Tomcat access configured by KeyStore and TrustStore

I have a web application running in Tomcat that calls a web service call on another system. I need to secure this call with SSL and client authentication. The Tomcat I am hosting is already configured correctly with an environment-specific trust store and keystore, so I need to use those stores to provide my own invocation. This is where I am stuck.

How can I find the keystore and truststore that Tomcat is configured with to make my own SSL challenge? Or is it better to generate a properly configured SSLContext or SSLSocketFactory with these values?

Things I've tried:

• I've tried using SSLContext.getDefault (). It doesn't seem to be installed.

• I tried using the System properties:

  System.getProperty("javax.net.ssl.trustStore");
  System.getProperty("javax.net.ssl.trustStorePassword");
  System.getProperty("javax.net.ssl.trustStoreType");
  System.getProperty( "javax.net.ssl.keyStore");
  System.getProperty( "javax.net.ssl.keyStorePassword");
  System.getProperty("javax.net.ssl.keyStoreType");
  
        
  
          
          
          
        
  
      

But this seems like a fragile solution as Tomcat does not need to be configured using system properties. In one of the test environments, the trust store information was set, but the key store variables were not. They are defined in Tomcat server.xml.

Is there some easy way to do this that I don't notice about?

Updated:

This question is similar and one of the answers indicates that SSL can be handled by OpenSSL \ APR, so any solution here will largely depend on how Tomcat is configured. Assuming JSSE, the solutions look like this:

• Make sure Tomcat is configured using system properties.
• Save repositories in a predefined location on the server.
• A pack of your own copies of shops in your war.

For the first two, you need to make sure your security policy allows you to access these files.

Are they really best practices for what I am trying to do?