Replace the Auth and Auth::TLS singletons

Use a builder pattern for creation and validation, in a manner that
allows also other authentication methods to be added in the future
besides the current TLS/SSL.

The main Auth instances are built early and then passed by not_null
const pointers, to avoid passing temporaries, replacing the previous
Auth::TLS instances passed by simple nullable const pointers. Where
needed, these passed Auth instances are also stored, by const ref.

Tests also build Auth instances as needed, either with the default
'no certification' or from the test environment arguments.

1 files changed, 19 insertions, 34 deletions

diff --git a/src/other_tools/just_mr/setup_utils.cpp b/src/other_tools/just_mr/setup_utils.cpp
index 7ed61897..577fb1bf 100644
--- a/src/other_tools/just_mr/setup_utils.cpp
+++ b/src/other_tools/just_mr/setup_utils.cpp
@@ -19,7 +19,6 @@
 #include <variant>
 
 #include "nlohmann/json.hpp"
-#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/build_engine/expression/expression.hpp"
 #include "src/buildtool/file_system/file_system_manager.hpp"
 #include "src/buildtool/logging/log_level.hpp"
@@ -193,42 +192,28 @@ auto ReadConfiguration(
     }
 }
 
-void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept {
-    bool use_tls{false};
-    if (authargs.tls_ca_cert) {
-        use_tls = true;
-        if (not Auth::TLS::Instance().SetCACertificate(*authargs.tls_ca_cert)) {
-            Logger::Log(LogLevel::Error,
-                        "Could not read '{}' certificate.",
-                        authargs.tls_ca_cert->string());
-            std::exit(kExitConfigError);
-        }
-    }
-    if (authargs.tls_client_cert) {
-        use_tls = true;
-        if (not Auth::TLS::Instance().SetClientCertificate(
-                *authargs.tls_client_cert)) {
-            Logger::Log(LogLevel::Error,
-                        "Could not read '{}' certificate.",
-                        authargs.tls_client_cert->string());
-            std::exit(kExitConfigError);
-        }
-    }
-    if (authargs.tls_client_key) {
-        use_tls = true;
-        if (not Auth::TLS::Instance().SetClientKey(*authargs.tls_client_key)) {
-            Logger::Log(LogLevel::Error,
-                        "Could not read '{}' key.",
-                        authargs.tls_client_key->string());
-            std::exit(kExitConfigError);
-        }
-    }
+auto CreateAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept
+    -> std::optional<Auth> {
 
-    if (use_tls) {
-        if (not Auth::TLS::Instance().Validate()) {
-            std::exit(kExitConfigError);
+    Auth::TLS::Builder tls_builder;
+    tls_builder.SetCACertificate(authargs.tls_ca_cert)
+        .SetClientCertificate(authargs.tls_client_cert)
+        .SetClientKey(authargs.tls_client_key);
+
+    // create auth config (including validation)
+    auto result = tls_builder.Build();
+    if (result) {
+        if (*result) {
+            // correctly configured TLS/SSL certification
+            return *std::move(*result);
         }
+        Logger::Log(LogLevel::Error, result->error());
+        return std::nullopt;
     }
+
+    // no TLS/SSL configuration was given, and we currently support no other
+    // certification method, so return an empty config (no certification)
+    return Auth{};
 }
 
 void SetupRemoteConfig(