SSL certs must be places in "www/certificates"; project root folder is not scanned for certs anymore

src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java

@@ -136,22 +136,11 @@ public class CordovaHttpPlugin extends CordovaPlugin {
 
     private void loadSSLCerts() throws GeneralSecurityException, IOException {
         AssetManager assetManager = cordova.getActivity().getAssets();
-        String[] files = assetManager.list("");
-        int index;
+        String[] files = assetManager.list("www/certificates");
         ArrayList<String> cerFiles = new ArrayList<String>();
-        for (int i = 0; i < files.length; i++) {
-            index = files[i].lastIndexOf('.');
-            if (index != -1) {
-                if (files[i].substring(index).equals(".cer")) {
-                    cerFiles.add(files[i]);
-                }
-            }
-        }
 
-        // scan the www/certificates folder for .cer files as well
-        files = assetManager.list("www/certificates");
         for (int i = 0; i < files.length; i++) {
-          index = files[i].lastIndexOf('.');
+          int index = files[i].lastIndexOf('.');
           if (index != -1) {
             if (files[i].substring(index).equals(".cer")) {
               cerFiles.add("www/certificates/" + files[i]);

src/ios/AFNetworking/AFSecurityPolicy.m

@@ -156,16 +156,9 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
 @implementation AFSecurityPolicy
 
 + (NSSet *)certificatesInBundle:(NSBundle *)bundle {
-    NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"."];
-
+    NSArray *paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"www/certificates"];
     NSMutableSet *certificates = [NSMutableSet setWithCapacity:[paths count]];
-    for (NSString *path in paths) {
-        NSData *certificateData = [NSData dataWithContentsOfFile:path];
-        [certificates addObject:certificateData];
-    }
-    
-    // also add certs from www/certificates
-    paths = [bundle pathsForResourcesOfType:@"cer" inDirectory:@"www/certificates"];
+
     for (NSString *path in paths) {
         NSData *certificateData = [NSData dataWithContentsOfFile:path];
         [certificates addObject:certificateData];
@@ -284,13 +277,13 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
 
             // obtain the chain after being validated, which *should* contain the pinned certificate in the last position (if it's the Root CA)
             NSArray *serverCertificates = AFCertificateTrustChainForServerTrust(serverTrust);
-            
+
             for (NSData *trustChainCertificate in [serverCertificates reverseObjectEnumerator]) {
                 if ([self.pinnedCertificates containsObject:trustChainCertificate]) {
                     return YES;
                 }
             }
-            
+
             return NO;
         }
         case AFSSLPinningModePublicKey: {
@@ -307,7 +300,7 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
             return trustedPublicKeyCount > 0;
         }
     }
-    
+
     return NO;
 }