kiosk-ops-sdk/com.sarastarquant.kioskops.sdk.transport.security/CertificateTransparencyValidator

CertificateTransparencyValidator

class CertificateTransparencyValidator(enabled: Boolean = true, onValidationFailure: (String, String) -> Unit? = null) : Interceptor

SCT-presence-only check for Certificate Transparency.

Verifies that a Signed Certificate Timestamp (SCT) extension is present on the leaf certificate. Does NOT verify SCT signatures against IANA-approved CT logs, check inclusion proofs, or compare SCT timestamps to the certificate's validity window. Full verification per RFC 6962 is tracked for v1.3; see ROADMAP.md.

This partial check still raises the bar vs no CT enforcement at all: every public-trust CA has embedded SCTs since 2018, so a certificate with no SCT extension is either from a private CA (which pin validation should catch first) or a malformed issuance. A rogue certificate from a compromised public CA can still pass this presence check; a full log verification would catch that.

Constructors

Link copied to clipboard
constructor(enabled: Boolean = true, onValidationFailure: (String, String) -> Unit? = null)

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
open override fun intercept(chain: Interceptor.Chain): Response
Generated by Dokka
© 2026 Copyright