GitHub/TrustKit
1
0
Fork 0
mirror of https://github.com/datatheorem/TrustKit.git synced 2026-05-17 12:50:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
TrustKit/docs/documentation/Initalizing TrustKit.html
T
Alban Diquet c06934b24c Re-generate documentation
2019-08-03 19:48:16 -07:00

307 lines
19 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<title>Initalizing TrustKit Reference</title>
<link rel="stylesheet" type="text/css" href="css/jazzy.css" />
<link rel="stylesheet" type="text/css" href="css/highlight.css" />
<meta charset="utf-8">
<script src="js/jquery.min.js" defer></script>
<script src="js/jazzy.js" defer></script>
<script src="js/lunr.min.js" defer></script>
<script src="js/typeahead.jquery.js" defer></script>
<script src="js/jazzy.search.js" defer></script>
</head>
<body>
<a name="//apple_ref/objc/Section/Initalizing TrustKit" class="dashAnchor"></a>
<a title="Initalizing TrustKit Reference"></a>
<header class="header">
<p class="header-col header-col--primary">
<a class="header-link" href="index.html">
TrustKit Docs
</a>
</p>
<p class="header-col--secondary">
<form role="search" action="search.json">
<input type="text" placeholder="Search documentation" data-typeahead>
</form>
</p>
<p class="header-col header-col--secondary">
<a class="header-link" href="https://github.com/datatheorem/TrustKit">
<img class="header-icon" src="img/gh.png"/>
View on GitHub
</a>
</p>
</header>
<p class="breadcrumbs">
<a class="breadcrumb" href="index.html">TrustKit Reference</a>
<img class="carat" src="img/carat.png" />
Initalizing TrustKit Reference
</p>
<div class="content-wrapper">
<nav class="navigation">
<ul class="nav-groups">
<li class="nav-group-name">
<a class="nav-group-name-link" href="Initalizing TrustKit.html">Initalizing TrustKit</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Classes/TrustKit.html">TrustKit</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Implementing Pinning Validation.html">Implementing Pinning Validation</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Classes/TSKPinningValidator.html">TSKPinningValidator</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Enums/TSKTrustDecision.html">TSKTrustDecision</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Setting up a Validation Callback.html">Setting up a Validation Callback</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Setting up a Validation Callback.html#/c:TSKPinningValidatorCallback.h@T@TSKPinningValidatorCallback">TSKPinningValidatorCallback</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Classes/TSKPinningValidatorResult.html">TSKPinningValidatorResult</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Setting up a Validation Callback.html#/c:TSKPinningValidatorCallback.h@T@TKSDomainPinningPolicy">TKSDomainPinningPolicy</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Enums/TSKTrustEvaluationResult.html">TSKTrustEvaluationResult</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Global Configuration Keys.html">Global Configuration Keys</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Global Configuration Keys.html#/c:TSKTrustKitConfig.h@T@TSKGlobalConfigurationKey">TSKGlobalConfigurationKey</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Global Configuration Keys.html#/c:@kTSKSwizzleNetworkDelegates">kTSKSwizzleNetworkDelegates</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Global Configuration Keys.html#/c:@kTSKPinnedDomains">kTSKPinnedDomains</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Global Configuration Keys.html#/c:@kTSKIgnorePinningForUserDefinedTrustAnchors">kTSKIgnorePinningForUserDefinedTrustAnchors</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Domain Configuration Keys.html">Domain Configuration Keys</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:TSKTrustKitConfig.h@T@TSKDomainConfigurationKey">TSKDomainConfigurationKey</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKPublicKeyHashes">kTSKPublicKeyHashes</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKEnforcePinning">kTSKEnforcePinning</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKIncludeSubdomains">kTSKIncludeSubdomains</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKExcludeSubdomainFromParentPolicy">kTSKExcludeSubdomainFromParentPolicy</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKReportUris">kTSKReportUris</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKDisableDefaultReportUri">kTSKDisableDefaultReportUri</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Domain Configuration Keys.html#/c:@kTSKExpirationDate">kTSKExpirationDate</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Other Constants.html">Other Constants</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@TrustKitVersion">TrustKitVersion</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@kTSKAlgorithmEcDsaSecp256r1">kTSKAlgorithmEcDsaSecp256r1</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@kTSKAlgorithmEcDsaSecp384r1">kTSKAlgorithmEcDsaSecp384r1</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@kTSKAlgorithmRsa2048">kTSKAlgorithmRsa2048</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@kTSKAlgorithmRsa4096">kTSKAlgorithmRsa4096</a>
