roboto/at.asitplus.attestation.android/AndroidRevocationList/HttpLoader

HttpLoader

class HttpLoader<T : HttpClientEngineConfig>(engineFactory: HttpClientEngineFactory<T>, val url: String, val fallbackRevocationListValiditySeconds: Long, preferHeaderBasedExpiry: Boolean = true, config: HttpClientConfig<T>.() -> Unit) : AndroidRevocationList.CachingLoader(source)

HTTP CachingLoader that fetches an AndroidRevocationList over HTTP. This class uses an HttpClient to perform requests and parses the fetched JSON content into the revocation list format.

Expiry resolution

The loader computes an effective expiry instant and stores it into AndroidRevocationList.expires. It always starts by parsing the JSON body; invalid JSON (including an invalid expires value in the JSON) will fail the request.

When preferHeaderBasedExpiry = true (default), the effective validity is chosen as:

  1. A validity derived from HTTP caching headers (see below), if parseable.

  2. Otherwise the JSON expires, if present.

  3. Otherwise fallbackRevocationListValiditySeconds.

When preferHeaderBasedExpiry = false, the effective validity is chosen as:

  1. The JSON expires, if present (short-circuit: no expiry-related HTTP header parsing is performed; however, HttpHeaders.Date/HttpHeaders.LastModified may still be read to fill missing metadata).

  2. Otherwise a validity derived from HTTP caching headers (see below), if parseable.

  3. Otherwise fallbackRevocationListValiditySeconds.

Header-derived validity

  • HttpHeaders.CacheControl: all values are joined, then:

  • no-cache or no-store forces a validity of 0s.

  • max-age=<seconds> is parsed (non-negative integers only). If multiple max-age directives are present, the smallest value is used (conservative).

  • If no usable directive is present, Cache-Control is treated as absent/malformed.

  • HttpHeaders.Expires: only used if there is exactly one value and it is RFC1123-parseable; otherwise it is treated as absent/malformed.

  • If both Cache-Control validity and Expires are parseable, Cache-Control wins.

  • Malformed/unsupported header values never hard-fail the load; they are ignored and the loader falls back according to the precedence rules above.

If the response provides HttpHeaders.Date or HttpHeaders.LastModified, these values are used to fill missing AndroidRevocationList.date and AndroidRevocationList.lastModified fields when they are not present in the JSON.

Parameters

T

The type of the HttpClientEngineConfig to configure the HTTP engine.

engineFactory

The factory responsible for creating the engine used for the HTTP client.

url

The URL from which the revocation list will be fetched. Defaults to the official Google attestation revocation list URL.

preferHeaderBasedExpiry

Controls whether HTTP header-derived expiry should be preferred over a JSON expires value (see "Expiry resolution" for full details). Google explicitly mentions Cache-Control to communicate expiry times, most probably because it will work as expected regardless of clock drifts.

config

An optional HTTP client configuration lambda that allows customization of the client's behaviour. Note that fixed defaults for caching, content-negotiation, and deserialization may override parts of the provided config.

Constructors

Link copied to clipboard
constructor(engineFactory: HttpClientEngineFactory<T>, url: String, fallbackRevocationListValiditySeconds: Long, preferHeaderBasedExpiry: Boolean = true, config: HttpClientConfig<T>.() -> Unit)

Types

Link copied to clipboard
object Companion
Link copied to clipboard
@Serializable
abstract class Configuration : AndroidRevocationList.Loader.Configuration<AndroidRevocationList.HttpLoader<HttpClientEngineConfig>>
Link copied to clipboard
@Serializable
@SerialName(value = "http")
data class Generic(val url: String = GOOGLE_OFFICIAL_REVOCATION_LIST, val fallbackRevocationListValiditySeconds: Long = 0, val preferHeaderBasedExpiry: Boolean = true, val proxyConfig: AndroidRevocationList.HttpLoader.Configuration.ProxyConfig? = null) : AndroidRevocationList.HttpLoader.Configuration

Generic HTTP loader configuration. See HttpLoader for details on caching behaviour regarding validity calculation.

Link copied to clipboard
@Serializable
@SerialName(value = "google")
data class GoogleOfficial(val fallbackRevocationListValiditySeconds: Long = 60, val proxyConfig: AndroidRevocationList.HttpLoader.Configuration.ProxyConfig? = null) : AndroidRevocationList.HttpLoader.Configuration

Uses the official Google revocation list and always prefers header-derived expiry. See HttpLoader for details on caching behaviour regarding validity calculation.

Properties

Link copied to clipboard
Link copied to clipboard
val url: String

Functions

Link copied to clipboard
open suspend override fun fetch(now: Instant): AndroidRevocationList
Link copied to clipboard
open suspend override fun load(now: Instant): AndroidRevocationList

Loads an AndroidRevocationList, which provides information about revoked or suspended devices as per the official specification. The implementation details, such as the source of the revocation list, may vary depending on the specific implementation of the Loader interface.

Link copied to clipboard
open fun loadBlocking(now: Instant): AndroidRevocationList

Loads an AndroidRevocationList in a blocking manner.

Link copied to clipboard
fun shutdown()

Shuts down the HTTP client instance associated with the loader.

Generated by Dokka
© 2026 Copyright