cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digitally signed payload, inside digitally signed SOAP message

Go to solution
Former Member

on ‎09-13-2012 3:21 PM

0 Kudos

Hello experts,

I have the requirement to sign a message payload, convert signed message into a new base64 encoded payload for the SOAP body envelope, and then send this payload using a digitally signed SOAP message. The key can be the same for the two signatures.

I'm assuming this is a 2 step process in PI?

I am thinking that the first signature must be done inside mapping, or perhaps with a custom adapter module. The second can be handled with the normal SOAP adapter?

Does anyone have perspective to share on the first signature before sending to the SOAP adapter? The hash algorithm will be SHA1 and the crypto algorithm will be RSA.

Many thanks for sharing your experience in this matter,

-Aaron

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-14-2012 1:22 PM
0 Kudos

Does anyone see an obstacle or downside (other than debugging environment) for deploying Java code like Baskar's example or security functions in the NetWeaver documentation in graphical mapping UDF rather than pure Java mapping?

http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm

Show replies
Show replies
Former Member
‎10-08-2013 8:35 PM
0 Kudos

I posted this feature to idea space. Please like it if you agree:

https://ideas.sap.com/ct/ct_a_view_idea.bix?idea_id=449CBAB7-E38E-4940-A1B8-94F967942A6A

Answers (1)

Answers (1)

baskar_gopalakrishnan2
Active Contributor
‎09-13-2012 4:03 PM
0 Kudos

>Does anyone have perspective to share on the first signature before sending to the SOAP adapter? The hash algorithm will be SHA1 and the crypto algorithm will be RSA. You might want to glance this link ... http://www.java2s.com/Code/Java/Security/ThisprogramteststheRSAcipher.htm

Show replies
Show replies
Former Member
‎09-13-2012 6:49 PM
0 Kudos

Thank you Baskar, have you worked on a scenario like this before?

Do you think it is best to use Java mapping to do the first signing, or put it into an Adapter module?

I'm looking for best practice advice.

Regards,

Aaron

baskar_gopalakrishnan2
Active Contributor
‎09-13-2012 8:09 PM
0 Kudos

>Do you think it is best to use Java mapping to do the first signing, or put it into an Adapter module?I'm looking for best practice advice.

We did not have two level signing requirement. we have used java mapping to digitally sign the message first and sent to target system. I think doing java mapping will be enough.

Attaching the java mapping code for the sample. We use apache wss4 J for the signing.

Signing_Message.txt.zip
Former Member
‎09-13-2012 9:00 PM
0 Kudos

Thank you for the code sample Baskar. Isn't this for the actual reading in / verification of something that is already signed? But I think I get the idea.

I'm curious about your development environment for Java mapping. Do you use NWDS? If so, does it run any of the java server side, or do you need to create a key store locally on your development PC?

baskar_gopalakrishnan2
Active Contributor
‎09-14-2012 2:35 PM
0 Kudos

Yes we use NWDS. You develop, compile using main class to test the program and import it in PI as java mapping. Particularly this case java mapping is very flexible than UDF. You might have to include many dependent jars for apache wss4j. You can package all of them in a jar and treat as seperate component for signature verification function.

Former Member
‎09-14-2012 7:58 PM
0 Kudos

So do you need to load certificates into a keystore on your local PC to debug this in NWDS?

baskar_gopalakrishnan2
Active Contributor
‎09-14-2012 8:10 PM
0 Kudos

It depends. You could validate locally using keystore on your pc or just compile the class then package and import it in pi and run the test over there.

Former Member
‎09-17-2012 8:52 PM
0 Kudos

Do you make use of the Java keystore or the NetWeaver keystore?

baskar_gopalakrishnan2
Active Contributor
‎09-17-2012 9:31 PM
0 Kudos

Our  basis created our own keystore file(.jks) and used for testing locally and uploaded  the same, crypto properties and log files on the unix level of pi server and tested by sending a message during runtime.

Former Member
‎07-01-2013 11:51 AM
0 Kudos

HI Bhaskar,

can u please tell me which API you used for Digital Signing in Java Mapping....can u please send me the sample code for that digital signature and In my scenerio i have a signature method, cannonical method and digest method ...how i can achieve this....

For all of the above , first i need what API is useful in sap pi for digitally signing the whole xml

Thanks in Advance

Venkat

Ask a Question