verify static method
Verifies a certificate against the specified domain using public key pinning.
This method performs certificate validation by comparing the certificate's public key against the configured pins for the specified domain. It supports both SHA-256 and SHA-512 hash algorithms for pin matching.
Example Usage
final pemCertificate = '''
-----BEGIN CERTIFICATE-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END CERTIFICATE-----
''';
try {
await TrustPin.verify('api.example.com', pemCertificate);
print('Certificate is valid!');
} on TrustPinException catch (e) {
if (e.isDomainNotRegistered) {
print('Domain not configured for pinning');
} else if (e.isPinsMismatch) {
print('Certificate doesn\'t match configured pins');
}
// Handle other error types...
}
Security Behavior
- Registered domains: Certificate validation is performed against configured pins
- Unregistered domains: Behavior depends on the configured TrustPinMode:
- TrustPinMode.strict: Throws TrustPinException with code
DOMAIN_NOT_REGISTERED - TrustPinMode.permissive: Allows connection to proceed with info log
- TrustPinMode.strict: Throws TrustPinException with code
Certificate Format
The certificate must be in PEM format, including the BEGIN and END markers. Both single and multiple certificate chains are supported. The leaf certificate (first certificate in the chain) is used for validation.
-
Parameter
domain: The domain name to validate (e.g., "api.example.com", will be sanitized) -
Parameter
certificate: PEM-encoded certificate string with BEGIN/END markers -
Throws TrustPinException with code
DOMAIN_NOT_REGISTEREDif domain is not configured (strict mode only) -
Throws TrustPinException with code
PINS_MISMATCHif certificate doesn't match any configured pins -
Throws TrustPinException with code
ALL_PINS_EXPIREDif all pins for the domain have expired -
Throws TrustPinException with code
INVALID_SERVER_CERTif certificate format is invalid -
Throws TrustPinException with code
INVALID_PROJECT_CONFIGif setup has not been called -
Important: Call setup before using this method.
-
Note: This method is thread-safe and can be called from any isolate.
Implementation
static Future<void> verify(String domain, String certificate) async {
try {
await TrustPinSDKPlatform.instance.verify(domain, certificate);
} catch (e) {
throw TrustPinException.fromPlatformException(e);
}
}