Skip to content
/ nativescript-yoonit-handshake Public

A NativeScript NPM implementing dynamic SSL pinning for Android and iOS

License

MIT license
8 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Yoonit-Labs/nativescript-yoonit-handshake

BranchesTags

Repository files navigation

nativescript-yoonit-handshake

A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.

About

The SSL pinning is a technique mitigating man-in-the-middle attacks against the secure HTTP communication, but has a drawback, the certificate's expiration date. This resolve this problem, implementing dynamic SSL pinning, providing easy to use fingerprint validation on the TLS handshake. The remote server must be the responsible to update the certificate(s).

Installation

npm i -s @yoonit/nativescript-handshake

Special thanks and credits...

The current version of the library depends on [Wultra SSL Pinning] ([Android]((https://github.com/wultra/ssl-pinning-android) and iOS)).

Usage

function updateFingerprint() {
  this.$yoo.handshake.updateFingerprints(
    "YOUR PUBLIC KEY",
    "YOUR SERVICE URL",
    (result) => {
      switch (result) {
        case HandshakeResult.OK:
          // - Everything is OK;
          // - No Action is required;
          return;

        case HandshakeResult.STORE_IS_EMPTY:
          // - The update request succeeded;
          // - Result is still an empty list of certificates;
          // - May loading & validating of remote data succeeded;
          // - All loaded certificates are already expired;"
          return;

        case HandshakeResult.NETWORK_ERROR:
          // - The update request failed on a network communication.
          return;

        case HandshakeResult.INVALID_DATA:
          // The update request returned the data which did not pass the signature validation.
          return;

        case HandshakeResult.INVALID_SIGNATURE:
          // The update request returned the data which did not pass the signature validation.
          return;

        case HandshakeResult.INVALID_URL_SERVICE:
          // The url service does not exist or is invalid.
          return;
      }
    }
  );
}

API

Method

Function Parameters Description
updateFingerprint publicKey: string, serviceUrl: string, callback: (result: string) => void Update the list of fingerprints from the remote server. The method is asynchronous. Response can get in the callback.

Handshake Result

HandshakeResult Description
"OK"
  • Everything is OK;
  • No Action is required;
STORE_IS_EMPTY"
  • The update request succeeded;
  • Result is still an empty list of certificates;
  • May loading & validating of remote data succeeded;
  • All loaded certificates are already expired;
  • All loaded certificates are already expired;
"NETWORK_ERROR" The update request failed on a network communication.
"INVALID_DATA" The update request returned the data which did not pass the signature validation.
"INVALID_SIGNATURE" The update request returned the data which did not pass the signature validation.
"INVALID_URL_SERVICE" The url service does not exist or is invalid.

To contribute and make it better

Clone the repo, change what you want and send PR.

For commit messages we use Conventional Commits.

Contributions are always welcome!

Code with ❤ by the Cyberlabs AI Front-End Team

About

A NativeScript NPM implementing dynamic SSL pinning for Android and iOS

Topics

ssl-pinning hacktoberfest dynamic-ssl-pinning update-fingerprint certificate-handshake nativescript-fingerprint nativescript-update-fingerprint nativescript-ssl-pinning nativescript-dynamic-ssl-pinning nativescript-certificate-handshake

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Apr 29, 2021

Packages

No packages published

Contributors 5

Languages