2024 Apr 02 1:31 PM
Hello.
I'm trying to create a JWT like on the website https://jwt.io/.
The signature section uses the SHA256withRSA / RSA256 algorithm with the private key provided.
How to make SHA256withRSA / RSA256 encryption with abap stack.
I have tried using Class cl_abap_hmac=>calculate_hmac_for_char and cl_abap_message_digest=>calculate_hash_for_char but it doesn't work.
Has anyone an idea how to achieve this?
2024 Apr 04 8:22 AM - edited 2024 Apr 04 8:27 AM
Hello FI3,
Could you please check this code?
PRIVATE SECTION.
TYPES:
BEGIN OF ty_jwt_header,
alg TYPE string,
typ TYPE string,
END OF ty_jwt_header .
TYPES:
BEGIN OF ty_jwt_payload,
secret TYPE string, " private key
iat TYPE i, "Issued At
exp TYPE i, "Expiration Time
END OF ty_jwt_payload .
METHOD generate_jwttoken.
TRY.
DATA(ls_header) = VALUE ty_jwt_header( alg = me->t_params[ name = c_alg ]-value "HS256
typ = me->t_params[ name = c_typ ]-value ). "JWT
DATA(lv_json_header) = /ui2/cl_json=>serialize( data = ls_header
compress = abap_on
pretty_name = /ui2/cl_json=>pretty_mode-low_case ).
DATA(lv_b64_header) = cl_http_utility=>if_http_utility~encode_base64( lv_json_header ).
DATA(lv_currentts) = zcl_bc_util=>generate_timestamp( iv_tzone = 'TURKEY' ).
DATA(lv_plus5min) = lv_currentts + 300.
DATA(ls_payload) = VALUE ty_jwt_payload( secret = me->t_params[ name = c_private ]-value
iat = lv_currentts
exp = lv_plus5min ).
DATA(lv_json_payload) = /ui2/cl_json=>serialize( data = ls_payload
compress = abap_on
pretty_name = /ui2/cl_json=>pretty_mode-low_case ).
DATA(lv_b64_payload) = cl_http_utility=>if_http_utility~encode_base64( lv_json_payload ).
DATA(lv_xpublic) = zcl_bc_util=>conv_string_to_xstring( CONV string( me->t_params[ name = c_public ]-value ) ).
DATA(lv_data) = lv_b64_header && '.' && lv_b64_payload.
cl_abap_hmac=>calculate_hmac_for_char( EXPORTING if_algorithm = CONV string( me->t_params[ name = c_algorithm ]-value ) "SHA256
if_key = lv_xpublic
if_data = lv_data
IMPORTING ef_hmacb64string = DATA(lv_b64_hmac) ).
DATA(lv_off) = strlen( lv_b64_hmac ) - 1.
lv_b64_hmac = lv_b64_hmac(lv_off).
REPLACE ALL OCCURRENCES OF: '/' IN lv_b64_hmac WITH '_',
'+' IN lv_b64_hmac WITH '-'.
me->v_token = lv_data && '.' && lv_b64_hmac.
CATCH cx_abap_message_digest INTO DATA(lx_hmac). " Exception Class for Message Digest
RAISE EXCEPTION TYPE zcx_kw
EXPORTING
textid = lx_hmac->if_t100_message~t100key.
* CATCH zcx_bc_util INTO DATA(lx_bc). "
* RAISE EXCEPTION TYPE zcx_kw
* EXPORTING
* textid = lx_bc->if_t100_message~t100key.
ENDTRY.
ENDMETHOD.
METHOD generate_timestamp.
* IMPORTING !iv_tzone TYPE tznzone DEFAULT 'UTC'
* RETURNING VALUE(rv_secs) TYPE tzntstmpl
* RAISING zcx_bc_util.
DATA ts1 TYPE c LENGTH 20.
GET TIME STAMP FIELD DATA(ts).
CONVERT TIME STAMP ts TIME ZONE iv_tzone INTO DATE DATA(dt) TIME DATA(tm).
ts1 = dt && tm.
DATA(ts2) = CONV tzntstmpl( '19700101000000' ).
TRY.
" Time Interval in Seconds
rv_secs = CONV int4( cl_abap_tstmp=>subtract( EXPORTING tstmp1 = CONV tzntstmpl( ts1 )
tstmp2 = ts2 ) ).
CATCH cx_parameter_invalid_range INTO DATA(lx_range). " Parameter with invalid value range
"DATA(ls_t100) = set_message_from_obj( lx_range ).
CATCH cx_parameter_invalid_type INTO DATA(lx_type). " Parameter with Invalid Type
"ls_t100 = set_message_from_obj( lx_type ).
ENDTRY.
CHECK ls_t100 IS NOT INITIAL.
* RAISE EXCEPTION TYPE zcx_bc_util
* EXPORTING
* textid = ls_t100.
ENDMETHOD.
METHOD conv_string_to_xstring.
DATA: ls_t100 TYPE scx_t100key.
CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
EXPORTING
text = iv_str
mimetype = 'charset=utf-8'
encoding = '4110'
IMPORTING
buffer = rv_xstr
EXCEPTIONS
failed = 1
OTHERS = 2.
CHECK sy-subrc <> 0.
* ls_t100 = set_messagge_from_sy( ).
* RAISE EXCEPTION TYPE zcx_bc_util
* EXPORTING
* textid = ls_t100.
ENDMETHOD.
Good luck.
Caner.
2024 Apr 04 10:34 AM
Hello Caner.
Thankyou for the code. really appreciate it.
But for the requierement, i need to encrypt the signature with RS256 Algorithm instead of SHA256.
if we try at jwt.io we can choose RS256 in the dropdown list.
the output will be different beetween RS256 and SHA256.
i tried with cl_abap_hmac=>calculate_hmac_for_char with exporting if_algoritm = 'RSA256' then error occured.
is the RS256 algorithm not supported in SAP ?
Regrads.
FI3