ClientCredentials returns a list of TLS client certificate chains for the given identifiers. The return value can be used in a tls.Config to enable client authentication using managed certificates. Any certificates that need to be obtained or renewed for these identifiers will be managed accordingly
(ctx context.Context, identifiers []string)
| 346 | // The return value can be used in a tls.Config to enable client authentication using managed certificates. |
| 347 | // Any certificates that need to be obtained or renewed for these identifiers will be managed accordingly. |
| 348 | func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string) ([]tls.Certificate, error) { |
| 349 | err := cfg.manageAll(ctx, identifiers, false) |
| 350 | if err != nil { |
| 351 | return nil, err |
| 352 | } |
| 353 | var chains []tls.Certificate |
| 354 | for _, id := range identifiers { |
| 355 | certRes, err := cfg.loadCertResourceAnyIssuer(ctx, id) |
| 356 | if err != nil { |
| 357 | return chains, err |
| 358 | } |
| 359 | chain, err := tls.X509KeyPair(certRes.CertificatePEM, certRes.PrivateKeyPEM) |
| 360 | if err != nil { |
| 361 | return chains, err |
| 362 | } |
| 363 | chains = append(chains, chain) |
| 364 | } |
| 365 | return chains, nil |
| 366 | } |
| 367 | |
| 368 | func (cfg *Config) manageAll(ctx context.Context, domainNames []string, async bool) error { |
| 369 | if ctx == nil { |
nothing calls this directly
no test coverage detected