31 /* AXSecurityPolicy.h */, + DCABA01A1EC5EE2A005C7D31 /* AXSecurityPolicy.m */, ); name = Security; path = AXWebViewController/Security; @@ -300,7 +300,7 @@ DCABA0231EC5FDFF005C7D31 /* AXWebViewControllerActivity.m in Sources */, 01513BF01C28F70700CB8238 /* main.m in Sources */, 01AA4F1C1D4F28DD008F2A2C /* TabbarViewController2.m in Sources */, - DCABA01B1EC5EE2A005C7D31 /* AFSecurityPolicy.m in Sources */, + DCABA01B1EC5EE2A005C7D31 /* AXSecurityPolicy.m in Sources */, 01CDC15D1C2A41DF00D9AF53 /* TableViewController.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; diff --git a/AXWebViewController/AXWebViewController/AXWebViewController.h b/AXWebViewController/AXWebViewController/AXWebViewController.h index f93158e..5709355 100644 --- a/AXWebViewController/AXWebViewController/AXWebViewController.h +++ b/AXWebViewController/AXWebViewController/AXWebViewController.h @@ -44,7 +44,7 @@ #import #if AX_WEB_VIEW_CONTROLLER_USING_WEBKIT #import -#import "AFSecurityPolicy.h" +#import "AXSecurityPolicy.h" #endif #ifndef AX_REQUIRES_SUPER #if __has_attribute(objc_requires_super) @@ -253,7 +253,7 @@ typedef NSURLSessionAuthChallengeDisposition (^WKWebViewDidReceiveAuthentication @property(copy, nonatomic, nullable) WKWebViewDidReceiveAuthenticationChallengeHandler challengeHandler; /// The security policy used by created session to evaluate server trust for secure connections. /// `AXWebViewController` uses the `defaultPolicy` unless otherwise specified. -@property (strong, nonatomic, nullable) AFSecurityPolicy *securityPolicy; +@property (strong, nonatomic, nullable) AXSecurityPolicy *securityPolicy; @end #endif NS_ASSUME_NONNULL_END diff --git a/AXWebViewController/AXWebViewController/AXWebViewController.m b/AXWebViewController/AXWebViewController/AXWebViewController.m index 0cc1ad0..049a9c8 100644 --- a/AXWebViewController/AXWebViewController/AXWebViewController.m +++ b/AXWebViewController/AXWebViewController/AXWebViewController.m @@ -52,7 +52,7 @@ @interface AXWebViewController () #import -typedef NS_ENUM(NSUInteger, AFSSLPinningMode) { - AFSSLPinningModeNone, - AFSSLPinningModePublicKey, - AFSSLPinningModeCertificate, +typedef NS_ENUM(NSUInteger, AXSSLPinningMode) { + AXSSLPinningModeNone, + AXSSLPinningModePublicKey, + AXSSLPinningModeCertificate, }; /** - `AFSecurityPolicy` evaluates server trust against pinned X.509 certificates and public keys over secure connections. + `AXSecurityPolicy` evaluates server trust against pinned X.509 certificates and public keys over secure connections. Adding pinned SSL certificates to your app helps prevent man-in-the-middle attacks and other vulnerabilities. Applications dealing with sensitive customer data or financial information are strongly encouraged to route all communication over an HTTPS connection with SSL pinning configured and enabled. */ NS_ASSUME_NONNULL_BEGIN -@interface AFSecurityPolicy : NSObject +@interface AXSecurityPolicy : NSObject /** - The criteria by which server trust should be evaluated against the pinned SSL certificates. Defaults to `AFSSLPinningModeNone`. + The criteria by which server trust should be evaluated against the pinned SSL certificates. Defaults to `AXSSLPinningModeNone`. */ -@property (readonly, nonatomic, assign) AFSSLPinningMode SSLPinningMode; +@property (readonly, nonatomic, assign) AXSSLPinningMode SSLPinningMode; /** The certificates used to evaluate server trust according to the SSL pinning mode. - By default, this property is set to any (`.cer`) certificates included in the target compiling AFNetworking. Note that if you are using AFNetworking as embedded framework, no certificates will be pinned by default. Use `certificatesInBundle` to load certificates from your target, and then create a new policy by calling `policyWithPinningMode:withPinnedCertificates`. + By default, this