Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member
4,208

Recently I received a task to digital sign outgoing XML Invoice. That is not a problem at all - you can do this easily in SOAP adapter as adapter module. But my assignment had restriction, that because that XML was processed by ccBPM (in XI 7.0) - that signing had to be done in mapping - not in adapter.

I have spent few days to crack this problem, but finally - with extensive help of scn.sap.com - I was successful.

I developed java mapping and for signing itself I used Apache Santuario -- Index library - but because I was on SAP XI 7.0 - I had to use old version for java 1.4.2. Actual version in java 1.4 branch is Apache Download Mirrors.

Also - before you can start - you have to get XI jar libraries from your system. You have two options - ask some basis person to gather those files for you or you can use that  excellent ABAP report - but because you need also jar libraries from different paths - you need to modify slightly modify that report. I strongly recommend to see that wiki page to know more about getting those jars - Where to get the libraries for XI development - Process Integration - SCN Wiki

So what jar libraries do we need?

library namewhere to get it
aii_af_trace.jar/usr/sap/<SID>/DVEBMGS<nr>/j2ee/cluster/server0/bin/ext/
aii_map_api.jar/usr/sap/<SID>/DVEBMGS<nr>/j2ee/cluster/server0/apps/sap.com/com.sap.xi.services
aii_utilxi_misc.jar/usr/sap/<SID>/DVEBMGS<nr>/j2ee/cluster/server0/bin/ext/
commons-logging-1.1.jarApache Santuario
keystore_api.jar/usr/sap/<SID>/DVEBMGS<nr>/j2ee/cluster/server0/bin/ interfaces/keystore_api/keystore_api.jar
keystore.jar/usr/sap/<SID>/DVEBMGS<nr>/j2ee/cluster/server0/bin/services/keystore/keystore.jar
xmlsec-1.4.8.jarApache Santuario

So if you have downloaded Apache Santuario, get SAP NWDS running and have all these libraries we can start with java mapping.

  1. start NWDS and create new java project.
  2. Add all needed libraries into project
  3. Create new java class XMLSignMapping which extends DefaultHandler and implements StreamTransformation. This class (or interface which it is implementing) contains two methods:
    1. execute - this is method which system will call in mapping process - all logic comes here
    2. setParameter - method to work with container
  4. Create new java class XIKeystoreAccessor - this will be utility class to which will contain logic to work with Keystore. You can find content of this class as attachment.
  5. Create new java class TraceUtil - utility for logging - content as attachment
  6. I had to resolve few issues with Apache Santuario library due to bugs in it - so I had to add new package into the project org.apache.xml.security.resource and add xmlsecurity_en_US.properties and xmlsecurity.properties  into it. xmlsecurity.properties is just renamed xmlsecurity_en_US.properties which you can find in xmlsecurity.jar library
  7. If you created these 3 classes and added content into them - create jar file from project
  8. Upload that jar and two jars from Apache Santuario project into XI as external library and add XMLSingMapping as a java mapping class into interface mapping - you can find more on java mappings here - Java Mapping in SAP PI / XI – Step-by-step example » Techplay

When I worked on this problem - I have found, that there is no complete guide how to access KeyStore and digitally sign XML from mapping. So I hope that this blog post will help somebody to not spent a lot of hours on implementing signing as I did :smile:

Aloha !

16 Comments
Labels in this area