#1659 - Adding tile stream certificate and ssl pin check for test server.

2 files changed, 23 insertions, 0 deletions

diff --git a/platform/ios/MGLMapboxEvents.m b/platform/ios/MGLMapboxEvents.m
index e7f400c5dc..3211a60395 100644
--- a/platform/ios/MGLMapboxEvents.m
+++ b/platform/ios/MGLMapboxEvents.m
@@ -16,6 +16,7 @@
 static const NSUInteger version = 1;
 static NSString *const MGLMapboxEventsUserAgent = @"MapboxEventsiOS/1.0";
 static NSString *MGLMapboxEventsAPIBase = @"https://api.tiles.mapbox.com";
+static BOOL usingTestServer = NO;
 
 NSString *const MGLEventTypeAppUserTurnstile = @"appUserTurnstile";
 NSString *const MGLEventTypeMapLoad = @"map.load";
@@ -148,6 +149,7 @@ const NSTimeInterval MGLFlushInterval = 60;
 @property (atomic) NSURLSession *session;
 @property (atomic) NSData *digicertCert;
 @property (atomic) NSData *geoTrustCert;
+@property (atomic) NSData *testServerCert;
 
 // Main thread only
 @property (nonatomic) CLLocationManager *locationManager;
@@ -239,6 +241,7 @@ const NSTimeInterval MGLFlushInterval = 60;
         NSString *testURL = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"MGLMetricsTestServerURL"];
         if (testURL != nil) {
             MGLMapboxEventsAPIBase = testURL;
+            usingTestServer = YES;
         }
 
         _paused = YES;
@@ -256,6 +259,10 @@ const NSTimeInterval MGLFlushInterval = 60;
         if (cerPath != nil) {
             _digicertCert = [NSData dataWithContentsOfFile:cerPath];
         }
+        cerPath = [resourceBundle pathForResource:@"star_tilestream_net" ofType:@"der"];
+        if (cerPath != nil) {
+            _testServerCert = [NSData dataWithContentsOfFile:cerPath];
+        }
 
         // Events Control
         _eventQueue = [[NSMutableArray alloc] init];
@@ -878,6 +885,22 @@ const NSTimeInterval MGLFlushInterval = 60;
                     }
                 }
 
+                if (!found && usingTestServer) {
+                    // See if this is test server
+                    for (int lc = 0; lc < numKeys; lc++) {
+                        SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, lc);
+                        NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
+
+                        // Compare Remote Key With Local Version
+                        if ([remoteCertificateData isEqualToData:_testServerCert]) {
+                            // Found the certificate; continue connecting
+                            completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+                            found = true;
+                            break;
+                        }
+                    }
+                }
+
                 if (!found) {
                     // The certificate wasn't found in GeoTrust nor Digicert. Cancel the connection.
                     completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
diff --git a/platform/ios/resources/star_tilestream_net.der b/platform/ios/resources/star_tilestream_net.der
new file mode 100644
index 0000000000..e302cd7686
--- /dev/null
+++ b/platform/ios/resources/star_tilestream_net.der