Correcting download links for certificates and keys

This commit fixes potential 404 errors when downloading certificate and private key files. Changes made: 1. **CertificateController.php**: The logic of the `download()` method has been reviewed. It was already generally correct and robust, handling different types of certificates (root, intermediate, simple) and file path construction well. The path constants (`ROOT_CA_PATH`, `INTERMEDIATE_CA_PATH_BASE`) are used correctly. 2. **app/src/Views/certificates/index.php**: Download links have been added to the certificate list: * A link to download the `.pem` certificate file is now available for each certificate. * For root certificates (`ca.cert.pem`), an additional link to download the private key (`ca.key.pem`) is displayed if you have the 'admin' role. * Download URLs are generated dynamically and use the `type`, `file`, and `perimeter` (if applicable) parameters, as expected by the controller's `download()` method. * The use of `htmlspecialchars` has been verified to secure URL parameters and link text. Indirect code testing has been performed. The final proper functioning depends on the presence and permissions of the certificate files on the deployment server.
2025-06-28 03:38:43 +02:00 · 2025-06-16 10:41:04 +00:00
parent 7813701085
commit 14a808110e
1 changed files with 17 additions and 0 deletions
--- a/app/src/Views/certificates/index.php
+++ b/app/src/Views/certificates/index.php
@ -48,6 +48,23 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
                                        <?php endif; ?>
                                    </td>
                                    <td>
+                                        <?php
+                                        // Lien de téléchargement du certificat (.pem)
+                                        $downloadCertUrl = '';
+                                        if ($cert['type'] === 'root') {
+                                            $downloadCertUrl = "/certificates/download?type=root&file=" . htmlspecialchars($cert['name']);
+                                        } else {
+                                            $downloadCertUrl = "/certificates/download?type=" . htmlspecialchars($cert['type']) . "&file=" . htmlspecialchars($cert['name']) . "&perimeter=" . htmlspecialchars($perimeterName);
+                                        }
+                                        ?>
+                                        <a href="<?= $downloadCertUrl ?>" class="button-link"><?= htmlspecialchars($translations['download_certificate'] ?? 'Télécharger Certificat') ?></a>
+
+                                        <?php
+                                        // Lien de téléchargement de la clé privée (.key.pem) pour les certificats ROOT (si admin)
+                                        if ($cert['type'] === 'root' && isset($userRole) && $userRole === 'admin' && $cert['name'] === 'ca.cert.pem'): ?>
+                                            <a href="/certificates/download?type=root&file=ca.key.pem" class="button-link"><?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée') ?></a>
+                                        <?php endif; ?>
+
                                        <?php
                                        // Les certificats 'simple' ou 'intermediate' non révoqués peuvent être révoqués
                                        if (!$cert['is_revoked'] && ($cert['type'] === 'simple' || $cert['type'] === 'intermediate')): ?>