Hello and welcome to my latest blog post! I'm Suraj Shelke. Today, I'm excited to share a practical guide on how to leverage SAP CPI to protect your PDF documents with password encryption. In today's digital landscape, safeguarding sensitive information is crucial, and this post will walk you through the steps to achieve this using a simple yet effective script.

Prerequisite

To use this script, you need to download the necessary JAR files and upload them to CPI under References > Archive. You can download the JAR files using the following links:  : Link1 & Link2

As shown in the screenshot below, you can upload the JAR files in the iFlow

Select the JAR file from your device and click Add. 

Once you have finished uploading the JAR files to iFlow, you can start with the configuration of the script.

Introducing the Script

The script we'll be exploring is designed to encrypt PDF documents with a password, ensuring that only authorized individuals can access the content. Let's break down the key components of the script:

These import statements bring in the necessary libraries and classes to work with PDF documents and perform the encryption process.

import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import com.itextpdf.text.Document;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.pdf.PdfWriter;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfStamper;
import java.io.ByteArrayOutputStream;

The script starts by extracting the inputPayload from the message body. We then use Exchange  Properties to retrieve the password components. This password can be constructed from multiple properties. For example, one property can store the employee's name, which we substring to the first four characters. Another property can store the date of birth (DOB), which we also substring to four characters. By concatenating these two exchange properties, we create a strong password.

def Message processData(Message message) {
    def inputPayload = message.getBody(byte[].class); // Ensure the input is in byte array format
    def pmap = message.getProperties();
    def name = pmap.get("Name");
    def DOB = pmap.get("DOB");
    def pass1 = name.substring(0, 4);
    def pass2 = DOB.substring(0, 4);
    def userPassword = pass1 + pass2;

The script then uses the PdfReader and PdfStamper classes from the iText PDF library to read the input PDF, encrypt it with the generated password, and write the protected PDF to a new byte array. If any errors occur during the process, the script will return an error message.

    try {
        def reader = new PdfReader(inputPayload); // Read the byte array as PDF
        def outputStreamProtected = new ByteArrayOutputStream();
        def stamper = new PdfStamper(reader, outputStreamProtected);
        stamper.setEncryption(userPassword.getBytes(), null, PdfWriter.ALLOW_PRINTING, PdfWriter.ENCRYPTION_AES_128);
        stamper.close();
        reader.close();
        message.setBody(outputStreamProtected.toByteArray());
    } catch (Exception e) {
        message.setBody("Error processing PDF: ${e.message}".getBytes());
    }

    return message;
}

Implementing the Script in SAP CPI

To use this script in your SAP CPI integration flow, follow these steps:

1. Create a New Integration Flow: Start by creating a new integration flow in SAP CPI.
2. Add a Script Step: Add a script step to your integration flow and copy the provided script into the script editor.
3. Configure the Script Step: Set up the script step to use the desired properties.
4. Connect the Flow: Connect the input and output of the script step to the appropriate steps in your integration flow.

Now, whenever a PDF document passes through your integration flow, the script will automatically encrypt the document with the generated password, ensuring that only authorized users can access the content.

Use Cases

When you need to transport the PDF to an SFTP server from any third-party vendor using an API, you can add this script as an additional step to keep the document secured, in case the client doesn't want to use PGP. Another use case is when sharing PDF documents via email in automated workflows; this script can ensure that sensitive information is only accessible to the intended recipients by encrypting the document before sending.

Conclusion

In this blog post, we've explored a powerful script that leverages SAP CPI and the iText PDF library to protect your PDF documents with password encryption. By implementing this solution, you can enhance the security of your sensitive information and ensure that only authorized individuals can access the content. I hope this guide has been informative and helpful in your journey to secure your PDF documents. Happy coding!

Stay tuned for more SAP CPI tips and tricks in my future blog posts. Until next time, this is Suraj Shelke signing off!