Signing and Encrypting using Bouncy castle librari...

former_member679726 · ‎06-26-2020

Hi Experts ,

I'm using CPI as a middleware to send data to a Bank server via SFTP .

The payload should be singned first and then encrypted . However as per the standard PGP encryptor in CPI , It encrypts first and then signs . Therefore target system is unable to decrypt it as it isnt signed first .

I came to know that using bouncy castle libraries , we can sign a payload first and then encrypt it in CPI .

Could anybody guide me on that as to what needs to be done in CPI and what libraries/codes need to be uploaded in the groovy script ?

Any pointors are appreciated .

Thanks ,

Nitheesh

Ivan-Mirisola · ‎06-26-2020

Hi nitheesh.cherrikkal2,

Basically you have to add a Groovy Script in your iFlow and configure it to use a Java library that will contain your own method implementing whatever you need using BC. That library must carry the BC embedded inside the jar file.

To start you may create the Java project using maven like this:

mvn archetype:generate -DarchetypeGroupId=org.codehaus.groovy.maven.archetypes -DarchetypeArtifactId=gmaven-archetype-basic

Then follow the on-screen instructions.

Once you have created it, you add the BC dependencies. It will highly depend on what you are trying to achieve with BC, but you may use the following to start with:

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpg-jdk15on</artifactId>
            <version>1.65</version>
        </dependency>
        
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.65</version>
        </dependency>

Define the methods that you want to "export" as public - so you can later use them on the groovy script as your own library. The following is just a simple skeleton so you can understand it.

public class PgpEncrypt {
...
  public static void encrypt(InputStream input, OutputStream outputStream
...) throws Exception {
...
  }
}

Upload the jar file and any other file to CPI using the CPI Cockpit --> iFlow --> Resources Tab

Then you can add your groovy script to process the payload using your jar that contains the BC libs like so:

import com.sap.gateway.ip.core.customdev.util.Message;
import <your_java_lib_containing_your_class>.PgpEncrypt
...
import ...

def Message processData(Message message) {
...
  def input = message.getBody(InputStream.class);
  OutputStream output = new ByteArrayOutputStream();
  PgpEncrypt.encrypt(input, output);
  byte[] result =  output.toByteArray();
...
  message.setBody(result);
  return message;
}

Note1: Keep in mind that I am just giving you some guidelines on how to achieve what you need. But you have to develop your own logic to sign the encrypt the message using BC. So I suggest you start using a test driven development on your Java project and once you have everything in place, your groovy script can be used more eficiently.

Note2: The PGP Public Key Ring and any other key files you require to perform the signing might not be available to you inside your groovy script. So, you may need to import them into the resources tab.

Best regards,
Ivan

Signing and Encrypting using Bouncy castle libraries

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: Deployment Error with 'destination' Variable i...

Deadline Monitoring for PO is not triggering E-mai...

JMS driver based on jakarta.jms available for SAP ...

Embed mode not working for optimized story

Re: Prepare step - not completed for Service Order