allow cert and key to return separately

src/GapicClientTrait.php

@@ -223,7 +223,12 @@ private function buildClientOptions(array $options)
         // mTLS: detect and load the default clientCertSource if the environment variable
         // "GOOGLE_API_USE_CLIENT_CERTIFICATE" is true, and the cert source is available
         if (empty($options['clientCertSource']) && CredentialsLoader::shouldLoadClientCertSource()) {
-            $options['clientCertSource'] = CredentialsLoader::getDefaultClientCertSource();
+            $options['clientCertSource'] = function () {
+                $cert = call_user_func(CredentialsLoader::getDefaultClientCertSource());
+
+                // the key and the cert are returned in one string
+                return [$cert, $cert];
+            };
         }
 
         // mTLS: If no apiEndpoint has been supplied by the user, and either

src/Transport/GrpcTransport.php

@@ -265,9 +265,6 @@ private function getCallOptions(array $options)
 
     private static function loadClientCertSource(callable $clientCertSource)
     {
-        $cert = call_user_func($clientCertSource);
-
-        // the key and the cert are returned in one string
-        return [$cert, $cert];
+        return call_user_func($clientCertSource);
     }
 }

src/Transport/HttpUnaryTransportTrait.php

@@ -152,10 +152,13 @@ private function throwUnsupportedException()
 
     private static function loadClientCertSource(callable $clientCertSource)
     {
-        $f = tempnam(sys_get_temp_dir(), 'cert');
-        file_put_contents($f, call_user_func($this->clientCertSource));
+        $certFile = tempnam(sys_get_temp_dir(), 'cert');
+        $keyFile = tempnam(sys_get_temp_dir(), 'key');
+        list($cert, $key) = call_user_func($this->clientCertSource);
+        file_put_contents($certFile, $cert);
+        file_put_contents($keyFile, $key);
 
         // the key and the cert are returned in one temporary file
-        return [$f, $f];
+        return [$certFile, $keyFile];
     }
 }