Checking certificates expiration dates in java keystore
My java application uses a keystore file in which I have a certificate which is used in ssl connection with active directory server. What I have to do is to check its expiration date and prompt user if its close to expire. I have to do it while my application starts. My idea is to use external program: keytool to display info about certain certificate in the keystore and then do some parsing operations on a string which keytool outputs to find this validation date.
Here's the output of a specific keytool command:
Owner:
Issuer: CN=CPD Root CA, DC=cpd, DC=local<br>
Serial number: 39e8d1610002000000cb
<br>Valid from: Wed Feb 22 21:36:31 CET 2012 until: Thu Feb 21 21:36:31 CET 2013
Certificate fingerprints: <br>
MD5: 82:46:8B:DB:BC:5C:64:21:84:BB:68:E3:4B:D4:35:70<br>
SHA1: 35:52:CA:F2:11:66:1E:50:63:BC:53:A5:50:C1:F0:1E:62:81:BC:3F<br>
Signature algorithm name: SHA1withRSA
Problem would be with parsing date since I can't be sure in which format it is displayed.
Is there any easier way to check expiration date of certificates included in java keystore file?
Answer
Thanks for the direction EJP, here is a block of what I came up with.
try {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("keystoreLocation"), "keystorePassword".toCharArray());
Enumeration<String> aliases = keystore.aliases();
while(aliases.hasMoreElements()){
String alias = aliases.nextElement();
if(keystore.getCertificate(alias).getType().equals("X.509")){
System.out.println(alias + " expires " + ((X509Certificate) keystore.getCertificate(alias)).getNotAfter());
}
}
} catch (Exception e) {
e.printStackTrace();
}