Tips-Of-Mine/gestion-certificats2
2
0
Fork 0
mirror of https://github.com/tips-of-mine/gestion-certificats2.git synced 2025-06-28 12:48:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Here's what I've been working on:

Browse Source 
**Adding Private Key Downloads to the Dashboard for Admins**

This update allows administrators to download the private keys for intermediate and simple certificates directly from the Dashboard page. It also fixes a bug in an intermediate certificate download link.

Here's a breakdown of the changes:

1.  **In `app/src/Views/dashboard/index.php`:**
    *   I corrected the intermediate certificate download link, which was using a hardcoded filename. It now uses the actual certificate name.
    *   I added "Download Private Key (.key)" links for each listed intermediate certificate. These links are only visible if you are logged in with the 'admin' role.
    *   I also added "Download Private Key (.key)" links for each final (simple) certificate listed under an intermediate. These links are also only visible to administrators.
    *   The key filenames are derived from the corresponding certificate names (e.g., `cert.pem` becomes `key.pem`).

2.  **In `app/src/Controllers/CertificateController.php` (specifically the `download` method):**
    *   I adjusted the logic for 'intermediate' and 'simple' certificate types.
    *   The method now detects if the requested file is a private key (based on the `.key.pem` suffix).
    *   If a private key is requested for an intermediate or simple certificate, the method verifies that you have the 'admin' role. If not, access is denied.
    *   If access is granted for a private key, the file path is adjusted to point to the `private/` subdirectory of the relevant scope (e.g., `INTERMEDIATE_CA_PATH_BASE/[perimeter]/private/[keyfile.key.pem]`).
    *   If a certificate file (`.cert.pem`) is requested, it is served from the `certs/` subdirectory as before.

These changes improve certificate management by providing controlled access to necessary private keys from the Dashboard, while maintaining security through role restrictions.
This commit is contained in:
google-labs-jules[bot]
2025-06-16 10:51:01 +00:00
parent 14a808110e
commit ec5ab26716
2 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/src/Controllers/CertificateController.php
View File

@ -394,7 +394,19 @@ class CertificateController
header('Location: /dashboard'); header('Location: /dashboard');
exit(); exit();
} }
// Vérifier si c'est une demande de clé privée
if (str_ends_with($fileName, '.key.pem')) {
if ($this->authService->getUserRole() === 'admin') {
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName;
} else {
$_SESSION['error'] = 'Unauthorized to download intermediate key.';
$this->logService->log('error', "Unauthorized attempt to download intermediate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress);
header('Location: /dashboard');
exit();
}
} else { // C'est une demande de certificat
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
}
break; break;
case 'simple': case 'simple':
if (empty($perimeterName)) { if (empty($perimeterName)) {
@ -403,7 +415,20 @@ class CertificateController
header('Location: /dashboard'); header('Location: /dashboard');
exit(); exit();
} }
// Vérifier si c'est une demande de clé privée
if (str_ends_with($fileName, '.key.pem')) {
if ($this->authService->getUserRole() === 'admin') {
// Pour les certificats simples, la clé est stockée dans le répertoire private du CA intermédiaire qui l'a émis.
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/private/' . $fileName;
} else {
$_SESSION['error'] = 'Unauthorized to download simple certificate key.';
$this->logService->log('error', "Unauthorized attempt to download simple certificate key by user ID: {$userId} for perimeter {$perimeterName}, file {$fileName}", $userId, $ipAddress);
header('Location: /dashboard');
exit();
}
} else { // C'est une demande de certificat
$filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName; $filePath = INTERMEDIATE_CA_PATH_BASE . '/' . $perimeterName . '/certs/' . $fileName;
}
break; break;
default: default:
$_SESSION['error'] = 'Invalid certificate type for download.'; $_SESSION['error'] = 'Invalid certificate type for download.';

20
app/src/Views/dashboard/index.php
View File

@ -56,9 +56,18 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
<div class="intermediate-certificate"> <div class="intermediate-certificate">
<h4><?= htmlspecialchars($intermediate['name']) ?> (<?= htmlspecialchars($translations['perimeter'] ?? 'Perimeter:') ?> <?= htmlspecialchars($intermediate['perimeter_name']) ?>)</h4> <h4><?= htmlspecialchars($intermediate['name']) ?> (<?= htmlspecialchars($translations['perimeter'] ?? 'Perimeter:') ?> <?= htmlspecialchars($intermediate['perimeter_name']) ?>)</h4>
<p> <p>
<a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=intermediate.cert.pem" class="button"> <a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediate['name']) ?>" class="button">
<?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?> <?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
</a> </a>
<?php if (isset($userRole) && $userRole === 'admin'): ?>
<?php
// Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
$intermediateKeyName = str_replace('.cert.pem', '.key.pem', $intermediate['name']);
?>
<a href="/certificates/download?type=intermediate&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($intermediateKeyName) ?>" class="button" style="margin-left: 10px;">
<?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
</a>
<?php endif; ?>
</p> </p>
<h5><?= htmlspecialchars($translations['associated_final_certificates_title'] ?? 'Associated Final Certificates') ?></h5> <h5><?= htmlspecialchars($translations['associated_final_certificates_title'] ?? 'Associated Final Certificates') ?></h5>
@ -74,6 +83,15 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
<a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalCert['name']) ?>" class="button download-button-small"> <a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalCert['name']) ?>" class="button download-button-small">
<?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?> <?= htmlspecialchars($translations['download_certificate_pem'] ?? 'Download Certificate (.pem)') ?>
</a> </a>
<?php if (isset($userRole) && $userRole === 'admin'): ?>
<?php
// Suppose que le nom du fichier clé est le nom du cert avec .key.pem au lieu de .cert.pem
$finalKeyName = str_replace('.cert.pem', '.key.pem', $finalCert['name']);
?>
<a href="/certificates/download?type=simple&perimeter=<?= urlencode($intermediate['perimeter_name']) ?>&file=<?= urlencode($finalKeyName) ?>" class="button download-button-small" style="margin-left: 5px;">
<?= htmlspecialchars($translations['download_private_key'] ?? 'Télécharger Clé Privée (.key)') ?>
</a>
<?php endif; ?>
</p> </p>
</li> </li>
<?php endforeach; ?> <?php endforeach; ?>