Source code

001/*
002 * acme4j - Java ACME client
003 *
004 * Copyright (C) 2015 Richard "Shred" Körber
005 *   http://acme4j.shredzone.org
006 *
007 * Licensed under the Apache License, Version 2.0 (the "License");
008 * you may not use this file except in compliance with the License.
009 *
010 * This program is distributed in the hope that it will be useful,
011 * but WITHOUT ANY WARRANTY; without even the implied warranty of
012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
013 */
014package org.shredzone.acme4j.challenge;
015
016import static org.shredzone.acme4j.toolbox.AcmeUtils.base64UrlEncode;
017import static org.shredzone.acme4j.toolbox.AcmeUtils.sha256hash;
018
019import org.shredzone.acme4j.Identifier;
020import org.shredzone.acme4j.Login;
021import org.shredzone.acme4j.toolbox.JSON;
022
023/**
024 * Implements the {@value TYPE} challenge. It requires a specific DNS record for domain
025 * validation. See the acme4j documentation for a detailed explanation.
026 */
027public class Dns01Challenge extends TokenChallenge {
028    private static final long serialVersionUID = 6964687027713533075L;
029
030    /**
031     * Challenge type name: {@value}
032     */
033    public static final String TYPE = "dns-01";
034
035    /**
036     * The prefix of the domain name to be used for the DNS TXT record.
037     */
038    public static final String RECORD_NAME_PREFIX = "_acme-challenge";
039
040    /**
041     * Converts a domain identifier to the Resource Record name to be used for the DNS TXT
042     * record.
043     *
044     * @param identifier
045     *         Domain {@link Identifier} of the domain to be validated
046     * @return Resource Record name (e.g. {@code _acme-challenge.www.example.org.}, note
047     * the trailing full stop character).
048     * @since 2.14
049     */
050    public static String toRRName(Identifier identifier) {
051        return toRRName(identifier.getDomain());
052    }
053
054    /**
055     * Converts a domain identifier to the Resource Record name to be used for the DNS TXT
056     * record.
057     *
058     * @param domain
059     *         Domain name to be validated
060     * @return Resource Record name (e.g. {@code _acme-challenge.www.example.org.}, note
061     * the trailing full stop character).
062     * @since 2.14
063     */
064    public static String toRRName(String domain) {
065        return RECORD_NAME_PREFIX + '.' + domain + '.';
066    }
067
068    /**
069     * Creates a new generic {@link Dns01Challenge} object.
070     *
071     * @param login
072     *         {@link Login} the resource is bound with
073     * @param data
074     *         {@link JSON} challenge data
075     */
076    public Dns01Challenge(Login login, JSON data) {
077        super(login, data);
078    }
079
080    /**
081     * Returns the digest string to be set in the domain's {@code _acme-challenge} TXT
082     * record.
083     */
084    public String getDigest() {
085        return base64UrlEncode(sha256hash(getAuthorization()));
086    }
087
088    @Override
089    protected boolean acceptable(String type) {
090        return TYPE.equals(type);
091    }
092
093}