My java application uses a keystore file in which I have a certificate which is used in ssl connection with active directory server.
What I have to do is to check its expiration date and prompt user if its close to expire. I have to do it while my application starts. My idea is to use external program: keytool to display info about certain certificate in the keystore and then do some parsing operations on a string which keytool outputs to find this validation date.
Here's the output of a specific keytool command:
Owner:
Issuer: CN=CPD Root CA, DC=cpd, DC=local
Serial number: 39e8d1610002000000cb
Valid from: Wed Feb 22 21:36:31 CET 2012 until: Thu Feb 21 21:36:31 CET 2013
Certificate fingerprints:
MD5: 82:46:8B:DB:BC:5C:64:21:84:BB:68:E3:4B:D4:35:70
SHA1: 35:52:CA:F2:11:66:1E:50:63:BC:53:A5:50:C1:F0:1E:62:81:BC:3F
Signature algorithm name: SHA1withRSA
Problem would be with parsing date since I can't be sure in which format it is displayed.
Is there any easier way to check expiration date of certificates included in java keystore file?
解决方案
Thanks for the direction EJP, here is a block of what I came up with.
try {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("keystoreLocation"), "keystorePassword".toCharArray());
Enumeration aliases = keystore.aliases();
while(aliases.hasMoreElements()){
String alias = aliases.nextElement();
if(keystore.getCertificate(alias).getType().equals("X.509")){
System.out.println(alias + " expires " + ((X509Certificate) keystore.getCertificate(alias)).getNotAfter());
}
}
} catch (Exception e) {
e.printStackTrace();
}