List<X509Certificate> getCertificatesThatExpireWithin(final int minCertsValidityInDays,
final File keystoreFile,final String keyStorePassword) throws MyAppException {
final List<X509Certificate> expiringCerts = new LinkedList<>();
final java.util.Date maxDateTime = java.util.Date.from(java.time.LocalDate.now()
.plusDays(minCertsValidityInDays).atStartOfDay(ZoneId.systemDefault()).toInstant());
try (final FileInputStream is = new FileInputStream(keystoreFile)) {
final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyStorePassword.toCharArray());
final Enumeration<String> keystoreAliases = keystore.aliases();
while (keystoreAliases.hasMoreElements()) {
final String alias = keystoreAliases.nextElement();
final Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Cert = (X509Certificate) cert;
if (!x509Cert.getNotAfter().after(maxDateTime)) {
expiringCerts.add(x509Cert);
}
}
}
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.error("Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
throw new MyAppException(
"Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
}
return expiringCerts;
}
1条答案
按热度按时间lxkprmvk1#
目前,我们只编写了一个小型java应用程序,通过以下方法的预定调用,对每个使用的jks文件执行检查并检索在给定天数内过期的证书: