I am using AFNetworking 3.0. I have webserver with a https certificate which is signed by Global Sign. I want to add Certificate pinning to my iOS app. My code as below:
- (AFSecurityPolicy*)customSecurityPolicy{
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
[securityPolicy setAllowInvalidCertificates:NO];
[securityPolicy setValidatesDomainName:YES];
//securityPolicy.validatesCertificateChain = NO;
[securityPolicy setPinnedCertificates:[NSKeyedUnarchiver unarchiveObjectWithData:certData]];
return securityPolicy;
}
My client code:
NSString *url = SERVER_URL;
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
manager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"application/json"];
manager.securityPolicy = [utils customSecurityPolicy];
[manager GET:url parameters:nil progress:nil success:^(NSURLSessionTask *task, id responseObject) {
NSLog(@"JSON: %@", responseObject);
} failure:^(NSURLSessionTask *operation, NSError *error) {
NSLog(@"Error: %@", error);
}];
We use burp suite for the man-in-the-middle proxy, we are able to interrupt the request and monitor the contents of the request.
So, How can I implement certificate pinning properly?