</li>
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Constants.html#/c:@kTSKPublicKeyAlgorithms">kTSKPublicKeyAlgorithms</a>
</li>
</ul>
</li>
<li class="nav-group-name">
<a class="nav-group-name-link" href="Other Type Definitions.html">Other Type Definitions</a>
<ul class="nav-group-tasks">
<li class="nav-group-task">
<a class="nav-group-task-link" href="Other Type Definitions.html#/c:TSKTrustKitConfig.h@T@TSKSupportedAlgorithm">TSKSupportedAlgorithm</a>
</li>
</ul>
</li>
</ul>
</nav>
<article class="main-content">
<section class="section">
<div class="section-content">
<h1>Initalizing TrustKit</h1>
</div>
</section>
<section class="section">
<div class="section-content">
<div class="task-group">
<ul class="item-container">
<li class="item">
<div>
<code>
<a name="/c:objc(cs)TrustKit"></a>
<a name="//apple_ref/objc/Class/TrustKit" class="dashAnchor"></a>
<a class="token" href="#/c:objc(cs)TrustKit">TrustKit</a>
</code>
</div>
<div class="height-container">
<div class="pointer-container"></div>
<section class="section">
<div class="pointer"></div>
<div class="abstract">
<p><code>TrustKit</code> is the main class for configuring an SSL pinning policy within an App.</p>
<p>For most Apps, TrustKit should be used as a singleton, where a global SSL pinning policy is
configured for the App. In singleton mode, the policy can be set either:</p>
<ul>
<li>By adding it to the App&rsquo;s <em>Info.plist</em> under the <code>TSKConfiguration</code> key, or</li>
<li>By programmatically supplying it using the <code><a href="Classes/TrustKit.html#/c:objc(cs)TrustKit(cm)initSharedInstanceWithConfiguration:">+initSharedInstanceWithConfiguration:</a></code> method.</li>
</ul>
<p>In singleton mode, TrustKit can only be initialized once so only one of the two techniques
should be used.</p>
<p>For more complex Apps where multiple SSL pinning policies need to be used independently
(for example within different frameworks), TrustKit can be used in <q>multi-instance</q> mode
by leveraging the <code><a href="Classes/TrustKit.html#/c:objc(cs)TrustKit(im)initWithConfiguration:">-initWithConfiguration:</a></code> method described at the end of this page.</p>
<p>A TrustKit pinning policy is a dictionary which contains some global, App-wide settings
(of type <code><a href="Global Configuration Keys.html#/c:TSKTrustKitConfig.h@T@TSKGlobalConfigurationKey">TSKGlobalConfigurationKey</a></code>) as well as domain-specific configuration keys
(of type <code><a href="Domain Configuration Keys.html#/c:TSKTrustKitConfig.h@T@TSKDomainConfigurationKey">TSKDomainConfigurationKey</a></code>) to be defined under the <code><a href="Global Configuration Keys.html#/c:@kTSKPinnedDomains">kTSKPinnedDomains</a></code> entry.
The following table shows the keys and the types of the corresponding values, and uses
indentation to indicate structure:</p>
<pre class="highlight objective_c"><code><span class="o">|</span> <span class="n">Key</span> <span class="o">|</span> <span class="n">Type</span> <span class="o">|</span>
<span class="o">|----------------------------------------------|------------|</span>
<span class="o">|</span> <span class="n">TSKSwizzleNetworkDelegates</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">TSKIgnorePinningForUserDefinedTrustAnchors</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">TSKPinnedDomains</span> <span class="o">|</span> <span class="n">Dictionary</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">__</span> <span class="o">&lt;</span><span class="n">domain</span><span class="o">-</span><span class="n">name</span><span class="o">-</span><span class="n">to</span><span class="o">-</span><span class="n">pin</span><span class="o">-</span><span class="n">as</span><span class="o">-</span><span class="n">string</span><span class="o">&gt;</span> <span class="o">|</span> <span class="n">Dictionary</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKPublicKeyHashes</span> <span class="o">|</span> <span class="n">Array</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKIncludeSubdomains</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKExcludeSubdomainFromParentPolicy</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKEnforcePinning</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKReportUris</span> <span class="o">|</span> <span class="n">Array</span> <span class="o">|</span>
<span class="o">|</span> <span class="n">____</span> <span class="n">TSKDisableDefaultReportUri</span> <span class="o">|</span> <span class="n">Boolean</span> <span class="o">|</span>
</code></pre>
<p>When setting the pinning policy programmatically, it has to be supplied to the
