0

I'm currently reading certs and keys from a pem file in my Java program and using it to construct an SSLContext object like so -

final SslContext _sslContext = SslContextBuilder.forClient().ciphers(ciphers)
      .sslProvider(sslProvider).trustManager(_trustedCerts).keyManager(_cert, _key, pwd).build();

Where _cert, _key are Files.

Is there any way I can use this SSLContext object to get the certificate expiry dates and DNs?

Debjani
  • 31
  • 6
  • 1
    Maybe obvious for you, but you did not even specify which programming language you are working with! Also, did you consult the documentation of the "SSL" library you are using? You already have the certificate (since you use it to build the context) so there is surely some ways in the library to parse a certificate and extract the information you need. – Patrick Mevzek Feb 04 '20 at 16:23
  • 1
    @Debjani Maybe related to https://stackoverflow.com/questions/40530117/extract-certificate-from-sslcontext – JuanMoreno Feb 04 '20 at 17:38
  • @PatrickMevzek sorry about not providing language details. You're right, I have the files so I was able to get the information I needed to work with! Thanks for the push – Debjani Feb 04 '20 at 17:44

2 Answers2

0

You can find the expiry dates of SSL certificates (X509Certificate) that were sent to the peer during handshaking this way:

public Map<BigInteger, CertificateInfo> getCertificatesExpiryDatesAndDistinguishedNames(SslContext context) {
  SSLSessionContext sessionContext = context.sessionContext();
  return Collections.list(sessionContext.getIds()).stream()
          .map(sessionContext::getSession)
          .map(SSLSession::getLocalCertificates) // certificate(s) that were sent to the peer during handshaking
          .map(Stream::of)
          .map(streamOfCertificates -> streamOfCertificates.map(X509Certificate.class::cast))
          .flatMap(Function.identity())
          .collect(toMap(X509Certificate::getSerialNumber, this::convertToCertificateInfo));
}

private CertificateInfo convertToCertificateInfo(final X509Certificate certificate) {
  return new CertificateInfo(certificate.getIssuerX500Principal(), certificate.getNotAfter());
}

This returns a map of certificates serial numbers and certificate info (issuer distinguished name and end date of the validity period):

public class CertificateInfo {

  private final X500Principal x500Principal;
  private final Date endDateOfValidityPeriod;

  public CertificateInfo(X500Principal x500Principal, Date endDateOfValidityPeriod) {
    this.x500Principal = x500Principal;
    this.endDateOfValidityPeriod = endDateOfValidityPeriod;
  }

  public X500Principal getX500Principal() {
    return x500Principal;
  }

  public Date getEndDateOfValidityPeriod() {
    return endDateOfValidityPeriod;
  }

}
Boris
  • 22,667
  • 16
  • 50
  • 71
0

I was able to get certificate information from the pem file directly. This is how I did it programmatically in Java - 

CertificateFactory fact = null;
try {
    fact = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
    e.printStackTrace();
}
FileInputStream is = null;
try {
    is = new FileInputStream(_cert);
} catch (FileNotFoundException e) {
    e.printStackTrace();
}
X509Certificate cer = null;
try {
    cer = (X509Certificate) fact.generateCertificate(is);
    log.info("Cer Not Before - {} ", cer.getNotBefore());
    log.info("Cer Not After - {} ", cer.getNotAfter());
    log.info("Cer Issuer DN - {} ",cer.getIssuerDN());
} catch (CertificateException e) {
    e.printStackTrace();
}

This stackoverflow answer helped me solve this How to load public certificate from pem file?.

Debjani
  • 31
  • 6