To cope with things like being able to reload trust stores after files have been modified some implementation details regarding file handling have leaked slightly into the SSLIdentityService which represents the servers identity - instead the key and trust manager instances should be injected.