支持导出ca

2025-06-14 09:46:15 +08:00 · 2025-06-14 09:46:15 +08:00 · 7200cd0de1
commit 7200cd0de1
parent df91c85d97
1 changed files with 10 additions and 8 deletions
--- a/app.py
+++ b/app.py
@ -875,17 +875,17 @@ def renew_certificate_view(cert_id):
    return render_template('renew_certificate.html', cert=cert)


-@app.route('/cas/<int:ca_id>/export')
+@app.route('/cas/<int:ca_id>/export')@app.route('/cas/<int:ca_id>/export')
@login_required
 def export_ca_view(ca_id):
    ca = get_ca_by_id(ca_id)
    if not ca:
-        flash('CA不存在', 'danger')
+        flash('CA not found', 'danger')
        return redirect(url_for('ca_list'))

    # 检查权限
    if not current_user.is_admin and ca['created_by'] != current_user.id:
-        flash('无权操作此CA', 'danger')
+        flash('No permission', 'danger')
        return redirect(url_for('ca_list'))

    # 创建临时zip文件
@ -894,29 +894,31 @@ def export_ca_view(ca_id):
    try:
        with zipfile.ZipFile(memory_file, 'w', zipfile.ZIP_DEFLATED) as zf:
            # 添加CA证书文件
-            with open(ca['cert_path'], 'r') as f:
+            with open(ca['cert_path'], 'rb') as f:  # 使用二进制模式读取
                cert_content = f.read()
            zf.writestr(f"{ca['common_name']}_ca.crt", cert_content)

            # 添加CA私钥文件(可选，只有管理员可以导出私钥)
            if current_user.is_admin:
-                with open(ca['key_path'], 'r') as f:
+                with open(ca['key_path'], 'rb') as f:  # 使用二进制模式读取
                    key_content = f.read()
                zf.writestr(f"{ca['common_name']}_ca.key", key_content)

        memory_file.seek(0)

+        # 确保文件名只包含ASCII字符
+        safe_filename = f"{ca['name']}_ca_bundle.zip".encode('ascii', 'ignore').decode('ascii')
+
        return Response(
            memory_file.getvalue(),
            mimetype="application/zip",
            headers={
-                "Content-Disposition": f"attachment; filename={ca['name']}_ca_bundle.zip"
+                "Content-Disposition": f"attachment; filename={safe_filename}"
            }
        )
    except Exception as e:
-        flash(f'导出CA失败: {str(e)}', 'danger')
+        flash(f'Export failed: {str(e)}', 'danger')
        return redirect(url_for('ca_detail', ca_id=ca_id))
-
@app.route('/certificates/<int:cert_id>/export', methods=['GET', 'POST'])
@login_required
 def export_certificate_view(cert_id):