From df91c85d975d2094fd8b6d194cb2ad73d6e814e9 Mon Sep 17 00:00:00 2001
From: wzj <244142824@qq.com>
Date: Sat, 14 Jun 2025 09:43:08 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=AF=BC=E5=87=BAca?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py                   | 43 +++++++++++++++++++++++++++++++++++++++-
 templates/ca_detail.html |  1 +
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 2baddc0..78add6b 100644
--- a/app.py
+++ b/app.py
@@ -875,6 +875,48 @@ def renew_certificate_view(cert_id):
     return render_template('renew_certificate.html', cert=cert)
 
 
+@app.route('/cas/<int:ca_id>/export')
+@login_required
+def export_ca_view(ca_id):
+    ca = get_ca_by_id(ca_id)
+    if not ca:
+        flash('CA不存在', 'danger')
+        return redirect(url_for('ca_list'))
+
+    # 检查权限
+    if not current_user.is_admin and ca['created_by'] != current_user.id:
+        flash('无权操作此CA', 'danger')
+        return redirect(url_for('ca_list'))
+
+    # 创建临时zip文件
+    memory_file = BytesIO()
+
+    try:
+        with zipfile.ZipFile(memory_file, 'w', zipfile.ZIP_DEFLATED) as zf:
+            # 添加CA证书文件
+            with open(ca['cert_path'], 'r') as f:
+                cert_content = f.read()
+            zf.writestr(f"{ca['common_name']}_ca.crt", cert_content)
+
+            # 添加CA私钥文件(可选，只有管理员可以导出私钥)
+            if current_user.is_admin:
+                with open(ca['key_path'], 'r') as f:
+                    key_content = f.read()
+                zf.writestr(f"{ca['common_name']}_ca.key", key_content)
+
+        memory_file.seek(0)
+
+        return Response(
+            memory_file.getvalue(),
+            mimetype="application/zip",
+            headers={
+                "Content-Disposition": f"attachment; filename={ca['name']}_ca_bundle.zip"
+            }
+        )
+    except Exception as e:
+        flash(f'导出CA失败: {str(e)}', 'danger')
+        return redirect(url_for('ca_detail', ca_id=ca_id))
+
 @app.route('/certificates/<int:cert_id>/export', methods=['GET', 'POST'])
 @login_required
 def export_certificate_view(cert_id):
@@ -970,7 +1012,6 @@ def generate_separate_files_zip(cert, cert_ext, zip_suffix):
         flash(f'创建ZIP文件失败: {str(e)}', 'danger')
         return redirect(url_for('export_certificate_view', cert_id=cert['id']))
 
-
 @app.route('/download/<path:filename>')
 @login_required
 def download_file(filename):
diff --git a/templates/ca_detail.html b/templates/ca_detail.html
index be68916..571d4ea 100644
--- a/templates/ca_detail.html
+++ b/templates/ca_detail.html
@@ -6,6 +6,7 @@
 <div class="d-flex justify-content-between align-items-center mb-3">
     <h2>CA机构详情: {{ ca.name }}</h2>
     <div>
+        <a href="{{ url_for('export_ca_view', ca_id=ca.id) }}" class="btn btn-primary me-2">导出CA</a>
         <a href="{{ url_for('generate_crl_view', ca_id=ca.id) }}" class="btn btn-warning me-2">生成CRL</a>
         {% if crl %}
             <a href="{{ url_for('download_crl', ca_id=ca.id) }}" class="btn btn-success">下载CRL</a>