UNPKG

react-native-cert-pinner

Version:

For React Native, pins TLS connections to specific trusted certificates' public keys

github.com/approov/react-native-cert-pinner

approov/react-native-cert-pinner

182 lines (151 loc) 4.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
const fs = require('fs'); const path = require('path'); var plist = require('plist'); const Log = require('../Log'); const andHead = `package com.criticalblue.reactnative; import okhttp3.CertificatePinner; public class GeneratedCertificatePinner { public static CertificatePinner instance() { CertificatePinner.Builder builder = new CertificatePinner.Builder(); `; const andFoot = ` return builder.build(); } } `; module.exports = (args) => { // prep config file const count = args._.length; const srcPath = (count > 1)? args._[1] : './pinset.json'; if (!fs.existsSync(srcPath)) { Log.fatal(`Missing config file: ${srcPath}`); } // prep android project path let andBase = "./android"; if (args.a) { if (args.a.length <= 0) { Log.fatal(`Option '-a' missing path to Android project`); } andBase = args.a; } const andExists = fs.existsSync(andBase); if (!andExists) { Log.warn(`Android project not found: ${andBase}`); } const andPath = `${andBase}/app/src/main/java/com/criticalblue/reactnative/GeneratedCertificatePinner.java`; // prep ios project path let iosBase = "./ios"; if (args.i) { if (args.i.length <= 0) { Log.fatal(`Option '-i' missing path to iOS project`); } iosBase = args.i; } const iosExists = fs.existsSync(iosBase); if (!iosExists) { Log.warn(`iOS project not found: ${iosBase}`); } let iosPath = ''; let iosInfo = {}; if (iosExists) { const iosXcodeprojs = fs.readdirSync(iosBase).filter(fn => fn.endsWith('.xcodeproj')); if (iosXcodeprojs.length != 1) { Log.fatal('Cannot find unique *.xcodeproj in ${iosBase)'); } iosPath = iosBase + '/' + path.basename(iosXcodeprojs[0], '.xcodeproj') + '/info.plist'; if (!fs.existsSync(iosPath)) { Log.fatal(`Missing iOS plist file: ${iosPath}`); } iosInfo = plist.parse(fs.readFileSync(iosPath, 'utf8')); } // check any projects if (!andExists && !iosExists) { Log.fatal('Neither Android nor iOS projects found'); } // check file ages let andUpdate = andExists; if (andUpdate && fs.existsSync(andPath)) { if (fs.statSync(srcPath).mtimeMs < fs.statSync(andPath).mtimeMs) { if (!args.f) { andUpdate = false; Log.warn(`config file'${srcPath}' is older than Android file '${andPath}'; use '-f' to force update.`); } } } let iosUpdate = iosExists; if (iosUpdate && fs.existsSync(iosPath)) { if (fs.statSync(srcPath).mtimeMs < fs.statSync(iosPath).mtimeMs) { if (!args.f) { iosUpdate = false; Log.warn(`config file'${srcPath}' is older than iOS file '${iosPath}'; use '-f' to force update.`); } } } if (!andUpdate && !iosUpdate) { Log.warn('No files updated'); return; } // read pinset config let pinset = ''; try { pinset = JSON.parse(fs.readFileSync(srcPath, 'utf8')); } catch (err) { Log.fatal(`Config file '${srcPath}' error: ${err}`); } Log.info(`Reading config file '${srcPath}'.`); // write android config if (andUpdate) { Log.info(`Updating java file '${andPath}'.`); try { let andBody = ''; for (let domain in pinset.domains) { pinset.domains[domain].pins.forEach((pin) => { andBody += ` builder.add("${domain}", "${pin}");\n`; }); } fs.writeFileSync(andPath, andHead + andBody + andFoot); } catch(err) { Log.fatal(`Java file '${andPath}' error: ${err}`); } } // write ios config if (iosUpdate) { Log.info(`Updating plist file '${iosPath}'.`); try { let iosDomains = {}; for (let domain in pinset.domains) { let includeSubdomains = false; let baseDomain = domain; if (domain.startsWith('*.')) { includeSubdomains = true; baseDomain = domain.substring(2); } let iosDomain = { TSKEnforcePinning: true, TSKIncludeSubdomains: includeSubdomains, TSKPublicKeyAlgorithms: ['TSKAlgorithmRsa2048'], }; pinArray = []; pinset.domains[domain].pins.forEach((pin) => { if (pin.startsWith('sha256/')) { pinArray.push(pin.substring(7)); } else { pinArray.push(pin); } }); iosDomain['TSKPublicKeyHashes'] = pinArray; iosDomains[baseDomain] = iosDomain; } iosInfo['TSKConfiguration'] = { 'TSKPinnedDomains': iosDomains, 'TSKSwizzleNetworkDelegates': true } // WRITE OUT FILE HERE fs.writeFileSync(iosPath, plist.build(iosInfo)); } catch(err) { Log.fatal(`iOS plist file '${iosPath}' error: ${err}`); } } }