TrustPin Kotlin SDK/cloud.trustpin.kotlin.sdk.ssl/TrustPinSSLSocketFactory

TrustPinSSLSocketFactory

class TrustPinSSLSocketFactory : SSLSocketFactory(source)

Context-aware SSL Socket Factory that integrates with TrustPin certificate validation.

This SSLSocketFactory provides a secure, thread-safe replacement for the standard Android SSLSocketFactory while adding TrustPin certificate pinning validation with explicit hostname context. It eliminates thread-local storage and provides maximum security and reliability in multi-threading environments.

Features:

  • Context-aware validation: Hostname passed explicitly to each SSL validation

  • Thread-safe: No shared state, completely race-condition free

  • Memory efficient: No thread-local storage overhead

  • Async-friendly: Works with coroutines, thread pools, and reactive streams

  • Automatic optimization: Uses ExtendedTrustManager when available for better SNI support

  • Global configuration: Set once, secure all SSL connections in your app

Usage:

import cloud.trustpin.kotlin.sdk.TrustPin
import cloud.trustpin.kotlin.sdk.TrustPinMode
import cloud.trustpin.kotlin.sdk.ssl.TrustPinSSLSocketFactory
import javax.net.ssl.HttpsURLConnection

TrustPin.setup(
    organizationId = "your-org-id",
    projectId = "your-project-id",
    publicKey = "your-public-key",
    mode = TrustPinMode.STRICT
)

// Create and set global SSL socket factory
val sslSocketFactory = TrustPinSSLSocketFactory.create()
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory)

// All subsequent HTTPS connections will use TrustPin validation
val connection = URL("https://api.example.com/data").openConnection() as HttpsURLConnection
val response = connection.inputStream.readBytes()
Content copied to clipboard

Security Advantages:

  • No race conditions: Each SSL connection has explicit hostname context

  • Perfect isolation: Multiple factory instances don't interfere with each other

  • Context integrity: Hostname is always tied to specific certificate validation

  • Memory safety: No thread-local storage to leak or corrupt

  • Audit-friendly: Clear validation context in error messages and logs

  • Obfuscation-ready: Implementation details are hidden in internal classes

Multi-threading Benefits:

  • Thread-pool safe: Works with any threading model

  • Concurrent connection safe: Multiple simultaneous SSL connections work correctly

  • Reactive streams compatible: No thread-local context to lose

  • Microservice ready: Each request completely isolated

Implementation Security:

The actual implementation is contained in internal classes that can be obfuscated, while this public API remains stable and clean. This provides an additional layer of security against reverse engineering and tampering attempts.

See also

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
open override val defaultCipherSuites: Array<String>
Link copied to clipboard
open override val supportedCipherSuites: Array<String>

Functions

Link copied to clipboard
open override fun createSocket(): Socket
open override fun createSocket(host: InetAddress, port: Int): Socket
open override fun createSocket(host: String, port: Int): Socket
open override fun createSocket(address: InetAddress, port: Int, localAddress: InetAddress, localPort: Int): Socket
open override fun createSocket(s: Socket, host: String, port: Int, autoClose: Boolean): Socket
open override fun createSocket(host: String, port: Int, localHost: InetAddress, localPort: Int): Socket
open fun createSocket(s: Socket?, consumed: InputStream?, autoClose: Boolean): Socket?
Link copied to clipboard
open override fun getDefaultCipherSuites(): Array<String>
Link copied to clipboard
open override fun getSupportedCipherSuites(): Array<String>
Link copied to clipboard
fun trustManager(): X509TrustManager

Returns the trust manager used by this factory.

Generated by Dokka
© 2026 TrustPin. All rights reserved. | Website | License