The basic components of my question are (context follows code snippet)

1. Is the following code a valid alternative to setting the default Java keystore via the -Djavax.net.ssl.keystore?
2. What impact, other than changing the default key and trust managers, might this code have on the behavior of SSL within the affected JVM

3. Is there a better alternative to setting the default trust/key stores, at run-time, from a resource?

   KeyStore ks = KeyStore.getInstance("JKS");
   ks.load(testService.class.getClassLoader().getResourceAsStream("resources/.keystore"), "changeit".toCharArray());
   TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
   tmf.init(ks);
   KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
   kmf.init(ks, "changeit".toCharArray());
   SSLContext ctx = SSLContext.getInstance("TLS");
   ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
   SSLContext.setDefault(ctx); 
   

The context surrounding this question is as follows. I am currently developing a CXF client for a web service with mutual certificate authentication. For various reasons, adding the client certificate and key to the default keystore is not a desirable option. Ideally, I was looking for a way include a keystore as a resource file in the JAR, and set it as the default at run-time, as the need arose. I also wanted to avoid configuring each client and/or connection on a per-object basis, and also support the operation of things such as JaxWsDynamicClientFactory (mostly for the sake of “completeness”).

I scoured the internet and SO for relevant material and found these (one, two) related questions, but none of the solutions offered were exactly what I was looking for (although I did use them as a springboard to develop the code above).

Now, I realize that other solutions could be made to work, but I was/am specifically looking for a solution that would meet all of these requirements.