This commit addresses several issues:

1. **`intermediate_cert_name` unique constraint violation**: When creating a perimeter, the intermediate certificate name (`intermediate_cert_name`) stored in the `functional_perimeters` table was always `"intermediate.cert.pem"`. This caused a duplicate error if a unique constraint existed on this column. * Fixed in `PerimeterController.php` by using `$perimeterName . "_intermediate.cert.pem"` as the value for `intermediate_cert_name`, ensuring uniqueness. The physical file name remains `intermediate.cert.pem` in the perimeter's subdirectory. 2. **`Undefined variable $userRole` warning**: On the page listing perimeters (`app/src/Views/perimeters/index.php`), the `$userRole` variable was not defined by the controller. * Fixed in `PerimeterController.php` (method `index()`) by initializing `$userRole = $this->authService->getUserRole();`. 3. **SQL error `Unknown column 'common_name'` during initialization**: During the application initialization process (if no user or root certificate exists), an attempt to insert into the `certificates` table included a `common_name` column that does not exist. * Fixed in `app/public/index.php` by removing the `common_name` column and its value from the insert query for the root certificate. These corrections improve the robustness of perimeter creation and make the application initialization process more reliable.
2025-06-27 20:38:42 +02:00 · 2025-06-16 11:36:47 +00:00
parent 6b54a44c6e
commit d4516e87ae
4 changed files with 22 additions and 4 deletions
--- a/app/public/index.php
+++ b/app/public/index.php
@ -142,8 +142,8 @@ if ($userCount === 0 || !$rootCertExists) {
            $expirationDate = $expirationTimestamp ? date('Y-m-d H:i:s', $expirationTimestamp) : (new DateTime('+10 years'))->format('Y-m-d H:i:s');

            // Enregistrer le certificat root dans la base de données
-            $stmt = $dbInstance->prepare("INSERT INTO certificates (name, type, common_name, expiration_date) VALUES (?, ?, ?, ?)");
-            $stmt->execute(['ca.cert.pem', 'root', $_SESSION['init_root_domain'], $expirationDate]);
+            $stmt = $dbInstance->prepare("INSERT INTO certificates (name, type, expiration_date) VALUES (?, ?, ?)");
+            $stmt->execute(['ca.cert.pem', 'root', $expirationDate]);
        } else {
            echo "<p style=\"color: red;\">Erreur lors de la création du certificat Root CA. Veuillez vérifier les logs PHP et Docker.</p>";
            echo "<pre>" . htmlspecialchars($output) . "</pre>";
--- a/app/src/Controllers/PerimeterController.php
+++ b/app/src/Controllers/PerimeterController.php
@ -51,6 +51,7 @@ class PerimeterController
        $errorMessage = $_SESSION['error'] ?? null;
        unset($_SESSION['error']);

+        $userRole = $this->authService->getUserRole(); // Définir $userRole
        require_once APP_ROOT_DIR . '/src/Views/perimeters/index.php';
    }

@ -163,11 +164,12 @@ class PerimeterController
        if (strpos($output, "Certificat Intermédiaire CA pour '$perimeterName' créé") !== false) {
            // Enregistrer le périmètre dans la base de données
            $stmt = $this->db->prepare("INSERT INTO functional_perimeters (name, intermediate_cert_name) VALUES (?, ?)");
-            $intermediateCertFileName = "intermediate.cert.pem"; // Nom générique du fichier pour l'intermédiaire
+            $intermediateCertFileName = $perimeterName . "_intermediate.cert.pem"; // Nom unique pour la BDD
            $stmt->execute([$perimeterName, $intermediateCertFileName]);
            $perimeterId = $this->db->lastInsertId();

            // Enregistrer le certificat intermédiaire dans la table des certificats
+            // Le nom de fichier sur le disque reste "intermediate.cert.pem" dans son dossier de périmètre.
            $fullCertPath = INTERMEDIATE_CA_PATH_BASE . "/{$perimeterName}/certs/intermediate.cert.pem";
            $expirationDate = (new \DateTime('+5 years'))->format('Y-m-d H:i:s'); // Valeur par défaut
            if (file_exists($fullCertPath)) {
@ -178,6 +180,7 @@ class PerimeterController
                }
            }

+            // Utiliser $intermediateCertFileName (qui est maintenant unique) pour l'enregistrement en BDD dans la table 'certificates'
            $stmt = $this->db->prepare("INSERT INTO certificates (name, type, functional_perimeter_id, expiration_date) VALUES (?, ?, ?, ?)");
            $stmt->execute([$intermediateCertFileName, 'intermediate', $perimeterId, $expirationDate]);

@ -185,7 +188,13 @@ class PerimeterController
            $this->logService->log('info', "Périmètre fonctionnel '$perimeterName' créé avec succès et certificat intermédiaire généré.", $userId, $ipAddress);
            $_SESSION['success'] = $this->langService->__('perimeter_create_success');
        } else {
-            $_SESSION['error'] = $this->langService->__('perimeter_create_error', ['output' => htmlspecialchars($output)]);
+            // Check for specific error message
+            $specificErrorMessage = "Erreur : Le répertoire pour le périmètre '$perimeterName' existe déjà.";
+            if (strpos($output, $specificErrorMessage) !== false) {
+                $_SESSION['error'] = $this->langService->__('perimeter_create_error_directory_exists', ['perimeterName' => $perimeterName]);
+            } else {
+                $_SESSION['error'] = $this->langService->__('perimeter_create_error', ['output' => htmlspecialchars($output)]);
+            }
            $this->logService->log('error', "Échec création périmètre '$perimeterName': $output", $userId, $ipAddress);
        }

--- a/scripts/create_intermediate_cert.sh
+++ b/scripts/create_intermediate_cert.sh
@ -25,6 +25,13 @@ fi

 ROOT_CA_DIR="/opt/tls/root"
 INTERMEDIATE_CA_DIR="/opt/tls/intermediate/$FUNCTIONAL_PERIMETER_NAME"
+
+# Vérifier si le répertoire de la CA intermédiaire existe déjà
+if [ -d "$INTERMEDIATE_CA_DIR" ]; then
+  echo "Erreur : Le répertoire pour le périmètre '$FUNCTIONAL_PERIMETER_NAME' existe déjà. Veuillez le supprimer ou choisir un autre nom."
+  exit 1
+fi
+
 INTERMEDIATE_KEY="$INTERMEDIATE_CA_DIR/private/intermediate.key.pem"
 INTERMEDIATE_CSR="$INTERMEDIATE_CA_DIR/csr/intermediate.csr.pem"
 INTERMEDIATE_CERT="$INTERMEDIATE_CA_DIR/certs/intermediate.cert.pem"
--- a/scripts/create_root_cert.sh
+++ b/scripts/create_root_cert.sh
@ -31,8 +31,10 @@ cp /opt/scripts/configs/root-openssl.conf "$ROOT_CNF"

 # Initialiser les fichiers requis par OpenSSL pour une CA
 touch "$ROOT_CA_DIR/index.txt"
+chmod 666 "$ROOT_CA_DIR/index.txt"

 echo 1000 > "$ROOT_CA_DIR/serial"     # Numéro de série initial pour les certificats
+chmod 666 "$ROOT_CA_DIR/serial"
 echo 1000 > "$ROOT_CA_DIR/crlnumber"  # Numéro de série initial pour la CRL

 # Générer la clé privée du Root CA (2048 bits, sans passphrase pour la simplicité)