react-native-ssl-manager 1.0.0 → 1.0.2

package/ios/SharedLogic.swift

@@ -0,0 +1,247 @@
+import Foundation
+import TrustKit
+import TrustKit.TSKPinningValidator
+import TrustKit.TSKPinningValidatorCallback
+
+enum SSLPinningError: Error {
+    case invalidConfiguration
+    case invalidPinConfiguration(domain: String)
+    
+    var message: String {
+        switch self {
+        case .invalidConfiguration:
+            return "Invalid SSL pinning configuration format"
+        case .invalidPinConfiguration(let domain):
+            return "Invalid pin configuration for domain: \(domain)"
+        }
+    }
+}
+
+/**
+ * Shared logic for SSL pinning functionality
+ * Contains common methods used by both CLI and Expo modules
+ */
+@objc class SharedLogic: NSObject {
+    static var sharedTrustKit: TrustKit?
+    private static let useSSLPinningKey = "useSSLPinning"
+    private static let userDefaults = UserDefaults.standard
+    
+    /**
+     * Set SSL pinning enabled/disabled state
+     * Auto-initialize SSL pinning when enabled
+     */
+    @objc static func setUseSSLPinning(_ usePinning: Bool) {
+        userDefaults.set(usePinning, forKey: useSSLPinningKey)
+        userDefaults.synchronize()
+        
+        // Auto-initialize SSL pinning when enabled
+        if usePinning {
+            do {
+                let _ = try initializeSslPinningFromBundle()
+
+            } catch {
+
+            }
+        } else {
+
+        }
+    }
+    
+    /**
+     * Get current SSL pinning state
+     */
+    @objc static func getUseSSLPinning() -> Bool {
+        // Check if key exists, if not return default true
+        if userDefaults.object(forKey: useSSLPinningKey) == nil {
+
+            return true // Default to enabled
+        }
+        let value = userDefaults.bool(forKey: useSSLPinningKey)
+
+        return value
+    }
+    
+    /**
+     * Clean JSON string from various formatting issues
+     */
+    static func cleanJsonString(_ jsonString: String) -> String {
+        var cleaned = jsonString
+            .replacingOccurrences(of: "\n", with: "")
+            .replacingOccurrences(of: "| ", with: "")
+            .replacingOccurrences(of: "\\ ", with: "")
+            .replacingOccurrences(of: "\\\"", with: "\"")
+        
+        // Remove any remaining backslashes before quotes
+        cleaned = cleaned.replacingOccurrences(of: "\\(?!\")", with: "")
+        
+        // Clean up any double spaces
+        cleaned = cleaned.replacingOccurrences(of: "  ", with: " ")
+        
+
+
+        
+        return cleaned
+    }
+    
+    /**
+     * Validate and clean pins for a domain
+     */
+    static func validateAndCleanPins(_ pins: [String], for domain: String) throws -> [String] {
+        guard !pins.isEmpty else {
+
+            throw SSLPinningError.invalidPinConfiguration(domain: domain)
+        }
+        
+        return try pins.map { pin -> String in
+            var cleanPin = pin.trimmingCharacters(in: .whitespacesAndNewlines)
+
+            
+            // Verify pin format
+            guard cleanPin.starts(with: "sha256/") else {
+
+                throw SSLPinningError.invalidPinConfiguration(domain: domain)
+            }
+            
+            // Remove sha256/ prefix for TrustKit
+            cleanPin = cleanPin.replacingOccurrences(of: "sha256/", with: "")
+            
+            // Check base64 format
+            guard cleanPin.range(of: "^[A-Za-z0-9+/=]+$", options: .regularExpression) != nil else {
+
+                throw SSLPinningError.invalidPinConfiguration(domain: domain)
+            }
+            
+            // Check length - SHA256 pins should be 44 characters when base64 encoded
+            guard cleanPin.count == 44 else {
+
+                throw SSLPinningError.invalidPinConfiguration(domain: domain)
+            }
+            
+
+            return cleanPin
+        }
+    }
+    
+    /**
+     * Initialize SSL pinning from bundle (auto-read ssl_config.json)
+     */
+    @objc static func initializeSslPinningFromBundle() throws -> [String: Any] {
+        // Try to read ssl_config.json from main bundle (auto-copied by script phase)
+        guard let path = Bundle.main.path(forResource: "ssl_config", ofType: "json"),
+              let configData = NSData(contentsOfFile: path),
+              let configJsonString = String(data: configData as Data, encoding: .utf8) else {
+
+
+
+            throw SSLPinningError.invalidConfiguration
+        }
+        
+
+        return try initializeSslPinning(configJsonString)
+    }
+    
+    /**
+     * Initialize SSL pinning with TrustKit
+     * Ported from original working code with minimal modifications
+     */
+    static func initializeSslPinning(_ configJsonString: String) throws -> [String: Any] {
+        // Check if SSL pinning is enabled
+        let isSSLPinningEnabled = getUseSSLPinning()
+        
+        if isSSLPinningEnabled {
+            do {
+                // Clean JSON first
+                let cleanedJson = cleanJsonString(configJsonString)
+                
+                // Parse JSON configuration
+                guard let jsonData = cleanedJson.data(using: .utf8),
+                      let config = try JSONSerialization.jsonObject(with: jsonData, options: []) as? [String: Any],
+                      let sha256Keys = config["sha256Keys"] as? [String: [String]] else {
+                    throw SSLPinningError.invalidConfiguration
+                }
+                
+                // Build pinned domains configuration
+                var pinnedDomains: [String: Any] = [:]
+                
+                // Process each domain and its pins from JSON
+                for (domain, pins) in sha256Keys {
+                    let cleanedPins = try validateAndCleanPins(pins, for: domain)
+                    
+                    pinnedDomains[domain] = [
+                        kTSKIncludeSubdomains: true,
+                        kTSKEnforcePinning: true,
+                        kTSKDisableDefaultReportUri: true,
+                        kTSKPublicKeyHashes: cleanedPins
+                    ]
+                }
+                
+                let trustKitConfig: [String: Any] = [
+                    kTSKSwizzleNetworkDelegates: true,
+                    kTSKPinnedDomains: pinnedDomains
+                ]
+                
+
+                
+                // Initialize TrustKit synchronously to catch initialization errors
+                do {
+
+
+                    
+                    // Initialize TrustKit with the configuration
+
+                    TrustKit.initSharedInstance(withConfiguration: trustKitConfig)
+                    SharedLogic.sharedTrustKit = TrustKit.sharedInstance()
+                    
+
+                    
+                    // Verify TrustKit is properly initialized
+                    if let trustKit = SharedLogic.sharedTrustKit {
+
+
+                        
+                        // Set up validation callback
+                        trustKit.pinningValidatorCallback = { result, notedHostname, policy in
+
+
+                            switch result.finalTrustDecision {
+                            case .shouldBlockConnection:
+                                break
+                            case .shouldAllowConnection:
+                                break
+                            default:
+                                break
+                            }
+                        }
+                        
+
+                    } else {
+
+                        throw SSLPinningError.invalidConfiguration
+                    }
+                } catch {
+
+                    throw error
+                }
+                
+                return [
+                    "message": "SSL Pinning initialized successfully",
+                    "domains": Array(pinnedDomains.keys)
+                ]
+                
+            } catch let error as SSLPinningError {
+
+                throw error
+            } catch {
+
+                throw error
+            }
+        } else {
+
+            return [
+                "message": "SSL Pinning is disabled",
+                "domains": [],
+                "isSSLPinningEnabled": isSSLPinningEnabled
+            ]
+        }
+    }
+}

