Merge pull request #119 from datatheorem/dev

All changes for 1.5.0

.gitignore

@@ -37,4 +37,4 @@ _site
 # Jazzy
 *.tgz
 
-
+.DS_Store

.jazzy.yaml

@@ -0,0 +1,62 @@
+module: TrustKit
+author: Data Theorem
+author_url: https://datatheorem.github.io
+github_url: https://github.com/datatheorem/TrustKit
+
+clean: true
+hide_documentation_coverage: true
+theme: fullwidth
+
+objc: true
+umbrella_header: "TrustKit/TrustKit.h"
+framework_root: "./TrustKit"
+
+readme: "docs/documentation-readme.md"
+output: "docs/documentation"
+
+custom_categories:
+  - name: Initalizing TrustKit
+    children:
+    - TrustKit
+
+  - name: Implementing Pinning Validation
+    children:
+    - TSKPinningValidator
+    - TSKTrustDecision
+
+  - name: Setting up a Validation Callback
+    children:
+    - TSKPinningValidatorCallback
+    - TSKPinningValidatorResult
+    - TKSDomainPinningPolicy
+    - TSKTrustEvaluationResult
+
+  - name: Global Configuration Keys
+    children:
+    - TSKGlobalConfigurationKey
+    - kTSKSwizzleNetworkDelegates
+    - kTSKPinnedDomains
+    - kTSKIgnorePinningForUserDefinedTrustAnchors
+
+  - name: Domain Configuration Keys
+    children:
+    - TSKDomainConfigurationKey
+    - kTSKPublicKeyHashes
+    - kTSKPublicKeyAlgorithms
+    - kTSKEnforcePinning
+    - kTSKIncludeSubdomains
+    - kTSKExcludeSubdomainFromParentPolicy
+    - kTSKReportUris
+    - kTSKDisableDefaultReportUri 
+    - kTSKExpirationDate
+    - kTSKAdditionalTrustAnchors
+
+  - name: Public Key Algorithm Keys
+    children:
+    - TSKSupportedAlgorithm
+    - kTSKAlgorithmRsa2048
+    - kTSKAlgorithmRsa4096
+    - kTSKAlgorithmEcDsaSecp256r1
+    - kTSKAlgorithmEcDsaSecp384r1
+
+

README.md

@@ -3,7 +3,7 @@ TrustKit
 
 [![Build Status](https://circleci.com/gh/datatheorem/TrustKit.svg?style=svg)](https://circleci.com/gh/datatheorem/TrustKit) [![Carthage compatible](https://img.shields.io/badge/Carthage-compatible-4BC51D.svg?style=flat)](https://github.com/Carthage/Carthage) [![Version Status](https://img.shields.io/cocoapods/v/TrustKit.svg?style=flat)](https://cocoapods.org/pods/TrustKit) [![Platform](https://img.shields.io/cocoapods/p/TrustKit.svg?style=flat)](https://cocoapods.org/pods/TrustKit) [![License MIT](https://img.shields.io/cocoapods/l/TrustKit.svg?style=flat)](https://en.wikipedia.org/wiki/MIT_License)
 
-**TrustKit** is an open source framework that makes it easy to deploy SSL public key pinning and reporting in any iOS 7+, macOS 10.9+, tvOS 10+ or watchOS 3+ App; it supports both Swift and Objective-C Apps.
+**TrustKit** is an open source framework that makes it easy to deploy SSL public key pinning and reporting in any iOS 8+, macOS 10.10+, tvOS 10+ or watchOS 3+ App; it supports both Swift and Objective-C Apps.
 
 If you need SSL pinning/reporting in your Android App. we have also released **TrustKit for Android** at [https://github.com/datatheorem/TrustKit-Android](https://github.com/datatheorem/TrustKit-Android).
 
@@ -33,31 +33,7 @@ Getting Started
 Sample Usage
 ------------
 
-**TrustKit** can be deployed using CocoaPods, by adding the following line to your Podfile:
-
-```ruby
-pod 'TrustKit'
-```
-
-Then run:
-
-```sh
-$ pod install
-```
-
-Alternatively, Carthage can be used by adding the following line to your Cartfile:
-
-```
-github "datatheorem/TrustKit"
-```
-
-Then run:
-
-```sh
-carthage build --platform iOS
-```
-
-Then, deploying SSL pinning in the App requires initializing **TrustKit** with a pinning policy (domains, Subject Public Key Info hashes, and additional settings).
+Deploying SSL pinning in the App requires initializing **TrustKit** with a pinning policy (domains, Subject Public Key Info hashes, and additional settings).
 