<code>initSharedInstanceWithConfiguration:</code> method as a dictionary in order to initialize
TrustKit. For example:</p>
<pre class="highlight objective_c"><code> <span class="n">NSDictionary</span> <span class="o">*</span><span class="n">trustKitConfig</span> <span class="o">=</span>
<span class="p">@{</span>
<span class="n">kTSKPinnedDomains</span> <span class="o">:</span> <span class="p">@{</span>
<span class="s">@"www.datatheorem.com"</span> <span class="o">:</span> <span class="p">@{</span>
<span class="nl">kTSKExpirationDate:</span> <span class="s">@"2017-12-01"</span><span class="p">,</span>
<span class="n">kTSKPublicKeyHashes</span> <span class="o">:</span> <span class="p">@[</span>
<span class="s">@"HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY="</span><span class="p">,</span>
<span class="s">@"0SDf3cRToyZJaMsoS17oF72VMavLxj/N7WBNasNuiR8="</span>
<span class="p">],</span>
<span class="n">kTSKEnforcePinning</span> <span class="o">:</span> <span class="nb">@NO</span><span class="p">,</span>
<span class="n">kTSKReportUris</span> <span class="o">:</span> <span class="p">@[</span><span class="s">@"http://report.datatheorem.com/log_report"</span><span class="p">],</span>
<span class="p">},</span>
<span class="s">@"yahoo.com"</span> <span class="o">:</span> <span class="p">@{</span>
<span class="n">kTSKPublicKeyHashes</span> <span class="o">:</span> <span class="p">@[</span>
<span class="s">@"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY="</span><span class="p">,</span>
<span class="s">@"rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE="</span><span class="p">,</span>
<span class="p">],</span>
<span class="n">kTSKIncludeSubdomains</span> <span class="o">:</span> <span class="nb">@YES</span>
<span class="p">}</span>
<span class="p">}};</span>
<span class="p">[</span><span class="n">TrustKit</span> <span class="nf">initSharedInstanceWithConfiguration</span><span class="p">:</span><span class="n">trustKitConfig</span><span class="p">];</span>
<span class="n">trustKit</span> <span class="o">=</span> <span class="p">[</span><span class="n">TrustKit</span> <span class="nf">sharedInstance</span><span class="p">];</span>
</code></pre>
<p>Similarly, the TrustKit singleton can be initialized in Swift:</p>
<pre class="highlight objective_c"><code> <span class="n">let</span> <span class="n">trustKitConfig</span> <span class="o">=</span> <span class="p">[</span>
<span class="nf">kTSKSwizzleNetworkDelegates</span><span class="p">:</span> <span class="nb">false</span><span class="p">,</span>
<span class="nf">kTSKPinnedDomains</span><span class="p">:</span> <span class="p">[</span>
<span class="s">"yahoo.com"</span><span class="o">:</span> <span class="p">[</span>
<span class="nf">kTSKExpirationDate</span><span class="p">:</span> <span class="s">"2017-12-01"</span><span class="p">,</span>
<span class="nf">kTSKPublicKeyHashes</span><span class="p">:</span> <span class="p">[</span>
<span class="s">"JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="</span><span class="p">,</span>
<span class="s">"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="</span>
<span class="p">],]]]</span> <span class="n">as</span> <span class="p">[</span><span class="nf">String</span> <span class="p">:</span> <span class="n">Any</span><span class="p">]</span>
<span class="n">TrustKit</span><span class="p">.</span><span class="n">initSharedInstance</span><span class="p">(</span><span class="n">withConfiguration</span><span class="o">:</span><span class="n">trustKitConfig</span><span class="p">)</span>
</code></pre>
<p>After initialization, the <code>TrustKit</code> instance&rsquo;s <code>pinningValidator</code> should be used to implement
pinning validation within the App&rsquo;s network authentication handlers.</p>
<a href="Classes/TrustKit.html" class="slightly-smaller">See more</a>
</div>
<div class="declaration">
<h4>Declaration</h4>
<div class="language">
<p class="aside-title">Objective-C</p>
<pre class="highlight objective_c"><code><span class="k">@interface</span> <span class="nc">TrustKit</span> <span class="p">:</span> <span class="nc">NSObject</span></code></pre>
</div>
<div class="language">
<p class="aside-title">Swift</p>
<pre class="highlight swift"><code><span class="kd">class</span> <span class="kt">TrustKit</span> <span class="p">:</span> <span class="kt">NSObject</span></code></pre>
</div>
</div>
</section>
</div>
</li>
</ul>
</div>
</div>
</section>
</article>
</div>
<section class="footer">
<p>&copy; 2019 <a class="link" href="https://datatheorem.github.io" target="_blank" rel="external">Data Theorem</a>. All rights reserved. (Last updated: 2019-08-03)</p>
<p>Generated by <a class="link" href="https://github.com/realm/jazzy" target="_blank" rel="external">jazzy ♪♫ v0.10.0</a>, a <a class="link" href="https://realm.io" target="_blank" rel="external">Realm</a> project.</p>
</section>
</body>
</div>
</html>
Reference in New Issue View Git Blame Copy Permalink