* Validate and extract identity options (keys, certs) from an SNI entry. * CA and CRL are shared TLS options, not per-identity. * @param {object} identity * @param {string} label * @returns {object}
(identity, label)
| 4878 | * @returns {object} |
| 4879 | */ |
| 4880 | function processIdentityOptions(identity, label) { |
| 4881 | const { |
| 4882 | keys, |
| 4883 | certs, |
| 4884 | verifyPrivateKey = false, |
| 4885 | } = identity; |
| 4886 | |
| 4887 | if (certs !== undefined) { |
| 4888 | const certInputs = ArrayIsArray(certs) ? certs : [certs]; |
| 4889 | for (const cert of certInputs) { |
| 4890 | if (!isArrayBufferView(cert) && !isArrayBuffer(cert)) { |
| 4891 | throw new ERR_INVALID_ARG_TYPE(`${label}.certs`, |
| 4892 | ['ArrayBufferView', 'ArrayBuffer'], cert); |
| 4893 | } |
| 4894 | } |
| 4895 | } |
| 4896 | |
| 4897 | const keyHandles = []; |
| 4898 | if (keys !== undefined) { |
| 4899 | const keyInputs = ArrayIsArray(keys) ? keys : [keys]; |
| 4900 | for (const key of keyInputs) { |
| 4901 | if (isKeyObject(key)) { |
| 4902 | if (getKeyObjectType(key) !== 'private') { |
| 4903 | throw new ERR_INVALID_ARG_VALUE(`${label}.keys`, key, |
| 4904 | 'must be a private key'); |
| 4905 | } |
| 4906 | ArrayPrototypePush(keyHandles, getKeyObjectHandle(key)); |
| 4907 | } else { |
| 4908 | throw new ERR_INVALID_ARG_TYPE(`${label}.keys`, 'KeyObject', key); |
| 4909 | } |
| 4910 | } |
| 4911 | } |
| 4912 | |
| 4913 | validateBoolean(verifyPrivateKey, `${label}.verifyPrivateKey`); |
| 4914 | |
| 4915 | return { |
| 4916 | __proto__: null, |
| 4917 | keys: keyHandles, |
| 4918 | certs, |
| 4919 | verifyPrivateKey, |
| 4920 | }; |
| 4921 | } |
| 4922 | |
| 4923 | /** |
| 4924 | * @param {object} tls |
no test coverage detected
searching dependent graphs…