webMethods

 View Only
Expand all | Collapse all

List keys' expiration date

  • 1.  List keys' expiration date

    Posted Tue October 06, 2020 09:42 AM

    Hi folks,

    I was able to list the “trust stores” certificates expiration dates using the tips from Flow/JAVA service to list all client certificates.

    Now, the challenge is to list the expiration date from the keys. I’ve found the way up to retrieving the keys… in binary format. Is there any service to “unabridge” it?
    Here is how the service looks so far:

    INVOKE wm.server.security.keystore:listKeyStoreAliases
LOOP over /keyStoreAliasNames
INVOKE wm.server.security.keystore:getKeyStore
LOOP over /keyStore/configuredKeyAliases
INVOKE pub.security.keystore:getKeyAndChain

    However, this last INVOKE pub.security.keystore:getKeyAndChain produces privateKey and certChain[].

    Please note the objective is to produce a report of the key expiration date.
    Any hint?


    #keystore
    #ssl
    #Integration-Server-and-ESB
    #truststore
    #webMethods


  • 2.  RE: List keys' expiration date

    Posted Wed October 07, 2020 04:39 AM

    I suspect you’ll need a java service at this point, though I honestly haven’t gone digging through the services to see if there is one there.

    • privateKey = java.security.PrivateKey
    • certChain[ ] = Array of byte[].

    You’ll need a java service to do something like the following:

    IDataCursor pipelineCursor = pipeline.getCursor();
Object	key = IDataUtil.get( pipelineCursor, "key" );
Object[]	certChain = IDataUtil.getObjectArray( pipelineCursor, "certChain" );
pipelineCursor.destroy();

//Private Key
PrivateKey pkey = (PrivateKey)key;
System.out.println("Algorithm : " + pkey.getAlgorithm());
System.out.println("Format    : " + pkey.getFormat());
System.out.println("Encoded   : " + pkey.getEncoded());

//Cert chain (example working on first one only)
byte[] b = (byte[]) certChain[0];

try {
InputStream in = new ByteArrayInputStream(b);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);

System.out.println(cert.getType());
System.out.println(cert.getNotAfter()); //Returns Date Obj set to expiry date
//See here for methods on X509 Cert.
//https://docs.oracle.com/javase/8/docs/api/javax/security/cert/X509Certificate.html
} 
catch (CertificateException e) {
e.printStackTrace();
}

    #webMethods
    #keystore
    #Integration-Server-and-ESB
    #ssl
    #truststore


  • 3.  RE: List keys' expiration date

    Posted Fri October 16, 2020 02:14 PM

    Hi @Dave_Pemberton,

    Thanks for your time. I’ll give this a try, and revert back.


    #truststore
    #ssl
    #Integration-Server-and-ESB
    #keystore
    #webMethods


  • 4.  RE: List keys' expiration date

    Posted Sat October 17, 2020 04:00 PM

    Hi @Dave_Pemberton,
    Thanks for pointing me the right direction.


    #ssl
    #keystore
    #webMethods
    #Integration-Server-and-ESB
    #truststore