package/ios/UseSslPinning.h

@@ -0,0 +1,5 @@
+#import <React/RCTBridgeModule.h>
+
+// Main module interface - SharedLogic will be accessed via Swift bridging header
+@interface UseSslPinning : NSObject <RCTBridgeModule>
+@end

package/ios/{UseSslPinning.mm → UseSslPinningModule.mm}

@@ -1,19 +1,22 @@
 #import <React/RCTBridgeModule.h>
 
+#if RCT_NEW_ARCH_ENABLED
+// New Architecture - TurboModule will be handled by Swift
+#else
+// Legacy Architecture - Bridge exports for Swift module
 @interface RCT_EXTERN_MODULE(UseSslPinning, NSObject)
 
-RCT_EXTERN_METHOD(setUseSSLPinning:(BOOL)usePinning)
-
-RCT_EXTERN_METHOD(getUseSSLPinning:(RCTPromiseResolveBlock)resolve
+RCT_EXTERN_METHOD(setUseSSLPinning:(BOOL)usePinning
+                  resolver:(RCTPromiseResolveBlock)resolve
                   rejecter:(RCTPromiseRejectBlock)reject)
 
-RCT_EXTERN_METHOD(initializeSslPinning:(NSString *)configJsonString
-                  resolver:(RCTPromiseResolveBlock)resolve
+RCT_EXTERN_METHOD(getUseSSLPinning:(RCTPromiseResolveBlock)resolve
                   rejecter:(RCTPromiseRejectBlock)reject)
 
