As Kan suggested, this should warn for each instance of HsftpFileSystem; this warns once for the life of the JVM and only one set of certs. If one were to connect to multiple servers w/ hsftp, only the first would be checked, +/- race conditions.
Simply reading from the config and setting a member variable will work. When performing the cert expiration check for that handle (should be <= 0), set the member variable to 0 and dispense with the separate boolean flag. Since open/list are not synchronized, the member var should be volatile. The synchronization with this approach is not strictly correct; it's still possible to get multiple warnings from the same handle for multiple threads, but that's OK.
- The Date import in HsftpFileSystem is unnecessary
- The expiration threshold property should include the units in which it is expressed. ssl.expiration.warn.days seems OK to me
- Instead of setting curTime and performing the conversion for each cert, set the threshold to curTime + days * ms/day and warn if expTime < that.
- The check should be disabled at the top, not the bottom of the block