Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@nabla-c0d3
nabla-c0d3 committed Jun 23, 2015
2 parents b7e03ac + b400214 commit 625268b
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 6 deletions.
2 changes: 1 addition & 1 deletion TrustKit.podspec
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Pod::Spec.new do |s|
s.name = "TrustKit"
s.version = "1.0.0"
s.version = "1.0.1"
s.summary = 'TrustKit is an open source framework that makes it easy to deploy SSL pinning in any iOS or OS X App.'
s.homepage = "https://datatheorem.github.io/TrustKit"
s.documentation_url = 'https://datatheorem.github.io/TrustKit/documentation/'
Expand Down
13 changes: 8 additions & 5 deletions TrustKit/Pinning/ssl_pin_verifier.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,14 @@ static BOOL isSubdomain(NSString *domain, NSString *subdomain)
// Retrieve the subdomain's domain without the TLD
NSString *subdomainLabel = [subdomain substringToIndex:([subdomain length] - domainRegistryLength - 1)];

if ([subdomainLabel rangeOfString:domainLabel].location != NSNotFound)
{
// This is a subdomain
return YES;
}
// Does the subdomain contain the domain
NSArray *subComponents = [subdomainLabel componentsSeparatedByString:domainLabel];
if ([[subComponents lastObject] isEqualToString:@""])
{
// This is a subdomain
return YES;
}

return NO;
}

Expand Down
42 changes: 42 additions & 0 deletions TrustKitTests/TSKPinConfigurationTests.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,47 @@ - (void)testIncludeSubdomainsEnabled
}


- (void)testIncludeSubdomainsEnabledSameDomain
{
NSDictionary *trustKitConfig = parseTrustKitArguments(@{@"good.com" : @{
kTSKIncludeSubdomains : @YES,
kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa4096],
kTSKPublicKeyHashes : @[@"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY="
]}});

// Ensure good.com gets the configuration set for good.com as includeSubdomains is enabled
NSString *serverConfigKey = getPinningConfigurationKeyForDomain(@"good.com", trustKitConfig);
XCTAssert([serverConfigKey isEqualToString:@"good.com"], @"IncludeSubdomains did not work");
}


- (void)testIncludeSubdomainsEnabledSubSubDomain
{
NSDictionary *trustKitConfig = parseTrustKitArguments(@{@"www.good.com" : @{
kTSKIncludeSubdomains : @YES,
kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa4096],
kTSKPublicKeyHashes : @[@"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY="
]}});

NSString *serverConfigKey = getPinningConfigurationKeyForDomain(@"sub.www.good.com.www.good.com", trustKitConfig);
XCTAssert([serverConfigKey isEqualToString:@"www.good.com"], @"IncludeSubdomains did not work");
}


- (void)testIncludeSubdomainsEnabledNotSubdomain
{
NSDictionary *trustKitConfig = parseTrustKitArguments(@{@"good.com" : @{
kTSKIncludeSubdomains : @YES,
kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa4096],
kTSKPublicKeyHashes : @[@"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY="
]}});

// Corner case to ensure two different domains with similar strings don't get returned as subdomains
NSString *serverConfigKey = getPinningConfigurationKeyForDomain(@"good.com.otherdomain.com", trustKitConfig);
XCTAssertNil(serverConfigKey);
}


- (void)testIncludeSubdomainsDisabled
{
NSDictionary *trustKitConfig = parseTrustKitArguments(@{@"good.com" : @{
Expand All @@ -86,6 +127,7 @@ - (void)testIncludeSubdomainsDisabled
XCTAssert(serverConfigKey == nil, @"IncludeSubdomains did not work");
}


- (void)testIncludeSubdomainsEnabledAndSpecificConfiguration
{
NSDictionary *trustKitConfig = parseTrustKitArguments(@{@"good.com" : @{
Expand Down

0 comments on commit 625268b

Please sign in to comment.