react-native-security-suite 0.7.2 → 0.8.0

package/README.md

@@ -3,13 +3,7 @@
 Security solutions for React Native both platform Android and iOS
 You can use any of the following:
 
-<ol>
-  <li>Android Root device or iOS Jailbreak device detection</li>
-  <li>Text Encryption/Decryption</li>
-  <li>Secure storage</li>
-  <li>Diffie–Hellman key exchange</li>
-  <li>SSL Pinning & public key pinning</li>
-</ol>
+<ol><li>Android Root device or iOS Jailbreak device detection</li><li>Text Encryption/Decryption</li><li>Secure storage</li><li>Diffie–Hellman key exchange</li><li>SSL Pinning &amp; public key pinning</li><li>Network Logger (Android Chucker - iOS Pulse)</li></ol>
 
 ## Installation
 
@@ -32,8 +26,7 @@ const isRiskyDevice = await deviceHasSecurityRisk();
 console.log('Root/Jailbreak detection result: ', isRiskyDevice);
 ```
 
-\
-2. Text Encryption/Decryption example:
+2\. Text Encryption/Decryption example:
 
 ```js
 const softEncrypted = await encrypt('STR_FOR_ENCRYPT');
@@ -42,8 +35,7 @@ const softDecrypted = await decrypt('STR_FOR_DECRYPT');
 console.log('Decrypted result: ', softDecrypted);
 ```
 
-\
-3. Secure storage example:
+3\. Secure storage example:
 
 ```js
 import { SecureStorage } from 'react-native-security-suite';
@@ -52,8 +44,7 @@ SecureStorage.setItem('key', 'value');
 console.log(await SecureStorage.getItem('key'));
 ```
 
-\
-4. Diffie–Hellman key exchange:
+4\. Diffie–Hellman key exchange:
 
 ```js
 import {
@@ -80,8 +71,7 @@ const hardDecrypted = await decryptBySharedKey('STR_FOR_DECRYPT');
 console.log('Decrypted result: ', hardDecrypted);
 ```
 
-\
-5. SSL Pinning with android network logger example:
+5\. SSL Pinning with network logger:
 
 ```js
 import { fetch } from 'react-native-security-suite';

package/ios/PulseUINotification.swift

@@ -0,0 +1,82 @@
+import UserNotifications
+import PulseUI
+import SwiftUI
+
+@available(iOS 13.0, *)
+class PulseUINotification: NSObject, UNUserNotificationCenterDelegate {
+  override init() {
+    super.init()
+
+    UNUserNotificationCenter.current().delegate = self
+  }
+
+  func userNotificationCenter(_ center: UNUserNotificationCenter, willPresent notification: UNNotification, withCompletionHandler completionHandler: @escaping (UNNotificationPresentationOptions) -> Void) {
+    completionHandler([.sound, .badge])
+  }
+  
+  func userNotificationCenter(_ center: UNUserNotificationCenter, didReceive response: UNNotificationResponse, withCompletionHandler completionHandler: @escaping () -> Void) {
+      switch response.actionIdentifier {
+        case "openPulse":
+          openPulseUI()
+          break
+        default:
+          openPulseUI()
+          break
+      }
+    completionHandler()
+  }
+  
+  func requestPermission() {
+    UNUserNotificationCenter.current().requestAuthorization(options: [.alert, .badge, .sound]) { granted, error in
+      if granted {
+//        print("PulseUI Notification Permission Granted")
+      } else {
+        print("PulseUI Notification Permission Denied")
+      }
+    }
+  }
+  
+  func showNotification(body: String) {
+     requestPermission()
+     
+     let content = UNMutableNotificationContent()
+     content.title = "Recording HTTP Activity"
+     content.body = body
+     content.sound = .none
+     content.badge = 1
+
+     let action = UNNotificationAction(identifier: "openPulse", title: "Open Pulse", options: [])
+     let category = UNNotificationCategory(identifier: "pulseCategory", actions: [action], intentIdentifiers: [], options: [])
+     
+     UNUserNotificationCenter.current().setNotificationCategories([category])
+     content.categoryIdentifier = "pulseCategory"
+     
+     let trigger = UNTimeIntervalNotificationTrigger(timeInterval: 1, repeats: false)
+     
+     let request = UNNotificationRequest(identifier: "pulseNotification", content: content, trigger: trigger)
+     
+     UNUserNotificationCenter.current().add(request) { error in
+         if let error = error {
+             print("Error scheduling notification: \(error.localizedDescription)")
+         }
+     }
+  }
+  
+  @objc(openPulseUI)
+  func openPulseUI() {
+    DispatchQueue.main.async {
+      if #available(iOS 15.0, *) {
+        let hostingController = UIHostingController(rootView: ConsoleView())
+        if let rootViewController = UIApplication.shared.keyWindow?.rootViewController {
+          let navigationController = UINavigationController()
+          navigationController.setViewControllers([hostingController], animated: false)
+          rootViewController.present(navigationController, animated: true, completion: nil)
+        }
+      } else {
+        if let rootViewController = UIApplication.shared.keyWindow?.rootViewController {
+          rootViewController.present(UIViewController(), animated: true, completion: nil)
+        }
+      }
+    }
+  }
+}

