on 08-23-2007 10:47 AM
Hi @,
I need to store the digital signature in Xi and then use it in my exchange to verify the signature using tht .I need some help as to where and how to go abt it .
Regards
Hi Priya !
Check these
For Digital Signatures to work SSL needs to be configured as the security model for the ADS web service.
1 ) Check this link for the configuration of the SAP J2EE engine to support SSL.
http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
2 ) check this link for the configuration of the ADS web service for SSL.
http://help.sap.com/saphelp_nw70/helpdata/en/af/321bfd21c14c83b8711cef2dc4fccc/frameset.htm
http://abapcode.blogspot.com/2007/06/adobe-document-service-digital.html
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please don't provide wrong information.
Digital Signatures is not at all related to SSL (except for the fact that both may use digital certificates). You may also need to deploy/activate SAP Java Cryptographic Toolkit (xi 3.0 only) for them to work, but that's it.
Regarding the question, there is no explicit way to actually store the digital signature in XI. But why do you need it stored in XI again? Just send the message to your mail receiver (exchange, in your case?) and it will verify the validity of the digital signature.
Regards,
Henrique.
Hi Henrique I need to store only public key in the server and then use it for my validation.Can I store only public key and then use it for my validation.
I dont know how to store the public key and above all most difficult how to access the same in my adapter module?
Any help int his direction
Regards
Now you have made yourself more clear.
To store the public key, you need to access the KeyStore service on Visual Administrator. Just open any view (even create your own new view) and load the .cer file there (it will create a new entry for your certificate).
To access that certificate in adapter module, it is pretty easy.
In the sample module shipped with XI (http://help.sap.com/saphelp_nw70/helpdata/en/87/3ef4403ae3db12e10000000a155106/frameset.htm) you can find a sample code to access KeyStore entries from adapter framework. It goes like this:
...
// The next section shows how the J2EE keystore can be accessed
// Please note that the XISecurityRuntimePermission must be assigned to the "protection domain"
// com.sap.aii.af.sample.module subtree by the administrator that allows a component to access
// the keystore on code level.
// CS_MSECGETCERT START
String privKeyView= null;
String privKeyAlias= null;
try {
privKeyView = (String) moduleContext.getContextData("modSecViewPrivateKey");
privKeyAlias = (String) moduleContext.getContextData("modSecAliasPrivateKey");
if ((privKeyView != null) && (privKeyAlias != null)) {
TRACE.infoT(SIGNATURE, "Read configured private key now. View: {0} Alias: {1}", new Object[] {privKeyView, privKeyAlias});
SAPSecurityResources secRes = SAPSecurityResources.getInstance();
KeyStoreManager ksMgr = secRes.getKeyStoreManager(PermissionMode.SYSTEM_LEVEL);
java.security.KeyStore ks = ksMgr.getKeyStore(privKeyView);
ISsfProfile privKeyProf = ksMgr.getISsfProfile(ks, privKeyAlias, null); //Since code based permission is used no password needs to be supplied
java.security.PrivateKey privKey = privKeyProf.getPrivateKey();
TRACE.infoT(SIGNATURE, "Got configured private key {0}", new Object[] {privKey.toString()});
}
else if (privKeyView == null)
TRACE.debugT(SIGNATURE, "Private key won't be read since view is not configured.");
else if (privKeyAlias == null)
TRACE.debugT(SIGNATURE, "Private key won't be read since alias is not configured.");
}
catch(Exception e) {
TRACE.catching(SIGNATURE, e);
TRACE.errorT(SIGNATURE, "Unable to retrieve selected private key alias from channel configuration due to {0}", new Object[] {e.getMessage()});
}
...
Apart from the code, you need to do some configurations.
The link to those are in your other thread.
Regards,
Henrique.
Hi Henrique,
In which .jar the api for SAPSecurityResources is located also I am not using certificate I am using PRivate and Public keys to store at the Server .
Will it work also in the similar manner I think it will need yr confirmation .I have sample module with me but i couldnt locate the code for the same.?
Regards
Hey Beyound...
The SAPSecurityResources class is located in aii_af_svc.jar.
This .jar and several others are necessary in order to develop any adapter modules.
Check this link: http://help.sap.com/saphelp_nw70/helpdata/en/e9/61e1407e858031e10000000a1550b0/frameset.htm
Your private key is stored in a .pfx or .p12 file, right?
That is the certificate you need to load in Key Store service.
Regards,
Henrique.
Hi
Go through this Dcoument,Will be very helpfull....
Award point if helpfull...........
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prateek and Dinesh,
Thses docs u have mentioned I had seen but these are just generic docs where access part isnot mentioned .
I can store the public key in and private in key store at J2EE engine but i need to access it at runtime to verify the signature coming in the message and I need help in how to access these keys in my adapter module
Regards
/people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
Regards,
Prateek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.