feat: Implement SSH master connector and CLI for certificate management

2026-03-21 03:07:58 +00:00
parent 2fcdc7d0df
commit 1a453a7e5c
8 changed files with 687 additions and 3 deletions
--- a/apps/nxmesh-agent/src/cli/mod.rs
+++ b/apps/nxmesh-agent/src/cli/mod.rs
@@ -0,0 +1,81 @@
+use clap::{Parser, Subcommand};
+
+#[derive(Parser)]
+#[command(version, about, long_about = None)]
+pub struct Cli {
+    /// Start the agent server
+    #[arg(short, long, group = "mode")]
+    pub serve: bool,
+
+    #[command(subcommand)]
+    pub command: Option<Commands>,
+}
+
+#[derive(Subcommand)]
+pub enum Commands {
+    #[command(about = "Import certificates for agent from zip file or separate cert and key files")]
+    ImportCerts {
+        // Zip file input, mutually exclusive with separate cert and key file inputs
+        /// Zip file containing ca.pem cert.pem and key.pem
+        #[arg(value_name = "ZIP_FILE", group = "input_source")]
+        zip: Option<String>,
+        /// Certificate name in zip file, required if using zip input
+        #[arg(
+            long,
+            group = "input_source",
+            requires = "zip",
+            default_value = "cert.pem",
+            value_name = "CERT_NAME"
+        )]
+        cert_name: Option<String>,
+        /// Key name in zip file, required if using zip input
+        #[arg(
+            long,
+            group = "input_source",
+            requires = "zip",
+            default_value = "key.pem",
+            value_name = "KEY_NAME"
+        )]
+        key_name: Option<String>,
+        /// CA certificate name in zip file, required if using zip input
+        #[arg(
+            long,
+            group = "input_source",
+            requires = "zip",
+            default_value = "ca.pem",
+            value_name = "CA_NAME"
+        )]
+        ca_name: Option<String>,
+
+        // Separate cert and key file inputs, required if not using zip input
+        /// Certificate file path
+        #[arg(
+            long,
+            group = "input_source",
+            requires = "key",
+            conflicts_with = "zip",
+            value_name = "CERT_FILE"
+        )]
+        cert: Option<String>,
+
+        /// Key file path
+        #[arg(
+            long,
+            group = "input_source",
+            requires = "cert",
+            conflicts_with = "zip",
+            value_name = "KEY_FILE"
+        )]
+        key: Option<String>,
+
+        /// Master CA certificate file path for verifying master identity, optional if the CA certificate is already trusted by the system
+        /// This is required if the master server uses a self-signed certificate that is not trusted by the system
+        #[arg(
+            long,
+            group = "input_source",
+            conflicts_with = "zip",
+            value_name = "CA_CERT_FILE"
+        )]
+        ca_cert: Option<String>,
+    },
+}