From 4ae1447b3d821bfb77bedcf67422369ae59c74dd Mon Sep 17 00:00:00 2001 From: Alberto Sartori Date: Thu, 5 Jan 2023 16:35:33 +0100 Subject: authentication: add TLS and mTLS support --- src/buildtool/common/cli.hpp | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'src/buildtool/common/cli.hpp') diff --git a/src/buildtool/common/cli.hpp b/src/buildtool/common/cli.hpp index 4650f749..b9c2feb9 100644 --- a/src/buildtool/common/cli.hpp +++ b/src/buildtool/common/cli.hpp @@ -125,6 +125,14 @@ struct GraphArguments { std::optional git_cas{}; }; +/// \brief Arguments for authentication methods. +struct AuthArguments { + // CA certificate used to verify server's identity + std::optional tls_ca_cert{std::nullopt}; + std::optional tls_client_cert{std::nullopt}; + std::optional tls_client_key{std::nullopt}; +}; + static inline auto SetupCommonArguments( gsl::not_null const& app, gsl::not_null const& clargs) { @@ -457,4 +465,19 @@ static inline auto SetupCompatibilityArguments( "remote build execution protocol. As the change affects identifiers, " "the flag must be used consistently for all related invocations."); } + +static inline auto SetupAuthArguments( + gsl::not_null const& app, + gsl::not_null const& authargs) { + app->add_option("--tls-ca-cert", + authargs->tls_ca_cert, + "Path to a TLS CA certificate that is trusted to sign the " + "server certificate."); + app->add_option("--tls-client-cert", + authargs->tls_client_cert, + "Path to the TLS client certificate."); + app->add_option("--tls-client-key", + authargs->tls_client_key, + "Path to the TLS client key."); +} #endif // INCLUDED_SRC_BUILDTOOL_COMMON_CLI_HPP -- cgit v1.2.3