react-native-ssl-pinning-guard/README.md

SSL pinning module for React Native using TurboModules

# react-native-ssl-pinning-guard

A robust SSL Pinning plugin for React Native, supporting New Architecture (TurboModules) for Android and iOS. Pass domains and public key hashes from TypeScript — no hardcoding in native code.

## 📦 Installation

```sh
yarn add react-native-ssl-pinning-guard
cd ios && pod install
```

## ⚙️ Configuration (New Architecture)

Ensure TurboModules are enabled in your React Native project.

## 🔐 Usage

```ts
import SslPinningGuard from 'react-native-ssl-pinning-guard';

SslPinningGuard.configure({
  domains: ['api.example.com'],
  hashes: ['base64_encoded_sha256_pubkey']
});
```

- `domains`: List of domains to pin
- `hashes`: SHA256 public key hashes in Base64 format (use tools like OpenSSL to get it)

## ✅ How to Get Public Key Hash

1. Get the certificate:

```sh
openssl s_client -connect api.example.com:443 | openssl x509 > cert.pem
```

2. Extract public key:

```sh
openssl x509 -in cert.pem -pubkey -noout > pubkey.pem
```

3. Convert to DER:

```sh
openssl pkey -pubin -in pubkey.pem -outform DER | openssl dgst -sha256 -binary | openssl base64
```

Use that base64 string in the `hashes` array.

## 📱 Platform Support

- ✅ Android (Kotlin + OkHttp)
- ✅ iOS (NSURLSession + SecTrust)

## 👮 Security

- Public Key Hash Pinning (preferred over certificate pinning)
- Prevents MITM by rejecting untrusted certs
- Works with custom API clients (OkHttpClient on Android, NSURLSessionDelegate on iOS)

## 🛡️ Next Steps

- Add Jailbreak / Root / Debugger detection
- Obfuscate strings and hashes

## 📂 Structure

```
react-native-ssl-pinning-guard/
├── android/
├── ios/
├── src/
├── babel.config.js
├── README.md
└── ...
```

## 🧪 Example

```ts
SslPinningGuard.configure({
  domains: ['secure.myapi.com'],
  hashes: ['yRtD48DUeF29ZUdOn8LqLqfydnVGckLtb+5KMcMlEZg=']
});
```