2-way SSL connection to download a file... Overkill?
Today created a piece of code for a client to demo how to download a file from a server over a 2 way SSL connection. It was quite a puzzle in the beginning to get it working.Â
Initially I was looking at HttpClient because I was working with it in the past. Now it was confusing that it appears that the HttpClient is completely re-architected and now is part of the Http components libraries. From other forums, some guys were complaining that it was over architected and far too complicated...
I must admit, it's confusing due to the same name and many examples that were outdated. But having eventually found the pointer to 'SSLSocketFactory (http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html)' it was quite easy to get it all working. The key was to use the constructor where  you provide both a keystore with the private key and a trust store with the public keys. By linking it in the SSL scheme, I successfully connected to the server.
NOTE: somehow I couldn't get the private key from a JKS file. After extracting it to a separate p12 file (with password), I was able to use the private keystore wiithin the constructor.
Of course, a valid question would be if a two way SSL connection isn't a bit complicated to simply secure the file access... But that's a different question. If you are interested in the sample code, let me know. I will need to scramble the data a bit before I can post it. Probably will do that end of the week if I have some spare time left.
