3 files changed, 61 insertions, 6 deletions

diff --git a/test/utils/remote_execution/bazel_action_creator.hpp b/test/utils/remote_execution/bazel_action_creator.hpp
index b35b2325..38468535 100644
--- a/test/utils/remote_execution/bazel_action_creator.hpp
+++ b/test/utils/remote_execution/bazel_action_creator.hpp
@@ -28,6 +28,7 @@
 #include "src/buildtool/crypto/hash_function.hpp"
 #include "src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp"
 #include "src/buildtool/execution_api/remote/config.hpp"
+#include "test/utils/remote_execution/test_auth_config.hpp"
 
 [[nodiscard]] static inline auto CreateAction(
     std::string const& instance_name,
@@ -82,12 +83,12 @@
     auto action_id = ArtifactDigest::Create<ObjectType::File>(action_data);
     blobs.emplace_back(action_id, action_data, /*is_exec=*/false);
 
-    std::optional<Auth::TLS> auth = {};
-    if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
-        auth = Auth::TLS::Instance();
+    auto auth_config = TestAuthConfig::ReadAuthConfigFromEnvironment();
+    if (not auth_config) {
+        return nullptr;
     }
 
-    BazelCasClient cas_client(info->host, info->port, auth ? &*auth : nullptr);
+    BazelCasClient cas_client(info->host, info->port, &*auth_config);
 
     std::vector<gsl::not_null<BazelBlob const*>> blob_ptrs;
     blob_ptrs.reserve(blobs.size());
diff --git a/test/utils/remote_execution/main-remote-execution.cpp b/test/utils/remote_execution/main-remote-execution.cpp
index fa47d585..7b5cba00 100644
--- a/test/utils/remote_execution/main-remote-execution.cpp
+++ b/test/utils/remote_execution/main-remote-execution.cpp
@@ -28,6 +28,7 @@
 #include "src/buildtool/logging/logger.hpp"
 #include "src/buildtool/storage/storage.hpp"
 #include "test/utils/logging/log_config.hpp"
+#include "test/utils/remote_execution/test_auth_config.hpp"
 #include "test/utils/test_env.hpp"
 
 namespace {
@@ -42,9 +43,12 @@ void wait_for_grpc_to_shutdown() {
 /// \returns true   If remote execution was successfully configured.
 [[nodiscard]] auto ConfigureRemoteExecution() -> bool {
     ReadCompatibilityFromEnv();
-    if (not ReadTLSAuthArgsFromEnv()) {
-        return false;
+
+    // Ensure authentication config is available
+    if (not TestAuthConfig::ReadAuthConfigFromEnvironment()) {
+        std::exit(EXIT_FAILURE);
     }
+
     HashFunction::SetHashType(Compatibility::IsCompatible()
                                   ? HashFunction::JustHash::Compatible
                                   : HashFunction::JustHash::Native);
diff --git a/test/utils/remote_execution/test_auth_config.hpp b/test/utils/remote_execution/test_auth_config.hpp
new file mode 100644
index 00000000..fd157f22
--- /dev/null
+++ b/test/utils/remote_execution/test_auth_config.hpp
@@ -0,0 +1,50 @@
+// Copyright 2024 Huawei Cloud Computing Technology Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef INCLUDED_SRC_TEST_UTILS_REMOTE_EXECUTION_TEST_AUTH_CONFIG_HPP
+#define INCLUDED_SRC_TEST_UTILS_REMOTE_EXECUTION_TEST_AUTH_CONFIG_HPP
+
+#include <optional>
+#include <string>
+#include <variant>
+
+#include "src/buildtool/auth/authentication.hpp"
+#include "src/buildtool/logging/log_level.hpp"
+#include "src/buildtool/logging/logger.hpp"
+#include "test/utils/test_env.hpp"
+
+class TestAuthConfig final {
+  public:
+    [[nodiscard]] static auto ReadAuthConfigFromEnvironment() noexcept
+        -> std::optional<Auth> {
+        Auth::TLS::Builder tls_builder;
+        auto config = tls_builder.SetCACertificate(ReadTLSAuthCACertFromEnv())
+                          .SetClientCertificate(ReadTLSAuthClientCertFromEnv())
+                          .SetClientKey(ReadTLSAuthClientKeyFromEnv())
+                          .Build();
+
+        if (config) {
+            if (*config) {
+                // correctly configured TLS/SSL certification
+                return *std::move(*config);
+            }
+            // given TLS certificates are invalid
+            Logger::Log(LogLevel::Error, config->error());
+            return std::nullopt;
+        }
+        return Auth{};  // no TLS certificates provided
+    }
+};
+
+#endif  // INCLUDED_SRC_TEST_UTILS_REMOTE_EXECUTION_TEST_AUTH_CONFIG_HPP