/micrometer-certs-expiration

Micrometer (X509) Certificates Expiration Metrics

Primary LanguageJavaApache License 2.0Apache-2.0

Micrometer Certifications Expiration Metric badge badge

Motivation

To keep track of the expiration date for your used certificates in your (cloud) JVM application one need to monitor them. This micrometer.io metric expose the expiration date for each provided certificate.

Usage

<dependency>
    <groupId>io.github.agebhar1</groupId>
    <artifactId>micrometer-certs-expiration</artifactId>
    <version>x.y.z</version>
</dependency>

Plain Java

final DefaultX509CertificateMetricTagFactory factory =
    new DefaultX509CertificateMetricTagFactory();
final X509CertificateSource source = new CustomGlobalTrustStoreX509Certificates();

new X509CertificateExpirationMetrics(factory, source).bindTo(registry);

Spring Boot 2/3

@Bean
public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {

    final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
    final X509CertificateSource source = X509CertificateSourceComposite.of(
        new CustomGlobalTrustStoreX509Certificates());

    return new X509CertificateExpirationMetrics(factory, source);
}

See example (Spring Boot 3).

Quarkus 2/3

@Produces
public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {
    final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
    final X509CertificateSource source = X509CertificateSourceComposite.of(new CustomGlobalTrustStoreX509Certificates());

    return new X509CertificateExpirationMetrics(factory, source);
}

See example.

Micronaut 3/4

@Factory
@RequiresMetrics
public static class X509CertificateExpirationMetricsFactory {

    @Bean
    @Singleton
    @Primary
    public X509CertificateExpirationMetrics x509CertificateExpirationMetrics() {
        final DefaultX509CertificateMetricTagFactory factory = new DefaultX509CertificateMetricTagFactory();
        final X509CertificateSource source = X509CertificateSourceComposite.of(new CustomGlobalTrustStoreX509Certificates());

        return new X509CertificateExpirationMetrics(factory, source);
    }

}

See example (Micronaut 4).

Metric Tags

To distinguish the certificates within the metric a set of tags are required. The DefaultX509CertificateMetricTagFactory creates for each certificate a tag with key subjectDN with the value from the certificate itself.

ℹ️
You can customize the behaviour by your own implementation of X509CertificateMetricTagFactory.

Collect Certifications

(Custom Global) TrustStore

To keep track of all certificates provided by the custom global TrustStore via system properties

javax.net.ssl.trustStore=
javax.net.ssl.trustStorePassword=
javax.net.ssl.trustStoreType=[jks|pkcs12]

use CustomGlobalTrustStoreX509Certificates. It reads all certificates from the store.

🔥
If the trust store password is not provided, an empty collection is returned. In case of an invalid one an exception is thrown. See test cases for more information.

Custom

To provide a custom set of certificates you need to implement X509CertificateSource interface.

💡
For convenience the X509CertificateSourceComposite class collects all certificates from the provided sources.

License

This project is Open Source software and released under the Apache 2.0 license.