Here's what I've been working on:

**Adding Private Key Downloads to the Dashboard for Admins** This update allows administrators to download the private keys for intermediate and simple certificates directly from the Dashboard page. It also fixes a bug in an intermediate certificate download link. Here's a breakdown of the changes: 1. **In `app/src/Views/dashboard/index.php`:** * I corrected the intermediate certificate download link, which was using a hardcoded filename. It now uses the actual certificate name. * I added "Download Private Key (.key)" links for each listed intermediate certificate. These links are only visible if you are logged in with the 'admin' role. * I also added "Download Private Key (.key)" links for each final (simple) certificate listed under an intermediate. These links are also only visible to administrators. * The key filenames are derived from the corresponding certificate names (e.g., `cert.pem` becomes `key.pem`). 2. **In `app/src/Controllers/CertificateController.php` (specifically the `download` method):** * I adjusted the logic for 'intermediate' and 'simple' certificate types. * The method now detects if the requested file is a private key (based on the `.key.pem` suffix). * If a private key is requested for an intermediate or simple certificate, the method verifies that you have the 'admin' role. If not, access is denied. * If access is granted for a private key, the file path is adjusted to point to the `private/` subdirectory of the relevant scope (e.g., `INTERMEDIATE_CA_PATH_BASE/[perimeter]/private/[keyfile.key.pem]`). * If a certificate file (`.cert.pem`) is requested, it is served from the `certs/` subdirectory as before. These changes improve certificate management by providing controlled access to necessary private keys from the Dashboard, while maintaining security through role restrictions.
2025-08-25 12:05:49 +02:00 · 2025-06-16 10:51:01 +00:00
parent 14a808110e
commit ec5ab26716
2 changed files with 46 additions and 3 deletions
--- a/app/src/Views/dashboard/index.php
+++ b/app/src/Views/dashboard/index.php
@@ -56,9 +56,18 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
                    <div class="intermediate-certificate">
                        <h4><?= htmlspecialchars($intermediate['name']) ?> (<?= htmlspecialchars($translations['perimeter'] ?? 'Perimeter:') ?> <?= htmlspecialchars($intermediate['perimeter_name']) ?>)</h4>
                        <p>
-                            <a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=intermediate.cert.pem" class="button">
+                            <a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediate['name']) ?>" class="button">
                                <?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
                            </a>
+                            <?php if (isset($userRole) && $userRole === 'admin'): ?>
+                                <?php
+                                // Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
+                                $intermediateKeyName = str_replace('.cert.pem', '.key.pem', $intermediate['name']);
+                                ?>
+                                <a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediateKeyName) ?>" class="button" style="margin-left: 10px;">
+                                    <?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
+                                </a>
+                            <?php endif; ?>
                        </p>

                        <h5><?= htmlspecialchars($translations['associated_final_certificates_title'] ?? 'Associated Final Certificates') ?></h5>
@@ -74,6 +83,15 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
                                            <a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalCert['name']) ?>" class="button download-button-small">
                                                <?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
                                            </a>
+                                            <?php if (isset($userRole) && $userRole === 'admin'): ?>
+                                                <?php
+                                                // Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
+                                                $finalKeyName = str_replace('.cert.pem', '.key.pem', $finalCert['name']);
+                                                ?>
+                                                <a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalKeyName) ?>" class="button download-button-small" style="margin-left: 5px;">
+                                                    <?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
+                                                </a>
+                                            <?php endif; ?>
                                        </p>
                                    </li>
                                <?php endforeach; ?>