import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.ServletContext;
public class CertCheck {
static final long ONE_DAY = 1000L * 60 * 60 * 24;
private Long limitDate = null;
private Long period = null;
public boolean doCheck(String host, ServletContext servletContext) {
try {
Date now = new Date();
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream stream = servletContext
.getResourceAsStream("/cert/cacerts");
keyStore.load(stream, "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
TrustManager[] tms = { new DoNothingTrustManager() };
context.init(null, tms, null);
SocketFactory sf = context.getSocketFactory();
SSLSocket soc = (SSLSocket) sf.createSocket(host, 443);
soc.startHandshake();
SSLSession session = soc.getSession();
Certificate[] certArray = session.getPeerCertificates();
try {
if (certArray == null || certArray.length <= 0) {
throw new Exception("No certifications!");
} else {
X509Certificate cert = (X509Certificate) certArray[0];
Date limit = cert.getNotAfter();
this.limitDate = limit.getTime();
this.period = ((limit.getTime() - now.getTime()) / ONE_DAY);
return true;
}
} catch (Exception e) {
e.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}
