cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sign Mail with MIME Multipart

Go to solution
jean-philippe_pain2
Participant

on ‎06-03-2010 3:54 PM

0 Kudos

Hello all,

I am working on PI 7.11. My scenario is IDOC -> PI -> MAIL (sign).

For the certificat part, i am using the S/MIME option of my receiver mail, no problem on that.

But it seems that i must have a MIME MULTIPART message with an xml file as attachment ! My XML is built from an idoc in outbound of an backend.

So,if i was doing things right, i should have 2 files in the mail : a .xml file in attachment and an another file(html file ?), right ?

My question is : how do we do it since i don't use mail package ? Or must i use the mail package ? If yes, how do i build my xml file dynamically ? In a java mapping ? I saw a blog of Stefan Grube on it but he's using a fix structure.

Or i don't need to use mail package but have to play with the module MessageTransformBean to have my multipart/mixed message for example.

I don't really see to handle this for now...so if anyone got an idea....

Kind regards,

Jean-Philippe

Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM

Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM

Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:54 PM

Edited by: Jean-Philippe PAIN on Jun 3, 2010 4:55 PM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

stefan_grube
Active Contributor
‎06-03-2010 9:58 PM
0 Kudos

> But it seems that i must have a MIME MULTIPART message with an xml file as attachment ! My XML is built from an idoc in outbound of an backend.

How exactly do you want your email to be?

> So,if i was doing things right, i should have 2 files in the mail : a .xml file in attachment and an another file(html file ?), right ?

You have to tell us, how the mail should look like.

> My question is : how do we do it since i don't use mail package ? Or must i use the mail package ? If yes, how do i build my xml file dynamically ? In a java mapping ? I saw a blog of Stefan Grube on it but he's using a fix structure.

You can do it like in my blog with a Java mapping.

As you are working with PI 7.1 you can use Java mapping also to create an additional attachment which can serve as mail body.

That would be easier as you need not care about how an character stream of a mail looks like.

Show replies
Show replies
jean-philippe_pain2
Participant
‎06-03-2010 10:20 PM
0 Kudos

Hello,

From what i understand, MIME MULTIPART allows me to have multiple attachment in the mail.

What does the client want ? A sign mime multipart mail within two file with MIME content-type as "application/octet-stream".

For example, the first file will be name "document1.xml" and the second one "signature1.sig".

First file contains the message with datas i want to send.

Seconde file is the signature of the first file (the entire mail message isn't signed)

From help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm), i thought that i just had to check the box "Send sign mail in Non-encoded Text" to be able to send this famous signature.

But it seems, it's not so simple.

I hope i was clear this time and you can understand my issue.

Kind Regards,

Jean-Philippe

Edited by: Jean-Philippe PAIN on Jun 3, 2010 11:21 PM

stefan_grube
Active Contributor
‎06-04-2010 7:58 AM
0 Kudos

> From help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm), i thought that i just had to check the box "Send sign mail in Non-encoded Text" to be able to send this famous signature.

Yes, that should be all that you have to do.

Is this not working?

jean-philippe_pain2
Participant
‎06-04-2010 10:06 AM
0 Kudos

Indeed, that's the problem !!!

Maybe i must use a module adapter as TransformBean in order to put a content-type multipart/mixed or something else, i don't know...

I am still searching. I will update the thread if i find something.

stefan_grube
Active Contributor
‎06-04-2010 10:24 AM
0 Kudos

What is the issue? Is there any error message? Is the signature not correct?

jean-philippe_pain2
Participant
‎06-04-2010 11:01 AM
0 Kudos

When i am looking to the message in a outlook mailbox, i am able to see the first attachment (xml file) but not the second one (sig file).

Outlook just tell me there is a problem link to the signature. For me, it's because i don't have the certificat in my mailbox.

On one hand, when the supplier receive a mail in its system, i have an error which says that i didn't send a mime multipart message...

On the other hand, when i receive a mail from the supplier (from non-sap system) in a lotus mailbox, i am able to see the xml file and sig file as attachment.

Maybe i have to specified the MIME multipart somewhere in my CC...I think that i must specified somewhere else the multipart option.

Sometimes (not everytime), i have this error in my CC receiver mail but i don't think it is relevant to my primary issue :

com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.SecurityException: Exception in Method: ApplySMIME.run(). LocalizedMessage: SecurityException in method: applySMIME( MessageContext, CPALookupObject ). Message: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile. To-String: com.sap.aii.security.lib.exception.SMIMEException: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: applySMIME( MessageContext, CPALookupObject ). Message: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile. To-String: com.sap.aii.security.lib.exception.SMIMEException: SMIMEException in der method: getISsfProfile( PolicyElement ). Invalid argument NULL of Iteration 0 for object com.sap.security.api.ssf.ISsfProfile

stefan_grube
Active Contributor
‎06-04-2010 11:17 AM
0 Kudos

You should create an account at google mail and send your mails to this account.

In google mail there is an option to see the original ASCII stream of the mail.

Outlook does not show the sig in an attachment. But the mail should have a mark for the sig.

jean-philippe_pain2
Participant
‎06-04-2010 12:21 PM
0 Kudos

So i've used Gmail.

As a result, i've only one attachment and its called smime.p7M

Now, from what i undertand, that smime.p7M is a "package" which contains my two files. But, what i want see, it's two attachments, my xml file and sig file.

From what i've looked on help.sap.com i shouldn't have a extension .p7M, only my xml and a signature...

http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm

I am starting to asking myself if there isn't a bug on this thing because based on help.sap.com, it shouldn't work like that...

EDIT : What do i have to look when i am able to see the original message in ASCII ?

