Skip to content

Commit

Permalink
Merge pull request #326 from datatheorem/SASB-4567-Add-Privacy-Manifest
Browse files Browse the repository at this point in the history
Add Privacy Manifest
  • Loading branch information
uroboro authored Mar 20, 2024
2 parents 5718ba8 + 542647b commit 6d2d319
Show file tree
Hide file tree
Showing 7 changed files with 46 additions and 18 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,6 @@ _site

# Swift Package Manager
.build
.swiftpm/

.DS_Store
3 changes: 2 additions & 1 deletion Package.swift
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ let package = Package(
.target(
name: "TrustKit",
dependencies: [],
path: "TrustKit",
path: "TrustKit",
resources: [.copy("PrivacyInfo.xcprivacy")],
publicHeadersPath: "public",
cSettings: [.define("NS_BLOCK_ASSERTIONS", to: "1", .when(configuration: .release))]
),
Expand Down
10 changes: 2 additions & 8 deletions TrustKit.podspec
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,8 @@ Pod::Spec.new do |s|

s.pod_target_xcconfig = { 'DEFINES_MODULE' => 'YES' }
s.source_files = ['TrustKit', 'TrustKit/**/*.{h,m,c}']
s.public_header_files = [
'TrustKit/public/TrustKit.h',
'TrustKit/public/TSKTrustKitConfig.h',
'TrustKit/public/TSKPinningValidator.h',
'TrustKit/public/TSKPinningValidatorCallback.h',
'TrustKit/public/TSKPinningValidatorResult.h',
'TrustKit/public/TSKTrustDecision.h',
]
s.public_header_files = 'TrustKit/public/*.h'
s.resource_bundles = {"TrustKit" => "TrustKit/PrivacyInfo.xcprivacy"}
s.frameworks = ['Foundation', 'Security']
s.requires_arc = true
end
10 changes: 10 additions & 0 deletions TrustKit.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,10 @@
B005E3F229B8C2F8007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; };
B005E3F329B8C2F9007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; };
B005E3F429B8C2FA007C3D84 /* pinning_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = B005E3F029B85ED0007C3D84 /* pinning_utils.h */; };
DC6F28772BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; };
DC6F28782BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; };
DC6F28792BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; };
DC6F287A2BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */; };
FC049B3A1EECD1B000FDC5F4 /* anchor-ca.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD051EECD19E00AB3D81 /* anchor-ca.cert.pem */; };
FC049B3B1EECD1B000FDC5F4 /* anchor-fake.yahoo.com.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD061EECD19E00AB3D81 /* anchor-fake.yahoo.com.cert.pem */; };
FC049B3C1EECD1B000FDC5F4 /* anchor-intermediate.cert.pem in Resources */ = {isa = PBXBuildFile; fileRef = FCC1DD071EECD19E00AB3D81 /* anchor-intermediate.cert.pem */; };
Expand Down Expand Up @@ -435,6 +439,7 @@
8CF27AA11F01BB7B009369B0 /* TSKLoggerTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TSKLoggerTests.m; sourceTree = "<group>"; };
B005E3E729B85EBA007C3D84 /* pinning_utils.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = pinning_utils.m; path = Pinning/pinning_utils.m; sourceTree = "<group>"; };
B005E3F029B85ED0007C3D84 /* pinning_utils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = pinning_utils.h; path = Pinning/pinning_utils.h; sourceTree = "<group>"; };
DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
FC1A08FF1E57A4BB0055B12C /* TSKPinningValidatorResult.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TSKPinningValidatorResult.m; sourceTree = "<group>"; };
FC1A09081E57AC450055B12C /* TSKSPKIHashCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TSKSPKIHashCache.h; path = Pinning/TSKSPKIHashCache.h; sourceTree = "<group>"; };
FC1A09091E57AC450055B12C /* TSKSPKIHashCache.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = TSKSPKIHashCache.m; path = Pinning/TSKSPKIHashCache.m; sourceTree = "<group>"; };
Expand Down Expand Up @@ -797,6 +802,7 @@
isa = PBXGroup;
children = (
FC23F68C1EE73BE600397646 /* TrustKit.podspec */,
DC6F28762BAB30A8001B604A /* PrivacyInfo.xcprivacy */,
FC23F68E1EE73BE600397646 /* README.md */,
FC23F68F1EE73BE600397646 /* ATTRIBUTIONS */,
FC23F6901EE73BE600397646 /* AUTHORS */,
