@yoonit/nativescript-handshake
Advanced tools
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
The SSL pinning is a technique mitigating man-in-the-middle attacks against the secure HTTP communication, but has a drawback, the certificate's expiration date. This resolve this problem, implementing dynamic SSL pinning, providing easy to use fingerprint validation on the TLS handshake. The remote server must be the responsible to update the certificate(s).
npm i -s @yoonit/nativescript-handshake
Special thanks and credits...
The current version of the library depends on
[Wultra SSL Pinning]([Android]((https://github.com/wultra/ssl-pinning-android) and iOS)).
function updateFingerprint() {
this.$yoo.handshake.updateFingerprints(
"YOUR PUBLIC KEY",
"YOUR SERVICE URL",
(result) => {
switch (result) {
case HandshakeResult.OK:
// - Everything is OK;
// - No Action is required;
return;
case HandshakeResult.STORE_IS_EMPTY:
// - The update request succeeded;
// - Result is still an empty list of certificates;
// - May loading & validating of remote data succeeded;
// - All loaded certificates are already expired;"
return;
case HandshakeResult.NETWORK_ERROR:
// - The update request failed on a network communication.
return;
case HandshakeResult.INVALID_DATA:
// The update request returned the data which did not pass the signature validation.
return;
case HandshakeResult.INVALID_SIGNATURE:
// The update request returned the data which did not pass the signature validation.
return;
case HandshakeResult.INVALID_URL_SERVICE:
// The url service does not exist or is invalid.
return;
}
}
);
}
| Function | Parameters | Description |
|---|---|---|
| updateFingerprint | publicKey: string, serviceUrl: string, callback: (result: string) => void | Update the list of fingerprints from the remote server. The method is asynchronous. Response can get in the callback. |
| HandshakeResult | Description |
|---|---|
"OK" |
|
STORE_IS_EMPTY" |
|
"NETWORK_ERROR" | The update request failed on a network communication. |
"INVALID_DATA" | The update request returned the data which did not pass the signature validation. |
"INVALID_SIGNATURE" | The update request returned the data which did not pass the signature validation. |
"INVALID_URL_SERVICE" | The url service does not exist or is invalid. |
Clone the repo, change what you want and send PR.
For commit messages we use Conventional Commits.
Contributions are always welcome!
Code with ❤ by the Cyberlabs AI Front-End Team
FAQs
A NativeScript NPM implementing dynamic SSL pinning for Android and iOS.
The npm package @yoonit/nativescript-handshake receives a total of 0 weekly downloads. As such, @yoonit/nativescript-handshake popularity was classified as not popular.
We found that @yoonit/nativescript-handshake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.