#1307 - Adding digicert to sdks and ssl handshaking check

author: Brad Leege <bleege@gmail.com> 2015-04-27 12:22:05 -0400
committer: Brad Leege <bleege@gmail.com> 2015-04-27 12:22:05 -0400
commit: cde989093baaf8fac2c4287fd462cf419abf1052 (patch)
tree: 025db2082b78de6431308dffbf64ccf1c978711a /platform/ios
parent: ea8f186a1be10f0dd5273ef384e0d64f0857c34a (diff)
download: qtlocation-mapboxgl-cde989093baaf8fac2c4287fd462cf419abf1052.tar.gz
2 files changed, 22 insertions, 0 deletions
diff --git a/platform/ios/MGLMapboxEvents.m b/platform/ios/MGLMapboxEvents.m
index b32e139889..42c1dc07c6 100644
--- a/platform/ios/MGLMapboxEvents.m
+++ b/platform/ios/MGLMapboxEvents.m
@@ -74,6 +74,7 @@ NSString *const MGLEventGestureRotateStart = @"Rotation";
 @property (atomic) NSDateFormatter *rfc3339DateFormatter;
 @property (atomic) CGFloat scale;
 @property (atomic) NSURLSession *session;
+@property (atomic) NSData *digicertCert;
 @property (atomic) NSData *geoTrustCert;
 
 
@@ -145,6 +146,12 @@ NSString *const MGLEventGestureRotateStart = @"Rotation";
             _geoTrustCert = [NSData dataWithContentsOfFile:cerPath];
         }
 
+        cerPath = nil;
+        cerPath = [[NSBundle bundleForClass:[MGLMapboxEvents class]] pathForResource:@"api_mapbox_com-digicert" ofType:@"der"];
+        if (cerPath != nil) {
+            _digicertCert = [NSData dataWithContentsOfFile:cerPath];
+        }
+
         // Events Control
         _eventQueue = [[NSMutableArray alloc] init];
         _flushAt = 20;
@@ -679,6 +686,7 @@ NSString *const MGLEventGestureRotateStart = @"Rotation";
             long numKeys = SecTrustGetCertificateCount(serverTrust);
 
             BOOL found = false;
+            // Try GeoTrust Cert First
             for (int lc = 0; lc < numKeys; lc++) {
                 SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, lc);
                 NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
@@ -692,6 +700,20 @@ NSString *const MGLEventGestureRotateStart = @"Rotation";
                 }
             }
 
+            // Fallback to Digicert Cert
+            for (int lc = 0; lc < numKeys; lc++) {
+                SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, lc);
+                NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
+
+                // Compare Remote Key With Local Version
+                if ([remoteCertificateData isEqualToData:_digicertCert]) {
+                    // Found the certificate; continue connecting
+                    completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+                    found = true;
+                    break;
+                }
+            }
+
             if (!found) {
                 // The certificate wasn't found in the certificate chain; cancel the connection
                 completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
diff --git a/platform/ios/resources/api_mapbox_com-digicert.der b/platform/ios/resources/api_mapbox_com-digicert.der
new file mode 100644
index 0000000000..d84cee3908
--- /dev/null
+++ b/platform/ios/resources/api_mapbox_com-digicert.der
author	Brad Leege <bleege@gmail.com>	2015-04-27 12:22:05 -0400
committer	Brad Leege <bleege@gmail.com>	2015-04-27 12:22:05 -0400
commit	cde989093baaf8fac2c4287fd462cf419abf1052 (patch)
tree	025db2082b78de6431308dffbf64ccf1c978711a /platform/ios
parent	ea8f186a1be10f0dd5273ef384e0d64f0857c34a (diff)
download	qtlocation-mapboxgl-cde989093baaf8fac2c4287fd462cf419abf1052.tar.gz