Show expiration date for certificates in Admin Console (#23025)

Closes #17743

core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java

@@ -61,6 +61,7 @@ public class KeysMetadataRepresentation {
         private String publicKey;
         private String certificate;
         private KeyUse use;
+        private Long validTo;
 
         public String getProviderId() {
             return providerId;
@@ -133,5 +134,13 @@ public class KeysMetadataRepresentation {
         public void setUse(KeyUse use) {
             this.use = use;
         }
+
+        public Long getValidTo() {
+            return validTo;
+        }
+
+        public void setValidTo(Long validTo) {
+            this.validTo = validTo;
+        }
     }
 }

js/apps/admin-ui/public/locales/en/translation.json

@@ -1455,6 +1455,7 @@
   "providerDescription": "Provider description",
   "addProvider": "Add provider",
   "publicKeys": "Public keys",
+  "validTo": "Valid to",
   "keysFilter": {
     "ACTIVE": "Active keys",
     "PASSIVE": "Passive keys",

js/apps/admin-ui/src/realm-settings/keys/KeysListTab.tsx

@@ -27,6 +27,8 @@ import { toKeysTab } from "../routes/KeysTab";
 
 import "../realm-settings-section.css";
 
+import useFormatDate from "../../utils/useFormatDate";
+
 const FILTER_OPTIONS = ["ACTIVE", "PASSIVE", "DISABLED"] as const;
 type FilterType = (typeof FILTER_OPTIONS)[number];
 
@@ -82,6 +84,7 @@ const SelectFilter = ({ onFilter }: SelectFilterProps) => {
 export const KeysListTab = ({ realmComponents }: KeysListTabProps) => {
   const { t } = useTranslation();
   const navigate = useNavigate();
+  const formatDate = useFormatDate();
 
   const [publicKey, setPublicKey] = useState("");
   const [certificate, setCertificate] = useState("");
@@ -180,6 +183,14 @@ export const KeysListTab = ({ realmComponents }: KeysListTabProps) => {
             cellFormatters: [emptyFormatter()],
             transforms: [cellWidth(10)],
           },
+          {
+            name: "validTo",
+            displayKey: "validTo",
+            cellRenderer: ({ validTo }: KeyData) =>
+              validTo ? formatDate(new Date(validTo)) : "",
+            cellFormatters: [emptyFormatter()],
+            transforms: [cellWidth(10)],
+          },
           {
             name: "publicKeys",
             displayKey: "realm-settings:publicKeys",

js/libs/keycloak-admin-client/src/defs/keyMetadataRepresentation.ts

@@ -15,4 +15,5 @@ export interface KeyMetadataRepresentation {
   algorithm?: string;
   publicKey?: string;
   certificate?: string;
+  validTo?: string;
 }

services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java

@@ -32,6 +32,8 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluato
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
+
+import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -88,8 +90,14 @@ public class KeyResource {
         r.setType(key.getType());
         r.setAlgorithm(key.getAlgorithmOrDefault());
         r.setPublicKey(key.getPublicKey() != null ? PemUtils.encodeKey(key.getPublicKey()) : null);
-        r.setCertificate(key.getCertificate() != null ? PemUtils.encodeCertificate(key.getCertificate()) : null);
         r.setUse(key.getUse());
+
+        X509Certificate cert = key.getCertificate();
+        if (cert != null) {
+            r.setCertificate(PemUtils.encodeCertificate(cert));
+            r.setValidTo(cert.getNotAfter() != null ? cert.getNotAfter().getTime() : null);
+        }
+
         return r;
     }
 }