Add known hosts file writing feature to cli

danielemery · danielemery · commit cd4ea12d7b9a · 2025-09-09T11:26:40.000+02:00
- For now, it blows away the local file completely and replaces it with
  the remote

Note: This commit was mostly authored by Claude Code using Claude Sonnet 4
diff --git a/cli/src/commands/known_hosts.rs b/cli/src/commands/known_hosts.rs
@@ -146,7 +146,17 @@ pub fn pretty_print_known_hosts(response: &KnownHostsResponse) {
     );
 }
 
-pub fn fetch_known_hosts(server_url: &str) -> Result<()> {
+/// Private function to fetch known hosts from the server
+///
+/// This function handles the HTTP request to the known hosts server,
+/// validates the response, and parses the JSON into a KnownHostsResponse.
+///
+/// # Arguments
+/// * `server_url` - The base URL of the keys server
+///
+/// # Returns
+/// * `Result<KnownHostsResponse>` - The parsed known hosts response or an error
+fn fetch_known_hosts_from_server(server_url: &str) -> Result<KnownHostsResponse> {
     let url = format!("{server_url}/known_hosts");
 
     let client = reqwest::blocking::Client::new();
@@ -166,8 +176,13 @@ pub fn fetch_known_hosts(server_url: &str) -> Result<()> {
         ));
     }
 
-    let known_hosts_response: KnownHostsResponse =
-        response.json().context("Failed to parse JSON response")?;
+    response
+        .json::<KnownHostsResponse>()
+        .context("Failed to parse JSON response")
+}
+
+pub fn fetch_known_hosts(server_url: &str) -> Result<()> {
+    let known_hosts_response = fetch_known_hosts_from_server(server_url)?;
 
     // Check if the output is being piped (not connected to a terminal)
     // Use raw/minimal output when piped to another command
@@ -218,6 +233,94 @@ pub fn fetch_known_hosts(server_url: &str) -> Result<()> {
     Ok(())
 }
 
+/// Helper function to format a host entry in known_hosts format
+fn format_known_hosts_line(host: &KnownHost, key: &HostKey) -> String {
+    let hosts_str = host.hosts.join(",");
+    let key_type = &key.key_type;
+    let key_value = &key.key;
+
+    // Add flags if present
+    let mut flags = Vec::new();
+    if key.revoked.unwrap_or(false) {
+        flags.push("@revoked");
+    }
+    if key.cert_authority.unwrap_or(false) {
+        flags.push("@cert-authority");
+    }
+
+    // Format comment if present
+    let comment_str = if let Some(comment) = &key.comment {
+        format!(" # {comment}")
+    } else {
+        String::new()
+    };
+
+    // Output in OpenSSH known_hosts format with flags and optional comment
+    if flags.is_empty() {
+        format!("{hosts_str} {key_type} {key_value}{comment_str}")
+    } else {
+        format!(
+            "{} {} {} {}{}",
+            flags.join(" "),
+            hosts_str,
+            key_type,
+            key_value,
+            comment_str
+        )
+    }
+}
+
+pub fn write_known_hosts(server_url: &str, file_path: &str) -> Result<()> {
+    // Fetch known hosts from the server
+    let known_hosts_response = fetch_known_hosts_from_server(server_url)?;
+
+    // Expand ~ to home directory if present
+    let expanded_path = shellexpand::tilde(file_path);
+    let path = std::path::Path::new(expanded_path.as_ref());
+
+    // Create directory if it doesn't exist
+    if let Some(parent) = path.parent()
+        && !parent.exists()
+    {
+        std::fs::create_dir_all(parent)
+            .with_context(|| format!("Failed to create parent directory: {}", parent.display()))?;
+    }
+
+    // Generate the file content (always replace completely)
+    let mut lines = Vec::new();
+    for host in &known_hosts_response.hosts {
+        for key in &host.keys {
+            lines.push(format_known_hosts_line(host, key));
+        }
+    }
+
+    let file_content = lines.join("\n");
+    if !file_content.is_empty() {
+        let file_content = format!("{}\n", file_content);
+        std::fs::write(path, file_content)
+            .with_context(|| format!("Failed to write to file: {}", path.display()))?;
+    } else {
+        // Write empty file if no hosts
+        std::fs::write(path, "")
+            .with_context(|| format!("Failed to write to file: {}", path.display()))?;
+    }
+
+    // Count the total number of entries written
+    let total_entries: usize = known_hosts_response
+        .hosts
+        .iter()
+        .map(|h| h.keys.len())
+        .sum();
+
+    println!(
+        "✅ Wrote {} known host entries to {}",
+        total_entries,
+        path.display()
+    );
+
+    Ok(())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
diff --git a/cli/src/commands/mod.rs b/cli/src/commands/mod.rs
@@ -4,6 +4,7 @@ pub mod ssh_keys;
 
