From 2c25c3b2b009264de07b8d3e0d8965977d90885a Mon Sep 17 00:00:00 2001
From: Alejandro Isaza <alejandro.isaza@hootsuite.com>
Date: Sat, 23 Dec 2017 12:28:40 -0800
Subject: [PATCH] Pin trustwalletapp.com SSL certificate (#129)

Fix #121
---
 .gitignore                                    |   1 -
 Trust.xcodeproj/project.pbxproj               |   8 ++++++
 ...C Domain Validation Secure Server CA 2.cer | Bin 0 -> 931 bytes
 .../TransactionDataCoordinator.swift          |   2 +-
 .../Coordinators/TrustProvider.swift          |  23 ++++++++++++++++++
 5 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 Trust/COMODO ECC Domain Validation Secure Server CA 2.cer
 create mode 100644 Trust/Transactions/Coordinators/TrustProvider.swift

diff --git a/.gitignore b/.gitignore
index bb31aa85f..7af7cd2df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -81,4 +81,3 @@ Trust.zip
 
 *.mobileprovision
 
-*.cer
diff --git a/Trust.xcodeproj/project.pbxproj b/Trust.xcodeproj/project.pbxproj
index 0b751b4f4..e9214a3ec 100644
--- a/Trust.xcodeproj/project.pbxproj
+++ b/Trust.xcodeproj/project.pbxproj
@@ -285,6 +285,8 @@
 		29FF130A1F75F67200AFD326 /* Address.swift in Sources */ = {isa = PBXBuildFile; fileRef = 29FF13091F75F67200AFD326 /* Address.swift */; };
 		29FF130D1F7626E800AFD326 /* FakeNavigationController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 29FF130C1F7626E800AFD326 /* FakeNavigationController.swift */; };
 		3CDDD1E2CD1B0180754B7992 /* Pods_Trust.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 646C8C822C986358D7388602 /* Pods_Trust.framework */; };
+		613D04891FDE15F8008DE72E /* COMODO ECC Domain Validation Secure Server CA 2.cer in Resources */ = {isa = PBXBuildFile; fileRef = 613D04881FDE15F8008DE72E /* COMODO ECC Domain Validation Secure Server CA 2.cer */; };
+		613D048B1FDE162B008DE72E /* TrustProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 613D048A1FDE162B008DE72E /* TrustProvider.swift */; };
 		615F10561FCBEF2E008A45AF /* OnboardingPageViewModel.swift in Sources */ = {isa = PBXBuildFile; fileRef = 615F10551FCBEF2E008A45AF /* OnboardingPageViewModel.swift */; };
 		615F10591FCBEF7C008A45AF /* OnboardingPage.swift in Sources */ = {isa = PBXBuildFile; fileRef = 615F10581FCBEF7C008A45AF /* OnboardingPage.swift */; };
 		615F105D1FCBF55E008A45AF /* OnboardingCollectionViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 615F105C1FCBF55E008A45AF /* OnboardingCollectionViewController.swift */; };
@@ -606,6 +608,8 @@
 		29FF130C1F7626E800AFD326 /* FakeNavigationController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FakeNavigationController.swift; sourceTree = "<group>"; };
 		477899BEAA4489DA423E8857 /* Pods-TrustUITests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-TrustUITests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-TrustUITests/Pods-TrustUITests.debug.xcconfig"; sourceTree = "<group>"; };
 		4DB8204016307EAFC079EA48 /* Pods-Trust.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Trust.debug.xcconfig"; path = "Pods/Target Support Files/Pods-Trust/Pods-Trust.debug.xcconfig"; sourceTree = "<group>"; };
+		613D04881FDE15F8008DE72E /* COMODO ECC Domain Validation Secure Server CA 2.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = "COMODO ECC Domain Validation Secure Server CA 2.cer"; sourceTree = "<group>"; };
+		613D048A1FDE162B008DE72E /* TrustProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TrustProvider.swift; sourceTree = "<group>"; };
 		615F10551FCBEF2E008A45AF /* OnboardingPageViewModel.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OnboardingPageViewModel.swift; sourceTree = "<group>"; };
 		615F10581FCBEF7C008A45AF /* OnboardingPage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OnboardingPage.swift; sourceTree = "<group>"; };
 		615F105C1FCBF55E008A45AF /* OnboardingCollectionViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OnboardingCollectionViewController.swift; sourceTree = "<group>"; };
@@ -724,6 +728,7 @@
 				2912CD011F6A830700C6CBE3 /* Assets.xcassets */,
 				2912CD061F6A830700C6CBE3 /* Info.plist */,
 				29AD8A071F93E1F0008E10E7 /* Trust.entitlements */,
+				613D04881FDE15F8008DE72E /* COMODO ECC Domain Validation Secure Server CA 2.cer */,
 				296106CD1F777E410006164B /* LaunchScreen.storyboard */,
 			);
 			path = Trust;
@@ -1118,6 +1123,7 @@
 				29BE3FD11F707DC300F6BFC2 /* TransactionDataCoordinator.swift */,
 				29FC0CB51F8298820036089F /* TransactionCoordinator.swift */,
 				2932045D1F8EEE760095B7C1 /* BalanceCoordinator.swift */,
+				613D048A1FDE162B008DE72E /* TrustProvider.swift */,
 			);
 			path = Coordinators;
 			sourceTree = "<group>";
@@ -1981,6 +1987,7 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				613D04891FDE15F8008DE72E /* COMODO ECC Domain Validation Secure Server CA 2.cer in Resources */,
 				291794FC1F95DE5F00539A30 /* index.html in Resources */,
 				296106CE1F777E410006164B /* LaunchScreen.storyboard in Resources */,
 				290B2B541F8F50030053C83E /* Localizable.strings in Resources */,
@@ -2378,6 +2385,7 @@
 				2963A2881FC401490095447D /* LocalizedOperation.swift in Sources */,
 				61F8AA931FCA4A0F00488C6E /* BigInt.swift in Sources */,
 				29C80D371FB2CD230037B1E0 /* ParsedTransaction.swift in Sources */,
+				613D048B1FDE162B008DE72E /* TrustProvider.swift in Sources */,
 				293204581F8DC6B20095B7C1 /* ExchangeRateCoordinator.swift in Sources */,
 				29B933F81F8609FF009FCABB /* PaymentFlow.swift in Sources */,
 				2963B6BF1F9AB9A2003063C1 /* ContractERC20Transfer.swift in Sources */,
diff --git a/Trust/COMODO ECC Domain Validation Secure Server CA 2.cer b/Trust/COMODO ECC Domain Validation Secure Server CA 2.cer
new file mode 100644
index 0000000000000000000000000000000000000000..a11d5d5c914a5789721c9fc20bfa1e3bedec0ff9
GIT binary patch
literal 931
zcmXqLVxDi%#H_l2nTe5!Ng!JFTqgSwwa~Q7mOL|8hO9N<V&l+i^EhYA!pv;Y*lNga
zz{$oO%EBhh<nClBZ6FEaa0m;z7o{eaq!uaoCgvq)q!t62h5`nBAW3#%_Ta>vwEUtJ
zLn#9ZkO-HsptHZPzl*<uv!jAfW^QIlYKoz@fhI_fSy%}w=j!aN;G9}il9`s7oLG{X
zpQqqhT9T1plvz?~AScdiXkuV#WNH8gQR2KtmO!qFk+G?zsb!Qw<0P87)55?E;!b@e
zce>=~CT8X-geB%=ra;^poSIx(l&TP%T2uxM6`((j3?dDL+1SBB$;1c^Q)WhXW+w&~
zCJV_%tCN{61(8gBE4t(j?(ezB{HIdZN>wM@QBk7l)lWOGC&p)l&TBdU;ro=raNwb8
zK$FVZZJrkVs_qj#maJXe#F%E##F%6t4|JNWGK++PSc6Du;c`h2$vt!DzH)TGKjnx=
z`OM3e2C^Upd@N!tA`YC1=^yqq7y925;?T*zaz(q$b{aUsWce8x|Ff_FQ$w495J<T&
zh|gib2Ber686ZZevWOXouyJU!F|x9<GXuQ?Wic5@gS05Hh!_YNu(7cKnG6OTY;5U`
zJd8|?20kE3c@|d#X9LFt_6uy=tTReV3as??lZ$fnlJj%(Q}UA&K@4c%0@DCW5`d=w
zJ)j1IBAB&|j4WveDF)Usz5!F4KHT6E90oh4q=Xce7MD0X0u3uMP=#w|Y?Fj)&QC5b
zfa^8^v5<2Ea|VM!Dw83@nhbZ<24R2Uumg+CIj2Vj9C`kBOX6vbE-pc%WseH)3o>@*
zvsWpkWlLPxsptGXD4)qdsI{g~IBgQku34^}Q@jikFM8g|fBjtdWaoLgteQ8i=L}RM
ScQqE6>@cZ+&Uo?B=^y}F7X}mn