Edited by: Jean-Philippe PAIN on Jun 4, 2010 2:07 PM

jean-philippe_pain2
Participant
‎06-04-2010 2:04 PM
0 Kudos

So :

Based on http://help.sap.com/saphelp_nw04/helpdata/en/4e/c153426da9bd30e10000000a155106/frameset.htm :

What i see in ASCII whatever i checked or not the box "Send signed Mail in Non-Encode Text" is :

Content-Transfer-Encoding: base64

Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m

Content-Disposition: attachment; filename=smime.p7m

If i just follow the help, i should have :

Content-Transfer-Encoding: base64

Content-Type: mime-type=multipart/signed

For further informations, i am not using the mail package and i've add in my CC Receiver mail the TransformBean module in order to name by default for my xml file attachment :

Transform.ContentDisposition = attachment;filename="document1.xml"

Transform.ContentType = text/plain;charset=UTF-8

So if someone got idea....

Kind regards,

Jean-Philippe

Edited by: Jean-Philippe PAIN on Jun 4, 2010 3:05 PM

stefan_grube
Active Contributor
‎06-04-2010 2:09 PM
0 Kudos

smime.p7M is your signature.

I have checked for a signed mail in my gmail account (not from mail adapter)

Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="md5";

first part: Content-Type: text/plain; charset=iso-8859-15

second part: Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data

So waht you should see is a mail with your IDoc as content and an attachment smime.p7s

You see thiis in googlemail, when you choose value help besides "answer" and choose "show original"

jean-philippe_pain2
Participant
‎06-04-2010 2:35 PM
0 Kudos

Thanks for the infos but i don't have the same thing when i am looking in googlemail

It seems i don't have a first or second part ! Maybe the reason but due to what ? I don't know.

I've finally 3 choices i think :

1. i am missing something in my config but except the use of the module TransformBean which can disturb the MIME multipart, i am not doing something complicate.

I should maybe use the mail package but i am not sure either it comes from that.

2. A problem in the keystore java when admins imported the private key ? I doubt it

3. Something wrong with the receiver mail adapter on PI 7.1 with S/MIME and this specific case ? Maybe i will open an OSS note

I will update this thread as soon as i've got an answer...

Kind Regards,

Jean-Philippe

stefan_grube
Active Contributor
‎06-04-2010 2:54 PM
0 Kudos

could you post the whole ASCII of the mail (without sig binary)?

jean-philippe_pain2
Participant
‎06-04-2010 3:04 PM
0 Kudos

Content-Transfer-Encoding: base64

Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m

Content-Disposition: attachment; filename=smime.p7m

X-pstn-neptune: 0/0/0.00/0

X-pstn-levels: (S:45.56229/99.90000 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )

X-pstn-settings: 2 (0.5000:0.5000) s cv gt3 gt2 gt1 r p m c

stefan_grube
Active Contributor
‎06-04-2010 3:12 PM
0 Kudos

you said, you see the XML in outlook. Don't you see this in gmail too?

jean-philippe_pain2
Participant
‎06-04-2010 3:21 PM
0 Kudos

nop, i am only seeing the smime.p7m file...

I think i didn't activate the mime multipart but how to do it if it's impossible thru the checkbox "sign mail non encoded text"....

Edited by: Jean-Philippe PAIN on Jun 4, 2010 4:39 PM

jean-philippe_pain2
Participant
‎06-07-2010 10:56 AM
0 Kudos

I think my problem is coming from the fact i don't configure at anytime in my CC that is a multipart message. As i don't use mail package, i am not really where i have to fill up this option.

Indeed, i thought that using the option "Send Signed Mail in non encoded text" in my receiver agreement was enough but it doesn't because checked or not, it doesn't change a thing...

Maybe i should play on standard module as something like that :

sap.com/com.sap.aii.adapter.mail.app/XIMailAdapterBean => parameter mime.contenttype multipart/signed

or something with the payloadswapbean

jean-philippe_pain2
Participant
‎06-08-2010 2:12 PM
0 Kudos

Solution :

After a few discussions with the supplier, what they want is to receive un MIME MULTIPART FILE (and not S/MIME) containing two files : the xml file and the signature of this data file.

And that, the mail adapter cannot handle this because it's limited to manipulation of S/MIME envelope.

Now, the solutions :

1. use a PGP module (aedaptive, advantco)

2. developping a module adapter using the freeware API PGP which will be able to sign my data file (SHA1/RSA) and generating the appropriate signature file. And then, i will send those two files thru mime multipart envelop.

I hope that someone can confirm my thoughts....

BR,

Jean-Philippe

jean-philippe_pain2
Participant
‎06-26-2010 5:11 PM
0 Kudos

SAP PI don't generate detached signature for a file, only S/MIME.

Problem solved thru the development of specific java module

Answers (1)

Answers (1)

Former Member
‎06-03-2010 4:24 PM
0 Kudos

Hi,

In order to generate the two attachments you should have used the Message protocol as XI ALL instead of XI Payload...

you dont need to use the Mail Package for this ....

just check it out and let me know the output..i have done the same scenario..but quiet long back...dont remember how i used it...

HTH

Rajesh

Show replies
Show replies
jean-philippe_pain2
Participant
‎06-03-2010 4:34 PM
0 Kudos

Hi Rajesh,

Thanks for the infos but :

1. How do i use the Security parameters if i am using the XIALL protocol ? (the option disapear) ?

2. If i am using the XIALL, i must use the message transformbean for the multipart message ?

Kind Regards,

Jean-Philippe

jean-philippe_pain2
Participant
‎06-03-2010 7:18 PM
0 Kudos

Anyone got an idea plz ?

Ask a Question