Expand Down Expand Up @@ -1192,6 +1198,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DC6F28772BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Expand All @@ -1217,6 +1224,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DC6F28792BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Expand All @@ -1242,6 +1250,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DC6F28782BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Expand All @@ -1267,6 +1276,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DC6F287A2BAB30A8001B604A /* PrivacyInfo.xcprivacy in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Expand Down
1 change: 0 additions & 1 deletion TrustKit/Pinning/pinning_utils.m
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ void evaluateCertificateChainTrust(SecTrustRef serverTrust, SecTrustResultType *
if (error != NULL) {
if (status != errSecSuccess)
{
certificateEvaluationSucceeded = false;
NSString *errDescription = [NSString stringWithFormat:@"got status %d", (int)status];
*error = [[NSError alloc] initWithDomain:@"com.datatheorem.trustkit" code:1 userInfo:@{NSLocalizedDescriptionKey:errDescription}];
}
Expand Down
23 changes: 23 additions & 0 deletions TrustKit/PrivacyInfo.xcprivacy
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
<key>NSPrivacyCollectedDataTypes</key>
<array/>
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
</dict>
</plist>
16 changes: 8 additions & 8 deletions TrustKitTests/TSKEndToEndSwizzlingTests.m
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ - (void)URLSession:(NSURLSession * _Nonnull)session
{
_completedConnectionToFacebook = YES;
}
else if ([task.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"])
else if ([task.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"])
{
_completedConnectionToCloudflare = YES;
}
Expand All @@ -97,7 +97,7 @@ - (void)URLSession:(NSURLSession * _Nonnull)session
{
_completedConnectionToFacebook = YES;
}
else if ([dataTask.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"])
else if ([dataTask.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"])
{
_completedConnectionToCloudflare = YES;
}
Expand All @@ -116,7 +116,7 @@ - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPer
{
_completedConnectionToFacebook = YES;
}
else if ([task.originalRequest.URL.host isEqualToString:@"www.cloudflare.com"])
else if ([task.originalRequest.URL.host isEqualToString:@"www.datatheorem.com"])
{
_completedConnectionToCloudflare = YES;
}
Expand Down Expand Up @@ -165,9 +165,9 @@ - (void)test
kTSKPinnedDomains :
@{
// Valid pinning configuration
@"www.cloudflare.com" : @{
@"www.datatheorem.com" : @{
kTSKEnforcePinning : @YES,
kTSKPublicKeyHashes : @[@"FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", // CA key
kTSKPublicKeyHashes : @[@"F6jTih9VkkYZS8yuYqeU/4DUGehJ+niBGkkQ1yg8H3U=", // CA key
@"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" // Fake key
]},
// Invalid pinning configuration
Expand Down Expand Up @@ -197,13 +197,13 @@ - (void)test
XCTAssertEqualObjects(notedHostname, @"www.facebook.com");
XCTAssertNotNil(notedHostnamePinningPolicy);
}
else if ([result.serverHostname isEqualToString:@"www.cloudflare.com"])
else if ([result.serverHostname isEqualToString:@"www.datatheorem.com"])
{
receivedCallForCloudflare = YES;
XCTAssertEqual(result.finalTrustDecision, TSKTrustDecisionShouldAllowConnection);
XCTAssertEqual(result.evaluationResult, TSKTrustEvaluationSuccess);

XCTAssertEqualObjects(result.serverHostname, @"www.cloudflare.com");
XCTAssertEqualObjects(result.serverHostname, @"www.datatheorem.com");
XCTAssertGreaterThan([result.certificateChain count], (unsigned long)1);
XCTAssertGreaterThan(result.validationDuration, 0);

Expand All @@ -230,7 +230,7 @@ - (void)test
[task resume];

// One should succeed
NSURLSessionDataTask *task2 = [session dataTaskWithURL:[NSURL URLWithString:@"https://www.cloudflare.com/"]];
NSURLSessionDataTask *task2 = [session dataTaskWithURL:[NSURL URLWithString:@"https://www.datatheorem.com/"]];
[task2 resume];

// Wait for the connection to succeed and ensure a notification was posted
Expand Down

0 comments on commit 6d2d319

Please sign in to comment.