privilegedescalation/headlamp-sealed-secrets-plugin
Archived
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity

feat: implement certificate validation and expiry detection (Phase 2.1)

Browse Source 
Add comprehensive certificate metadata parsing and expiry warnings.

## Changes

### Types (src/types.ts)
- Add CertificateInfo interface with validity dates, expiry status, issuer/subject, fingerprint

### Crypto Module (src/lib/crypto.ts)
- Add parseCertificateInfo() to extract certificate metadata
- Add isCertificateExpiringSoon() helper (default 30 days threshold)
- Calculate SHA-256 fingerprint, parse DN fields, compute days until expiry

### SealingKeysView (src/components/SealingKeysView.tsx)
- Display certificate expiry information in table
- Show visual indicators: Expired (red), Expiring Soon (warning), Valid (normal)
- Display days remaining for expiring certificates

### EncryptDialog (src/components/EncryptDialog.tsx)
- Add expiry warning before encryption
- Warn if certificate expired or expiring within 30 days
- Show specific expiry date in warning message

## Features

- **Certificate Parsing:** Extract all metadata from X.509 certificates
- **Expiry Detection:** Automatic detection of expired/expiring certificates
- **Visual Indicators:** Color-coded chips for expiry status
- **Proactive Warnings:** Alert users before creating secrets with expiring certs
- **SHA-256 Fingerprint:** Unique certificate identification

## Verification

- TypeScript: 0 errors
- Linting: 0 errors
- Build: Success (343.95 kB, 94.58 kB gzipped)

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
This commit is contained in:
Chris Farhood
2026-02-11 21:30:48 -05:00
parent 2e19dd05e6
commit cc08e15f6a
4 changed files with 169 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
headlamp-sealed-secrets/src/types.ts
+22
View File
@@ -259,3 +259,25 @@ export interface EncryptionRequest {
scope: SealedSecretScope;
keyValues: SecretKeyValue[];
}
/**
* Certificate information extracted from PEM certificate
*/
export interface CertificateInfo {
/** Validity period start date */
validFrom: Date;
/** Validity period end date */
validTo: Date;
/** Whether certificate is currently expired */
isExpired: boolean;
/** Days until expiry (negative if expired) */
daysUntilExpiry: number;
/** Certificate issuer (formatted as DN string) */
issuer: string;
/** Certificate subject (formatted as DN string) */
subject: string;
/** SHA-256 fingerprint of certificate */
fingerprint: string;
/** Serial number of certificate */
serialNumber: string;
}