{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 beautiful° 的问题《Loading a custom key store in Google App Engine Ja》','https://www.manongdao.com/q-197712.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to open a HTTPS connection in a Google App Engine app using the URLFetch service. To be able to verify the SSL certificate of the server my app is talking to, I am using my own keystore file. I want to read this file in a warmup request when my app is loaded i.e. before any HTTPS requests are performed. The keystore file is part of my WAR file.
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(ClassLoader.getSystemResourceAsStream("myKeystoreFile"), "password".toCharArray());
trustManagerFactory.init(keystore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
I cannot use this approach, however, because while HttpURLConnection is on the GAE's JRE whitelist, HttpsUrlConnection is not.
Is there another way to use a custom keystore in GAE? I did not find any information on this in the GAE docs. It looks like while Google's URLFetch service supports HTTPS, the keystore cannot be customized. Is this correct?
If this isn't possible, is the approach still valid in general? Or is there a different approach that does still allow me to verify the SSL certificate?
UPDATE
In 2009, App Engine developer Nick Johnson from Google said on https://groups.google.com/d/topic/google-appengine-python/C9RSDGeIraE/discussion:
The urlfetch API doesn't allow you to specify your own client certificates, so unfortunately what you want to achieve is not currently possible.
Is this still correct? If every HTTP(s) request in App Engine relies on URLFetch this would mean that custom certificates just cannot be used at all in GAE.
I am using Appengine API 1.9.56 and what Dima suggested with
is not working anymore. Therefore I do not need the
appengine-api-stubslibrary, either.However,
HttpsURLConnection.setDefaultSSLSocketFactoryjust works fine.Here is my complete solution which solved my problem:
Luckily
HttpsURLConnectionis not blacklisted anymore, as it was in the time the question was made.I was recently facing the same issue and using the HttpClient implementation packaged with appengine-api-stubs worked for me.
Maven Dependency:
Code:
This does essentially the same thing as
But for one reason or another app engine doesn't block it.
You should sign up as a trusted tester for Outbound sockets support. Under Desired Features they enlist SSL. If more parts of the JDK SSL API would be supported building something like this would be simple.
I have had a similar problem... I needed a
keystore.p12to call a foreign web service but had no chance loading it from the classpath. The only way I was able to use it was to put it in e.g./WEB-INF/keystore.p12and load it from there.