From 52a0dbbdfd4d942a0965255c2bd6b266ac9c97b0 Mon Sep 17 00:00:00 2001
From: Mykhailo Diachenko <ext-mykhailo.z.diachenko@here.com>
Date: Thu, 11 Sep 2025 10:19:35 +0300
Subject: [PATCH] Remove custom certificate handling

Certificate validation logic implemented in the
Data SDK is a subject of transient errors, as
it is implemented on top of deprecated APIs.

Given that there's no handling of the custom
certificates and logic corresponds to the
default certificate handling in the iOS, custom
implementation can be removed in the faviour
of default handling.

Relates-To: HERESDK-5806

Signed-off-by: Mykhailo Diachenko <ext-mykhailo.z.diachenko@here.com>
---
 .../src/http/ios/OLPHttpClient.mm             | 55 ++-----------------
 1 file changed, 5 insertions(+), 50 deletions(-)

diff --git a/olp-cpp-sdk-core/src/http/ios/OLPHttpClient.mm b/olp-cpp-sdk-core/src/http/ios/OLPHttpClient.mm
index ffaace01c..9e7a4bdb7 100644
--- a/olp-cpp-sdk-core/src/http/ios/OLPHttpClient.mm
+++ b/olp-cpp-sdk-core/src/http/ios/OLPHttpClient.mm
@@ -452,34 +452,14 @@ - (void)URLSession:(NSURLSession*)session
                           "didReceiveChallenge failed - invalid session, "
                           "task_id=%u",
                           (unsigned int)dataTask.taskIdentifier);
+    // Don't hang in non-happy path
+    completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,
+                      nil);
     return;
   }
 
-  @autoreleasepool {
-    if ([challenge.protectionSpace.authenticationMethod
-            isEqualToString:NSURLAuthenticationMethodServerTrust]) {
-      if (dataTask) {
-        OLPHttpTask* httpTask =
-            [self taskWithTaskDescription:dataTask.taskDescription];
-        if (![httpTask isValid]) {
-          return;
-        }
-        // TODO: Don't verify certificate is not implemented
-        if (![self shouldTrustProtectionSpace:challenge.protectionSpace]) {
-          completionHandler(
-              NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
-          return;
-        }
-      }
-
-      NSURLCredential* credential = [NSURLCredential
-          credentialForTrust:challenge.protectionSpace.serverTrust];
-      completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
-      return;
-    }
-
-    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
-  }
+  // Use iOS default certificate validation for all authentication challenges
+  completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
 }
 
 - (void)URLSession:(NSURLSession*)session
@@ -533,31 +513,6 @@ - (void)URLSession:(NSURLSession*)session
   completionHandler(newRequest);
 }
 
-// http://goo.gl/jmZ4Uv
-- (BOOL)shouldTrustProtectionSpace:(NSURLProtectionSpace*)protectionSpace {
-  if (!protectionSpace) {
-    return NO;
-  }
-
-  SecTrustRef serverTrust = protectionSpace.serverTrust;
-  if (!serverTrust) {
-    return NO;
-  }
-
-  // TODO - certificate paths are not supported!
-
-  // evaluate server trust against certificate
-  SecTrustResultType trustResult = kSecTrustResultInvalid;
-  OSStatus status = SecTrustEvaluate(serverTrust, &trustResult);
-
-  if (errSecSuccess != status) {
-    return NO;
-  }
-
-  return (trustResult == kSecTrustResultUnspecified ||
-          trustResult == kSecTrustResultProceed);
-}
-
 - (void)URLSession:(NSURLSession*)session
                  downloadTask:(NSURLSessionTask*)dataTask
                  didWriteData:(int64_t)bytesWritten