diff --git a/app/src/Controllers/CertificateController.php b/app/src/Controllers/CertificateController.php index bbb5b9f..4c0c641 100644 --- a/app/src/Controllers/CertificateController.php +++ b/app/src/Controllers/CertificateController.php @@ -394,7 +394,19 @@ class CertificateController header('Location: /dashboard'); exit(); } - $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; + // Vérifier si c'est une demande de clé privée + if (str_ends_with($fileName, '.key.pem')) { + if ($this->authService->getUserRole() === 'admin') { + $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName; + } else { + $_SESSION['error'] = 'Unauthorized to download intermediate key.'; + $this->logService->log('error', "Unauthorized attempt to download intermediate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress); + header('Location: /dashboard'); + exit(); + } + } else { // C'est une demande de certificat + $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; + } break; case 'simple': if (empty($perimeterName)) { @@ -403,7 +415,20 @@ class CertificateController header('Location: /dashboard'); exit(); } - $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; + // Vérifier si c'est une demande de clé privée + if (str_ends_with($fileName, '.key.pem')) { + if ($this->authService->getUserRole() === 'admin') { + // Pour les certificats simples, la clé est stockée dans le répertoire private du CA intermédiaire qui l'a émis. + $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName; + } else { + $_SESSION['error'] = 'Unauthorized to download simple certificate key.'; + $this->logService->log('error', "Unauthorized attempt to download simple certificate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress); + header('Location: /dashboard'); + exit(); + } + } else { // C'est une demande de certificat + $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; + } break; default: $_SESSION['error'] = 'Invalid certificate type for download.'; diff --git a/app/src/Views/dashboard/index.php b/app/src/Views/dashboard/index.php index 54c5eef..d61e5a4 100644 --- a/app/src/Views/dashboard/index.php +++ b/app/src/Views/dashboard/index.php @@ -56,9 +56,18 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';

( )

- + + + + + + +

@@ -74,6 +83,15 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php'; + + + + + +