verify
Verifies a certificate against the specified domain using public key pinning.
This suspend method performs certificate validation by comparing the certificate's public key against the configured pins for the specified domain. It supports both SHA-256 and SHA-512 hash algorithms for pin matching.
Example Usage
import java.security.cert.X509Certificate
suspend fun verifyCertificate() {
val certificate: X509Certificate = // ... obtained from connection
try {
TrustPin.verify(
domain = "api.example.com",
certificate = certificate
)
println("Certificate is valid!")
} catch (e: TrustPinError.DomainNotRegistered) {
println("Domain not configured for pinning")
} catch (e: TrustPinError.PinsMismatch) {
println("Certificate doesn't match configured pins")
}
}Security Behavior
Registered domains: Certificate validation is performed against configured pins
Unregistered domains: Behavior depends on the configured TrustPinMode:
TrustPinMode.STRICT: Throws TrustPinError.DomainNotRegistered
TrustPinMode.PERMISSIVE: Allows connection to proceed with info log
Certificate Processing
The certificate is automatically processed to extract the public key for hash comparison. Both single certificates and certificate chains are supported.
Parameters
The domain name to validate (e.g., "api.example.com")
X.509 certificate object to verify
Throws
if setup has not been called
if configuration cannot be fetched from CDN
if certificate cannot be parsed
if certificate doesn't match any configured pins
if all configured pins have expired
if signature validation fails
if domain is not configured (strict mode only)