I need to store the digital signature in Xi and then use it in my exchange to verify the signature using tht .I need some help as to where and how to go abt it .
Digital Signatures is not at all related to SSL (except for the fact that both may use digital certificates). You may also need to deploy/activate SAP Java Cryptographic Toolkit (xi 3.0 only) for them to work, but that's it.
Regarding the question, there is no explicit way to actually store the digital signature in XI. But why do you need it stored in XI again? Just send the message to your mail receiver (exchange, in your case?) and it will verify the validity of the digital signature.
Hi Henrique I need to store only public key in the server and then use it for my validation.Can I store only public key and then use it for my validation.
I dont know how to store the public key and above all most difficult how to access the same in my adapter module?
To store the public key, you need to access the KeyStore service on Visual Administrator. Just open any view (even create your own new view) and load the .cer file there (it will create a new entry for your certificate).
To access that certificate in adapter module, it is pretty easy.
In the sample module shipped with XI (http://help.sap.com/saphelp_nw70/helpdata/en/87/3ef4403ae3db12e10000000a155106/frameset.htm) you can find a sample code to access KeyStore entries from adapter framework. It goes like this:
...
// The next section shows how the J2EE keystore can be accessed
// Please note that the XISecurityRuntimePermission must be assigned to the "protection domain"
// com.sap.aii.af.sample.module subtree by the administrator that allows a component to access
// the keystore on code level.
// CS_MSECGETCERT START
String privKeyView= null;
String privKeyAlias= null;
try {
privKeyView = (String) moduleContext.getContextData("modSecViewPrivateKey");
privKeyAlias = (String) moduleContext.getContextData("modSecAliasPrivateKey");
if ((privKeyView != null) && (privKeyAlias != null)) {
TRACE.infoT(SIGNATURE, "Read configured private key now. View: {0} Alias: {1}", new Object[] {privKeyView, privKeyAlias});
SAPSecurityResources secRes = SAPSecurityResources.getInstance();
KeyStoreManager ksMgr = secRes.getKeyStoreManager(PermissionMode.SYSTEM_LEVEL);
java.security.KeyStore ks = ksMgr.getKeyStore(privKeyView);
ISsfProfile privKeyProf = ksMgr.getISsfProfile(ks, privKeyAlias, null); //Since code based permission is used no password needs to be supplied
java.security.PrivateKey privKey = privKeyProf.getPrivateKey();
TRACE.infoT(SIGNATURE, "Got configured private key {0}", new Object[] {privKey.toString()});
}
else if (privKeyView == null)
TRACE.debugT(SIGNATURE, "Private key won't be read since view is not configured.");
else if (privKeyAlias == null)
TRACE.debugT(SIGNATURE, "Private key won't be read since alias is not configured.");
}
catch(Exception e) {
TRACE.catching(SIGNATURE, e);
TRACE.errorT(SIGNATURE, "Unable to retrieve selected private key alias from channel configuration due to {0}", new Object[] {e.getMessage()});
}
...
Apart from the code, you need to do some configurations.
In which .jar the api for SAPSecurityResources is located also I am not using certificate I am using PRivate and Public keys to store at the Server .
Will it work also in the similar manner I think it will need yr confirmation .I have sample module with me but i couldnt locate the code for the same.?
Thses docs u have mentioned I had seen but these are just generic docs where access part isnot mentioned .
I can store the public key in and private in key store at J2EE engine but i need to access it at runtime to verify the signature coming in the message and I need help in how to access these keys in my adapter module
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.