Merge pull request #104 from digicert/update-dcvException-dnssec-details

update dcv and validation exception to include dnssec

Author: jared-daniels

library/src/main/java/com/digicert/validation/exceptions/AcmeValidationException.java

@@ -2,8 +2,11 @@
 
 import com.digicert.validation.enums.DcvError;
 import com.digicert.validation.methods.acme.validate.AcmeValidationRequest;
+import com.digicert.validation.mpic.api.dns.DnssecDetails;
 import lombok.Getter;
 
+import java.util.Set;
+
 @Getter
 public class AcmeValidationException extends ValidationException{
     private final AcmeValidationRequest acmeValidationRequest;
@@ -12,4 +15,10 @@ public AcmeValidationException(DcvError dcvError, AcmeValidationRequest acmeVali
         super(dcvError);
         this.acmeValidationRequest = acmeValidationRequest;
     }
+
+    public AcmeValidationException(DcvError dcvError, AcmeValidationRequest acmeValidationRequest, DnssecDetails dnssecDetails) {
+        super(Set.of(dcvError), dnssecDetails);
+        this.acmeValidationRequest = acmeValidationRequest;
+    }
+
 }

library/src/main/java/com/digicert/validation/exceptions/DcvException.java

@@ -1,6 +1,7 @@
 package com.digicert.validation.exceptions;
 
 import com.digicert.validation.enums.DcvError;
+import com.digicert.validation.mpic.api.dns.DnssecDetails;
 import lombok.Getter;
 
 import java.util.Set;
@@ -24,6 +25,11 @@ public class DcvException extends Exception {
      */
     private final Set<DcvError> errors;
 
+    /**
+     * The DNSSEC details associated with this exception.
+     */
+    private final DnssecDetails dnssecDetails;
+
     /**
      * Constructs a new DcvException with the specified DcvError.
      *
@@ -39,7 +45,7 @@ public DcvException(DcvError dcvError) {
      * @param errors the set of DCV errors that caused the exception to be thrown
      */
     public DcvException(Set<DcvError> errors) {
-        this(errors, null);
+        this(errors, null, null);
     }
 
     /**
@@ -49,7 +55,19 @@ public DcvException(Set<DcvError> errors) {
      * @param cause  the cause of the exception
      */
     public DcvException(Set<DcvError> dcvErrors, Throwable cause) {
+        this(dcvErrors, cause, null);
+    }
+
+    /**
+     * Constructs a new DcvException with a set of specified DcvErrors, an optional cause, and DNSSEC details.
+     *
+     * @param dcvErrors the set of DCV errors that caused the exception to be thrown
+     * @param cause  the cause of the exception
+     * @param dnssecDetails the DNSSEC details associated with this exception
+     */
+    public DcvException(Set<DcvError> dcvErrors, Throwable cause, DnssecDetails dnssecDetails) {
         super("DcvException with errors = " + dcvErrors.stream().map(DcvError::toString).collect(Collectors.joining(",")), cause);
         this.errors = dcvErrors;
+        this.dnssecDetails = dnssecDetails;
     }
 }

library/src/main/java/com/digicert/validation/exceptions/ValidationException.java

@@ -2,6 +2,7 @@
 
 import com.digicert.validation.enums.DcvError;
 import com.digicert.validation.methods.file.FileValidator;
+import com.digicert.validation.mpic.api.dns.DnssecDetails;
 import lombok.Getter;
 import lombok.ToString;
 
@@ -40,4 +41,15 @@ public ValidationException(DcvError dcvError) {
     public ValidationException(Set<DcvError> errors) {
         super(errors);
     }
+
+    /**
+     * Constructs a new ValidationException with a set of specified DcvErrors and an optional cause.
+     *
+     * @param dcvErrors     the set of DCV errors
+     * @param dnssecDetails the DNSSEC details associated with this exception
+     */
+    public ValidationException(Set<DcvError> dcvErrors, DnssecDetails dnssecDetails) {
+        super(dcvErrors, null, dnssecDetails);
+    }
+
 }

library/src/main/java/com/digicert/validation/methods/acme/validate/AcmeValidationHandler.java

