For now, just have written a small Java app, that does the checks and retrieves the certificate expiring within given amount of days, by scheduled calls of the following method, for each of the used JKS files:
List<X509Certificate> getCertificatesThatExpireWithin(final int minCertsValidityInDays,
final File keystoreFile,final String keyStorePassword) throws MyAppException {
final List<X509Certificate> expiringCerts = new LinkedList<>();
final java.util.Date maxDateTime = java.util.Date.from(java.time.LocalDate.now()
.plusDays(minCertsValidityInDays).atStartOfDay(ZoneId.systemDefault()).toInstant());
try (final FileInputStream is = new FileInputStream(keystoreFile)) {
final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyStorePassword.toCharArray());
final Enumeration<String> keystoreAliases = keystore.aliases();
while (keystoreAliases.hasMoreElements()) {
final String alias = keystoreAliases.nextElement();
final Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Cert = (X509Certificate) cert;
if (!x509Cert.getNotAfter().after(maxDateTime)) {
expiringCerts.add(x509Cert);
}
}
}
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.error("Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
throw new MyAppException(
"Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
}
return expiringCerts;
}
