The classes KeyManager and TrustManager and their extended versions are used in conjunction with instances of KeyStore. If the KeyStore is updated dynamically it will be necessary to inspect the keystore before acessing it via KeyManager and TrustManager. The only way of doing this at present is to subclass KeyManager and TrustManager (in fact to subclass X509ExtendedKeyManager and X509ExtendedTrustManager) to add the required functionality, and this is not an altogether straightforward process.

The RFE is to add callback hooks to KeyManager and TrustManager (or the X509 subclasses). These callbacks would be made whenever a new connection was being made, and would enable key and trust store updates to be detected, and the keystores to be updated before the connection was made.