 + (BOOL)requiresMainQueueSetup
 {
-    return NO;
+  return NO;
 }
 
 @end
+#endif

package/ios/UseSslPinningModule.swift

@@ -0,0 +1,65 @@
+import Foundation
+import React
+
+/**
+ * React Native SSL Pinning module - supports both architectures
+ * Uses conditional compilation for New Architecture vs Legacy
+ */
+@objc(UseSslPinning)
+class UseSslPinning: NSObject {
+    
+    override init() {
+        super.init()
+        
+        // Early initialization - setup SSL pinning if enabled
+        let isEnabled = SharedLogic.getUseSSLPinning()
+        if isEnabled {
+            do {
+                let _ = try SharedLogic.initializeSslPinningFromBundle()
+            } catch {
+                // SSL config not found or invalid - continue silently
+            }
+        }
+    }
+    
+    // MARK: - Shared Implementation Methods
+    
+    private func setUseSSLPinningImpl(_ usePinning: Bool, resolve: @escaping RCTPromiseResolveBlock) {
+        SharedLogic.setUseSSLPinning(usePinning)
+        resolve(nil)
+    }
+    
+    private func getUseSSLPinningImpl(_ resolve: @escaping RCTPromiseResolveBlock) {
+        let usePinning = SharedLogic.getUseSSLPinning()
+        resolve(usePinning)
+    }
+    
+    // MARK: - Architecture-specific exports
+    
+#if RCT_NEW_ARCH_ENABLED
+    
+    // New Architecture (TurboModule) - no @objc needed
+    func setUseSSLPinning(_ usePinning: Bool, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+        setUseSSLPinningImpl(usePinning, resolve: resolve)
+    }
+    
+    func getUseSSLPinning(_ resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+        getUseSSLPinningImpl(resolve)
+    }
+    
+#else
+    
+    // Legacy Architecture (Bridge) - needs @objc
+    @objc
+    func setUseSSLPinning(_ usePinning: Bool, resolver resolve: @escaping RCTPromiseResolveBlock, rejecter reject: @escaping RCTPromiseRejectBlock) {
+        setUseSSLPinningImpl(usePinning, resolve: resolve)
+    }
+    
+    @objc
+    func getUseSSLPinning(_ resolve: @escaping RCTPromiseResolveBlock, rejecter reject: @escaping RCTPromiseRejectBlock) {
+        getUseSSLPinningImpl(resolve)
+    }
+    
+#endif
+    
+}

package/lib/NativeUseSslPinning.d.ts

@@ -0,0 +1,8 @@
+import type { TurboModule } from 'react-native';
+export interface Spec extends TurboModule {
+    readonly setUseSSLPinning: (usePinning: boolean) => Promise<void>;
+    readonly getUseSSLPinning: () => Promise<boolean>;
+}
+declare const _default: Spec;
+export default _default;
+//# sourceMappingURL=NativeUseSslPinning.d.ts.map

package/lib/NativeUseSslPinning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NativeUseSslPinning.d.ts","sourceRoot":"","sources":["../src/NativeUseSslPinning.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,QAAQ,CAAC,gBAAgB,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;CACnD;;AAED,wBAAuE"}

package/lib/NativeUseSslPinning.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const react_native_1 = require("react-native");
+exports.default = react_native_1.TurboModuleRegistry.getEnforcing('UseSslPinning');

package/lib/UseSslPinning.types.d.ts

@@ -0,0 +1,17 @@
+/**
+ * SSL Pinning Configuration Interface
+ * Defines the structure for SSL pinning configuration
+ */
+export interface SslPinningConfig {
+    sha256Keys: {
+        [domain: string]: string[];
+    };
+}
+/**
+ * SSL Pinning Error Interface
+ */
+export interface SslPinningError extends Error {
+    code?: string;
+    message: string;
+}
+//# sourceMappingURL=UseSslPinning.types.d.ts.map

package/lib/UseSslPinning.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UseSslPinning.types.d.ts","sourceRoot":"","sources":["../src/UseSslPinning.types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE;QACV,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;KAC5B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,KAAK;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB"}

package/lib/UseSslPinning.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/index.d.ts

