feat(pki): add certificate details page

[saifsmailbox98]

Context

Previously, certificates were only viewable in a table with basic info like common name, serial number, and expiry. You could perform actions via dropdown menus but there was no dedicated page to see all the details of a certificate.

This adds a certificate details page that you get to by clicking on a certificate row in the table. The page shows comprehensive certificate information including subject attributes (organization, country, etc.), SHA-256/SHA-1 fingerprints, basic constraints, key/signature algorithms, and the renewal chain if the cert was renewed from or has been renewed by another certificate. Certificate validity dates (Not Before/Not After) are displayed in UTC with local time shown on hover for convenience.

Screenshots

Steps to verify the change

Generate a certificate and then click on a certificate (row) in the certificates table to view the page.

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
22340054	Triggered	Generic Password	8ba3472	frontend/src/pages/cert-manager/CertificateDetailsByIDPage/CertificateDetailsByIDPage.tsx	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds a comprehensive certificate details page for the PKI certificate manager, allowing users to view full certificate information by clicking on a certificate in the table.

Key Changes:

• Added new API endpoint enhancement to return detailed certificate information including subject attributes, fingerprints (SHA-256/SHA-1), basic constraints, and renewal chain relationships
• Implemented findWithFullDetails DAL method with LEFT JOINs to efficiently retrieve certificate data along with CA name, profile name, and renewal chain information
• Created new parseCertificateBody helper function using RE2 for safe regex operations when formatting certificate fingerprints
• Built comprehensive frontend details page with two main sections: Overview (status, serial number, validity dates in UTC with local time on hover) and Details (subject attributes, extensions, cryptographic info)
• Added proper permission checks for all certificate management actions (export, renewal, revocation, deletion)
• Included documentation explaining the new feature and all available certificate information

Security & Best Practices:

• Permissions are properly validated before decrypting and returning certificate data
• Uses RE2 package for regex operations to prevent ReDoS attacks
• Follows existing patterns for KMS decryption and permission checks
• No breaking API changes - extends existing endpoint with backward-compatible optional fields

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation follows established security patterns with proper permission checks before data access, uses RE2 for safe regex operations, maintains backward compatibility, and includes comprehensive documentation. The code quality is high with well-structured components and proper error handling.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/services/certificate/certificate-fns.ts	Added parseCertificateBody function to extract subject, fingerprints, and basicConstraints from certificates. Uses RE2 for safe regex operations in fingerprint formatting.
backend/src/services/certificate/certificate-dal.ts	Added findWithFullDetails method with complex joins to retrieve certificate details with CA, profile, and renewal chain information. Uses db.raw for joined table column selection.
backend/src/services/certificate/certificate-service.ts	Enhanced getCert method to return comprehensive certificate details including subject attributes, fingerprints, and renewal chain. Properly validates permissions before decrypting certificate data.
frontend/src/pages/cert-manager/CertificateDetailsByIDPage/CertificateDetailsByIDPage.tsx	New certificate details page with comprehensive certificate information display and management actions. Properly implements permission checks for all actions.
frontend/src/pages/cert-manager/CertificateDetailsByIDPage/components/CertificateDetailsSection.tsx	Displays certificate subject attributes, extensions, and cryptographic info. Uses toTitleCase and camelCaseToSpaces for formatting display values.
frontend/src/pages/cert-manager/CertificateDetailsByIDPage/components/CertificateOverviewSection.tsx	Displays certificate overview and issuance information including renewal chain links. Shows dates in UTC with local time on hover.

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[saifsmailbox98]

@greptile review this PR