为什么Google Cloud Key Management Service的Java客户端库不支持Android? [英] Why doesn't Google Cloud Key Management Service's Java client library support Android?
问题描述
它被记录为不支持Android。为什么?仅仅是因为Android的 BouncyCastle 的实现缩小了功能和不支持 KeyPairGenerator / ECDSA (椭圆曲线数字签名算法)?
(这是另一个链接。)
It is documented as not supporting Android. Why? Is it just because Android's BouncyCastle's implementation is shrunk down on features and doesn't support things like KeyPairGenerator/ECDSA (Elliptic Curve Digital Signature Algorithm)?
(Here's another link on that.)
仅使用 海绵城堡 代替?仅仅是因为Google不支持 SpongyCastle 其 KMS Java客户端不支持Android吗?
Wouldn't it be enough to just use SpongyCastle instead? Is it just because Google doesn't support SpongyCastle that its KMS Java client doesn't support Android?
推荐答案
https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059 是我能找到的最权威的解释。引用garrettjonesgoogle:
https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059 is the most authoritative explanation I can find. Quoting garrettjonesgoogle:
我们还没有做任何具体的工作来使google-cloud-java与Android兼容,并且存在许多已知问题(如您已发现)。一流的Android支持将在以后发布。
We have not done any specific work to make google-cloud-java compatible with Android, and there are a number of known issues (as you have discovered). First-class Android support will come at a later date.
我们当前建议的方法是拥有自己的服务器(例如,在App Engine上),该服务器可以调用GCP,而您自己的Android应用程式会呼叫您的伺服器。原因是google-cloud-java仅支持2LO auth(基于服务帐户),而不支持3LO auth(基于用户帐户)。从理论上讲,如果您使用2LO auth从您的android应用中拨打电话,则理论上有人可以从您的应用中窃取您的服务凭据,然后在自己的应用中使用它们。不过,这不是3LO的问题。
Our currently-recommended way is to have your own server (e.g. on App Engine) that makes the calls to GCP, and your own Android app makes calls to your server. The reason is that google-cloud-java only has support for 2LO auth (service-account-based), not 3LO auth (user-account-based). If you make calls from your android app with 2LO auth, it's theoretically possible for someone to steal your service credentials from your app and use them in their own app. This isn't a problem with 3LO, though.
这篇关于为什么Google Cloud Key Management Service的Java客户端库不支持Android?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
