From 542647ba1cb701756a1853fcb0dcbd32b5eda1db Mon Sep 17 00:00:00 2001 From: uroboro Date: Wed, 20 Mar 2024 16:08:36 +0100 Subject: [PATCH] Add missing entries to PrivacyInfo.xcprivacy - Swap Cloudflare domain with Data Theorem for TSKEndToEndSwizzlingTests - Add PrivacyInfo.xcprivacy to Xcode project for all targets - Remove noop assign --- TrustKit.xcodeproj/project.pbxproj | 10 ++++++++++ TrustKit/Pinning/pinning_utils.m | 1 - TrustKit/PrivacyInfo.xcprivacy | 6 ++++++ TrustKitTests/TSKEndToEndSwizzlingTests.m | 16 ++++++++-------- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/TrustKit.xcodeproj/project.pbxproj b/TrustKit.xcodeproj/project.pbxproj index 51ea6e7..bd17299 100644 --- a/TrustKit.xcodeproj/project.pbxproj +++ b/TrustKit.xcodeproj/project.pbxproj @@ -257,6 +257,10 @@ B005E3F229B8C2F8007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; }; B005E3F329B8C2F9007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; }; B005E3F429B8C2FA007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; }; + DC6F28772BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; }; + DC6F28782BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; }; + DC6F28792BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; }; + DC6F287A2BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; }; FC049B3A1EECD1B000FDC5F4 /* anchor-ca.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD051EECD19E00AB3D81 /* anchor-ca.cert.pem */; }; FC049B3B1EECD1B000FDC5F4 /* anchor-fake.yahoo.com.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD061EECD19E00AB3D81 /* anchor-fake.yahoo.com.cert.pem */; }; FC049B3C1EECD1B000FDC5F4 /* anchor-intermediate.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD071EECD19E00AB3D81 /* anchor-intermediate.cert.pem */; }; @@ -435,6 +439,7 @@ 8CF27AA11F01BB7B009369B0 /* TSKLoggerTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TSKLoggerTests.m; sourceTree = ""; }; B005E3E729B85EBA007C3D84 /* pinning_utils.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = pinning_utils.m; path = Pinning/pinning_utils.m; sourceTree = ""; }; B005E3F029B85ED0007C3D84 /* pinning_utils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = pinning_utils.h; path = Pinning/pinning_utils.h; sourceTree = ""; }; + DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = PrivacyInfo.xcprivacy; sourceTree = ""; }; FC1A08FF1E57A4BB0055B12C /* TSKPinningValidatorResult.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TSKPinningValidatorResult.m; sourceTree = ""; }; FC1A09081E57AC450055B12C /* TSKSPKIHashCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TSKSPKIHashCache.h; path = Pinning/TSKSPKIHashCache.h; sourceTree = ""; }; FC1A09091E57AC450055B12C /* TSKSPKIHashCache.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = TSKSPKIHashCache.m; path = Pinning/TSKSPKIHashCache.m; sourceTree = ""; }; @@ -797,6 +802,7 @@ isa = PBXGroup; children = ( FC23F68C1EE73BE600397646 /* TrustKit.podspec */, + DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */, FC23F68E1EE73BE600397646 /* README.md */, FC23F68F1EE73BE600397646 /* ATTRIBUTIONS */, FC23F6901EE73BE600397646 /* AUTHORS */, @@ -1192,6 +1198,7 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + DC6F28772BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1217,6 +1224,7 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + DC6F28792BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1242,6 +1250,7 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + DC6F28782BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1267,6 +1276,7 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + DC6F287A2BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; diff --git a/TrustKit/Pinning/pinning_utils.m b/TrustKit/Pinning/pinning_utils.m index 8d048f0..16e2fc1 100644 --- a/TrustKit/Pinning/pinning_utils.m +++ b/TrustKit/Pinning/pinning_utils.m @@ -21,7 +21,6 @@ void evaluateCertificateChainTrust(SecTrustRef serverTrust, SecTrustResultType * if (error != NULL) { if (status != errSecSuccess) { - certificateEvaluationSucceeded = false; NSString *errDescription = [NSString stringWithFormat:@"got status %d", (int)status]; *error = [[NSError alloc] initWithDomain:@"com.datatheorem.trustkit" code:1 userInfo:@{NSLocalizedDescriptionKey:errDescription}]; } diff --git a/TrustKit/PrivacyInfo.xcprivacy b/TrustKit/PrivacyInfo.xcprivacy index 79bc9e2..0a95d09 100644 --- a/TrustKit/PrivacyInfo.xcprivacy +++ b/TrustKit/PrivacyInfo.xcprivacy @@ -13,5 +13,11 @@ + NSPrivacyCollectedDataTypes + + NSPrivacyTracking + + NSPrivacyTrackingDomains + diff --git a/TrustKitTests/TSKEndToEndSwizzlingTests.m b/TrustKitTests/TSKEndToEndSwizzlingTests.m index 4dc8439..ca7a134 100644 --- a/TrustKitTests/TSKEndToEndSwizzlingTests.m +++ b/TrustKitTests/TSKEndToEndSwizzlingTests.m @@ -77,7 +77,7 @@ - (void)URLSession:(NSURLSession * _Nonnull)session { _completedConnectionToFacebook = YES; } - else if ([task.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"]) + else if ([task.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"]) { _completedConnectionToCloudflare = YES; } @@ -97,7 +97,7 @@ - (void)URLSession:(NSURLSession * _Nonnull)session { _completedConnectionToFacebook = YES; } - else if ([dataTask.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"]) + else if ([dataTask.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"]) { _completedConnectionToCloudflare = YES; } @@ -116,7 +116,7 @@ - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPer { _completedConnectionToFacebook = YES; } - else if ([task.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"]) + else if ([task.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"]) { _completedConnectionToCloudflare = YES; } @@ -165,9 +165,9 @@ - (void)test kTSKPinnedDomains : @{ // Valid pinning configuration - @"www.cloudflare.com" : @{ + @"www.datatheorem.com" : @{ kTSKEnforcePinning : @YES, - kTSKPublicKeyHashes : @[@"FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", // CA key + kTSKPublicKeyHashes : @[@"F6jTih9VkkYZS8yuYqeU/4DUGehJ+niBGkkQ1yg8H3U=", // CA key @"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" // Fake key ]}, // Invalid pinning configuration @@ -197,13 +197,13 @@ - (void)test XCTAssertEqualObjects(notedHostname, @"www.facebook.com"); XCTAssertNotNil(notedHostnamePinningPolicy); } - else if ([result.serverHostname isEqualToString:@"www.cloudflare.com"]) + else if ([result.serverHostname isEqualToString:@"www.datatheorem.com"]) { receivedCallForCloudflare = YES; XCTAssertEqual(result.finalTrustDecision, TSKTrustDecisionShouldAllowConnection); XCTAssertEqual(result.evaluationResult, TSKTrustEvaluationSuccess); - XCTAssertEqualObjects(result.serverHostname, @"www.cloudflare.com"); + XCTAssertEqualObjects(result.serverHostname, @"www.datatheorem.com"); XCTAssertGreaterThan([result.certificateChain count], (unsigned long)1); XCTAssertGreaterThan(result.validationDuration, 0); @@ -230,7 +230,7 @@ - (void)test [task resume]; // One should succeed - NSURLSessionDataTask *task2 = [session dataTaskWithURL:[NSURL URLWithString:@"https://www.cloudflare.com/"]]; + NSURLSessionDataTask *task2 = [session dataTaskWithURL:[NSURL URLWithString:@"https://www.datatheorem.com/"]]; [task2 resume]; // Wait for the connection to succeed and ensure a notification was posted