1 files changed, 38 insertions, 10 deletions

diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs
index 64f1d458b..7fce34820 100644
--- a/ext/net/ops_tls.rs
+++ b/ext/net/ops_tls.rs
@@ -1004,8 +1004,12 @@ pub struct ListenTlsArgs {
   transport: String,
   hostname: String,
   port: u16,
-  cert_file: String,
-  key_file: String,
+  cert: Option<String>,
+  // TODO(kt3k): Remove this option at v2.0.
+  cert_file: Option<String>,
+  key: Option<String>,
+  // TODO(kt3k): Remove this option at v2.0.
+  key_file: Option<String>,
   alpn_protocols: Option<Vec<String>>,
 }
 
@@ -1020,23 +1024,47 @@ where
   assert_eq!(args.transport, "tcp");
   let hostname = &*args.hostname;
   let port = args.port;
-  let cert_file = &*args.cert_file;
-  let key_file = &*args.key_file;
+  let cert_file = args.cert_file.as_deref();
+  let key_file = args.key_file.as_deref();
+  let cert = args.cert.as_deref();
+  let key = args.key.as_deref();
 
   {
     let permissions = state.borrow_mut::<NP>();
     permissions.check_net(&(hostname, Some(port)))?;
-    permissions.check_read(Path::new(cert_file))?;
-    permissions.check_read(Path::new(key_file))?;
+    if let Some(path) = cert_file {
+      permissions.check_read(Path::new(path))?;
+    }
+    if let Some(path) = key_file {
+      permissions.check_read(Path::new(path))?;
+    }
   }
 
+  let cert_chain = if cert_file.is_some() && cert.is_some() {
+    return Err(generic_error("Both cert and certFile is specified. You can specify either one of them."));
+  } else if let Some(path) = cert_file {
+    load_certs_from_file(path)?
+  } else if let Some(cert) = cert {
+    load_certs(&mut BufReader::new(cert.as_bytes()))?
+  } else {
+    return Err(generic_error("`cert` is not specified."));
+  };
+  let key_der = if key_file.is_some() && key.is_some() {
+    return Err(generic_error(
+      "Both key and keyFile is specified. You can specify either one of them.",
+    ));
+  } else if let Some(path) = key_file {
+    load_private_keys_from_file(path)?.remove(0)
+  } else if let Some(key) = key {
+    load_private_keys(key.as_bytes())?.remove(0)
+  } else {
+    return Err(generic_error("`key` is not specified."));
+  };
+
   let mut tls_config = ServerConfig::builder()
     .with_safe_defaults()
     .with_no_client_auth()
-    .with_single_cert(
-      load_certs_from_file(cert_file)?,
-      load_private_keys_from_file(key_file)?.remove(0),
-    )
+    .with_single_cert(cert_chain, key_der)
     .expect("invalid key or certificate");
   if let Some(alpn_protocols) = args.alpn_protocols {
     super::check_unstable(state, "Deno.listenTls#alpn_protocols");