I'm trying to implement SSL pinning in a react-native application (RN 0.60) and I'm using Trustkit.
Following the guide posted in https://github.com/datatheorem/TrustKit these are the step that I've done:
1) Install TrustKit pod using pod 'TrustKit' and pod install
2) Added to my AppDelegate.m this piece of code:
#import <TrustKit/TrustKit.h>
//inside didFinishLaunchingWithOptions
NSDictionary *trustKitConfig =
@{
kTSKSwizzleNetworkDelegates: @YES,
kTSKPinnedDomains: @{
@"www.datatheorem.com" : @{
kTSKEnforcePinning:@YES,
kTSKIncludeSubdomains:@YES,
//Using wrong hashes so it fails
kTSKPublicKeyHashes : @[
@"Ca5gV6n7OVx4AxtEaIk8NI9qyKBTtKJjwqullb/v9hh=",
@"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihh="
]
}}};
[TrustKit initSharedInstanceWithConfiguration:trustKitConfig];
When i try to do
RNFetchBlob.fetch('GET', "https://www.datatheorem.com", {}) //tried using standard fetch() but gives same results
.then(async(res) => {
console.log('RES => ' ,res)
})
// Something went wrong:
.catch((err) => {
console.log('ERROR =>', err);
})
It goes inside then and doesn't give any error but responds with a 200 status code (using wrong Hashes).
Otherwise, using Android it works correctly, going inside the catch and saying:
Error: Pin verification failed