Certificate pinning and Alamofire

1. Alamofire and URLSession.

 both help you to make network requests in Swift. 

Main advantage for Alamofire:

  • Certificate pinning. It can take some time to sort this out and build this yourself.
Asymmetric cryptographyThe second phase uses public-key cryptography or asymmetric cryptography. This is a cryptographic system that uses pairs of keys: Public keys, which are widely disseminated and private keys, which only the owner knows.

The third phase uses symmetric-key cryptography, where you use the same key for both encryption of plaintext and decryption of ciphertext.

In other words, you configure the app to reject all but one or a few predefined certificates or public keys. Whenever the app connects to a server, it compares the server certificate with the pinned certificate(s) or public key(s). If and only if they match, the app trusts the server and establishes the connection.

You usually add a service’s certificate or public key at development time. In other words, your mobile app should include the digital certificate or the public key within your app’s bundle. This is the preferred method, since an attacker cannot taint the pin.


  • Requests retrying. When a request fails for example because of an authentication failure, you can easily refresh your authentication token and invoke the same request again without touching the implementation code.
  • The syntax for building up requests is a lot more elegant and easier to use. It saves you from a lot extra code and makes validation and error handling a lot easier.
  • Example
AF.request("https://api.mywebserver.com/v1/board", method: .get, parameters: ["title": "New York Highlights"])
    .validate(statusCode: 200..<300)
    .responseDecodable { (response: DataResponse) in
        switch response.result {
        case .success(let board):
            print("Created board title is \(board.title)") // New York Highlights
        case .failure(let error):
            print("Board creation failed with error: \(error.localizedDescription)")
        }
}
enum Error Swift.Error case requestFailed
}

// Build up the URL
var components = URLComponents(string: "https://api.mywebserver.com/v1/board")!
components.queryItems = ["title": "New York Highlights"].map { (key, value) in
    URLQueryItem(name: key, value: value)
}

// Generate and execute the request
let request = try! URLRequest(url: components.url!, method: .get)
URLSession.shared.dataTask(with: request) { (data, response, error) in
    do {
        guard let data = data,
            let response = response as? HTTPURLResponse, (200 ..< 300) ~= response.statusCode,
            error == nil else {
            // Data was nil, validation failed or an error occurred.
            throw error ?? Error.requestFailed
        }
        let board = try JSONDecoder().decode(Board.self, from: data)
        print("Created board title is \(board.title)") // New York Highlights
    } catch {
        print("Board creation failed with error: \(error.localizedDescription)")
    }
}

Comments

Post a Comment

Popular posts from this blog

iOS Questions (Swift Programming Language)

Image
  1. What’s the difference between  var  and  let ?  Both var and let are references, therefore let is a const reference. let is used to declare a constant value - you won't change it after giving it an initial value. Its a immutable variable. let theAnswer = 42 The theAnswer cannot be changed afterwards. This is why anything weak can't be written using let. They need to change during runtime and you must be using var instead. The var defines an ordinary variable. What is interesting: The value of a constant doesn’t need to be known at compile time, but you must assign the value exactly once. Another strange feature: You can use almost any character you like for constant and variable names, including Unicode characters: let 🐶🐮 = "dogcow" let defines a "constant". Its value is set once and only once, though not necessarily when you declare it. For example, you use let to define a property in a class that must be set during initialization: var is used to dec...
Read more

Dispatch techniques: Dynamic dispatch and Static Dispatch

4 types of dispatch techniques — Inline  (Fastest) Static Dispatch Virtual Dispatch Dynamic Dispatch  (Slowest) Dynamic dispatch Swift  allows a class to override methods and properties declared in its superclasses. ... This technique, called  dynamic dispatch , increases language expressivity at the cost of a constant amount of runtime overhead for each indirect usage. Method Dispatch is the mechanism that helps to decide which operation should be executed, or more specifically, which method implementation should be used. Dynamic Dispatch  is supported only by  reference types ( i.e.  Class). The reason for this is that, for  dynamism , or  dynamic dispatch,  in short, we need  inheritance  and our  value types  do not support inheritance. To achieve  Dynamic Dispatch , we use inheritance, subclass a base class and then override an existing method of the base class. Also, we can make use of  dynamic  k...
Read more

What’s the difference between var and let? Which one would you choose for properties in a struct and Class why?

Image
Let is an immutable variable, meaning that it cannot be changed, other languages call this a constant. Var is a mutable variable, meaning that it can be changed.   “Use let to make a constant and var to make a variable” let aPerson = Person (name: Foo , first: Bar ) //< data of aPerson are changeable, not the reference var aPerson = Person (name: Foo , first: Bar ) //< both reference and data are changeable. var aPersonA = Person (name: A , first: a) var aPersonB = Person (name: B , first: b) aPersonA = aPersonB //aPersonA now refers to Person (name: B , first: b) Value and Reference Type Reference Type(Class) Swift's  classes  are  mutable  a-priory var  +  class It can be  reassigned  or  changed let  +  class  =  constant of address It can  not  be  reassigned  and can be  changed Value(Struct, Enum) Swift's  struct  can change th...
Read more