 The policy can be configured within the App's `Info.plist`:
 
@@ -90,7 +66,7 @@ Alternatively, the pinning policy can be set programmatically:
                     }
             }};
 
-    [TrustKit initializeWithConfiguration:trustKitConfig];
+    [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];
 ```
 
 The policy can also be set programmatically in Swift Apps:
@@ -107,20 +83,38 @@ The policy can also be set programmatically in Swift Apps:
                         "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="
                     ],]]] as [String : Any]
         
-        TrustKit.initialize(withConfiguration:trustKitConfig)
+        TrustKit.initSharedInstance(withConfiguration:trustKitConfig)
 ```
 
-Once **TrustKit** has been initialized and if `kTSKSwizzleNetworkDelegates` is enabled in the policy, TrustKit will automatically swizzle the App's _NSURLSession_ and _NSURLConnection_ delegates to verify the server's certificate against the configured pinning policy, whenever an HTTPS connection is initiated. If report URIs have been configured, the App will also send reports to the specified URIs whenever a pin validation failure occurred.
+After TrustKit has been initialized, a 
+[`TSKPinningValidator` instance](https://datatheorem.github.io/TrustKit/documentation/Classes/TSKPinningValidator.html) 
+can be retrieved from the TrustKit singleton, and can be used to perform SSL pinning validation 
+in the App's network delegates. For example in an NSURLSessionDelegate:
 
-The swizzling behavior should only be used for simple Apps. When swizzling is disabled, a server's certificate chain can easily be manually checked against the App's SSL pinning policy using the `TSKPinningValidator` class, for example to implement an authentication handler.
+```objc
+- (void)URLSession:(NSURLSession *)session 
+              task:(NSURLSessionTask *)task 
+didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge 
+ completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
+{
+    TSKPinningValidator *pinningValidator = [[TrustKit sharedInstance] pinningValidator];
+    // Pass the authentication challenge to the validator; if the validation fails, the connection will be blocked
+    if (![pinningValidator handleChallenge:challenge completionHandler:completionHandler])
+    {
+        // TrustKit did not handle this challenge: perhaps it was not for server trust
+        // or the domain was not pinned. Fall back to the default behavior
+        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
+    }
+}
+```
 
 For more information, see the [Getting Started][getting-started] guide.
 
 
 Credits
 -------
 
-**TrustKit** is a joint-effort between the security teams at Data Theorem and Yahoo. See `AUTHORS` for details.
+**TrustKit** is a joint-effort between the mobile teams at Data Theorem and Yahoo. See `AUTHORS` for details.
 
 
 License

TrustKit.podspec

@@ -1,19 +1,27 @@
 Pod::Spec.new do |s|
   s.name         = "TrustKit"
-  s.version      = "1.4.2"
+  s.version      = "1.5.0"
   s.summary      = 'TrustKit is an open source framework that makes it easy to deploy SSL pinning in any iOS, macOS, tvOS or watchOS App.'
   s.homepage     = "https://datatheorem.github.io/TrustKit"
   s.documentation_url = 'https://datatheorem.github.io/TrustKit/documentation/'
   s.license      = { :type => 'MIT', :file => 'LICENSE' }
   s.authors      = 'Alban Diquet', 'Angela Chow', 'Eric Castro'
   s.source       = { :git => "https://github.com/datatheorem/TrustKit.git", :tag => "#{s.version}" }
-  s.ios.deployment_target = '7.0'
-  s.osx.deployment_target = '10.9'
+
+  s.ios.deployment_target = '8.0'
+  s.osx.deployment_target = '10.10'
   s.tvos.deployment_target = '10.0'
   s.watchos.deployment_target = '3.0'
-  s.source_files = 'TrustKit', 'TrustKit/**/*.{h,m,c}'
-  s.header_mappings_dir = 'TrustKit'
-  s.public_header_files = 'TrustKit/TrustKit.h', 'TrustKit/TSKPinningValidator.h'
-  s.frameworks = 'Foundation', 'Security'
+
+  s.source_files = ['TrustKit', 'TrustKit/**/*.{h,m,c}']
+  s.public_header_files = [
+    'TrustKit/TrustKit.h',
+    'TrustKit/TSKTrustKitConfig.h',
+    'TrustKit/TSKPinningValidator.h',
+    'TrustKit/TSKPinningValidatorCallback.h',
+    'TrustKit/TSKPinningValidatorResult.h',
+    'TrustKit/TSKTrustDecision.h',
+  ]
+  s.frameworks = ['Foundation', 'Security']
   s.requires_arc = true
 end