agebhar1/micrometer-certs-expiration

= Micrometer Certifications Expiration Metric image:https://maven-badges.herokuapp.com/maven-central/io.github.agebhar1/micrometer-certs-expiration/badge.svg?style=plastic[link="https://search.maven.org/artifact/io.github.agebhar1/micrometer-certs-expiration"] image:https://github.com/agebhar1/micrometer-certs-expiration/actions/workflows/ci.yml/badge.svg[link="https://github.com/agebhar1/micrometer-certs-expiration/actions/workflows/ci.yml"]

ifdef::env-github[]
:tip-caption: 💡
:note-caption: ℹ️
:important-caption: ❗
:caution-caption: 🔥
:warning-caption: ⚠️
endif::[]

== Motivation

To keep track of the expiration date for your used certificates in your (cloud) JVM application one need to monitor them.
This https://micrometer.io/[micrometer.io] metric expose the expiration date for each provided certificate.

== Usage

[source,xml,indent=0]

    <dependency>
        <groupId>io.github.agebhar1</groupId>
        <artifactId>micrometer-certs-expiration</artifactId>
        <version>x.y.z</version>
    </dependency>

=== Plain Java

[source,java,indent=0]

    final DefaultX509CertificateMetricTagFactory factory =
        new DefaultX509CertificateMetricTagFactory();
    final X509CertificateSource source = new CustomGlobalTrustStoreX509Certificates();

    new X509CertificateExpirationMetrics(factory, source).bindTo(registry);

=== Spring Boot 2/3/4

[source,java,indent=0]

ifndef::env-github[]
include::samples/spring-boot4/src/main/java/io/github/agebhar1/demo/micrometer/security/cert/DemoMicrometerCertsExpirationApplication.java[tag=bean]
endif::[]
ifdef::env-github[]
@bean
public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {

    final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
    final X509CertificateSource source = X509CertificateSourceComposite.of(
        new CustomGlobalTrustStoreX509Certificates());

    return new X509CertificateExpirationMetrics(factory, source);
}

endif::[]

See link:samples/spring-boot4/src/main/java/io/github/agebhar1/demo/micrometer/security/cert/DemoMicrometerCertsExpirationApplication.java[example] (Spring Boot 4).

=== Quarkus 2/3

[source,java,indent=0]

ifndef::env-github[]
include::samples/quarkus/src/main/java/io/github/agebhar1/demo/micrometer/security/cert/X509CertificateExpirationMetricsProducer.java[tag=bean]
endif::[]
ifdef::env-github[]
@produces
public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {
final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
final X509CertificateSource source = X509CertificateSourceComposite.of(new CustomGlobalTrustStoreX509Certificates());

    return new X509CertificateExpirationMetrics(factory, source);
}

endif::[]

See link:samples/quarkus3/src/main/java/io/github/agebhar1/demo/micrometer/security/cert/X509CertificateExpirationMetricsProducer.java[example].

=== Micronaut 3/4

[source,java,indent=0]

ifndef::env-github[]
include::samples/micronaut4/src/main/java/io/github/agebhar1/micrometer/security/cert/DemoMicrometerCertsExpirationApplication.java[tag=factory]
endif::[]
ifdef::env-github[]
@factory
@RequiresMetrics
public static class X509CertificateExpirationMetricsFactory {

    @Bean
    @Singleton
    @Primary
    public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {
        final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
        final X509CertificateSource source = X509CertificateSourceComposite.of(new CustomGlobalTrustStoreX509Certificates());

        return new X509CertificateExpirationMetrics(factory, source);
    }

}

endif::[]

See link:samples/micronaut4/src/main/java/io/github/agebhar1/micrometer/security/cert/DemoMicrometerCertsExpirationApplication.java[example] (Micronaut 4).

== Metric Tags

To distinguish the certificates within the metric a set of tags are required.
The DefaultX509CertificateMetricTagFactory creates for each certificate a tag with key subjectDN with the value from the certificate itself.

NOTE: You can customize the behaviour by your own implementation of X509CertificateMetricTagFactory.

== Collect Certifications

=== (Custom Global) TrustStore

To keep track of all certificates provided by the custom global TrustStore via system properties

javax.net.ssl.trustStore=
javax.net.ssl.trustStorePassword=
javax.net.ssl.trustStoreType=[jks|pkcs12]

use CustomGlobalTrustStoreX509Certificates.
It reads all certificates from the store.

CAUTION: If the trust store password is not provided, an empty collection is returned.
In case of an invalid one an exception is thrown.
See test cases for more information.

=== Custom

To provide a custom set of certificates you need to implement X509CertificateSource interface.

TIP: For convenience the X509CertificateSourceComposite class collects all certificates from the provided sources.

== License

This project is Open Source software and released under the https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].

agebhar1/micrometer-certs-expiration

[source,xml,indent=0]

[source,java,indent=0]

[source,java,indent=0]

endif::[]

[source,java,indent=0]

endif::[]

[source,java,indent=0]

endif::[]

javax.net.ssl.trustStore=
javax.net.ssl.trustStorePassword=
javax.net.ssl.trustStoreType=[jks|pkcs12]

On this page

Languages

Contributors

Latest Release

agebhar1/micrometer-certs-expiration

[source,xml,indent=0]

[source,java,indent=0]

[source,java,indent=0]

endif::[]

[source,java,indent=0]

endif::[]

[source,java,indent=0]

endif::[]

javax.net.ssl.trustStore= javax.net.ssl.trustStorePassword= javax.net.ssl.trustStoreType=[jks|pkcs12]

On this page

Languages

Contributors

Latest Release

javax.net.ssl.trustStore=
javax.net.ssl.trustStorePassword=
javax.net.ssl.trustStoreType=[jks|pkcs12]