SSL Pinning support #129

enahum · 2024-07-03T04:56:27Z

Summary

As part of some of the requirements by XXXXX we needed to add support for SSL Pinning when building your own app.

The way is being built is a combination of the app and the network-client library, the app will hold the certificate assets while the network-library will use these certs to verify the server trust.

The cert files should have either a .crt or .cer extension while the name of the file must be the domain name.

The reason we support two files extensions per domain is to be able to build the app taking into account server cert rotation and minimizing the amount of app distribution through updates in order to validate the certs.

This SSL Pinning certificates should be included in the app at build time.

Ticket Link

https://mattermost.atlassian.net/browse/MM-59055

larkox

LGTM, just a couple of questions that I think are not blocking.

android/src/main/java/com/mattermost/networkclient/NetworkClient.kt

ios/Extensions/ApiClientError.swift

rahimrahman · 2024-07-08T21:18:13Z

@enahum Same deal with this PR, I am removing myself as a reviewer. Thanks for including me to observe and VERY slowly understanding all the changes that are happening here.

enahum · 2024-07-08T22:52:20Z

Sure @rahimrahman I can explain at some point in the near future about all this

esarafianou

Mostly done with the review. One comment for my understanding

ios/Delegates/ApiClientSessionDelegate.swift

android/src/main/java/com/mattermost/networkclient/NetworkClient.kt

ios/Adapters/BearerAuthenticationAdapter.swift

ios/SessionManager.swift

ios/WebSocket/WebSocketEngine.swift

android/src/main/java/com/mattermost/networkclient/NetworkClient.kt

enahum added 2 commits July 3, 2024 09:46

feat: added support for iOS SSL certificate pinning

06ce0ee

feat: added support for Android SSL certificate pinning

f1b0c3e

enahum added the 2: Dev Review Requires review by a core committer label Jul 3, 2024

enahum requested review from larkox, rahimrahman and esarafianou July 3, 2024 04:56

larkox approved these changes Jul 3, 2024

View reviewed changes

android/src/main/java/com/mattermost/networkclient/NetworkClient.kt Show resolved Hide resolved

ios/Extensions/ApiClientError.swift Show resolved Hide resolved

chore: load certificates per client based on host

93cf0b7

enahum mentioned this pull request Jul 4, 2024

How to enable SSL pinning on mobile mattermost/mattermost-developer-documentation#1389

Merged

rahimrahman removed their request for review July 8, 2024 21:18

enahum requested a review from cpoile July 10, 2024 13:24

cpoile approved these changes Jul 10, 2024

View reviewed changes

esarafianou reviewed Jul 19, 2024

View reviewed changes

ios/Delegates/ApiClientSessionDelegate.swift Show resolved Hide resolved

enzowritescode requested changes Jul 19, 2024

View reviewed changes

chore: feedback review

4b73562

enahum requested a review from enzowritescode July 20, 2024 01:08

enzowritescode approved these changes Jul 20, 2024

View reviewed changes

enahum added 3: Reviews Complete All reviewers have approved the pull request and removed 2: Dev Review Requires review by a core committer labels Jul 20, 2024

enahum merged commit 1e5ec20 into master Jul 20, 2024

enahum deleted the pinning branch July 20, 2024 11:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSL Pinning support #129

SSL Pinning support #129

enahum commented Jul 3, 2024

larkox left a comment

rahimrahman commented Jul 8, 2024

enahum commented Jul 8, 2024

esarafianou left a comment

SSL Pinning support #129

SSL Pinning support #129

Conversation

enahum commented Jul 3, 2024

Summary

Ticket Link

larkox left a comment

Choose a reason for hiding this comment

rahimrahman commented Jul 8, 2024

enahum commented Jul 8, 2024

esarafianou left a comment

Choose a reason for hiding this comment