on 06-03-2010 3:54 PM
Hello all,
I am working on PI 7.11. My scenario is IDOC -> PI -> MAIL (sign).
For the certificat part, i am using the S/MIME option of my receiver mail, no problem on that.
But it seems that i must have a MIME MULTIPART message with an xml file as attachment ! My XML is built from an idoc in outbound of an backend.
So,if i was doing things right, i should have 2 files in the mail : a .xml file in attachment and an another file(html file ?), right ?
My question is : how do we do it since i don't use mail package ? Or must i use the mail package ? If yes, how do i build my xml file dynamically ? In a java mapping ? I saw a blog of Stefan Grube on it but he's using a fix structure.
Or i don't need to use mail package but have to play with the module MessageTransformBean to have my multipart/mixed message for example.
I don't really see to handle this for now...so if anyone got an idea....
Kind regards,
Jean-Philippe
Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM
Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM
Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM
Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:55 PM
> But it seems that i must have a MIME MULTIPART message with an xml file as attachment ! My XML is built from an idoc in outbound of an backend.
How exactly do you want your email to be?
> So,if i was doing things right, i should have 2 files in the mail : a .xml file in attachment and an another file(html file ?), right ?
You have to tell us, how the mail should look like.
> My question is : how do we do it since i don't use mail package ? Or must i use the mail package ? If yes, how do i build my xml file dynamically ? In a java mapping ? I saw a blog of Stefan Grube on it but he's using a fix structure.
You can do it like in my blog with a Java mapping.
As you are working with PI 7.1 you can use Java mapping also to create an additional attachment which can serve as mail body.
That would be easier as you need not care about how an character stream of a mail looks like.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
From what i understand, MIME MULTIPART allows me to have multiple attachment in the mail.
What does the client want ? A sign mime multipart mail within two file with MIME content-type as "application/octet-stream".
For example, the first file will be name "document1.xml" and the second one "signature1.sig".
First file contains the message with datas i want to send.
Seconde file is the signature of the first file (the entire mail message isn't signed)
From help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm), i thought that i just had to check the box "Send sign mail in Non-encoded Text" to be able to send this famous signature.
But it seems, it's not so simple.
I hope i was clear this time and you can understand my issue.
Kind Regards,
Jean-Philippe
Edited by: Jean-Philippe PAIN on Jun 3, 2010 11:21 PM
> From help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm), i thought that i just had to check the box "Send sign mail in Non-encoded Text" to be able to send this famous signature.
Yes, that should be all that you have to do.
Is this not working?
When i am looking to the message in a outlook mailbox, i am able to see the first attachment (xml file) but not the second one (sig file).
Outlook just tell me there is a problem link to the signature. For me, it's because i don't have the certificat in my mailbox.
On one hand, when the supplier receive a mail in its system, i have an error which says that i didn't send a mime multipart message...
On the other hand, when i receive a mail from the supplier (from non-sap system) in a lotus mailbox, i am able to see the xml file and sig file as attachment.
Maybe i have to specified the MIME multipart somewhere in my CC...I think that i must specified somewhere else the multipart option.
Sometimes (not everytime), i have this error in my CC receiver mail but i don't think it is relevant to my primary issue :
com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.SecurityException: Exception in Method: ApplySMIME.run(). LocalizedMessage: SecurityException in method: applySMIME( MessageContext, CPALookupObject ). Message: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile. To-String: com.sap.aii.security.lib.exception.SMIMEException: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: applySMIME( MessageContext, CPALookupObject ). Message: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile. To-String: com.sap.aii.security.lib.exception.SMIMEException: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile
So i've used Gmail.
As a result, i've only one attachment and its called smime.p7M
Now, from what i undertand, that smime.p7M is a "package" which contains my two files. But, what i want see, it's two attachments, my xml file and sig file.
From what i've looked on help.sap.com i shouldn't have a extension .p7M, only my xml and a signature...
http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm
I am starting to asking myself if there isn't a bug on this thing because based on help.sap.com, it shouldn't work like that...
EDIT : What do i have to look when i am able to see the original message in ASCII ?
Edited by: Jean-Philippe PAIN on Jun 4, 2010 2:07 PM
So :
Based on http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm :
What i see in ASCII whatever i checked or not the box "Send signed Mail in Non-Encode Text" is :
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m
Content-Disposition: attachment; filename=smime.p7m
If i just follow the help, i should have :
Content-Transfer-Encoding: base64
Content-Type: mime-type=multipart/signed
For further informations, i am not using the mail package and i've add in my CC Receiver mail the TransformBean module in order to name by default for my xml file attachment :
Transform.ContentDisposition = attachment;filename="document1.xml"
Transform.ContentType = text/plain;charset=UTF-8
So if someone got idea....
Kind regards,
Jean-Philippe
Edited by: Jean-Philippe PAIN on Jun 4, 2010 3:05 PM
smime.p7M is your signature.
I have checked for a signed mail in my gmail account (not from mail adapter)
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="md5";
first part: Content-Type: text/plain; charset=iso-8859-15
second part: Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
So waht you should see is a mail with your IDoc as content and an attachment smime.p7s
You see thiis in googlemail, when you choose value help besides "answer" and choose "show original"
Thanks for the infos but i don't have the same thing when i am looking in googlemail
It seems i don't have a first or second part ! Maybe the reason but due to what ? I don't know.
I've finally 3 choices i think :
1. i am missing something in my config but except the use of the module TransformBean which can disturb the MIME multipart, i am not doing something complicate.
I should maybe use the mail package but i am not sure either it comes from that.
2. A problem in the keystore java when admins imported the private key ? I doubt it
3. Something wrong with the receiver mail adapter on PI 7.1 with S/MIME and this specific case ? Maybe i will open an OSS note
I will update this thread as soon as i've got an answer...
Kind Regards,
Jean-Philippe
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m
Content-Disposition: attachment; filename=smime.p7m
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:45.56229/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 2 (0.5000:0.5000) s cv gt3 gt2 gt1 r p m c
I think my problem is coming from the fact i don't configure at anytime in my CC that is a multipart message. As i don't use mail package, i am not really where i have to fill up this option.
Indeed, i thought that using the option "Send Signed Mail in non encoded text" in my receiver agreement was enough but it doesn't because checked or not, it doesn't change a thing...
Maybe i should play on standard module as something like that :
sap.com/com.sap.aii.adapter.mail.app/XIMailAdapterBean => parameter mime.contenttype multipart/signed
or something with the payloadswapbean
Solution :
After a few discussions with the supplier, what they want is to receive un MIME MULTIPART FILE (and not S/MIME) containing two files : the xml file and the signature of this data file.
And that, the mail adapter cannot handle this because it's limited to manipulation of S/MIME envelope.
Now, the solutions :
1. use a PGP module (aedaptive, advantco)
2. developping a module adapter using the freeware API PGP which will be able to sign my data file (SHA1/RSA) and generating the appropriate signature file. And then, i will send those two files thru mime multipart envelop.
I hope that someone can confirm my thoughts....
BR,
Jean-Philippe
Hi,
In order to generate the two attachments you should have used the Message protocol as XI ALL instead of XI Payload...
you dont need to use the Mail Package for this ....
just check it out and let me know the output..i have done the same scenario..but quiet long back...dont remember how i used it...
HTH
Rajesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.