on 10-09-2007 2:58 PM
I am trying to verify a digital signature sent by the SAP Content Server HTTP 4.5 Interface.
In the Java code I am using the class SsfDataPKCS7 - verify method, and it always returns 'false'.
Within the SAP system, using, say, ABAP function SCMS_HTTP_DELETE; I can see the Input data for signing is
O112300123DCN%3DMNDT,OU%3DDEV,O%3DMANDANT,C%3DGB20070928133751
length = 62
-
The signed data created by SAP , passed as secKey is like
MIIBIwYJKoZIhvcNAQcCoIIBFDCCARACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGB8DCB7QIBATBBMDwxCzAJBgNVBAYTAkdCMRAwDgYDVQQKEwdNQU5EQU5UMQwwCgYDVQQLEwNERVYxDTALBgNVBAMTBE1ORFQCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MTAwNDA3NDk0MVowIwYJKoZIhvcNAQkEMRYEFGh5aRofeHPzk%2BjFbBsCsuEtX5J8MAkGByqGSM44BAMEMDAuAhUAizCHFWp1ZZ7hB8fumtocONiSa84CFQCcb2YG7hyDJ8J9oIZbZAXDlRqgEw%3D%3D
( we then decode %2B back to +, %2F back to /, %3D back to = )
The Java code is -
boolean res = true;
// Load the certificate.
InputStream inStream = new FileInputStream("Mandant_Certificate.crt");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
inStream.close();
// This is the secKey as received from R/3, with URL-encoded characters decoded.
String base64SecKey = "MIIBIgYJKoZIhvcNAQcCoIIBEzCCAQ8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGB7zCB7AIBATBBMDwxCzAJBgNVBAYTAkdCMRAwDgYDVQQKEwdNQU5EQU5UMQwwCgYDVQQLEwNERVYxDTALBgNVBAMTBE1ORFQCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDkyNzA4NTQxNFowIwYJKoZIhvcNAQkEMRYEFB1ATpscjBqU/2HDYcJudhZ53Z6CMAkGByqGSM44BAMELzAtAhRetJmrmyFY25zNrcr2WFBRJMucAIVAKIhF5dTEsIiXuIoaspohWnR86T";
// Decode the secKey from base64.
byte[] secKey = Base64.decode(base64SecKey);
// Load the secKey into an SsfDataPKCS7.
SsfDataPKCS7 secKeyData = new SsfDataPKCS7(new ByteArrayInputStream(secKey));
// Build an address book with our certificate in it.
ISsfPab pab = new SsfPabBasicImpl(new X509Certificate[]);
// Build the message. These are the parameter values from same URL
// that secKey came from.
String message = "O11200120DESCRDCN%3DMNDT,OU%3DDEV,O%3DMANDANT,C%3DGB20070927105414";
ISsfData messageData = new SsfDataPKCS7(new ByteArrayInputStream(message.getBytes()));
// Verify the signature. This prints "false".
SsfSigRcpList signer = new SsfSigRcpList();
try {
res = secKeyData.verify(pab, signer, messageData, cert);
} catch (SsfInvalidDataException e){
System.out.println("Error while verifying data "+e);
}
Has anyone already had this problem and solved it ?
Can anyone help me ?
Thank you in advance,
Andy
Solution -
The Turgraz library has a different idea of what a X509Certificate object is ,
which is not compatible with Sun's idea.
So - import iaik.x509.X509Certificate;
and then
// Load the certificate.
InputStream inStream = new FileInputStream("Certificate.crt");
X509Certificate cert = new X509Certificate(inStream);
then it works.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.