526互联

ABAP 实现RSA签名

发布时间 2023-09-04 19:26:23作者: 码农小夏

1.跟第三方系统要取RSA私钥,将私钥内容放在rsa.key文件中,首尾行分割,每一行放64个字符

2.在SAP文件服务器上建立目录/tmp/rsa

 

3.将文件rsa.key放置在文件夹/tmp/rsa下

 

4.执行以下命令,产生PSE文件

1. execute bellow command in file path /tmp/rsa

openssl req -new -x509 -sha256 -key rsa.key -out user1.cer -days 3650 -subj '/CN=user1'

2 execute bellow command in file path /tmp/rsa

openssl pkcs12 -export -inkey rsa.key -in user1.cer -out user1.pfx -nodes

3. execute bellow command in file path /tmp/rsa

setenv SECUDIR /tmp/rsa

4. execute bellow command in file path /tmp/rsa

sapgenpse import_p12 -p user1.pse user1.pfx

 

第2、3、4步可发Service request给SAP协助解决,选择Assist with OS Tasks,请求SAP先创建目录文件,然后执行命令。两天内SAP会解决

5.利用函数SSFW_KRN_SIGN签名,其中密码为第四步中设置的密码

  METHOD rsa_encrypt.

    DATA: lv_output          TYPE xstring,
          lv_input_x         TYPE xstring,
          lv_chain_data      TYPE xstring,
          lv_input           TYPE string,
          lv_signer_name     TYPE string,
          lv_signed_data     TYPE xstring,
          lv_id              TYPE string,
          lv_profile         TYPE ssfparms-pab,
          lt_recipient_list  TYPE STANDARD TABLE OF ssfinfo,
          ls_recipient_list  LIKE LINE OF lt_recipient_list,
          lv_crc             TYPE ssfparms-ssfcrc.
    DATA: lt_signer       TYPE STANDARD TABLE OF ssfinfo,
          ls_signer       TYPE ssfinfo,
          lt_certificates TYPE STANDARD TABLE OF ssfcertlin.
    DATA: lv_format   TYPE ssfparms-ssfformat,
          lv_hashalg  TYPE ssfparms-ssfhashalg,
          lv_chainfmt TYPE ssfparms-ssfformat.

    lv_profile = '/tmp/rsa/user1.pse'.
    lv_id      = 'CN=user1'.
    lv_format   = 'PKCS1-V1.5'.
    lv_hashalg  = 'SHA256'.
    CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
      EXPORTING
        text   = iv_content
      IMPORTING
        buffer = lv_input_x
      EXCEPTIONS
        failed = 1
        OTHERS = 2.
    IF sy-subrc <> 0.
* Implement suitable error handling here
    ENDIF.
    " 签名
    ls_signer-id      = lv_id. " 一般为证书域名
    ls_signer-password = 'Welcome@123'.
    ls_signer-profile = lv_profile.
    APPEND ls_signer TO lt_signer.
    CALL FUNCTION 'SSFW_KRN_SIGN'
      EXPORTING
        ssftoolkit                   = 'SAPSECULIB'
        str_format                   = lv_format
        b_detached                   = 'X'
        str_hashalg                  = lv_hashalg
        str_chainfmt                 = lv_chainfmt
        ostr_input_data              = lv_input_x
      IMPORTING
        ostr_signed_data             = lv_signed_data
        str_signer_name              = lv_signer_name
        ostr_chain_data              = lv_chain_data
        crc                          = lv_crc
      TABLES
        signer                       = lt_signer
      EXCEPTIONS
        ssf_krn_error                = 1
        ssf_krn_noop                 = 2
        ssf_krn_nomemory             = 3
        ssf_krn_opinv                = 4
        ssf_krn_nossflib             = 5
        ssf_krn_input_data_error     = 6
        ssf_krn_invalid_par          = 7
        ssf_krn_invalid_parlen       = 8
        ssf_fb_input_parameter_error = 9
        OTHERS                       = 10.
    IF sy-subrc = 0.
      CALL FUNCTION 'SCMS_BASE64_ENCODE_STR'
        EXPORTING
          input  = lv_signed_data
        IMPORTING
          output = ev_response.
    ENDIF.
  ENDMETHOD.