From 3908537254fe46fa23a8c089607b6c4107a2da9f Mon Sep 17 00:00:00 2001
From: Thomas Darimont <thomas.darimont@googlemail.com>
Date: Tue, 12 Sep 2023 13:56:09 +0200
Subject: [PATCH] Show expiration date for certificates in Admin Console
 (#23025)

Closes #17743
---
 .../idm/KeysMetadataRepresentation.java               |  9 +++++++++
 js/apps/admin-ui/public/locales/en/translation.json   |  1 +
 .../admin-ui/src/realm-settings/keys/KeysListTab.tsx  | 11 +++++++++++
 .../src/defs/keyMetadataRepresentation.ts             |  1 +
 .../services/resources/admin/KeyResource.java         | 10 +++++++++-
 5 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java
index cdde8fd51d..aa5fdfb1cc 100644
--- a/core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java
@@ -61,6 +61,7 @@ public class KeysMetadataRepresentation {
         private String publicKey;
         private String certificate;
         private KeyUse use;
+        private Long validTo;
 
         public String getProviderId() {
             return providerId;
@@ -133,5 +134,13 @@ public class KeysMetadataRepresentation {
         public void setUse(KeyUse use) {
             this.use = use;
         }
+
+        public Long getValidTo() {
+            return validTo;
+        }
+
+        public void setValidTo(Long validTo) {
+            this.validTo = validTo;
+        }
     }
 }
diff --git a/js/apps/admin-ui/public/locales/en/translation.json b/js/apps/admin-ui/public/locales/en/translation.json
index af28ed00d4..340f7dad91 100644
--- a/js/apps/admin-ui/public/locales/en/translation.json
+++ b/js/apps/admin-ui/public/locales/en/translation.json
@@ -1455,6 +1455,7 @@
   "providerDescription": "Provider description",
   "addProvider": "Add provider",
   "publicKeys": "Public keys",
+  "validTo": "Valid to",
   "keysFilter": {
     "ACTIVE": "Active keys",
     "PASSIVE": "Passive keys",
diff --git a/js/apps/admin-ui/src/realm-settings/keys/KeysListTab.tsx b/js/apps/admin-ui/src/realm-settings/keys/KeysListTab.tsx
index 5d8d4e2010..9059eec756 100644
--- a/js/apps/admin-ui/src/realm-settings/keys/KeysListTab.tsx
+++ b/js/apps/admin-ui/src/realm-settings/keys/KeysListTab.tsx
@@ -27,6 +27,8 @@ import { toKeysTab } from "../routes/KeysTab";
 
 import "../realm-settings-section.css";
 
+import useFormatDate from "../../utils/useFormatDate";
+
 const FILTER_OPTIONS = ["ACTIVE", "PASSIVE", "DISABLED"] as const;
 type FilterType = (typeof FILTER_OPTIONS)[number];
 
@@ -82,6 +84,7 @@ const SelectFilter = ({ onFilter }: SelectFilterProps) => {
 export const KeysListTab = ({ realmComponents }: KeysListTabProps) => {
   const { t } = useTranslation();
   const navigate = useNavigate();
+  const formatDate = useFormatDate();
 
   const [publicKey, setPublicKey] = useState("");
   const [certificate, setCertificate] = useState("");
@@ -180,6 +183,14 @@ export const KeysListTab = ({ realmComponents }: KeysListTabProps) => {
             cellFormatters: [emptyFormatter()],
             transforms: [cellWidth(10)],
           },
+          {
+            name: "validTo",
+            displayKey: "validTo",
+            cellRenderer: ({ validTo }: KeyData) =>
+              validTo ? formatDate(new Date(validTo)) : "",
+            cellFormatters: [emptyFormatter()],
+            transforms: [cellWidth(10)],
+          },
           {
             name: "publicKeys",
             displayKey: "realm-settings:publicKeys",
diff --git a/js/libs/keycloak-admin-client/src/defs/keyMetadataRepresentation.ts b/js/libs/keycloak-admin-client/src/defs/keyMetadataRepresentation.ts
index cff2624899..804c2c8201 100644
--- a/js/libs/keycloak-admin-client/src/defs/keyMetadataRepresentation.ts
+++ b/js/libs/keycloak-admin-client/src/defs/keyMetadataRepresentation.ts
@@ -15,4 +15,5 @@ export interface KeyMetadataRepresentation {
   algorithm?: string;
   publicKey?: string;
   certificate?: string;
+  validTo?: string;
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java b/services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java
index bed96312c3..61460ffa84 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java
@@ -32,6 +32,8 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluato
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
+
+import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -88,8 +90,14 @@ public class KeyResource {
         r.setType(key.getType());
         r.setAlgorithm(key.getAlgorithmOrDefault());
         r.setPublicKey(key.getPublicKey() != null ? PemUtils.encodeKey(key.getPublicKey()) : null);
-        r.setCertificate(key.getCertificate() != null ? PemUtils.encodeCertificate(key.getCertificate()) : null);
         r.setUse(key.getUse());
+
+        X509Certificate cert = key.getCertificate();
+        if (cert != null) {
+            r.setCertificate(PemUtils.encodeCertificate(cert));
+            r.setValidTo(cert.getNotAfter() != null ? cert.getNotAfter().getTime() : null);
+        }
+
         return r;
     }
 }