Skip to content

A NativeScript NPM implementing dynamic SSL pinning for Android and iOS

License

Notifications You must be signed in to change notification settings

Yoonit-Labs/nativescript-yoonit-handshake

Repository files navigation

nativescript-yoonit-handshake

A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.

About

The SSL pinning is a technique mitigating man-in-the-middle attacks against the secure HTTP communication, but has a drawback, the certificate's expiration date. This resolve this problem, implementing dynamic SSL pinning, providing easy to use fingerprint validation on the TLS handshake. The remote server must be the responsible to update the certificate(s).

Installation

npm i -s @yoonit/nativescript-handshake  

Special thanks and credits...

The current version of the library depends on [Wultra SSL Pinning] ([Android]((https://github.com/wultra/ssl-pinning-android) and iOS)).

Usage

function updateFingerprint() {
  this.$yoo.handshake.updateFingerprints(
    "YOUR PUBLIC KEY",
    "YOUR SERVICE URL",
    (result) => {
      switch (result) {
        case HandshakeResult.OK:
          // - Everything is OK;
          // - No Action is required;
          return;

        case HandshakeResult.STORE_IS_EMPTY:
          // - The update request succeeded;
          // - Result is still an empty list of certificates;
          // - May loading & validating of remote data succeeded;
          // - All loaded certificates are already expired;"
          return;

        case HandshakeResult.NETWORK_ERROR:
          // - The update request failed on a network communication.
          return;

        case HandshakeResult.INVALID_DATA:
          // The update request returned the data which did not pass the signature validation.
          return;

        case HandshakeResult.INVALID_SIGNATURE:
          // The update request returned the data which did not pass the signature validation.
          return;

        case HandshakeResult.INVALID_URL_SERVICE:
          // The url service does not exist or is invalid.
          return;
      }
    }
  );
}

API

Method

Function Parameters Description
updateFingerprint publicKey: string, serviceUrl: string, callback: (result: string) => void Update the list of fingerprints from the remote server. The method is asynchronous. Response can get in the callback.

Handshake Result

HandshakeResult Description
"OK"
  • Everything is OK;
  • No Action is required;
STORE_IS_EMPTY"
  • The update request succeeded;
  • Result is still an empty list of certificates;
  • May loading & validating of remote data succeeded;
  • All loaded certificates are already expired;
  • All loaded certificates are already expired;
"NETWORK_ERROR" The update request failed on a network communication.
"INVALID_DATA" The update request returned the data which did not pass the signature validation.
"INVALID_SIGNATURE" The update request returned the data which did not pass the signature validation.
"INVALID_URL_SERVICE" The url service does not exist or is invalid.

To contribute and make it better

Clone the repo, change what you want and send PR.

For commit messages we use Conventional Commits.

Contributions are always welcome!


Code with ❤ by the Cyberlabs AI Front-End Team