@@ -7,9 +7,11 @@
 import com.digicert.validation.exceptions.AcmeValidationException;
 import com.digicert.validation.exceptions.ValidationException;
 import com.digicert.validation.methods.file.validate.MpicFileDetails;
+import com.digicert.validation.mpic.MpicDetails;
 import com.digicert.validation.mpic.MpicDnsService;
 import com.digicert.validation.mpic.MpicFileService;
 import com.digicert.validation.mpic.api.dns.DnsRecord;
+import com.digicert.validation.mpic.api.dns.DnssecStatus;
 import com.digicert.validation.mpic.api.dns.MpicDnsDetails;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -90,7 +92,7 @@ private AcmeValidationResponse validateUsingAcmeDns(AcmeValidationRequest reques
             // If the MPIC file details contain an error, we will not throw an exception
             log.atLevel(logLevelForDcvErrors).log("event_id={} domain={} reason={}",
                     LogEvents.ACME_VALIDATION_FAILED, request.getDomain(), mpicDnsDetails.dcvError());
-            throw new AcmeValidationException(mpicDnsDetails.dcvError(), request);
+            handleAcmeValidationFailure(mpicDnsDetails.dcvError(), request, mpicDnsDetails.mpicDetails());
         }
 
         boolean isValid = mpicDnsDetails.dnsRecords().stream()
@@ -103,12 +105,22 @@ private AcmeValidationResponse validateUsingAcmeDns(AcmeValidationRequest reques
         if (!isValid) {
             log.atLevel(logLevelForDcvErrors).log("event_id={} domain={} reason={}",
                     LogEvents.ACME_VALIDATION_FAILED, request.getDomain(), DcvError.RANDOM_VALUE_NOT_FOUND);
-            throw new AcmeValidationException(DcvError.RANDOM_VALUE_NOT_FOUND, request);
+            handleAcmeValidationFailure(DcvError.RANDOM_VALUE_NOT_FOUND, request, mpicDnsDetails.mpicDetails());
         }
 
         return new AcmeValidationResponse(mpicDnsDetails.mpicDetails(), dnsRecordName, null);
     }
 
+    private void handleAcmeValidationFailure(DcvError dcvError, AcmeValidationRequest request, MpicDetails mpicDetails) throws AcmeValidationException {
+        if (mpicDetails != null &&
+                mpicDetails.dnssecDetails() != null &&
+                mpicDetails.dnssecDetails().dnssecStatus() != DnssecStatus.NOT_CHECKED) {
+            throw new AcmeValidationException(dcvError, request, mpicDetails.dnssecDetails());
+        }
+
+        throw new AcmeValidationException(dcvError, request);
+    }
+
     private String calculateDnsTxtValue(AcmeValidationRequest request) throws ValidationException {
         String keyAuthorization = request.getRandomValue() + "." + request.getAcmeThumbprint();
         try {

library/src/main/java/com/digicert/validation/methods/dns/DnsValidator.java

@@ -12,6 +12,8 @@
 import com.digicert.validation.methods.dns.validate.DnsValidationHandler;
 import com.digicert.validation.methods.dns.validate.DnsValidationRequest;
 import com.digicert.validation.methods.dns.validate.DnsValidationResponse;
+import com.digicert.validation.mpic.api.dns.DnssecDetails;
+import com.digicert.validation.mpic.api.dns.DnssecStatus;
 import com.digicert.validation.random.RandomValueGenerator;
 import com.digicert.validation.random.RandomValueVerifier;
 import com.digicert.validation.utils.DomainNameUtils;
@@ -137,6 +139,13 @@ public DomainValidationEvidence validate(DnsValidationRequest dnsValidationReque
                     dnsValidationRequest.getDnsType().toString(),
                     dnsValidationResponse.errors());
 
+            if (dnsValidationResponse.mpicDetails() != null &&
+                    dnsValidationResponse.mpicDetails().dnssecDetails() != null &&
+                    !DnssecStatus.NOT_CHECKED.equals(dnsValidationResponse.mpicDetails().dnssecDetails().dnssecStatus())) {
+                DnssecDetails dnssecDetails = dnsValidationResponse.mpicDetails().dnssecDetails();
+                throw new ValidationException(dnsValidationResponse.errors(), dnssecDetails);
+            }
+
             throw new ValidationException(dnsValidationResponse.errors());
         }
     }