on 2023 Oct 10 12:28 PM
Hello Everyone,
I hope you're all doing well.
We're currently tackling a requirement that involves two authentication options:
We're working within the Integration Suite (SAP CPI) to accomplish this. We're seeking guidance on the best approach to achieve our goal, and also, how can we obtain either a Private Key or a PFX File with the necessary Passphrase Value.
Thank you in advance for your assistance.
Best Regards,
Ashish
Request clarification before answering.
Hell carlos.roggan
Good Day.
My business requirement is to access the third-party application from SAP CPI iFlow.
The third-party system provides two different certificates (PFX files): “Active” and “Signature”, The active certificate is used to access the system, and the signature certificate is used to access the application. To build the signature, the "private key" is mandatory. So the signature PFX file was added to Keystore and access the same by alias name in Groovy to build PrivateKey. In the signature build, we used this "Privatekey" to sign. I am referring to your blogs to build "Privatekey" as below.
// Private Key
KeystoreService keystoreService = ITApiFactory.getService(KeystoreService.class, null)
KeyPair keyPair = keystoreService.getKeyPair("iflowtonodekeys");
PrivateKey privateKey = keyPair.getPrivate();
Current Situation:
I am able to access the third-party system wherever the target ULR does not require a signature header, but when I try to access the target URL with a signature header as per the specification, I am getting an invalid signature from the third-party system. So I would like to verify my perception about creating the private key. I am giving the logic that I used in iFlow Groovy for your reference. Please let me know if any changes are required.
Server Error :
{"errors":[{"code":"invalidSignature","detail":"The HTTP signature could not be verified. Please refer to https://documentation.ibanity.com/security#http-signature","meta":{"requestId":"000112D599A2D9320A01063301BB6540EA4D263106BED6"}}]}
Private Key Build Logic:
KeystoreService keystoreService = ITApiFactory.getService(KeystoreService.class, null)
KeyPair keyPair = keystoreService.getKeyPair("iflowtonodekeys");
PrivateKey privateKey = keyPair.getPrivate();
Signature Digest:
def buildEncodedSignature(PrivateKey privateKey,String signingString){
String DIGEST_ALGORITHM = MessageDigestAlgorithms.SHA_256;
String SIGNATURE_ALGORITHM = "RSASSA-PSS";
PSSParameterSpec PARAMETER_SPEC = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
String dataToDigest = signingString;
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.setParameter(PARAMETER_SPEC);
signature.initSign(privateKey);
byte [] digest = new DigestUtils(DIGEST_ALGORITHM).digest(dataToDigest);
//byte[] b = signatureString.getBytes();
signature.update(digest);
byte[] signedData = signature.sign();
String signatureDigest = Base64.getEncoder().encodeToString(signedData);
return signatureDigest;
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
46 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.