func LoadCertificate()

in transport/tlscommon/tls.go [37:85]


func LoadCertificate(config *CertificateConfig) (*tls.Certificate, error) {
	if err := config.Validate(); err != nil {
		return nil, err
	}

	certificate := config.Certificate
	key := config.Key
	if certificate == "" {
		return nil, nil
	}

	log := logp.NewLogger(logSelector)
	passphrase := config.Passphrase
	if passphrase == "" && config.PassphrasePath != "" {
		p, err := os.ReadFile(config.PassphrasePath)
		if err != nil {
			return nil, fmt.Errorf("unable to read passphrase_file: %w", err)
		}
		passphrase = string(p)
	}

	certPEM, err := ReadPEMFile(log, certificate, passphrase)
	if err != nil {
		log.Errorf("Failed reading certificate file %v: %+v", certificate, err)
		return nil, fmt.Errorf("%w %v", err, certificate)
	}

	keyPEM, err := ReadPEMFile(log, key, passphrase)
	if err != nil {
		log.Errorf("Failed reading key file: %+v", err)
		return nil, fmt.Errorf("%w %v", err, key)
	}

	cert, err := tls.X509KeyPair(certPEM, keyPEM)
	if err != nil {
		log.Errorf("Failed loading client certificate %+v", err)
		return nil, err
	}

	// Do not log the key if it was provided as a string in the configuration to avoid
	// leaking private keys in the debug logs. Log when the key is a file path.
	if IsPEMString(key) {
		log.Debugf("Loading certificate: %v with key from PEM string in config", certificate)
	} else {
		log.Debugf("Loading certificate: %v and key %v", certificate, key)
	}

	return &cert, nil
}