cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digitally Signing specific SOAP elements using Java Mapping

Former Member

on ‎08-26-2009 7:47 PM

0 Kudos

Hello SDNers,

Iu2019m having trouble creating java mappings to sign and verify digital signatures. Iu2019m new to Java so this is proving difficult. I understand the basic concepts of OO programming and utilizing classes/objects to build the program, but Iu2019m having trouble with the conceptual understanding of how I would like to get this done.

I have outbound and inbound messages. The outbound messages are originating from an ECC backend. The messages are processed through PI with a basic Message Mapping, then it is wrapped in a SOAP envelope with specific information using a XSL mapping and then I would like to use a Java Mapping to Digitally Sign specific portions of the entire message; specifically around an element in the SOAP header and sign the SOAP body. I also need to verify these sections for all inbound messages.

The simple pseudo code I have for the outbound messages is as follows:

<ol>

<li>1. read in xml (file input stream)</li>

<li>2. find the (specific information)</li>

<ol>

<li>a. assign that string to a variable</li>

<li>b. sign this variable with the security profile (keystore, private key)</li>

<li>c. e-write the variable into the main xml file</li>

</ol>

<li>3. find the soap body</li>

<ol>

<li>a. assign that string to a variable</li>

<li>b. sign this variable with the security profile (keystore, private key)</li>

<li>c. re-write the variable into the main xml file</li>

</ol>

<li>4. write the output file with both variables written (file output stream)</li>

</ol>

Currently Iu2019m using PI 7.1 so there is no more Visual Administrator tool.

Iu2019ve seen the examples from the last link, but I canu2019t seem to put it together when mixed with basic java mapping example. I have been searching the SDN forums for a while now, but hereu2019s my specific question: how do you create a java mapping to sign and verify specific elements of a SOAP message?

Thanks in advance,

Jason

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

henrique_pinto
Active Contributor
‎12-08-2009 11:00 AM
0 Kudos

Even though it makes a while since you sent this, I hope it can still be useful:

Best,

Henrique.

Show replies
Show replies
Former Member
‎08-27-2009 4:24 PM
0 Kudos

Here is a sample of an inbound message after the message mapping and the XSL mapping in the Operation Mapping:

<soap:envelope>
  <soap:header>
    <element>
      <nodes/>
    </element>
  </soap:header>
  <soap:body>
    <nodes/>
  </soap:body>
<soap:envelope>

in the above code i want to sign the "<element>" and the "<soap:body>" nodes. Is this possible somehow via xpath in an XSL refencing a java program? is it possible via another method? i'm pretty clueless as to how this can be possible at the moment. there are features in the reciever agreement and reciever communication channel that set the web services security for signing, but i see two problems: 1) it will sign the entire message (seems this way) and 2) after testing with this feature on and off, i cannot see a difference at all in the messages sent - they're identical.

Show replies
Show replies
Former Member
‎08-28-2009 4:11 PM
0 Kudos

bump

Former Member
‎09-24-2009 8:24 PM
0 Kudos

Hello All,

I still have this requirement remaining. I've made some progress using the SAP API for Digital Signatures and Encryption, but i've hit a wall when attempting to use a specific method: sign. The method requires the following arguments:

Element sigHome

SsfXMLRefList refList

Profile profile

int incCerts

boolean detached

boolean incKeyName

currently i'm having trouble referencing the necessary elements of the refList to produce something recognizable. mainly i'm having trouble linking the reference URI to something that the method can sign. the arguments for the refList of type SsfXMLRefInfo variable include:

String uri

String[] trans

String digest

i have included an ID attribute for each element i'm attempting to sign, but when i place this value in the string to reference the URI it does not recognize it. when i leave the value for the URI null, the digest values are created, but are obviously not linked to any element since the uri is null. when i debug the java coding in NWDS i can see that the URI of the desired element is set to the value of the namespace of that particular element (ie: value of "xmlns:soap" attribute if the referenced element = "soap:Body")

my main questions are: how can i link the desired element to the SsfXMLRefInfo object to properly use the sign method? assuming i'm on the right track, how to i set the URI for a sepcific element?

Thanks for any responses/ideas/answers

Jason

stefan_grube
Active Contributor
‎10-15-2009 12:10 AM
0 Kudos

Have you tried Java forum?

This task is not PI specific.

Former Member
‎08-26-2009 8:30 PM
0 Kudos

let us know if u require any more details

Edited by: Ibrahim on Aug 26, 2009 9:31 PM

Show replies
Show replies
Former Member
‎08-26-2009 8:51 PM
0 Kudos

i don't think i can add a udf in the graphical mapping step to sign the elements. in the operation mapping i have a graphical mapping step, followed by an XSL mapping step. In the XSL mapping step i'm adding a custom SOAP envelope of which an element in the header needs to be signed. after this element is signed i need to sign the entire SOAP Body (which contains the elements of the graphical mapping). The two elements that need to be signed are large in the fact that they have elements within them.

i hope this makes sense. can i make your suggestion work for my scenario?

Edited by: Jason Ray on Aug 26, 2009 10:11 PM

Former Member
‎08-26-2009 8:30 PM
0 Kudos

Hi Jason,

Instead of the java mapping, i tried it using graphical, yes u do have to call a java code but from with in the udf courtesy of the imported archive.

I had the same requirement for producing a digital signature on three of the input fields of th einpput xml.

hence i concatenate them produce an xml inside the graphical mapping then call the sign method(imported archive)

In the imported archive u write code to sign the concatentes string as mentioned in the below link examples of digital signature.

Regards,

Tauseef

Show replies
Show replies
Former Member
‎08-26-2009 7:48 PM
0 Kudos

Here are the following links Iu2019ve found:

(pointless for my scenario)

PI7.1 SOAP scenario with SSL certificate

Interfaces and Classes for Using Digital Signatures and Encryption

[url]http://help.sap.com/saphelp_nw04/helpdata/en/18/6197044da2a745a4d588da33e0facf/content.htm[/url]

Examples for Using Digital Signatures

[url]http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/content.htm[/url]

(i'm not sure why the format would've been messed up if i included this in the message above....)

Show replies
Show replies
Ask a Question