From 31b481255b15c80aa4d16c1fe9d25363b5cf03c8 Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@vespa.ai>
Date: Wed, 19 Feb 2025 09:45:21 +0100
Subject: [PATCH] Support ssl context with multiple key/cert pairs

---
 .../com/yahoo/security/SslContextBuilder.java | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index 8fecbb72a433..d66712e9bd48 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -68,9 +68,22 @@ public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate cer
     }
 
     public SslContextBuilder withKeyStore(PrivateKey privateKey, List<X509Certificate> certificates) {
-        char[] pwd = new char[0];
-        this.keyStoreSupplier = () -> KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build();
-        this.keyStorePassword = pwd;
+        return withKeyStore(List.of(new X509CertificateWithKey(certificates, privateKey)));
+    }
+
+    public SslContextBuilder withKeyStore(List<X509CertificateWithKey> clientCertificatesAndKeys) {
+        if (clientCertificatesAndKeys.isEmpty()) {
+            throw new IllegalArgumentException("clientCertificatesAndKeys cannot be empty");
+        }
+        this.keyStoreSupplier = () -> {
+            KeyStoreBuilder keyStore = KeyStoreBuilder.withType(KeyStoreType.JKS);
+            for (int i = 0; i < clientCertificatesAndKeys.size(); i++) {
+                X509CertificateWithKey certWithKey = clientCertificatesAndKeys.get(i);
+                keyStore = keyStore.withKeyEntry("key"+i, certWithKey.privateKey(), certWithKey.certificate());
+            }
+            return keyStore.build();
+        };
+        this.keyStorePassword = new char[0];
         return this;
     }