{"id":13463851,"url":"https://github.com/datatheorem/TrustKit","last_synced_at":"2025-03-25T09:31:10.426Z","repository":{"id":27098853,"uuid":"30566161","full_name":"datatheorem/TrustKit","owner":"datatheorem","description":"Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.","archived":false,"fork":false,"pushed_at":"2024-10-23T15:33:17.000Z","size":5906,"stargazers_count":2059,"open_issues_count":37,"forks_count":371,"subscribers_count":62,"default_branch":"master","last_synced_at":"2025-03-19T10:16:04.748Z","etag":null,"topics":["ios","macos","objective-c","ssl","ssl-pinning","ssl-reporting","tvos"],"latest_commit_sha":null,"homepage":"","language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datatheorem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-02-10T00:14:56.000Z","updated_at":"2025-03-17T01:28:32.000Z","dependencies_parsed_at":"2023-02-12T02:46:41.965Z","dependency_job_id":"9db61c97-933e-432d-9be0-dd283d6bb390","html_url":"https://github.com/datatheorem/TrustKit","commit_stats":{"total_commits":939,"total_committers":46,"mean_commits":20.41304347826087,"dds":0.5143769968051118,"last_synced_commit":"2fb6ce731fd51f745f6cc3393462865b95c3df3c"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2FTrustKit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2FTrustKit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2FTrustKit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2FTrustKit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datatheorem","download_url":"https://codeload.github.com/datatheorem/TrustKit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245082036,"owners_count":20557888,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ios","macos","objective-c","ssl","ssl-pinning","ssl-reporting","tvos"],"created_at":"2024-07-31T14:00:29.371Z","updated_at":"2025-03-25T09:31:07.714Z","avatar_url":"https://github.com/datatheorem.png","language":"Objective-C","readme":"TrustKit\n========\n\n[![Build Status](https://app.bitrise.io/app/fe29405fb90f94ea/status.svg?token=TJ3o4dhSWa--0ZlJT7FV1A)](https://app.bitrise.io/app/fe29405fb90f94ea) [![Carthage compatible](https://img.shields.io/badge/Carthage-compatible-4BC51D.svg?style=flat)](https://github.com/Carthage/Carthage) [![Version Status](https://img.shields.io/cocoapods/v/TrustKit.svg?style=flat)](https://cocoapods.org/pods/TrustKit) [![Platform](https://img.shields.io/cocoapods/p/TrustKit.svg?style=flat)](https://cocoapods.org/pods/TrustKit) [![License MIT](https://img.shields.io/cocoapods/l/TrustKit.svg?style=flat)](https://en.wikipedia.org/wiki/MIT_License)\n[![Gitter chat](https://badges.gitter.im/datatheorem/gitter.png)](https://gitter.im/TrustKit/Lobby)\n\n**TrustKit** is an open source framework that makes it easy to deploy SSL public key pinning and reporting in any iOS 12+, macOS 10.13+, tvOS 12+ or watchOS 4+ App; it supports both Swift and Objective-C Apps.\n\nIf you need SSL pinning/reporting in your Android App. we have also released **TrustKit for Android** at [https://github.com/datatheorem/TrustKit-Android](https://github.com/datatheorem/TrustKit-Android).\n\n\nOverview\n--------\n\n**TrustKit** provides the following features:\n\n* Simple API to configure an SSL pinning policy and enforce it within an App. The policy settings are heavily based on the [HTTP Public Key Pinning specification](https://tools.ietf.org/html/rfc7469).\n* Sane implementation by pinning the certificate's Subject Public Key Info, [as opposed to the certificate itself or the public key bits](https://www.imperialviolet.org/2011/05/04/pinning.html).\n* Reporting mechanism to notify a server about pinning validation failures happening within the App, when an unexpected certificate chain is detected. This is similar to the _report-uri_ directive described in the HPKP specification. The reporting mechanism can also be customized within the App by leveraging pin validation notifications sent by TrustKit.\n* Auto-pinning functionality by swizzling the App's _NSURLConnection_ and _NSURLSession_ delegates in order to automatically add pinning validation to the App's HTTPS connections; this allows deploying **TrustKit** without even modifying the App's source code.\n\n\nGetting Started\n---------------\n\n* Read the [Getting Started][getting-started] guide.\n* Check out the [API documentation][api-doc].