Within an Android app I am building an SSLContext in order to use a raw TLS socket to a remote service.

Rather than having to manually load a KeyStore with the necessary trust material in the correct format, I would like to leverage Android's existing security configuration that I am already using to define trust material for regular HTTPS.

However, I don't see any way to programmatically access those keystores or otherwise get a TrustManagerFactory for them. Is this possible, or is there no bridge between these systems and I do indeed have to repeat the configuration in code?

I have seen the AndroidKeyStore provider, but that appears to only access private keys for the specific user('s device), not certificates configured for the app.