2-way SSL for web services on GAE (java)

Question

We need to implement two-way SSL on Google App Engine, where we send out web service requests using JAX-WS to a server requring 2-way SSL authentication.

How can we set up 2-way SSL for our outgoing web service requests?

We know that javax.net.ssl* is forbidden in the App Engine environment.

Here's an example of our code:

@WebService(name="ListenerSoap", targetNamespace = "http://example.com/Listener.Wsdl")
@SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE)
public interface ListenerSoap {

    @WebMethod(operationName = "Ping", action="http://example.com/Listener.Wsdl#Ping")
    public void ping();
}

@WebServiceClient(name="Listener", targetNamespace="http://example.com/Listener.Wsdl", wsdlLocation = "https://example.com/Listener.asmx?WSDL")
public class Listener extends Service
{
  public ListenerSoap getListenerSoap() {
   return super.getPort(new QName("http://example.com/Listener.Wsdl", 
                       "ListenerSoap"), ListenerSoap.class);
  }
}

And an example of above code in use:

ListenerSoap soap = new Listener().getListenerSoap();
soap.ping();

I figure we can store the keystores or any certs needed in the DataStore as binary objects (though how to upload them is still a lil' vague to me).

How can we go about setting the necessary values needed for this web service to authenticate using 2-way SSL?

Thanks for any help

Update:

Through research I've seen this is how it can be done on a traditional server (one with filesystem access):

ListenerSoap soap = new Listener().getListenerSoap();
((BindingProvider) soap).getRequestContext().put("javax.net.ssl.keyStore", "client_cert.p12"

However, in this approach, client_cert.p12 is expected to be on the filesystem.

Additionally, SSLSocketFactory, SSLContext, KeyManager, and KeyManagerFactory all aren't allowed on GAE.

Update:

As of GAE SDK version 1.7.7. this should now be possible:

Similarly, Java developers can now use the javax.net.ssl package to make outbound SSL connections.

GAE 1.7.7 SDK Release Notes

Answer 1

From my restricted knowledge about SSL authorization, it seems you may be missing something of vital importance here; the certificates. Two-way SSL requires the client and server certificates to be in your keystore, which can be either a self-signed certificate( a pkcs12 or pem file, which you can easily generate with a few commands through shell) or a proprietary certificate issued by an authorized company like Thawte or Verisign. Although I am not sure if that is the problem you are facing, but its good to check it out. (Also, I am a newbie so please don't downvote my answer, just trying to suggest possible options.)