List keys' expiration date

, , , ,
1

Hi folks,

I was able to list the “trust stores” certificates expiration dates using the tips from Flow/JAVA service to list all client certificates.

Now, the challenge is to list the expiration date from the keys. I’ve found the way up to retrieving the keys… in binary format. Is there any service to “unabridge” it?
Here is how the service looks so far:

INVOKE wm.server.security.keystore:listKeyStoreAliases
LOOP over /keyStoreAliasNames
   INVOKE wm.server.security.keystore:getKeyStore
   LOOP over /keyStore/configuredKeyAliases
      INVOKE pub.security.keystore:getKeyAndChain

However, this last INVOKE pub.security.keystore:getKeyAndChain produces privateKey and certChain[].

Please note the objective is to produce a report of the key expiration date.
Any hint?

2

I suspect you’ll need a java service at this point, though I honestly haven’t gone digging through the services to see if there is one there.

  • privateKey = java.security.PrivateKey
  • certChain[ ] = Array of byte[].

You’ll need a java service to do something like the following:

IDataCursor pipelineCursor = pipeline.getCursor();
Object	key = IDataUtil.get( pipelineCursor, "key" );
Object[]	certChain = IDataUtil.getObjectArray( pipelineCursor, "certChain" );
pipelineCursor.destroy();

//Private Key
PrivateKey pkey = (PrivateKey)key;
System.out.println("Algorithm : " + pkey.getAlgorithm());
System.out.println("Format    : " + pkey.getFormat());
System.out.println("Encoded   : " + pkey.getEncoded());

//Cert chain (example working on first one only)
byte[] b = (byte[]) certChain[0];

try {
       InputStream in = new ByteArrayInputStream(b);
       CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
       X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);
			
       System.out.println(cert.getType());
       System.out.println(cert.getNotAfter()); //Returns Date Obj set to expiry date
       //See here for methods on X509 Cert.
       //https://docs.oracle.com/javase/8/docs/api/javax/security/cert/X509Certificate.html
} 
catch (CertificateException e) {
       e.printStackTrace();
}
3

Hi @Dave_Pemberton,

Thanks for your time. I’ll give this a try, and revert back.

4

Hi @Dave_Pemberton,
Thanks for pointing me the right direction.

2 Likes