@@ -0,0 +1,15 @@
+export type { SslPinningConfig, SslPinningError } from './UseSslPinning.types';
+/**
+ * Sets whether SSL pinning should be used.
+ *
+ * @param {boolean} usePinning - Whether to enable SSL pinning
+ * @returns {Promise<void>} A promise that resolves when the setting is saved
+ */
+export declare const setUseSSLPinning: (usePinning: boolean) => Promise<void>;
+/**
+ * Retrieves the current state of SSL pinning usage.
+ *
+ * @returns A promise that resolves to a boolean indicating whether SSL pinning is being used.
+ */
+export declare const getUseSSLPinning: () => Promise<boolean>;
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.tsx"],"names":[],"mappings":"AAGA,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA0C/E;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,eAAgB,OAAO,KAAG,QAAQ,IAAI,CAElE,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,QAAa,QAAQ,OAAO,CAExD,CAAC"}

package/lib/index.js

@@ -0,0 +1,58 @@
+"use strict";
+// Remove unused Platform import since we no longer check OS
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getUseSSLPinning = exports.setUseSSLPinning = void 0;
+// New Architecture and Legacy Architecture support
+let UseSslPinning;
+try {
+    // Try Legacy NativeModules first (more reliable)
+    const { NativeModules } = require('react-native');
+    // Look for our universal module (works in both CLI and Expo)
+    UseSslPinning = NativeModules.UseSslPinning;
+    if (UseSslPinning) {
+    }
+    else {
+        // Fallback to TurboModule if available
+        try {
+            UseSslPinning = require('./NativeUseSslPinning').default;
+        }
+        catch (turboModuleError) {
+            console.log('❌ TurboModule failed:', turboModuleError.message);
+            UseSslPinning = null;
+        }
+    }
+}
+catch (error) {
+    console.log('❌ Overall module loading failed:', error.message);
+    UseSslPinning = null;
+}
+// Fallback implementation if native module is not available
+if (!UseSslPinning) {
+    UseSslPinning = {
+        setUseSSLPinning: (_usePinning) => {
+            return Promise.resolve();
+        },
+        getUseSSLPinning: () => {
+            return Promise.resolve(true);
+        },
+    };
+}
+/**
+ * Sets whether SSL pinning should be used.
+ *
+ * @param {boolean} usePinning - Whether to enable SSL pinning
+ * @returns {Promise<void>} A promise that resolves when the setting is saved
+ */
+const setUseSSLPinning = (usePinning) => {
+    return UseSslPinning.setUseSSLPinning(usePinning);
+};
+exports.setUseSSLPinning = setUseSSLPinning;
+/**
+ * Retrieves the current state of SSL pinning usage.
+ *
+ * @returns A promise that resolves to a boolean indicating whether SSL pinning is being used.
+ */
+const getUseSSLPinning = async () => {
+    return await UseSslPinning.getUseSSLPinning();
+};
+exports.getUseSSLPinning = getUseSSLPinning;

