ISPCertificatePinning Class Reference

Inherits from	NSObject
Declared in	ISPCertificatePinning.h ISPCertificatePinning.m

Overview

This class implements certificate pinning utility functions.

First, the certificates and domains to pin should be loaded using setupSSLPinsUsingDictionnary:. This method will store them in “~/Library/SSLPins.plist”.

Then, the verifyPinnedCertificateForTrust:andDomain: method can be used to validate that at least one the certificates pinned to a specific domain is in the server’s certificate chain when connecting to it. This method should be used for example in the connection:willSendRequestForAuthenticationChallenge: method of the NSURLConnectionDelegate object that is used to perform the connection.

Alternatively, the ISPPinnedNSURLSessionDelegate or ISPPinnedNSURLConnectionDelegate classes can be directly used to create a delegate class performing certificate pinning.

`+ setupSSLPinsUsingDictionnary:`

Certificate pinning loading method

+ (BOOL)setupSSLPinsUsingDictionnary:(NSDictionary *)domainsAndCertificates

Parameters

`certificates`	a dictionnary with domain names as keys and arrays of DER-encoded certificates as values

Return Value

BOOL successfully loaded the public keys and domains

Discussion

Certificate pinning loading method

This method takes a dictionary with domain names as keys and arrays of DER- encoded certificates as values, and stores them in a pre-defined location on the filesystem. The ability to specify multiple certificates for a single domain is useful when transitioning from an expiring certificate to a new one.

Declared In

ISPCertificatePinning.h

`+ verifyPinnedCertificateForTrust:andDomain:`

Certificate pinning validation method

+ (BOOL)verifyPinnedCertificateForTrust:(SecTrustRef)trust andDomain:(NSString *)domain