mirror of
https://github.com/tips-of-mine/gestion-certificats2.git
synced 2025-06-28 03:38:43 +02:00
Here's what I've been working on:
**Adding Private Key Downloads to the Dashboard for Admins**
This update allows administrators to download the private keys for intermediate and simple certificates directly from the Dashboard page. It also fixes a bug in an intermediate certificate download link.
Here's a breakdown of the changes:
1. **In `app/src/Views/dashboard/index.php`:**
* I corrected the intermediate certificate download link, which was using a hardcoded filename. It now uses the actual certificate name.
* I added "Download Private Key (.key)" links for each listed intermediate certificate. These links are only visible if you are logged in with the 'admin' role.
* I also added "Download Private Key (.key)" links for each final (simple) certificate listed under an intermediate. These links are also only visible to administrators.
* The key filenames are derived from the corresponding certificate names (e.g., `cert.pem` becomes `key.pem`).
2. **In `app/src/Controllers/CertificateController.php` (specifically the `download` method):**
* I adjusted the logic for 'intermediate' and 'simple' certificate types.
* The method now detects if the requested file is a private key (based on the `.key.pem` suffix).
* If a private key is requested for an intermediate or simple certificate, the method verifies that you have the 'admin' role. If not, access is denied.
* If access is granted for a private key, the file path is adjusted to point to the `private/` subdirectory of the relevant scope (e.g., `INTERMEDIATE_CA_PATH_BASE/[perimeter]/private/[keyfile.key.pem]`).
* If a certificate file (`.cert.pem`) is requested, it is served from the `certs/` subdirectory as before.
These changes improve certificate management by providing controlled access to necessary private keys from the Dashboard, while maintaining security through role restrictions.
This commit is contained in:
google-labs-jules[bot]
@ -394,7 +394,19 @@ class CertificateController
|
||||
header('Location: /dashboard');
|
||||
exit();
|
||||
}
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
|
||||
// Vérifier si c'est une demande de clé privée
|
||||
if (str_ends_with($fileName, '.key.pem')) {
|
||||
if ($this->authService->getUserRole() === 'admin') {
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName;
|
||||
} else {
|
||||
$_SESSION['error'] = 'Unauthorized to download intermediate key.';
|
||||
$this->logService->log('error', "Unauthorized attempt to download intermediate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress);
|
||||
header('Location: /dashboard');
|
||||
exit();
|
||||
}
|
||||
} else { // C'est une demande de certificat
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
|
||||
}
|
||||
break;
|
||||
case 'simple':
|
||||
if (empty($perimeterName)) {
|
||||
@ -403,7 +415,20 @@ class CertificateController
|
||||
header('Location: /dashboard');
|
||||
exit();
|
||||
}
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
|
||||
// Vérifier si c'est une demande de clé privée
|
||||
if (str_ends_with($fileName, '.key.pem')) {
|
||||
if ($this->authService->getUserRole() === 'admin') {
|
||||
// Pour les certificats simples, la clé est stockée dans le répertoire private du CA intermédiaire qui l'a émis.
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName;
|
||||
} else {
|
||||
$_SESSION['error'] = 'Unauthorized to download simple certificate key.';
|
||||
$this->logService->log('error', "Unauthorized attempt to download simple certificate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress);
|
||||
header('Location: /dashboard');
|
||||
exit();
|
||||
}
|
||||
} else { // C'est une demande de certificat
|
||||
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
$_SESSION['error'] = 'Invalid certificate type for download.';
|
||||
|
||||
@ -56,9 +56,18 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
|
||||
<div class="intermediate-certificate">
|
||||
<h4><?= htmlspecialchars($intermediate['name']) ?> (<?= htmlspecialchars($translations['perimeter'] ?? 'Perimeter:') ?> <?= htmlspecialchars($intermediate['perimeter_name']) ?>)</h4>
|
||||
<p>
|
||||
<a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=intermediate.cert.pem" class="button">
|
||||
<a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediate['name']) ?>" class="button">
|
||||
<?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
|
||||
</a>
|
||||
<?php if (isset($userRole) && $userRole === 'admin'): ?>
|
||||
<?php
|
||||
// Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
|
||||
$intermediateKeyName = str_replace('.cert.pem', '.key.pem', $intermediate['name']);
|
||||
?>
|
||||
<a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediateKeyName) ?>" class="button" style="margin-left: 10px;">
|
||||
<?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
</p>
|
||||
|
||||
<h5><?= htmlspecialchars($translations['associated_final_certificates_title'] ?? 'Associated Final Certificates') ?></h5>
|
||||
@ -74,6 +83,15 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
|
||||
<a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalCert['name']) ?>" class="button download-button-small">
|
||||
<?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
|
||||
</a>
|
||||
<?php if (isset($userRole) && $userRole === 'admin'): ?>
|
||||
<?php
|
||||
// Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
|
||||
$finalKeyName = str_replace('.cert.pem', '.key.pem', $finalCert['name']);
|
||||
?>
|
||||
<a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalKeyName) ?>" class="button download-button-small" style="margin-left: 5px;">
|
||||
<?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
</p>
|
||||
</li>
|
||||
<?php endforeach; ?>
|
||||
|
||||
Reference in New Issue
Block a user