@yoonit/nativescript-handshake
Advanced tools
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
The SSL pinning is a technique mitigating man-in-the-middle attacks against the secure HTTP communication, but has a drawback, the certificate's expiration date. This resolve this problem, implementing dynamic SSL pinning, providing easy to use fingerprint validation on the TLS handshake. The remote server must be the responsible to update the certificate(s).
npm i -s @yoonit/nativescript-handshake
Special thanks and credits...
The current version of the library depends on
[Wultra SSL Pinning]([Android]((https://github.com/wultra/ssl-pinning-android) and iOS)).
function updateFingerprint() {
this.$yoo.handshake.updateFingerprints(
"YOUR PUBLIC KEY",
"YOUR SERVICE URL",
(result) => {
switch (result) {
case HandshakeResult.OK:
// - Everything is OK;
// - No Action is required;
return;
case HandshakeResult.STORE_IS_EMPTY:
// - The update request succeeded;
// - Result is still an empty list of certificates;
// - May loading & validating of remote data succeeded;
// - All loaded certificates are already expired;"
return;
case HandshakeResult.NETWORK_ERROR:
// - The update request failed on a network communication.
return;
case HandshakeResult.INVALID_DATA:
// The update request returned the data which did not pass the signature validation.
return;
case HandshakeResult.INVALID_SIGNATURE:
// The update request returned the data which did not pass the signature validation.
return;
case HandshakeResult.INVALID_URL_SERVICE:
// The url service does not exist or is invalid.
return;
}
}
);
}
| Function | Parameters | Description |
|---|---|---|
| updateFingerprint | publicKey: string, serviceUrl: string, callback: (result: string) => void | Update the list of fingerprints from the remote server. The method is asynchronous. Response can get in the callback. |
| HandshakeResult | Description |
|---|---|
"OK" |
|
STORE_IS_EMPTY" |
|
"NETWORK_ERROR" | The update request failed on a network communication. |
"INVALID_DATA" | The update request returned the data which did not pass the signature validation. |
"INVALID_SIGNATURE" | The update request returned the data which did not pass the signature validation. |
"INVALID_URL_SERVICE" | The url service does not exist or is invalid. |
Clone the repo, change what you want and send PR.
For commit messages we use Conventional Commits.
Contributions are always welcome!
Code with ❤ by the Cyberlabs AI Front-End Team
FAQs
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
We found that @yoonit/nativescript-handshake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.