I am in the process of building a series of web services in Java which, among other things, will be relying on Google's Geocoding Maps API to convert physical addresses into latitude and longitude points.
Per the documentation, the geocoding service can be accessed by doing a simple GET, e.g. the following URL:
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&key=YOUR_API_KEY
Here YOUR_API_KEY
would be replaced by the actual key corresponding to your app.
Coming to the actual question, I am planning to use HttpsUrlConnection
in Java to make the GET call. However, I am confused about which certificate I should be trusting. Is it safe to simply trust all certificates, or should I be installing a Google SSL certificate into my trust store, and only trust that? I read on Stack Overflow about man-in-the-middle attacks, but I don't know if they be a possibility here.