 // Re-export the main command functions for easier imports
 pub use known_hosts::fetch_known_hosts;
+pub use known_hosts::write_known_hosts;
 pub use pgp_keys::fetch_pgp_keys;
 pub use ssh_keys::fetch_ssh_keys;
 pub use ssh_keys::write_ssh_keys;
diff --git a/cli/src/commands/ssh_keys.rs b/cli/src/commands/ssh_keys.rs
@@ -214,12 +214,11 @@ pub fn write_ssh_keys(server_url: &str, file_path: &str, force: bool) -> Result<
     let num_local_only = local_only_keys.len();
 
     // Create directory if it doesn't exist
-    if let Some(parent) = path.parent() {
-        if !parent.exists() {
-            std::fs::create_dir_all(parent).with_context(|| {
-                format!("Failed to create parent directory: {}", parent.display())
-            })?;
-        }
+    if let Some(parent) = path.parent()
+        && !parent.exists()
+    {
+        std::fs::create_dir_all(parent)
+            .with_context(|| format!("Failed to create parent directory: {}", parent.display()))?;
     }
 
     let mut updated_keys_count = 0;
diff --git a/cli/src/config/mod.rs b/cli/src/config/mod.rs
@@ -40,10 +40,10 @@ pub fn load_config(config_path: Option<&str>) -> Result<Config> {
     }
 
     // Try to load from default locations
-    if let Some(config_path) = get_default_config_path() {
-        if config_path.exists() {
-            return load_config_from_path(&config_path);
-        }
+    if let Some(config_path) = get_default_config_path()
+        && config_path.exists()
+    {
+        return load_config_from_path(&config_path);
     }
 
     // If no config file found, return default config
diff --git a/cli/src/main.rs b/cli/src/main.rs
@@ -35,7 +35,11 @@ enum Commands {
     Pgp {},
 
     /// Fetch known hosts from the server
-    KnownHosts {},
+    KnownHosts {
+        /// Write known hosts to file (replaces entire file)
+        #[arg(short, long)]
+        write: Option<String>,
+    },
 
     /// Initialize a default config file
     Init {},
@@ -61,8 +65,12 @@ fn main() -> Result<()> {
         Commands::Pgp {} => {
             commands::pgp_keys::fetch_pgp_keys(&server_url)?;
         }
-        Commands::KnownHosts {} => {
-            commands::known_hosts::fetch_known_hosts(&server_url)?;
+        Commands::KnownHosts { write } => {
+            if let Some(path) = write {
+                commands::known_hosts::write_known_hosts(&server_url, path)?;
+            } else {
+                commands::known_hosts::fetch_known_hosts(&server_url)?;
+            }
         }
         Commands::Init {} => {
             // Create a default config file

Original file line number	Diff line number	Diff line change
`@@ -40,10 +40,10 @@ pub fn load_config(config_path: Option<&str>) -> Result<Config> {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`// Try to load from default locations`
`43`		`- if let Some(config_path) = get_default_config_path() {`
`44`		`- if config_path.exists() {`
`45`		`- return load_config_from_path(&config_path);`
`46`		`- }`
	`43`	`+ if let Some(config_path) = get_default_config_path()`
	`44`	`+ && config_path.exists()`
	`45`	`+ {`
	`46`	`+ return load_config_from_path(&config_path);`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`// If no config file found, return default config`