From 7200cd0de10dd234e527bcdf5cdd884f77a03803 Mon Sep 17 00:00:00 2001
From: wzj <244142824@qq.com>
Date: Sat, 14 Jun 2025 09:46:15 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=AF=BC=E5=87=BAca?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/app.py b/app.py
index 78add6b..003cc90 100644
--- a/app.py
+++ b/app.py
@@ -875,17 +875,17 @@ def renew_certificate_view(cert_id):
     return render_template('renew_certificate.html', cert=cert)
 
 
-@app.route('/cas/<int:ca_id>/export')
+@app.route('/cas/<int:ca_id>/export')@app.route('/cas/<int:ca_id>/export')
 @login_required
 def export_ca_view(ca_id):
     ca = get_ca_by_id(ca_id)
     if not ca:
-        flash('CA不存在', 'danger')
+        flash('CA not found', 'danger')
         return redirect(url_for('ca_list'))
 
     # 检查权限
     if not current_user.is_admin and ca['created_by'] != current_user.id:
-        flash('无权操作此CA', 'danger')
+        flash('No permission', 'danger')
         return redirect(url_for('ca_list'))
 
     # 创建临时zip文件
@@ -894,29 +894,31 @@ def export_ca_view(ca_id):
     try:
         with zipfile.ZipFile(memory_file, 'w', zipfile.ZIP_DEFLATED) as zf:
             # 添加CA证书文件
-            with open(ca['cert_path'], 'r') as f:
+            with open(ca['cert_path'], 'rb') as f:  # 使用二进制模式读取
                 cert_content = f.read()
             zf.writestr(f"{ca['common_name']}_ca.crt", cert_content)
 
             # 添加CA私钥文件(可选，只有管理员可以导出私钥)
             if current_user.is_admin:
-                with open(ca['key_path'], 'r') as f:
+                with open(ca['key_path'], 'rb') as f:  # 使用二进制模式读取
                     key_content = f.read()
                 zf.writestr(f"{ca['common_name']}_ca.key", key_content)
 
         memory_file.seek(0)
 
+        # 确保文件名只包含ASCII字符
+        safe_filename = f"{ca['name']}_ca_bundle.zip".encode('ascii', 'ignore').decode('ascii')
+
         return Response(
             memory_file.getvalue(),
             mimetype="application/zip",
             headers={
-                "Content-Disposition": f"attachment; filename={ca['name']}_ca_bundle.zip"
+                "Content-Disposition": f"attachment; filename={safe_filename}"
             }
         )
     except Exception as e:
-        flash(f'导出CA失败: {str(e)}', 'danger')
+        flash(f'Export failed: {str(e)}', 'danger')
         return redirect(url_for('ca_detail', ca_id=ca_id))
-
 @app.route('/certificates/<int:cert_id>/export', methods=['GET', 'POST'])
 @login_required
 def export_certificate_view(cert_id):