on 09-13-2012 3:21 PM
Hello experts,
I have the requirement to sign a message payload, convert signed message into a new base64 encoded payload for the SOAP body envelope, and then send this payload using a digitally signed SOAP message. The key can be the same for the two signatures.
I'm assuming this is a 2 step process in PI?
I am thinking that the first signature must be done inside mapping, or perhaps with a custom adapter module. The second can be handled with the normal SOAP adapter?
Does anyone have perspective to share on the first signature before sending to the SOAP adapter? The hash algorithm will be SHA1 and the crypto algorithm will be RSA.
Many thanks for sharing your experience in this matter,
-Aaron
Does anyone see an obstacle or downside (other than debugging environment) for deploying Java code like Baskar's example or security functions in the NetWeaver documentation in graphical mapping UDF rather than pure Java mapping?
http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I posted this feature to idea space. Please like it if you agree:
https://ideas.sap.com/ct/ct_a_view_idea.bix?idea_id=449CBAB7-E38E-4940-A1B8-94F967942A6A
>Does anyone have perspective to share on the first signature before sending to the SOAP adapter? The hash algorithm will be SHA1 and the crypto algorithm will be RSA. You might want to glance this link ... http://www.java2s.com/Code/Java/Security/ThisprogramteststheRSAcipher.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>Do you think it is best to use Java mapping to do the first signing, or put it into an Adapter module?I'm looking for best practice advice.
We did not have two level signing requirement. we have used java mapping to digitally sign the message first and sent to target system. I think doing java mapping will be enough.
Attaching the java mapping code for the sample. We use apache wss4 J for the signing.
Thank you for the code sample Baskar. Isn't this for the actual reading in / verification of something that is already signed? But I think I get the idea.
I'm curious about your development environment for Java mapping. Do you use NWDS? If so, does it run any of the java server side, or do you need to create a key store locally on your development PC?
Yes we use NWDS. You develop, compile using main class to test the program and import it in PI as java mapping. Particularly this case java mapping is very flexible than UDF. You might have to include many dependent jars for apache wss4j. You can package all of them in a jar and treat as seperate component for signature verification function.
HI Bhaskar,
can u please tell me which API you used for Digital Signing in Java Mapping....can u please send me the sample code for that digital signature and In my scenerio i have a signature method, cannonical method and digest method ...how i can achieve this....
For all of the above , first i need what API is useful in sap pi for digitally signing the whole xml
Thanks in Advance
Venkat
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.