Search code examples
javadigital-certificate

Find out the certificate expiry date from a .pem and .pub key file using Java


I need to read a .pem/.pub key file and extract the certificate expiry date. My code is throwing error as it is unable to read a .pem file. I am getting error [java.security.cert.CertificateParsingException: invalid DER-encoded certificate data] I need a java code to fulfill my need.

I am using the below code :

public class GetTheCertificate 
{

    public static void main(String[] args) 
    {

        String path="C/Certificates";  // Path where the certificates are located.


        System.out.println("Certificate Path has been validated. ");
        System.out.println("Counting the no of certificates to validate. Please wait.... \n\n");

        validateCert(path);   // calling the function which will validate the certificates and extract the expiry date.

    } // main function ends here

    public static StringBuffer validateCert(String path)
    {
            int i;
            String a="cer";
            String b="jks";
            String c="pem";
            String d="der";
            Date date = null;
        Date current = null;

            InputStream inStream = null;
            StringBuffer str = new StringBuffer();
        File folder = new File(path);
        File[] listOfFiles = folder.listFiles();
        System.out.println("No of Certificates = " + listOfFiles.length);
        System.out.println("\n\n");
        try
        {
        for (i = 0; i < listOfFiles.length; i++) 
        {

            if (listOfFiles[i].isFile()) 
            {
            inStream = new FileInputStream(listOfFiles[i]);
            String ext = FilenameUtils.getExtension(listOfFiles[i].getName());

            System.out.println("Name of the File being scanned  :: " +listOfFiles[i].getName());
            System.out.println("Extension of the file is  :: " +ext);
            System.out.println("\n\n");

            if(ext.equals(c))
            {
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
                date = (Date) cert.getNotAfter();
                System.out.println(" I am inside .cer validation .....  all ok");
                current = new Date();
                str.append("For Certificate no. - " + (i + 1));
                        str.append(" ");
                        str.append("Current date - " + current);
                str.append(" ");
                str.append("Expiry date - " + date);
                str.append(" ");


                long diff = date.getTime() - current.getTime();
                long diffDays = diff / (24 * 60 * 60 * 1000);

                        if (diffDays <=0)
                        {
                            str.append("Certificate has expired "
                                        + (Math.abs(diffDays))
                                        + " days ago. \nPlease redeem your SSL certificate as soon as possible.  ");
                            sendMail("[email protected]" , diffDays, listOfFiles[i].getName(), date);
                    System.out.println("\n");
                        }
                else if (diffDays <= 31) 
                {
                    str.append("Less than "
                    + (diffDays)
                        + " days remain to expire. \nPlease redeem your SSL certificate as soon as possible.  ");
                sendMail("[email protected]" , diffDays, listOfFiles[i].getName(), date);
                System.out.println("\n");
                }  
                else if (diffDays >31 && diffDays < 60) 
                {
                 str.append((diffDays) + " days remain. \nPlease redeem your SSL certificate after one month from now.  ");
                 sendMail("[email protected]" , diffDays, listOfFiles[i].getName(), date);
                } 
                else 
                {
                str.append((diffDays) + " days remain for SSL Certificate to expire.  ");
                str.append("<br><br>");
                }
            }
            else if (ext.equals(b))
            {
                KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                keystore.load(new FileInputStream("C:Certificates/serverProdA.jks"), "abcdef".toCharArray());
                Enumeration<String> aliases = keystore.aliases();
                System.out.println(" \n\nI am inside .jks validation .....  all ok");
                while(aliases.hasMoreElements())
                {
                String alias = aliases.nextElement();
                date = ((X509Certificate) keystore.getCertificate(alias)).getNotAfter();
                current = new Date();
                long diff = date.getTime() - current.getTime();
                long diffDays = diff / (24 * 60 * 60 * 1000);

                if(keystore.getCertificate(alias).getType().equals("X.509"))
                {
                    System.out.println(alias + " expires on " + ((X509Certificate) keystore.getCertificate(alias)).getNotAfter());
                    sendMail("[email protected]" , diffDays, alias, date);
                        }
                else
                {
                     System.out.println("\nUnknown file.......");
                    }
                }
            }
            else
            {
                System.out.println("Certificate cant be validated....");
            }
                }
        }
    }
    catch (Exception e) 
    {
        e.printStackTrace();
    } 
    catch (Error e) 
    {
     e.printStackTrace();
    }

    return str;
}   


// start of mail sending function 

Solution

  • Check whether the bytes you are passing are Base64 encoded or not.If not,encode it as Base64string.Then check.