package/ios/SecuritySuite.swift

@@ -11,8 +11,9 @@ class SecuritySuite: NSObject {
     var privateKey: String!,
         publicKey: String!,
         sharedKey: String!,
-        keyData: Data!
-    
+        keyData: Data!,
+        session: URLSession!
+  
     @objc(getPublicKey:withRejecter:)
     func getPublicKey(resolve: @escaping RCTPromiseResolveBlock, reject: RCTPromiseRejectBlock) -> Void {
         do {
@@ -127,62 +128,43 @@ class SecuritySuite: NSObject {
     
     @objc(fetch:withData:withCallback:)
     func fetch(url: NSString, data: NSDictionary, callback: @escaping RCTResponseSenderBlock) -> Void {
-        let config = URLSessionConfiguration.default
-        config.httpShouldSetCookies = false
-        config.httpCookieAcceptPolicy = .never
-        config.networkServiceType = .responsiveData
-        config.shouldUseExtendedBackgroundIdleMode = true
-        
-        let sslPinning = SSLPinning(data: data)
+        let configuration = URLSessionConfiguration.default
+        configuration.httpShouldSetCookies = false
+        configuration.httpCookieAcceptPolicy = .never
+        configuration.networkServiceType = .responsiveData
+        configuration.shouldUseExtendedBackgroundIdleMode = true
         
-        let startTime = Date()
         var request = URLRequest(url: URL(string: url as String)!)
-        
         request.httpMethod = data["method"] as? String ?? "POST"
         request.timeoutInterval = data["timeout"] as? TimeInterval ?? 60.0
         request.allHTTPHeaderFields = data["headers"] as? [String : String]
-        if data["body"] != nil { request.httpBody = (data["body"] as! String).data(using: .utf8)! } else { request.httpBody = "".data(using: .utf8)! }
-        
-        if data["keyId"] != nil && data["requestId"] != nil {
-            request.setValue(jwsHeader(payload: request.httpBody ?? .init(), keyId: data["keyId"] as! String, requestId: data["requestId"] as! String), forHTTPHeaderField: "X-JWS-Signature")
-        }
-        
-        let session = URLSession(configuration: config, delegate: sslPinning, delegateQueue: .main)
-
-        let task = session.dataTask(with: request) { data, response, error in
-            let response = response as? HTTPURLResponse
-            
-            if error == nil {
-                let responseCode = response?.statusCode
-                let responseString = String.init(decoding: data ?? .init(), as: UTF8.self)
-                let errorString = error?.localizedDescription
-                let responseJSON = try? JSONSerialization.jsonObject(with: data!, options: [])
-                
-                var result:NSMutableDictionary = [
-                    "status": response?.statusCode,
-                    "url": url,
-                ]
-                if errorString == nil && responseCode! < 400 {
-                    result["response"] = responseString
-                    result["duration"] = "\(Int(Date().timeIntervalSince(startTime) * 1000))ms"
-                    result["responseJSON"] = responseJSON
-                    callback([result, NSNull()])
-                } else {
-                    result["error"] = responseString
-                    result["errorJSON"] = responseJSON
-                    do {
-                        let jsonData = try JSONSerialization.data(withJSONObject: result)
-                        callback([NSNull(), result])
-                    } catch {
-                        callback([NSNull(), "JSON_PARSE_ERROR"])
-                    }
-                }
-            } else {
-                callback([NSNull(), "MUST_BE_UPDATE"])
+        // Prepare body
+        if let body = data["body"] {
+            if let bodyString = body as? String {
+                request.httpBody = bodyString.data(using: .utf8)
+            } else if let bodyDict = body as? [String: Any] {
+                request.httpBody = try? JSONSerialization.data(withJSONObject: bodyDict, options: [])
             }
         }
-        
-        task.resume()
+      if data["keyId"] != nil && data["requestId"] != nil {
+        request
+          .setValue(
+            jwsHeader(
+              payload: request.httpBody ?? .init(),
+              keyId: data["keyId"] as! String,
+              requestId: data["requestId"] as! String
+            ),
+            forHTTPHeaderField: "X-JWS-Signature"
+          )
+      }
+
+      let sslPinning = SSLPinning(url: url, data: data, callback: callback)
+      let session = URLSession(
+        configuration: configuration,
+        delegate: sslPinning,
+        delegateQueue: .main
+      )
+      session.dataTask(with: request).resume()
     }
     
