+ * This KeyStore typically contains trusted certificates (for server verification) + * or client certificates (for mutual authentication). The returned KeyStore is + * the same instance that was set via {@link #setKeyStore(KeyStore)}. + *
+ * Note: If no KeyStore has been explicitly set, this method may return `null`. + * Applications should ensure the KeyStore is properly initialized and configured + * before use in SSL/TLS contexts. + * + * @return the KeyStore instance (e.g., JKS or PKCS12 format), or `null` if not set. + */ + public KeyStore getKeyStore() { + return keyStore; + } + + /** + * Sets the KeyStore to be used for SSL/TLS operations. + *
+ * This KeyStore typically contains trusted certificates (for server verification)
+ * or client certificates (for mutual authentication). The KeyStore must be
+ * pre-initialized and populated with the necessary certificates/keys before being set.
+ *
+ * @param keyStore the KeyStore instance (e.g., JKS or PKCS12 format) to be used.
+ * Must not be null.
+ */
+ public void setKeyStore(KeyStore keyStore) {
+ this.keyStore = keyStore;
+ }
}
diff --git a/src/main/java/com/aliyun/oss/common/comm/DefaultServiceClient.java b/src/main/java/com/aliyun/oss/common/comm/DefaultServiceClient.java
index 122756df..5d79a29a 100644
--- a/src/main/java/com/aliyun/oss/common/comm/DefaultServiceClient.java
+++ b/src/main/java/com/aliyun/oss/common/comm/DefaultServiceClient.java
@@ -248,7 +248,11 @@ protected HttpClientConnectionManager createHttpClientConnectionManager() {
// get trustManager using default certification from jdk
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init((KeyStore) null);
+ if (config.getKeyStore() != null){
+ tmf.init(config.getKeyStore());
+ } else {
+ tmf.init((KeyStore) null);
+ }
trustManagerList.addAll(Arrays.asList(tmf.getTrustManagers()));
final List