Recently I received a task to digital sign outgoing XML Invoice. That is not a problem at all – you can do this easily in SOAP adapter as adapter module. But my assignment had restriction, that because that XML was processed by ccBPM (in XI 7.0) – that signing had to be done in mapping – not in adapter.
I have spent few days to crack this problem, but finally – with extensive help of scn.sap.com – I was successful.
I developed java mapping and for signing itself I used Apache Santuario — Index library – but because I was on SAP XI 7.0 – I had to use old version for java 1.4.2. Actual version in java 1.4 branch is Apache Download Mirrors.
Also – before you can start – you have to get XI jar libraries from your system. You have two options – ask some basis person to gather those files for you or you can use that excellent ABAP report – but because you need also jar libraries from different paths – you need to modify slightly modify that report. I strongly recommend to see that wiki page to know more about getting those jars – Where to get the libraries for XI development – Process Integration – SCN Wiki
So what jar libraries do we need?
|library name||where to get it|
So if you have downloaded Apache Santuario, get SAP NWDS running and have all these libraries we can start with java mapping.
- start NWDS and create new java project.
- Add all needed libraries into project
- Create new java class XMLSignMapping which extends DefaultHandler and implements StreamTransformation. This class (or interface which it is implementing) contains two methods:
- execute – this is method which system will call in mapping process – all logic comes here
- setParameter – method to work with container
- Create new java class XIKeystoreAccessor – this will be utility class to which will contain logic to work with Keystore. You can find content of this class as attachment.
- Create new java class TraceUtil – utility for logging – content as attachment
- I had to resolve few issues with Apache Santuario library due to bugs in it – so I had to add new package into the project org.apache.xml.security.resource and add xmlsecurity_en_US.properties and xmlsecurity.properties into it. xmlsecurity.properties is just renamed xmlsecurity_en_US.properties which you can find in xmlsecurity.jar library
- If you created these 3 classes and added content into them – create jar file from project
- Upload that jar and two jars from Apache Santuario project into XI as external library and add XMLSingMapping as a java mapping class into interface mapping – you can find more on java mappings here – Java Mapping in SAP PI / XI – Step-by-step example » Techplay
When I worked on this problem – I have found, that there is no complete guide how to access KeyStore and digitally sign XML from mapping. So I hope that this blog post will help somebody to not spent a lot of hours on implementing signing as I did 🙂