\n* TrustKit was initially released at [Black Hat USA 2015][bh2015-pdf] and was also featured on [PayPal's engineering blog][paypal-post].\n\n\nSample Usage\n------------\n\nDeploying SSL pinning in the App requires initializing **TrustKit** with a pinning policy (domains, Subject Public Key Info hashes, and additional settings).\n\nThe policy can be configured within the App's `Info.plist`:\n\n![Info.plist policy](https://datatheorem.github.io/TrustKit/images/linking3_dynamic.png)\n\nAlternatively, the pinning policy can be set programmatically:\n\n```objc\n    NSDictionary *trustKitConfig =\n  @{\n    kTSKSwizzleNetworkDelegates: @NO,\n    kTSKPinnedDomains : @{\n            @\"www.datatheorem.com\" : @{\n                    kTSKExpirationDate: @\"2017-12-01\",\n                    kTSKPublicKeyHashes : @[\n                            @\"HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=\",\n                            @\"0SDf3cRToyZJaMsoS17oF72VMavLxj/N7WBNasNuiR8=\"\n                            ],\n                    kTSKEnforcePinning : @NO,\n                    },\n            @\"yahoo.com\" : @{\n                    kTSKPublicKeyHashes : @[\n                            @\"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY=\",\n                            @\"rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE=\",\n                            ],\n                    kTSKIncludeSubdomains : @YES\n                    }\n            }};\n    \n    [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];\n```\n\nThe policy can also be set programmatically in Swift Apps:\n \n```swift\n        let trustKitConfig = [\n            kTSKSwizzleNetworkDelegates: false,\n            kTSKPinnedDomains: [\n                \"yahoo.com\": [\n                    kTSKExpirationDate: \"2017-12-01\",\n                    kTSKPublicKeyHashes: [\n                        \"JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=\",\n                        \"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\"\n                    ],]]] as [String : Any]\n        \n        TrustKit.initSharedInstance(withConfiguration:trustKitConfig)\n```\n\nAfter TrustKit has been initialized, a \n[`TSKPinningValidator` instance](https://datatheorem.github.io/TrustKit/documentation/Classes/TSKPinningValidator.html) \ncan be retrieved from the TrustKit singleton, and can be used to perform SSL pinning validation \nin the App's network delegates. For example in an NSURLSessionDelegate:\n\n```objc\n- (void)URLSession:(NSURLSession *)session \n              task:(NSURLSessionTask *)task \ndidReceiveChallenge:(NSURLAuthenticationChallenge *)challenge \n completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {\n{\n    TSKPinningValidator *pinningValidator = [[TrustKit sharedInstance] pinningValidator];\n    // Pass the authentication challenge to the validator; if the validation fails, the connection will be blocked\n    if (![pinningValidator handleChallenge:challenge completionHandler:completionHandler])\n    {\n        // TrustKit did not handle this challenge: perhaps it was not for server trust\n        // or the domain was not pinned. Fall back to the default behavior\n        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);\n    }\n}\n```\n\nFor more information, see the [Getting Started][getting-started] guide.\n\n\nCredits\n-------\n\n**TrustKit** is a joint-effort between the mobile teams at Data Theorem and Yahoo. See `AUTHORS` for details.\n\n\nLicense\n-------\n\n**TrustKit** is released under the MIT license. See `LICENSE` for details.\n\n[getting-started]: https://github.com/datatheorem/TrustKit/blob/master/docs/getting-started.md\n[bh2015-pdf]: https://github.com/datatheorem/TrustKit/blob/master/docs/TrustKit-BH2015.pdf\n[bh2015-conf]: https://www.blackhat.com/us-15/briefings.html#trustkit-code-injection-on-ios-8-for-the-greater-good\n[api-doc]: https://datatheorem.github.io/TrustKit/documentation\n[ios9-post]: https://datatheorem.github.io/ios/2015/10/17/trustkit-ios-9-shared-cache/\n[paypal-post]: https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile-applications/\n","funding_links":[],"categories":["C","Objective-C","Using Alamofire 5"],"sub_categories":["Relative Stuff"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2FTrustKit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatatheorem%2FTrustKit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2FTrustKit/lists"}