TrustPin Kotlin SDK/cloud.trustpin.kotlin.sdk/TrustPin

TrustPin

class TrustPin(source)

TrustPin SSL certificate pinning SDK for JVM and Android.

TrustPin provides SSL certificate pinning functionality to prevent man-in-the-middle (MITM) attacks by validating server certificates against pre-configured public key pins. The library supports both Android and JVM platforms with a unified API and advanced security features.

Single-Instance Usage (simplest)

For most applications a single, shared pinning context is sufficient. Use the static convenience methods on the companion object — they all delegate to default:

// Setup
TrustPin.setup(
    TrustPinConfiguration(
        organizationId = "my-org",
        projectId      = "my-project",
        publicKey      = "MFkwEwYH...",
        mode           = TrustPinMode.STRICT
    )
)

// Verify
TrustPin.verify("api.example.com", certificate)

// OkHttp integration
val client = OkHttpClient.Builder()
    .sslSocketFactory(TrustPin.makeSSLSocketFactory(), TrustPin.makeTrustManager())
    .build()
Content copied to clipboard

Multi-Instance Usage

Libraries or multi-tenant apps that need isolated pinning contexts can create named instances via instance. Each instance has its own configuration, state, and log output tagged with the instance id:

val payments = TrustPin.instance("payments")
payments.setup(
    TrustPinConfiguration(
        organizationId = "payments-org",
        projectId      = "payments-api",
        publicKey      = "MFkwEwYH..."
    )
)
payments.verify("pay.example.com", certificate)

val analytics = TrustPin.instance("analytics")
analytics.setup(/* ... */)
Content copied to clipboard

Java Usage

From Java, access the default instance via TrustPin.getDefault():

TrustPin.getDefault().setupBlocking(
    new TrustPinConfiguration("my-org", "my-project", "MFkwEwYH...", TrustPinMode.STRICT, null)
);
SSLSocketFactory factory = TrustPin.getDefault().makeSSLSocketFactory();
X509TrustManager trustManager = TrustPin.getDefault().makeTrustManager();
Content copied to clipboard

Pinning Modes

See also

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
suspend fun fetchCertificate(host: String, port: Int = 443): String

Opens an ephemeral TLS connection to host:port, performs OS-level certificate chain validation, and returns the server's leaf certificate as a PEM string.

Link copied to clipboard
@JvmOverloads
fun fetchCertificateBlocking(host: String, port: Int = 443): String

Blocking version of fetchCertificate. Must not be called from the Android main thread.

Link copied to clipboard
fun makeSSLSocketFactory(): SSLSocketFactory

Creates an SSLSocketFactory bound to this TrustPin instance.

Link copied to clipboard
fun makeTrustManager(): X509TrustManager

Creates an X509TrustManager bound to this TrustPin instance.

Link copied to clipboard
fun setLogLevel(level: TrustPinLogLevel)

Sets the log level for this TrustPin instance.

Link copied to clipboard
suspend fun setup(configuration: TrustPinConfiguration)

Initializes this TrustPin instance with the given configuration.

Link copied to clipboard
fun setupBlocking(configuration: TrustPinConfiguration)

Blocking version of setup. Must not be called from the Android main thread.

Link copied to clipboard
suspend fun verify(domain: String, certificate: X509Certificate)

Verifies an X.509 certificate against the configured pins for domain.

suspend fun verify(domain: String, certificate: String)

Verifies a PEM-encoded certificate against the configured pins for domain.

Link copied to clipboard
fun verifyBlocking(domain: String, certificate: X509Certificate)

Blocking version of verify with X.509 certificate. Must not be called from the Android main thread.

fun verifyBlocking(domain: String, certificate: String)

Blocking version of verify with PEM string. Must not be called from the Android main thread.

Generated by Dokka
© 2026 TrustPin. All rights reserved. | Website | License