     @objc(deviceHasSecurityRisk:withRejecter:)
@@ -223,32 +205,3 @@ class SecuritySuite: NSObject {
         }
     }
 }
-
-struct ASN1 {
-    static let rsa2048 = Data(base64Encoded: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A")!
-    static let rsa4096 = Data(base64Encoded: "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A")!
-    static let ec256   = Data(base64Encoded: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgA=")!
-    static let ec384   = Data(base64Encoded: "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgA=")!
-    static let ec521   = Data(base64Encoded: "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQ=")!
-}
-
-struct JoseHeader: Codable {
-    internal init(alg: String = "HS256", kid: String, b64: Bool = false, crit: [String] = ["b64"], requestId: String) {
-        self.alg = alg
-        self.kid = kid
-        self.b64 = b64
-        self.crit = crit
-        self.requestId = requestId
-    }
-    
-    private enum CodingKeys: String, CodingKey {
-        case alg, kid, b64, crit
-        case requestId = "request_id"
-    }
-    
-    let alg: String
-    let kid: String
-    let b64: Bool
-    let crit: [String]
-    let requestId: String
-}

package/ios/SecuritySuite.xcodeproj/project.xcworkspace/contents.xcworkspacedata

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>

package/ios/SecuritySuite.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

package/ios/SecuritySuite.xcodeproj/xcuserdata/m.navabifar.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>SchemeUserState</key>
+	<dict>
+		<key>SecuritySuite.xcscheme_^#shared#^_</key>
+		<dict>
+			<key>orderHint</key>
+			<integer>0</integer>
+		</dict>
+	</dict>
+</dict>
+</plist>

package/ios/SslPinning.swift

@@ -1,71 +1,155 @@
-import Foundation
+import Pulse
 
 @available(iOS 13.0, *)
-class SSLPinning: NSObject, URLSessionDelegate {
-    var validDomains: [String] = []
-    var intermediateKeyHashes: [Data] = []
-    var leafKeyHashes: [Data] = []
-    
-    init(data: NSDictionary) {
-        if let certs = data["certificates"] as? [String] {
-            for cert in certs {
-                var filteredCert = cert.replacingOccurrences(of: "sha256/", with: "", options: .caseInsensitive, range: nil)
-                intermediateKeyHashes.append(Data(base64Encoded: filteredCert)!)
-            }
-        }
+class SSLPinning: NSObject, URLSessionDataDelegate {
+  var url: NSString!
+  var data: NSDictionary!
+  var callback: RCTResponseSenderBlock!
+  var validDomains: [String] = []
+  var intermediateKeyHashes: [Data] = []
+  var leafKeyHashes: [Data] = []
+  var networkLogger: NetworkLogger = .init()
+  var responseData: Data = Data()
+  let pulseNotification = PulseUINotification()
+
+  init(url: NSString, data: NSDictionary, callback: @escaping RCTResponseSenderBlock) {
+      self.url = url
+      self.data = data
+      self.callback = callback
+  }
+
+  func urlSession(
+    _ session: URLSession,
+    didReceive challenge: URLAuthenticationChallenge,
+    completionHandler: @escaping (
+      URLSession.AuthChallengeDisposition,
+      URLCredential?
+    ) -> Void
+  ) {
+    if let certs = data["certificates"] as? [String] {
+      for cert in certs {
+        let filteredCert = cert.replacingOccurrences(
+          of: "sha256/",
+          with: "",
+          options: .caseInsensitive,
+          range: nil
+        )
+        intermediateKeyHashes.append(Data(base64Encoded: filteredCert)!)
+      }
+    } else {
+      return completionHandler(.performDefaultHandling, nil)
+    }
         
-        if let domains = data["validDomains"] as? [String] {
-            for domain in domains {
-                validDomains.append(domain)
-            }
-        }
+    if let domains = data["validDomains"] as? [String] {
+      for domain in domains {
+        validDomains.append(domain)
+      }
+    } else {
+      return completionHandler(.performDefaultHandling, nil)
     }
-    
-    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
-        guard let trust = challenge.protectionSpace.serverTrust else {
-            return completionHandler(.cancelAuthenticationChallenge, nil)
-        }
+      
+    guard let trust = challenge.protectionSpace.serverTrust else {
+      return completionHandler(.cancelAuthenticationChallenge, nil)
+    }
+
+    let host = challenge.protectionSpace.host
+    let port = challenge.protectionSpace.port
+    guard port == 443, (3...4).contains(trust.certificates.count),
+          let leafCertificate = trust.certificates.first,
+          let commonName = leafCertificate.commonName,
+          validDomains
+      .contains(where: { commonName == $0 || commonName.hasSuffix("." + $0) }) else {
+      completionHandler(.cancelAuthenticationChallenge, nil)
+      return
+    }
+    let intermediateCertificatesValid = trust.certificates.dropFirst().prefix(2).allSatisfy {
+      ($0.pin.map(intermediateKeyHashes.contains) ?? false)
+    }
+    let leafCertificateValid = leafKeyHashes.contains(
+      leafCertificate.pin ?? .init()
+    )
         
-        let host = challenge.protectionSpace.host
-        let port = challenge.protectionSpace.port
-        guard port == 443, (3...4).contains(trust.certificates.count),
-              let leafCertificate = trust.certificates.first,
-              let commonName = leafCertificate.commonName,
-              validDomains.contains(where: { commonName == $0 || commonName.hasSuffix("." + $0) }) else {
-                  completionHandler(.cancelAuthenticationChallenge, nil)
-                  return
-              }
-        let intermediateCertificatesValid = trust.certificates.dropFirst().prefix(2).allSatisfy {
-            ($0.pin.map(intermediateKeyHashes.contains) ?? false)
-        }
-        let leafCertificateValid = leafKeyHashes.contains(leafCertificate.pin ?? .init())
+    let pattern = commonName
+      .replacingOccurrences(of: ".", with: "\\.")
+      .replacingOccurrences(of: "*", with: ".+", options: [.anchored])
+    guard intermediateCertificatesValid && (
+      leafKeyHashes.isEmpty || leafCertificateValid
+    ),
+          let commonNameRegex = try? NSRegularExpression(pattern: pattern) else {
+      completionHandler(.cancelAuthenticationChallenge, nil)
+      return
+    }
         
-        let pattern = commonName
-            .replacingOccurrences(of: ".", with: "\\.")
-            .replacingOccurrences(of: "*", with: ".+", options: [.anchored])
-        guard intermediateCertificatesValid && (leafKeyHashes.isEmpty || leafCertificateValid),
-              let commonNameRegex = try? NSRegularExpression(pattern: pattern) else {
-            completionHandler(.cancelAuthenticationChallenge, nil)
-            return
-        }
+    guard commonNameRegex.textMatches(in: host) == [host] else {
+      completionHandler(.cancelAuthenticationChallenge, nil)
+      return
+    }
         
-        guard commonNameRegex.textMatches(in: host) == [host] else {
-            completionHandler(.cancelAuthenticationChallenge, nil)
-            return
-        }
+    trust.policies = [.ssl(server: true, hostname: host)]
+    do {
+      if try !trust.evaluate() {
+        completionHandler(.cancelAuthenticationChallenge, nil)
+      }
+    } catch {
+      completionHandler(.cancelAuthenticationChallenge, nil)
+      return
+    }
         
