在Google App Engine Java应用程序中加载自定义密钥库 [英] Loading a custom key store in Google App Engine Java application
问题描述
我想使用 HTTPS 连接。 rel =noreferrer> URLFetch 服务。为了能够验证我的应用正在与之通话的服务器的SSL证书,我正在使用自己的密钥存储文件。我想在我的应用程序中热身请求中阅读此文件在任何HTTPS请求执行之前加载。密钥库文件是我的WAR文件的一部分。
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(ClassLoader.getSystemResourceAsStream(myKeystoreFile),password.toCharArray());
trustManagerFactory.init(keystore);
TrustManager [] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance(SSL);
sslContext.init(null,trustManagers,null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
然而,我不能使用这种方法,因为虽然HttpURLConnection位于GAE的JRE白名单中,但HttpsUrlConnection不是。
在GAE中有另一种使用自定义密钥库的方法吗?在GAE文档中我没有找到任何关于此的信息。 看起来像Google的URLFetch服务支持HTTPS,密钥库不能自定义。这是否正确?
如果这不可行,是该方法一般仍然有效?或是否有另一种方法可以让我验证SSL证书?
更新 2009年,Google的App Engine开发者Nick Johnson在 https://groups.google.com/d/topic/google-appengine-python/C9RSDGeIraE/discussion :
< blockquote>
urlfetch API不允许您指定您自己的客户端
证书,因此不幸的是您想实现的目前不是
。
这是否仍然正确?如果App Engine中的每个HTTP请求都依赖于URLFetch,则这意味着自定义证书不能可以在GAE中使用。
developers.google.com/appengine/docs/features#Trusted_Tester_Fea对于 #gid = 0rel =nofollow>出站套接字支持 。在期望的功能下,他们争取SSL。如果支持JDK SSL API的更多部分,构建这样的应用程序将很简单。I want to open a HTTPS connection in a Google App Engine app using the URLFetch service. To be able to verify the SSL certificate of the server my app is talking to, I am using my own keystore file. I want to read this file in a warmup request when my app is loaded i.e. before any HTTPS requests are performed. The keystore file is part of my WAR file.
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(ClassLoader.getSystemResourceAsStream("myKeystoreFile"), "password".toCharArray());
trustManagerFactory.init(keystore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
I cannot use this approach, however, because while HttpURLConnection is on the GAE's JRE whitelist, HttpsUrlConnection is not.
Is there another way to use a custom keystore in GAE? I did not find any information on this in the GAE docs. It looks like while Google's URLFetch service supports HTTPS, the keystore cannot be customized. Is this correct?
If this isn't possible, is the approach still valid in general? Or is there a different approach that does still allow me to verify the SSL certificate?
UPDATE
In 2009, App Engine developer Nick Johnson from Google said on https://groups.google.com/d/topic/google-appengine-python/C9RSDGeIraE/discussion:
The urlfetch API doesn't allow you to specify your own client certificates, so unfortunately what you want to achieve is not currently possible.
Is this still correct? If every HTTP(s) request in App Engine relies on URLFetch this would mean that custom certificates just cannot be used at all in GAE.
You should sign up as a trusted tester for Outbound sockets support. Under Desired Features they enlist SSL. If more parts of the JDK SSL API would be supported building something like this would be simple.
这篇关于在Google App Engine Java应用程序中加载自定义密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