property is set to any (`.cer`) certificates included in the target compiling AXNetworking. Note that if you are using AXNetworking as embedded framework, no certificates will be pinned by default. Use `certificatesInBundle` to load certificates from your target, and then create a new policy by calling `policyWithPinningMode:withPinnedCertificates`. Note that if pinning is enabled, `evaluateServerTrust:forDomain:` will return true if any pinned certificate matches. */ @@ -67,7 +67,7 @@ NS_ASSUME_NONNULL_BEGIN ///----------------------------------------- /** - Returns any certificates included in the bundle. If you are using AFNetworking as an embedded framework, you must use this method to find the certificates you have included in your app bundle, and use them when creating your security policy by calling `policyWithPinningMode:withPinnedCertificates`. + Returns any certificates included in the bundle. If you are using AXNetworking as an embedded framework, you must use this method to find the certificates you have included in your app bundle, and use them when creating your security policy by calling `policyWithPinningMode:withPinnedCertificates`. @return The certificates included in the given bundle. */ @@ -95,7 +95,7 @@ NS_ASSUME_NONNULL_BEGIN @return A new security policy. */ -+ (instancetype)policyWithPinningMode:(AFSSLPinningMode)pinningMode; ++ (instancetype)policyWithPinningMode:(AXSSLPinningMode)pinningMode; /** Creates and returns a security policy with the specified pinning mode. @@ -105,7 +105,7 @@ NS_ASSUME_NONNULL_BEGIN @return A new security policy. */ -+ (instancetype)policyWithPinningMode:(AFSSLPinningMode)pinningMode withPinnedCertificates:(NSSet *)pinnedCertificates; ++ (instancetype)policyWithPinningMode:(AXSSLPinningMode)pinningMode withPinnedCertificates:(NSSet *)pinnedCertificates; ///------------------------------ /// @name Evaluating Server Trust @@ -135,20 +135,20 @@ NS_ASSUME_NONNULL_END /** ## SSL Pinning Modes - The following constants are provided by `AFSSLPinningMode` as possible SSL pinning modes. + The following constants are provided by `AXSSLPinningMode` as possible SSL pinning modes. enum { - AFSSLPinningModeNone, - AFSSLPinningModePublicKey, - AFSSLPinningModeCertificate, + AXSSLPinningModeNone, + AXSSLPinningModePublicKey, + AXSSLPinningModeCertificate, } - `AFSSLPinningModeNone` + `AXSSLPinningModeNone` Do not used pinned certificates to validate servers. - `AFSSLPinningModePublicKey` + `AXSSLPinningModePublicKey` Validate host certificates against public keys of pinned certificates. - `AFSSLPinningModeCertificate` + `AXSSLPinningModeCertificate` Validate host certificates against pinned certificates. */ diff --git a/AXWebViewController/AXWebViewController/Security/AFSecurityPolicy.m b/AXWebViewController/AXWebViewController/Security/AXSecurityPolicy.m similarity index 86% rename from AXWebViewController/AXWebViewController/Security/AFSecurityPolicy.m rename to AXWebViewController/AXWebViewController/Security/AXSecurityPolicy.m index ec81d37..b9ee7d9 100644 --- a/AXWebViewController/AXWebViewController/Security/AFSecurityPolicy.m +++ b/AXWebViewController/AXWebViewController/Security/AXSecurityPolicy.m @@ -1,4 +1,4 @@ -// AFSecurityPolicy.m +// AXSecurityPolicy.m // Copyright (c) 2011–2016 Alamofire Software Foundation ( http://alamofire.org/ ) // // Permission is hereby granted, free of charge, to any person obtaining a copy @@ -19,12 +19,12 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -#import "AFSecurityPolicy.h" +#import "AXSecurityPolicy.h" #import #if !TARGET_OS_IOS && !TARGET_OS_WATCH && !TARGET_OS_TV -static NSData * AFSecKeyGetData(SecKeyRef key) { +static NSData * AXSecKeyGetData(SecKeyRef key) { CFDataRef data = NULL; __Require_noErr_Quiet(SecItemExport(key, kSecFormatUnknown, kSecItemPemArmour, NULL, &data), _out); @@ -40,15 +40,15 @@ } #endif -static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { +static BOOL AXSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { #if TARGET_OS_IOS || TARGET_OS_WATCH || TARGET_OS_TV return [(__bridge id)key1 isEqual:(__bridge id)key2]; #else - return [AFSecKeyGetData(key1) isEqual:AFSecKeyGetData(key2)]; + return [AXSecKeyGetData(key1) isEqual:AXSecKeyGetData(key2)]; #endif } -static id AFPublicKeyForCertificate(NSData *certificate) { +static id AXPublicKeyForCertificate(NSData *certificate) { id allowedPublicKey = nil; SecCertificateRef allowedCertificate; SecCertificateRef allowedCertificates[1]; @@ -89,7 +89,7 @@ static id AFPublicKeyForCertificate(NSData *certificate) { return allowedPublicKey; } -static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) { +static BOOL AXServerTrustIsValid(SecTrustRef serverTrust) { BOOL isValid = NO; SecTrustResultType result; __Require_noErr_Quiet(SecTrustEvaluate(serverTrust, &result), _out); @@ -100,7 +100,7 @@ static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) { return isValid; } -static NSArray * AFCertificateTrustChainForServerTrust(SecTrustRef serverTrust) { +static NSArray * AXCertificateTrustChainForServerTrust(SecTrustRef serverTrust) { CFIndex certificateCount = SecTrustGetCertificateCount(serverTrust); NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:(NSUInteger)certificateCount]; @@ -112,7 +112,7 @@ static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) { return [NSArray arrayWithArray:trustChain]; } -static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) { +static NSArray * AXPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) { SecPolicyRef policy = SecPolicyCreateBasicX509(); CFIndex certificateCount = SecTrustGetCertificateCount(serverTrust); NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:(NSUInteger)certificateCount]; @@ -148,12 +148,12 @@ static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) { #pragma mark - -@interface AFSecurityPolicy() -@property (readwrite, nonatomic, assign) AFSSLPinningMode SSLPinningMode; +@interface AXSecurityPolicy() +@property (readwrite, nonatomic, assign) AXSSLPinningMode SSLPinningMode; @property (readwrite, nonatomic, strong) NSSet *pinnedPublicKeys; @end -@implementation AFSecurityPolicy +@implementation AXSecurityPolicy + (NSSet *)certificatesInBundle:(NSBundle *)bundle { NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"."]; @@ -179,18 +179,18 @@ + (NSSet *)defaultPinnedCertificates { } + (instancetype)defaultPolicy { - AFSecurityPolicy *securityPolicy = [[self alloc] init]; - securityPolicy.SSLPinningMode = AFSSLPinningModeNone; + AXSecurityPolicy *securityPolicy = [[self alloc] init]; + securityPolicy.SSLPinningMode = AXSSLPinningModeNone; return securityPolicy; } -+ (instancetype)policyWithPinningMode:(AFSSLPinningMode)pinningMode { ++ (instancetype)policyWithPinningMode:(AXSSLPinningMode)pinningMode { return [self policyWithPinningMode:pinningMode withPinnedCertificates:[self defaultPinnedCertificates]]; } -+ (instancetype)policyWithPinningMode:(AFSSLPinningMode)pinningMode withPinnedCertificates:(NSSet *)pinnedCertificates { - AFSecurityPolicy *securityPolicy = [[self alloc] init]; ++ (instancetype)policyWithPinningMode:(AXSSLPinningMode)pinningMode withPinnedCertificates:(NSSet *)pinnedCertificates { + AXSecurityPolicy *securityPolicy = [[self alloc] init]; securityPolicy.SSLPinningMode = pinningMode; [securityPolicy setPinnedCertificates:pinnedCertificates]; @@ -215,7 +215,7 @@ - (void)setPinnedCertificates:(NSSet *)pinnedCertificates { if (self.pinnedCertificates) { NSMutableSet *mutablePinnedPublicKeys = [NSMutableSet setWithCapacity:[self.pinnedCertificates count]]; for (NSData *certificate in self.pinnedCertificates) { - id publicKey = AFPublicKeyForCertificate(certificate); + id publicKey = AXPublicKeyForCertificate(certificate); if (!publicKey) { continue; } @@ -232,7 +232,7 @@ - (void)setPinnedCertificates:(NSSet *)pinnedCertificates { - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain { - if (domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == AFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) { + if (domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == AXSSLPinningModeNone || [self.pinnedCertificates count] == 0)) { // https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html // According to the docs, you should only trust your provided certs for evaluation. // Pinned certificates are added to the trust. Without pinned certificates, @@ -254,29 +254,29 @@ - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies); - if (self.SSLPinningMode == AFSSLPinningModeNone) { - return self.allowInvalidCertificates || AFServerTrustIsValid(serverTrust); - } else if (!AFServerTrustIsValid(serverTrust) && !self.allowInvalidCertificates) { + if (self.SSLPinningMode == AXSSLPinningModeNone) { + return self.allowInvalidCertificates || AXServerTrustIsValid(serverTrust); + } else if (!AXServerTrustIsValid(serverTrust) && !self.allowInvalidCertificates) { return NO; } switch (self.SSLPinningMode) { - case AFSSLPinningModeNone: + case AXSSLPinningModeNone: default: return NO; - case AFSSLPinningModeCertificate: { + case AXSSLPinningModeCertificate: { NSMutableArray *pinnedCertificates = [NSMutableArray array]; for (NSData *certificateData in self.pinnedCertificates) { [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)]; } SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates); - if (!AFServerTrustIsValid(serverTrust)) { + if (!AXServerTrustIsValid(serverTrust)) { return NO; } - // obtain the chain after being validated, which *should* contain the pinned certificate in the last position (if it's the Root CA) - NSArray *serverCertificates = AFCertificateTrustChainForServerTrust(serverTrust); + // obtain the chain AXter being validated, which *should* contain the pinned certificate in the last position (if it's the Root CA) + NSArray *serverCertificates = AXCertificateTrustChainForServerTrust(serverTrust); for (NSData *trustChainCertificate in [serverCertificates reverseObjectEnumerator]) { if ([self.pinnedCertificates containsObject:trustChainCertificate]) { @@ -286,13 +286,13 @@ - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust return NO; } - case AFSSLPinningModePublicKey: { + case AXSSLPinningModePublicKey: { NSUInteger trustedPublicKeyCount = 0; - NSArray *publicKeys = AFPublicKeyTrustChainForServerTrust(serverTrust); + NSArray *publicKeys = AXPublicKeyTrustChainForServerTrust(serverTrust); for (id trustChainPublicKey in publicKeys) { for (id pinnedPublicKey in self.pinnedPublicKeys) { - if (AFSecKeyIsEqualToKey((__bridge SecKeyRef)trustChainPublicKey, (__bridge SecKeyRef)pinnedPublicKey)) { + if (AXSecKeyIsEqualToKey((__bridge SecKeyRef)trustChainPublicKey, (__bridge SecKeyRef)pinnedPublicKey)) { trustedPublicKeyCount += 1; } } @@ -306,7 +306,7 @@ - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust #pragma mark - NSKeyValueObserving -+ (NSSet *)keyPathsForValuesAffectingPinnedPublicKeys { ++ (NSSet *)keyPathsForValuesAXfectingPinnedPublicKeys { return [NSSet setWithObject:@"pinnedCertificates"]; } @@ -341,7 +341,7 @@ - (void)encodeWithCoder:(NSCoder *)coder { #pragma mark - NSCopying - (instancetype)copyWithZone:(NSZone *)zone { - AFSecurityPolicy *securityPolicy = [[[self class] allocWithZone:zone] init]; + AXSecurityPolicy *securityPolicy = [[[self class] allocWithZone:zone] init]; securityPolicy.SSLPinningMode = self.SSLPinningMode; securityPolicy.allowInvalidCertificates = self.allowInvalidCertificates; securityPolicy.validatesDomainName = self.validatesDomainName;