Add options to use TLS client certificate for authentication (Checker)

* Add "client-cert" and "client-key" flag options to allow the checker to use TLS client certificate for authentication. * Fix typo TSL -> TLS in docs. Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
2025-12-22 11:55:40 +01:00 · 2022-03-31 17:57:43 +02:00 · 2022-03-31 17:57:43 +02:00 · a91d36cc95
commit a91d36cc95
parent b9603b7742
4 changed files with 24 additions and 12 deletions
--- a/cmd/csaf_checker/main.go
+++ b/cmd/csaf_checker/main.go
@ -24,9 +24,11 @@ import (
 var reportHTML string

 type options struct {
-	Output   string `short:"o" long:"output" description:"File name of the generated report" value-name:"REPORT-FILE"`
-	Format   string `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" default:"json"`
-	Insecure bool   `long:"insecure" description:"Do not check TSL certificates from provider"`
+	Output     string  `short:"o" long:"output" description:"File name of the generated report" value-name:"REPORT-FILE"`
+	Format     string  `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" default:"json"`
+	Insecure   bool    `long:"insecure" description:"Do not check TLS certificates from provider"`
+	ClientCert *string `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE"`
+	ClientKey  *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE"`
 }

 func errCheck(err error) {
@ -135,6 +137,11 @@ func main() {
 		return
 	}

+	if (opts.ClientCert != nil && opts.ClientKey == nil) || (opts.ClientCert == nil && opts.ClientKey != nil) {
+		log.Println("Both client-key and client-cert options must be set for the authentication.")
+		return
+	}
+
 	p := newProcessor(opts)

 	report, err := p.run(buildReporters(), domains)