Hey Marco, I'm not enough of an expert on Java crypto to say how to substitute GCMParameterSpec for another class, and it seems from a cursory examination of the Cipher class and the AlgorithmParameterSpec interface that this isn't possible, but I can recommend that if you need access to functionality that's outside the Standard Runtime security whitelist and you can't use a beta product, Compute Engine is a great place to host the process which needs access to the full JRE.
You could either host your server as a Compute Engine VM cluster behind an HTTP(S) Load Balancer <https://cloud.google.com/solutions/https-load-balancing-nginx> and AutoScaler <https://cloud.google.com/compute/docs/autoscaler/> or use App Engine for the front-ends with Cloud Pub/Sub <https://cloud.google.com/pubsub/overview> handling the issue of sending messages, through the Compute Engine instance which can run the crypto code, on to the recipient of the encrypted message. Let me know if you have any further questions I can do my best to answer. Cheers, Nick Cloud Platform Community Support On Friday, July 29, 2016 at 9:37:47 AM UTC-4, Marco Pöhler wrote: > > Hi, > > I want to send web push notification with encrypted data payload > <https://developers.google.com/web/updates/2016/03/web-push-encryption> > from appengine (Java, Standard Environment - I'm sure it will work in the > Flexible Environment, but it's still beta, not recommended for production > use, only hosted in US and I reside in Germany/Europe where we have strict > laws when it comes to storage of customer data). > > My current approach was to adopt the web-push library > <https://github.com/MartijnDwars/web-push>. I backported it to Java7 (here > <https://github.com/mpoehler/web-push/tree/javaversion17>), and I'm still > able to send encrypted push notifications to my browser from the testcase. > The URLFetchService must be used instead of *org.apache.http.**client*, > of course. > > Sadly, web-push uses *javax.crypto.spec.**GCMParameterSpec* which is not > whitelisted <https://cloud.google.com/appengine/docs/java/jrewhitelist> and > I get the following error: > > java.lang.NoClassDefFoundError: *javax.crypto.spec.GCMParameterSpec is a > restricted class.* Please see the Google App Engine developer's guide > for more details. > at > com.google.appengine.tools.development.agent.runtime.Runtime.reject(Runtime.java:52) > at nl.martijndwars.webpush.HttpEce.encrypt(HttpEce.java:176) > > The encryption to use for Web Push is "AES/GCM/NoPadding" as described in > detail here > <https://developers.google.com/web/updates/2016/03/web-push-encryption>, > so I think this class, which describes the parameters for the GCM > algorithm <http://www.dict.cc/?s=algorithm> is mandatory to get this > working. > > The following snippet shows how GCMParameterSpec is used in web-push: > > Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); > cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key_, "AES"), new > *GCMParameterSpec*(16 * 8, nonce_)); > cipher.update(new byte[padSize]); > > > Is there another way to encode data on appengine in a web-push compatible way? > > > cheers, > > > Marco > > > > > > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/7705796a-6e58-495e-9ed2-d6d64ebe9b94%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
