Package com.digicert.validation

Class DcvConfiguration

java.lang.Object
com.digicert.validation.DcvConfiguration
public class DcvConfiguration extends Object
Configuration class for Domain Control Validation (DCV).

This class contains the configuration settings necessary for performing Domain Control Validation (DCV). These settings include parameters for DNS lookups, random value generation, and other aspects of the DCV process.

  • Field Details

    • dnsTimeout

      private int dnsTimeout
      The DNS timeout in milliseconds.

    • dnsRetries

      private int dnsRetries
      The number of times a DNS query will be retried before giving up.

    • dnsServers

      private List<String> dnsServers
      The list of DNS servers to use for DNS lookups. These are the IP Addresses that will be queried for DNS records.

      Each server on the list can optionally include a port number, separated by a colon. For example, "10.1.2.3:53". Each server beyond the first will only be queried if the previous server fails or does not return any records.

    • dnsDomainLabel

      private String dnsDomainLabel
      The prefix domain label to use with DNS Change validation.

      The baseline requirements for the 3.2.2.4.7 DNS Change method allows for the domain to be "prefixed with a Domain Label that begins with an underscore character."

    • randomValueValidityPeriod

      private int randomValueValidityPeriod
      The validity period in days for random values generated during the DCV process.

      The baseline requirements specify that random values cannot be valid after 30 days. For purposes of this library, the default validity period is 29 days to safeguard against corner cases that could be encountered when checking against the limit.

    • fileValidationConnectTimeout

      private int fileValidationConnectTimeout
      The timeout in milliseconds for connecting to a server while performing file validation.

    • fileValidationReadTimeout

      private int fileValidationReadTimeout
      The timeout in milliseconds for reading data from a server while performing file validation.

    • fileValidationMaxBodyLength

      private int fileValidationMaxBodyLength
      The maximum length of the body for file validation responses.

    • fileValidationSocketTimeout

      private int fileValidationSocketTimeout
      The socket timeout in milliseconds for connecting to a server while performing file validation.

    • fileValidationMaxRedirects

      private int fileValidationMaxRedirects
      The maximum number of redirects allowed while performing file validation.

    • fileValidationCheckHttps

      private Boolean fileValidationCheckHttps
      This flag indicates that the library will try both HTTP and HTTPS when performing file validation requests.

    • fileValidationFilename

      private String fileValidationFilename
      The default file validation filename.

      This value represents the default file name used for "Agreed-Upon Change to Website v2" validation.

    • fileValidationUserAgent

      private String fileValidationUserAgent
      The user agent to be used for file validation requests.

    • randomValueValidator

      private RandomValueValidator randomValueValidator
      The random value validator used to determine if a given response contains the random value.

      The default implementation does a simple check for the random value being contained anywhere in the response. It can be overridden if desired (for example, if all random values should contain a CA-specific prefix).

    • requestTokenValidator

      private RequestTokenValidator requestTokenValidator
      The request token validator used to determine if a given response contains a valid request token.

      The default implementation handles DigiCert's request token format, which is a timestamp followed by a hash of the CSR using the hashing key as the key for the hash and the timestamp as a salt. It can be overridden to handle a different request token format.

      The default implementation has the side effect of adding a BouncyCastleProvider as a security provider, so this validator is lazily loaded by the DcvContext to avoid adding the provider if it is not needed.

    • randomValueGenerator

      private RandomValueGenerator randomValueGenerator
      The generator used to create random values for use in the DCV process.

    • pslOverrideSupplier

      private PslOverrideSupplier pslOverrideSupplier
      The PSL override supplier.

      This supplier provides Public Suffix List (PSL) overrides for handling special cases in domain validation.

      This allows for supporting cases described in the BRs such as Wildcard Domain Validation (BR 3.2.2.6). These are cases where the default PSL data may not be sufficient for accurate domain validation (such as when governments that own a public suffix want to obtain a certificate at the level of the suffix).

    • mpicClientImplementation

      private MpicClientInterface mpicClientImplementation
      The MPIC client implementation used for DCV.

      This is the client that will be used to communicate with the MPIC service for DCV purposes. If not set, the library will be unable to perform MPIC-related validations.

      The default implementation is a no-op and will throw an exception if any MPIC-related validation is attempted.

    • logLevelForDcvErrors

      private org.slf4j.event.Level logLevelForDcvErrors
      The log level for DCV errors.

      Some implementations expect to retry the validation asynchronously until it succeeds. This means that some errors are actually expected and not considered true errors.

      This logging configuration allows for these errors to be logged at a lower level.

  • Constructor Details

    • DcvConfiguration

      private DcvConfiguration()
      Private constructor to prevent instantiation.