diff --git a/MASFoundation/Classes/_private_/services/network/internal/MASSecurityPolicy.m b/MASFoundation/Classes/_private_/services/network/internal/MASSecurityPolicy.m index 0318cd0f..4a7abe4f 100644 --- a/MASFoundation/Classes/_private_/services/network/internal/MASSecurityPolicy.m +++ b/MASFoundation/Classes/_private_/services/network/internal/MASSecurityPolicy.m @@ -91,9 +91,21 @@ - (BOOL)evaluateSecurityConfigurationsForServerTrust:(SecTrustRef)serverTrust fo switch (securityConfiguration.pinningMode) { case MASSecuritySSLPinningModeCertificate: { - isPinningVerified = [self validateCertPinning:serverTrust configuration:securityConfiguration certChain:certificateChain]; + BOOL isPublicKeyHashVerified = NO; + + if (securityConfiguration.publicKeyHashes != nil && [securityConfiguration.publicKeyHashes isKindOfClass:[NSArray class]] && [securityConfiguration.publicKeyHashes count] > 0) + { + isPublicKeyHashVerified = [self validatePublicKeyHash:serverTrust configuration:securityConfiguration]; + } + else + { + isPublicKeyHashVerified = YES; + } + + isPinningVerified = ([self validateCertPinning:serverTrust configuration:securityConfiguration certChain:certificateChain]) || isPublicKeyHashVerified; } break; + case MASSecuritySSLPinningModeIntermediateCertifcate: { isPinningVerified = [self validateIntermediateCertPinning:serverTrust configuration:securityConfiguration certChain:certificateChain]; @@ -151,7 +163,7 @@ - (BOOL)validateCertPinning:(SecTrustRef)serverTrust configuration:(MASSecurityC } } - return YES; + return NO; } @@ -180,7 +192,7 @@ - (BOOL)validateIntermediateCertPinning:(SecTrustRef)serverTrust configuration:( } - return YES; + return NO; } @@ -276,7 +288,7 @@ - (BOOL)validatePublicKeyHash:(SecTrustRef)serverTrust configuration:(MASSecurit } } - return YES; + return NO; }