Package com.digicert.validation.challenges

Class BasicRequestTokenValidator

java.lang.Object

com.digicert.validation.challenges.BasicRequestTokenValidator

All Implemented Interfaces:

RequestTokenValidator

public class BasicRequestTokenValidator
extends Object
implements RequestTokenValidator

A basic implementation of the RequestTokenValidator interface. This validator checks if a valid request token is present in the provided text body.

The `BasicTokenValidator` class is designed to validate the presence of request tokens that follow DigiCert's request token format. For this validator to consider request tokens valid, they must consist of a timestamp indicating when the request token was created that uses the "yyyyMMddHHmmss" format. The timestamp is followed by a base 36 encoded hash of the CSR. The hash uses the timestamp as a salt and a hashing key that was previously given to the customer. The hash is also padded with prepended '0' characters to result in a final request token length of 64 characters.

Field Summary

Fields

Modifier and Type	Field	Description
private final BasicRequestTokenUtils	basicRequestTokenUtils	A utility class for generating request tokens.
private static final long	MAX_TIMESTAMP_DAYS	The maximum number of days a timestamp can be valid for.
private static final String	TIMESTAMP_FORMAT	The format used for the creation timestamp in the request token.

Constructor Summary

Constructors

Constructor	Description
BasicRequestTokenValidator()	The constructor for a BasicTokenValidator.

Method Summary

Modifier and Type	Method	Description
private Set<Integer>	getPotentialRequestTokenIndices(String textBody)	Finds all possible valid request token start locations in the text body.
ChallengeValidationResponse	validate(RequestTokenData requestTokenData, String textBody)	Attempts to find a valid request token using the given basic request token data and text body.
private Set<DcvError>	validateInput(RequestTokenData requestTokenData, String textBody)	Validates the input parameters for request token validation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

TIMESTAMP_FORMAT

private static final String TIMESTAMP_FORMAT

The format used for the creation timestamp in the request token.

See Also:

• Constant Field Values

MAX_TIMESTAMP_DAYS

private static final long MAX_TIMESTAMP_DAYS

The maximum number of days a timestamp can be valid for.

The Baseline Requirements specifies "A Request Token that includes a timestamp SHALL remain valid for no more than 30 days from the time of creation."

See Also:

• Constant Field Values

basicRequestTokenUtils

private final BasicRequestTokenUtils basicRequestTokenUtils

A utility class for generating request tokens.

Constructor Details

BasicRequestTokenValidator

public BasicRequestTokenValidator()

The constructor for a BasicTokenValidator. It does not need any parameters.

Method Details

validate

public ChallengeValidationResponse validate(RequestTokenData requestTokenData,
 String textBody)

Attempts to find a valid request token using the given basic request token data and text body.

This method takes in a basic request token data and text body to perform the validation process. The text body comes from either a DNS record or a http request, and the basic request token data contains the hashing key and value necessary to generate request tokens.

This validator will find all timestamps in the text body that match the "yyyyMMddHHmmss" format, and check if they are the start of a valid request token. If a valid token is found, it is returned in the `ChallengeValidationResponse`. Any validation errors encountered during the process are also included in the response.

Specified by:

validate in interface RequestTokenValidator

Parameters:

requestTokenData - a BasicRequestTokenData object containing the hashing key and value

textBody - the text body in which to search for the token

Returns:

a ChallengeValidationResponse containing the validation result

validateInput

private Set<DcvError> validateInput(RequestTokenData requestTokenData,
 String textBody)

Validates the input parameters for request token validation.

This validator requires a hashing key and value given via a BasicRequestTokenData object, and the text body from a DNS record or http request. If any of these are null or empty, validation errors are added to the error set this method returns.

Parameters:

requestTokenData - the data necessary to validate request tokens

textBody - the text body in which to search for the token

Returns:

a set of DcvError containing any input validation errors

getPotentialRequestTokenIndices

private Set<Integer> getPotentialRequestTokenIndices(String textBody)

Finds all possible valid request token start locations in the text body.

This method searches the provided text body for potential request token start locations. It looks for patterns that match the current or previous year, as tokens are expected to contain a timestamp and can be at most 30 days old. The method returns a set of integers representing the start indices of these potential tokens. This helps narrow down the search area for request token validation, making the process more efficient.

Parameters:

textBody - the text body in which to search for request token start locations

Returns:

a set of integers representing the start indices of potential request tokens