package/package.json

@@ -1,51 +1,89 @@
 {
   "name": "react-native-ssl-manager",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "React Native SSL Pinning provides seamless SSL certificate pinning integration for enhanced network security in React Native apps. This module enables developers to easily implement and manage certificate pinning, protecting applications against man-in-the-middle (MITM) attacks. With dynamic configuration options and the ability to toggle SSL pinning, it's particularly useful for development and testing scenarios.",
-  "main": "lib/commonjs/index",
-  "module": "lib/module/index",
-  "types": "lib/typescript/src/index.d.ts",
+  "main": "lib/index.js",
+  "module": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "source": "src/index.tsx",
+  "expo": {
+    "plugin": "./app.plugin.js"
+  },
   "react-native": {
     "android": {
-      "source": "android/src/main/java/com/usesslpinning/UseSslPinningPackage.kt"
+      "sourceDir": "android/src/main/java",
+      "packageImportPath": "import com.usesslpinning.UseSslPinningPackage;"
     },
     "ios": {
-      "podspec": "react-native-ssl-manager.podspec"
+      "podspecPath": "react-native-ssl-manager.podspec"
     }
   },
-  "source": "src/index",
+  "codegenConfig": {
+    "name": "RNUseSslPinningSpec",
+    "type": "modules",
+    "jsSrcsDir": "src"
+  },
   "files": [
-    "src",
     "lib",
-    "!**/__tests__",
-    "!**/__fixtures__",
-    "!**/__mocks__",
+    "src",
     "android",
     "ios",
-    "cpp",
+    "plugin",
+    "app.plugin.js",
     "*.podspec",
-    "!lib/typescript/example",
+    "react-native-ssl-manager.podspec",
+    "expo-module.config.json",
+    "react-native.config.js",
+    "scripts/build.sh",
+    "!**/__tests__",
+    "!**/__fixtures__",
+    "!**/__mocks__",
     "!ios/build",
     "!android/build",
+    "!android/.gradle",
     "!android/gradle",
     "!android/gradlew",
     "!android/gradlew.bat",
     "!android/local.properties",
+    "!example",
+    "!example-expo",
     "!**/.*"
   ],
   "scripts": {
-    "example": "yarn workspace react-native-ssl-manager-example",
-    "test": "jest",
+    "build": "tsc",
+    "clean": "expo-module clean",
+    "lint": "expo-module lint",
+    "test": "expo-module test",
+    "prepare": "echo 'Skipping prepare script'",
     "typecheck": "tsc --noEmit",
-    "lint": "eslint \"**/*.{js,ts,tsx}\"",
-    "clean": "del-cli android/build example/android/build example/android/app/build example/ios/build lib",
-    "prepare": "bob build",
-    "release": "release-it"
+    "release": "release-it",
+    "build:all": "./scripts/build.sh",
+    "build:examples": "./scripts/build.sh --with-examples",
+    "example:install": "cd example && yarn install",
+    "postinstall": "node scripts/postinstall.js",
+    "postinstall:bun": "bun scripts/bun-postinstall.js",
+    "example:ios": "cd example && npx react-native run-ios",
+    "example:android": "cd example && npx react-native run-android",
+    "example-expo:install": "cd example-expo && yarn install",
+    "example-expo:ios": "cd example-expo && npx expo run:ios",
+    "example-expo:android": "cd example-expo && npx expo run:android",
+    "example-expo:start": "cd example-expo && npx expo start",
+    "bun:install": "bun install",
+    "bun:build": "bun run build",
+    "bun:test": "bun test",
+    "bun:example:install": "cd example && bun install",
+    "bun:example-expo:install": "cd example-expo && bun install",
+    "bun:test-compatibility": "bun scripts/test-bun.js"
   },
   "keywords": [
     "react-native",
     "ios",
-    "android"
+    "android",
+    "expo",
+    "bun",
+    "ssl-pinning",
+    "security",
+    "certificate-pinning"
   ],
   "repository": {
     "type": "git",
@@ -63,7 +101,6 @@
   },
   "devDependencies": {
     "@commitlint/config-conventional": "^17.0.2",
-    "@evilmartians/lefthook": "^1.5.0",
     "@react-native/eslint-config": "^0.73.1",
     "@release-it/conventional-changelog": "^5.0.0",
     "@types/jest": "^29.5.5",
@@ -73,13 +110,13 @@
     "eslint": "^8.51.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.1",
+    "expo-module-scripts": "^3.4.0",
     "jest": "^29.7.0",
     "prettier": "^3.0.3",
     "react": "18.2.0",
     "react-native": "0.73.6",
     "react-native-builder-bob": "^0.20.0",
     "release-it": "^15.0.0",
-    "turbo": "^1.10.7",
     "typescript": "5.1.x"
   },
   "resolutions": {
@@ -89,14 +126,27 @@
     "react": "*",
     "react-native": "*"
   },
-  "workspaces": [
-    "example"
-  ],
   "packageManager": "yarn@3.6.1",
+  "engines": {
+    "node": ">=16.0.0",
+    "bun": ">=1.0.0"
+  },
+  "overrides": {
+    "bun": {
+      "react": "*",
+      "react-native": "*"
+    }
+  },
+  "codegenConfig": {
+    "name": "RNUseSslPinningSpec",
+    "type": "modules",
+    "jsSrcsDir": "src"
+  },
   "jest": {
     "preset": "react-native",
     "modulePathIgnorePatterns": [
       "<rootDir>/example/node_modules",
+      "<rootDir>/example-expo/node_modules",
       "<rootDir>/lib/"
     ]
   },
@@ -143,7 +193,9 @@
   },
   "eslintIgnore": [
     "node_modules/",
-    "lib/"
+    "lib/",
+    "example/",
+    "example-expo/"
   ],
   "prettier": {
     "quoteProps": "consistent",
@@ -152,21 +204,13 @@
     "trailingComma": "es5",
     "useTabs": false
   },
-  "react-native-builder-bob": {
-    "source": "src",
-    "output": "lib",
-    "targets": [
-      "commonjs",
-      "module",
-      [
-        "typescript",
-        {
-          "project": "tsconfig.build.json"
-        }
-      ]
-    ]
+  "codegenConfig": {
+    "name": "RNUseSslPinningSpec",
+    "type": "modules",
+    "jsSrcsDir": "src"
   },
   "dependencies": {
+    "@babel/runtime": "^7.23.0",
     "postinstall": "^0.10.3"
   }
 }