ABAP 实现RSA签名
1.跟第三方系统要取RSA私钥,将私钥内容放在rsa.key文件中,首尾行分割,每一行放64个字符
2.在SAP文件服务器上建立目录/tmp/rsa
3.将文件rsa.key放置在文件夹/tmp/rsa下
4.执行以下命令,产生PSE文件
1. execute bellow command in file path /tmp/rsa
openssl req -new -x509 -sha256 -key rsa.key -out user1.cer -days 3650 -subj '/CN=user1'
2 execute bellow command in file path /tmp/rsa
openssl pkcs12 -export -inkey rsa.key -in user1.cer -out user1.pfx -nodes
3. execute bellow command in file path /tmp/rsa
setenv SECUDIR /tmp/rsa
4. execute bellow command in file path /tmp/rsa
sapgenpse import_p12 -p user1.pse user1.pfx
第2、3、4步可发Service request给SAP协助解决,选择Assist with OS Tasks,请求SAP先创建目录文件,然后执行命令。两天内SAP会解决
5.利用函数SSFW_KRN_SIGN签名,其中密码为第四步中设置的密码
METHOD rsa_encrypt. DATA: lv_output TYPE xstring, lv_input_x TYPE xstring, lv_chain_data TYPE xstring, lv_input TYPE string, lv_signer_name TYPE string, lv_signed_data TYPE xstring, lv_id TYPE string, lv_profile TYPE ssfparms-pab, lt_recipient_list TYPE STANDARD TABLE OF ssfinfo, ls_recipient_list LIKE LINE OF lt_recipient_list, lv_crc TYPE ssfparms-ssfcrc. DATA: lt_signer TYPE STANDARD TABLE OF ssfinfo, ls_signer TYPE ssfinfo, lt_certificates TYPE STANDARD TABLE OF ssfcertlin. DATA: lv_format TYPE ssfparms-ssfformat, lv_hashalg TYPE ssfparms-ssfhashalg, lv_chainfmt TYPE ssfparms-ssfformat. lv_profile = '/tmp/rsa/user1.pse'. lv_id = 'CN=user1'. lv_format = 'PKCS1-V1.5'. lv_hashalg = 'SHA256'. CALL FUNCTION 'SCMS_STRING_TO_XSTRING' EXPORTING text = iv_content IMPORTING buffer = lv_input_x EXCEPTIONS failed = 1 OTHERS = 2. IF sy-subrc <> 0. * Implement suitable error handling here ENDIF. " 签名 ls_signer-id = lv_id. " 一般为证书域名 ls_signer-password = 'Welcome@123'. ls_signer-profile = lv_profile. APPEND ls_signer TO lt_signer. CALL FUNCTION 'SSFW_KRN_SIGN' EXPORTING ssftoolkit = 'SAPSECULIB' str_format = lv_format b_detached = 'X' str_hashalg = lv_hashalg str_chainfmt = lv_chainfmt ostr_input_data = lv_input_x IMPORTING ostr_signed_data = lv_signed_data str_signer_name = lv_signer_name ostr_chain_data = lv_chain_data crc = lv_crc TABLES signer = lt_signer EXCEPTIONS ssf_krn_error = 1 ssf_krn_noop = 2 ssf_krn_nomemory = 3 ssf_krn_opinv = 4 ssf_krn_nossflib = 5 ssf_krn_input_data_error = 6 ssf_krn_invalid_par = 7 ssf_krn_invalid_parlen = 8 ssf_fb_input_parameter_error = 9 OTHERS = 10. IF sy-subrc = 0. CALL FUNCTION 'SCMS_BASE64_ENCODE_STR' EXPORTING input = lv_signed_data IMPORTING output = ev_response. ENDIF. ENDMETHOD.