Hi Steve, On Thu, May 6, 2010 at 2:12 PM, Steve favez <favez.st...@gmail.com> wrote:
> Hi Nick, here're some clarification. > > My google app need to access a web service with ssl certificate > authentication. (https) > As it's actually not supported and I can't change the security policy > of the web service, > the idea would be to install a secure data connector (http:// > code.google.com/securedataconnector/docs/1.0/config.html), and to > configure it to allow access to ressources (url) for any authenticated > user on my google app web application. Then you install a "web service > proxy" behhind your firewall that will perform ssl mutual > authentication (certificate and keystore are not required for each > users, but only for the application to access the web service), and > your google app only perform a simple web service call through http. > > Does it make sense ? > Yes, and if you need to do SSL authentication, this sounds like a sensible thing to do. -Nick Johnson > > Thanks > Steve > > > > On May 6, 11:06 am, "Nick Johnson (Google)" <nick.john...@google.com> > wrote: > > Hi Steve, > > > > On Wed, May 5, 2010 at 8:35 PM, Steve favez <favez.st...@gmail.com> > wrote: > > > Hi Nick, > > > > > thanks for the quick reply. > > > > > Do you plan to add this feature in a future release ? > > > > We don't have immediate plans to add client certificate validation for > > incoming requests, or server certificate validation for outgoing ones, > no. > > > > > > > > > Otherwise, what do you think to use secure data connector as a > > > proxy. ??? ... (kind of workaround if I really need to call a web > > > service requiring ssl mutual authentication.) ? > > > > I'm not sure how that would help - can you clarify what you're proposing? > > > > -Nick Johnson > > > > > > > > > > > > > Thanks > > > > > - Steve Favez > > > > > On 5 mai, 18:23, "Nick Johnson (Google)" <nick.john...@google.com> > > > wrote: > > > > Hi Steve, > > > > > > It's not possible to verify certificates using the URL Fetch service. > > > > > > -Nick Johnson > > > > > > On Tue, May 4, 2010 at 12:45 PM, Steve favez <favez.st...@gmail.com> > > > wrote: > > > > > Hello, > > > > > > > I'm trying to consume a web service (using URLFetchService) through > > > > > https, requiring a mutual SSL authentication. (soap ws, using axis2 > > > > > with custom HTTP Transport layer, using URLConnection - > > > > > URLFetchService) > > > > > > > Without HTTPS, everything works fine. > > > > > > > In my java google app, I've set the following properties in order > to > > > > > use my own keystore for SSL mutual authentication. : > > > > > > > <property name="javax.net.ssl.keyStoreType" > > > value="jks"/> > > > > > <property name="javax.net.ssl.keyStore" > > > > > value="testdrive.jks"/> > > > > > <property name="javax.net.ssl.keyStorePassword" > > > > > value="password"/> > > > > > > > I've got the following trace and exception : > > > > > > > INFO: I/O exception (java.net.SocketException) caught when > processing > > > > > request: java.security.NoSuchAlgorithmException: Error constructing > > > > > implementation (algorithm: Default, provider: SunJSSE, class: > > > > > com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) > > > > > 4 mai 2010 08:46:21 > org.apache.commons.httpclient.HttpMethodDirector > > > > > executeWithRetry > > > > > > > Caused by: java.io.IOException: Could not fetch URL: > > > > >https://pilot-vipservices-auth.verisign.com/prov/soap > > > > > at > > > > > > com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationExc > > > eption(URLFetchServiceImpl.java: > > > > > 106) > > > > > at > > > > > > com.google.appengine.api.urlfetch.URLFetchServiceImpl.fetch(URLFetchService > > > Impl.java: > > > > > 39) > > > > > at > > > > > > com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler > > > > > $Connection.fetchResponse(URLFetchServiceStreamHandler.java:404) > > > > > at > > > > > > com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler > > > > > $Connection.getInputStream(URLFetchServiceStreamHandler.java:283) > > > > > > > This error is happening on my eclipse env. with google app engine > > > > > 1.3.3 > > > > > > > Thanks in advance for any feedback > > > > > > > Steve > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "Google App Engine" group. > > > > > To post to this group, send email to > google-appengine@googlegroups.com > > > . > > > > > To unsubscribe from this group, send email to > > > > > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > <google-appengine%2bunsubscr...@googlegroups.com<google-appengine%252bunsubscr...@googlegroups.com> > ><google-appengine%2Bunsubscrib > > > e...@googlegroups.com> > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > > > > Nick Johnson, Developer Programs Engineer, App Engine Google Ireland > Ltd. > > > :: > > > > Registered in Dublin, Ireland, Registration Number: 368047 > > > > Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration > > > Number: > > > > 368047 > > > > > > -- > > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > > To post to this group, send email to > google-appeng...@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > <google-appengine%2bunsubscr...@googlegroups.com<google-appengine%252bunsubscr...@googlegroups.com> > > > > > . > > > > For more options, visit this group athttp:// > > > groups.google.com/group/google-appengine?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > To post to this group, send email to google-appengine@googlegroups.com > . > > > To unsubscribe from this group, send email to > > > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > <google-appengine%2bunsubscr...@googlegroups.com<google-appengine%252bunsubscr...@googlegroups.com> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. > :: > > Registered in Dublin, Ireland, Registration Number: 368047 > > Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration > Number: > > 368047 > > > > -- > > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > > To post to this group, send email to google-appeng...@googlegroups.com. > > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group athttp:// > groups.google.com/group/google-appengine?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com<google-appengine%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
