Question Re: SOAP Adapter - Change Signature Algorithm in Technology Q&A

SOAP Adapter - Change Signature Algorithm

YouriC — Wed, 08 May 2019 15:49:22 GMT

Hi,

For one of my scenario, I have to change the Signature Algorithm in SOAP Adapter Receiver.

When I try to consume the Web Service, I receive this error :
SECU3518: Invalid digest algorithm 'http://www.w3.org/2000/09/xmldsig#sha1' used. Expecting 'http://www.w3.org/2001/04/xmlenc#sha256'

The problem has been confirmed by the Third Party (WS Provider).

I can not change/adapt the certificate.
He works perfectly with SOAPUI and this settings :

AXIS Adapter is maybe an Alternative but I need to know if it's possible with the SOAP Adapter.

Regards,
Youri

Re: SOAP Adapter - Change Signature Algorithm

former_member607993 — Thu, 09 May 2019 04:37:48 GMT

Hi Youri,

You can use UDF in graphic mapper to generate x-amz-content-sha-256 header:

public String generateContentHashing(String payload)

{

StringBuilder payloadSb = new StringBuilder();

try

{

MessageDigest md = MessageDigest.getInstance("SHA-256");

byte[] hashPayloadInBytes = md.digest(payload.getBytes(StandardCharsets.UTF_8));

for (byte b : hashPayloadInBytes)

{

payloadSb.append(String.format("%02x", b));

}

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

}

return payloadSb.toString();

}

Re: SOAP Adapter - Change Signature Algorithm

former_member607993 — Thu, 16 May 2019 11:59:50 GMT

Hi Youri,

Did you try this.?

Re: SOAP Adapter - Change Signature Algorithm

YouriC — Thu, 23 May 2019 07:04:11 GMT

No, I don't try this approach.

I'm looking for a solution in the Integration Builder with the Communication Channel or Integrated Configuration settings.
Currently I try with the Axis Adapter but I have the same problem :

SECU3518: Invalid digest algorithm 'http://www.w3.org/2000/09/xmldsig#sha1' used. Expecting 'http://www.w3.org/2001/04/xmlenc#sha256'

I found some informations in this note 688983, apparently SAP only uses SHA1 for Digest Algorithm ...

But in the W3.Org documentation : https://www.w3.org/TR/xmlsec-algorithms/#digest-method-uris

SHA-1 is the only digest algorithm defined in [XMLDSIG-CORE] and is mandatory to implement in that specification and in [XMLENC-CORE]. Use of SHA-1 is discouraged in [XMLDSIG-CORE1] and [XMLENC-CORE1] both of which mandate SHA-256 as mandatory to implement and offer a number of other optional SHA algorithms.

Re: SOAP Adapter - Change Signature Algorithm

former_member607993 — Thu, 23 May 2019 07:11:32 GMT

Hi Youri,

You can try with Java mapping.

Re: SOAP Adapter - Change Signature Algorithm

YouriC — Thu, 23 May 2019 07:16:56 GMT

Where to put the UDF ? On my XML root node in the Message Mapping ?

Re: SOAP Adapter - Change Signature Algorithm

former_member607993 — Thu, 13 Jun 2019 10:09:39 GMT

Hi Youri,

Please refer the below link which may be help you:

https://blogs.sap.com/2019/05/31/integrating-amazon-simple-storage-service-amazon-s3-and-sap-ecc-v6.0-via-sap-pi-v7.5-using-aws-signature-v5-and-signing-algorithm-hmac-sha256/

Re: SOAP Adapter - Change Signature Algorithm

YouriC — Fri, 14 Jun 2019 09:33:23 GMT

Hi Rajesh,

Your blog is very interesting.
I will see if I can apply this solution asap.

I also created a SAP Incident for this problem.
I think SAP has to handle SHA256 for Digest Algorithm, it's a W3.org recommendation.

Regards,
Youri

Re: SOAP Adapter - Change Signature Algorithm

former_member607993 — Mon, 17 Jun 2019 06:46:19 GMT

Hi Youri,

Yes,please map the User defined function (which generates the Authorization header values dynamically) to XML root node in the Message Mapping.