-        trust.policies = [.ssl(server: true, hostname: host)]
-        do {
-            if try !trust.evaluate() {
-                completionHandler(.cancelAuthenticationChallenge, nil)
+    let credential = URLCredential(trust: trust)
+    completionHandler(.useCredential, credential)
+  }
+    
+    func urlSession(_ session: URLSession, didCreateTask task: URLSessionTask) {
+      networkLogger.logTaskCreated(task)
+    }
+  
+    func urlSession(_ session: URLSession, dataTask: URLSessionDataTask, didReceive data: Data) {
+      networkLogger.logDataTask(dataTask, didReceive: data)
+      responseData.append(data)
+    }
+    
+    func urlSession(_ session: URLSession, task: URLSessionTask, didCompleteWithError error: Error?) {
+      networkLogger.logTask(task, didCompleteWithError: error)
+      
+      if let error = error {
+          callback([nil, error.localizedDescription])
+      } else {
+        if let httpResponse = task.response as? HTTPURLResponse {
+          let url = httpResponse.url?.absoluteString ?? url! as String
+          let status = httpResponse.statusCode
+          let headers = httpResponse.allHeaderFields
+          
+          if(httpResponse.statusCode > 299) {
+            callback([NSNull(),  [
+              "url": url,
+              "status": status,
+              "headers": status,
+              "error": String(data: responseData, encoding: .utf8) ?? "",
+            ]])
+          } else {
+            callback([[
+              "url": url,
+              "status": status,
+              "headers": headers,
+              "response": String.init(decoding: responseData, as: UTF8.self),
+              "responseJson": try? JSONSerialization.jsonObject(with: responseData, options: []),
+            ], NSNull()])
+          }
+        } else {
+            callback([NSNull(), "Unknown error occurred"])
+        }
+      }
+    }
+
+    func urlSession(_ session: URLSession, task: URLSessionTask, didFinishCollecting metrics: URLSessionTaskMetrics) {
+        networkLogger.logTask(task, didFinishCollecting: metrics)
+        if (data["loggerIsEnabled"] as? Bool) == true {
+          if let httpResponse = task.response as? HTTPURLResponse {
+            if let url = URL(string: httpResponse.url?.absoluteString ?? url! as String) {
+              pulseNotification.showNotification(body: "\(httpResponse.statusCode) \(url.relativePath)")
             }
-        } catch {
-            completionHandler(.cancelAuthenticationChallenge, nil)
-            return
+          }
         }
-        
-        let credential = URLCredential(trust: trust)
-        completionHandler(.useCredential, credential)
     }
 }
 
@@ -196,3 +280,24 @@ extension NSRegularExpression {
             }
     }
 }
+
+struct JoseHeader: Codable {
+    internal init(alg: String = "HS256", kid: String, b64: Bool = false, crit: [String] = ["b64"], requestId: String) {
+        self.alg = alg
+        self.kid = kid
+        self.b64 = b64
+        self.crit = crit
+        self.requestId = requestId
+    }
+    
+    private enum CodingKeys: String, CodingKey {
+        case alg, kid, b64, crit
+        case requestId = "request_id"
+    }
+    
+    let alg: String
+    let kid: String
+    let b64: Bool
+    let crit: [String]
+    let requestId: String
+}

package/ios/StorageEncryption.swift

@@ -79,3 +79,11 @@ public extension Data {
             .joined()
     }
 }
+
+struct ASN1 {
+    static let rsa2048 = Data(base64Encoded: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A")!
+    static let rsa4096 = Data(base64Encoded: "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A")!
+    static let ec256   = Data(base64Encoded: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgA=")!
+    static let ec384   = Data(base64Encoded: "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgA=")!
+    static let ec521   = Data(base64Encoded: "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQ=")!
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-security-suite",
-  "version": "0.7.2",
+  "version": "0.8.0",
   "description": "Security solution for React Native",
   "source": "./src/index.tsx",
   "main": "./lib/commonjs/index.js",

package/react-native-security-suite.podspec

@@ -18,6 +18,8 @@ Pod::Spec.new do |s|
 
   s.dependency "React-Core"
   s.dependency "IOSSecuritySuite"
+  s.dependency "PulseCore"
+  s.dependency "PulseUI"
 
   # Use install_modules_dependencies helper to install the dependencies if React Native version >=0.71.0.
   # See https://github.com/facebook/react-native/blob/febf6b7f33fdb4904669f99d795eba4c0f95d7bf/scripts/cocoapods/new_architecture.rb#L79.