literal 0
HcmV?d00001

diff --git a/Trust/Transactions/Coordinators/TransactionDataCoordinator.swift b/Trust/Transactions/Coordinators/TransactionDataCoordinator.swift
index aedc50af9..8a50d4d9d 100644
--- a/Trust/Transactions/Coordinators/TransactionDataCoordinator.swift
+++ b/Trust/Transactions/Coordinators/TransactionDataCoordinator.swift
@@ -29,7 +29,7 @@ class TransactionDataCoordinator {
 
     weak var delegate: TransactionDataCoordinatorDelegate?
 
-    private let trustProvider = MoyaProvider<TrustService>()
+    private let trustProvider = TrustProviderFactory.makeProvider()
 
     init(
         session: WalletSession,
diff --git a/Trust/Transactions/Coordinators/TrustProvider.swift b/Trust/Transactions/Coordinators/TrustProvider.swift
new file mode 100644
index 000000000..3d8cf3c75
--- /dev/null
+++ b/Trust/Transactions/Coordinators/TrustProvider.swift
@@ -0,0 +1,23 @@
+// Copyright SIX DAY LLC. All rights reserved.
+
+import Alamofire
+import Foundation
+import Moya
+
+struct TrustProviderFactory {
+    static let policies: [String: ServerTrustPolicy] = [
+        "trustwalletapp.com": .pinPublicKeys(
+            publicKeys: ServerTrustPolicy.publicKeys(in: Bundle.main),
+            validateCertificateChain: true,
+            validateHost: true
+        ),
+    ]
+
+    static func makeProvider() -> MoyaProvider<TrustService> {
+        let manager = Manager(
+            configuration: URLSessionConfiguration.default,
+            serverTrustPolicyManager: ServerTrustPolicyManager(policies: policies)
+        )
+        return MoyaProvider<TrustService>(manager: manager)
+    }
+}