Refer to your JSSE, or Java™, documentation for information on using X.509 certificates.
The JSSEServerSecurity and ServerSecurity interfaces and partner ClientSecurity interface define a simple yet flexible model for providing security when using CICS Transaction Gateway. Implementations of the interfaces can be as simple, or as robust, as necessary; from simple XOR (exclusive-OR) scrambling to use of the Java Cryptography Architecture.
The JSSEServerSecurity interface has been designed to work in conjunction with the Secure Sockets Layer (SSL) protocol. The interface allows server-side security objects access to a Client Certificate passed during the initial SSL handshake. The exposure of the Client Certificate depends on the the CICS Transaction Gateway being configured to support Client Authentication.
An individual JavaGateway instance has an instance of a ClientSecurity class associated with it, until the JavaGateway is closed. Similarly, an instance of the partner JSSEServerSecurity or ServerSecurity class is associated with the connected Java client, until the connection is closed.
The inbound request, and Client Certificate, is exposed via the afterDecode() method. For JSSE, the afterDecode() method exposes the GatewayRequest object, along with the javax.security.cert.X509Certificate[] certificate chain object.
ClientSecurity, JSSEServerSecurity, or ServerSecurity class instances should maintain as data members sufficient information from the initial handshake to correctly encode and decode the flows. At the server, each connected client has its own instance of the ServerSecurity implementation class.