JavaMail: TLS on port 25 with separate truststore possible?

I'm trying to send mail using JavaMail on port 25 (no SSL) using TLS but with my own truststore (because the original cacerts truststore does not contain the needed certificates and I don't want to modify the default trust store of Java). I have code that is able to send a mail using TLS using the system truststore, by setting up the

mail.smtp.starttls.enable=true

property, also, setting up

System.setProperty("javax.net.ssl.trustStore", ...) 

to point to the correct truststore when the connection goes secure works. Since its the normal port 25, I don't need to setup any socketFactory properties (and implementations) either. I can send mails using TLS on port 25 using the system truststore.

However.. switching system properties to be able to set up the correct trust store is kinda silly, especially on a server, when I don't know what other code wants to send mail and maybe needs to use the system properties as well, in general: I am searching for another solution neither to modify the system truststore (the cacerts file, making a copy of it and modify the copy is okay though!) nor the system properties currently needed to set it up.

What I tried already:

• Setting up my own SSL socketFactory and using my own key manager to load another truststore. This would work absolutely perfect when there wasn't a need to send on port 25 but instead I could already start a secure con开发者_JS百科nection on port 465. However.. I can't do that, doing that ends up with a socket exception because I'm trying to securely connect to the mail server which isn't protected though.

• Trying to set up my own socketFactory, but using a normal socket for the actual communication. That basically is the same as not using my own socketFactory at all and ends up with Java using the system cacerts trustStore file.

• modifying the cacerts system truststore file. This works, but I don't want to modify the trust store of the system, I might not have write permissions or the keystore password could be modified, etc.

• modifying the "javax.net.ssl.trustStore" system property to point to my own truststore file. Works nicely, but I don't want to modify System properties either, because my code runs on a server and I don't know what other code runs there and needs the properties intact. Even saving the former state and restoring doesn't really guard against other threads using this property at the time its modified, so I don't really like this solution.

So.. in short: does anyone know a solution how I can use a non safe connection to a mail server on port 25, switch on TLS (by setting up the mail property), this internally secures the connection and using my own truststore file without modiying cacerts or a system property? Maybe there is a similar way to the socketFactory properties which is only used when the non-safe connection goes secure?

Start your application with -Djavax.net.ssl.trustStore=...

Then it will only be relevant to your java application and no other system properties.

Whoops.. found it.. there's two socketFactory properties that can be passed.. one for SSL, the other one for non-ssl factories..