Digital signature using SSF and accessing certificate and keys from keystore at mapping level

Dear Experts,

I have requirement to sign the input payload and encode it to base64 and assign it over a one string called "strsignature", again the same payload I just need to encode it base64 and assign it over another string called "strXmldata" , finally both string containing singed and base64 encode data in output payload should be send to bank in HTTP body   . Please keep in mind this is not xml digital signature ,  below are the details of input and desired output structure.

Input payload

<?xml version="1.0"?>

<PaymentMessage>

   <PaymentTransaction>

     <CompanyCode>PARTNER01</CompanyCode>

     <SequenceNum>132180</SequenceNum>

     <TransactionData>:20:2000000058

:32A:020112SAR888,00

:50:SAUDI ARABIAN OIL COMPANY

BOX 5000

DHAHRAN

  </TransactionData>

    <TransactionComment> comments</TransactionComment>

  </PaymentTransaction>

</PaymentMessage>

Desired Output Payload

strSignature = "Signed and base64 encoded whole input payload" & strXmldta = "Base64encoded whole input payload"

Where I am standing

So far I have written the below java mapping code from SAP help example using SSF to achieve to access the certificate and keys as java and sign the data. currently I have only the development system where signed certificate from CA has not been installed, and SSL has not been enabled.

Code

package com.javamapping;

import java.io.ByteArrayOutputStream;

import java.io.InputStream;

import java.security.KeyStore;

import javax.naming.InitialContext;

import sun.misc.BASE64Encoder;

import com.sap.aii.mapping.api.AbstractTransformation;

import com.sap.aii.mapping.api.StreamTransformationException;

import com.sap.aii.mapping.api.TransformationInput;

import com.sap.aii.mapping.api.TransformationOutput;

import com.sap.aii.utilxi.core.io.IOUtil;

import com.sap.engine.interfaces.keystore.KeystoreManager;

import com.sap.security.api.ssf.ISsfData;

import com.sap.security.core.server.ssf.SsfDataPKCS7;

import com.sap.security.core.server.ssf.SsfProfileKeyStore;

public class GetBase64EncodedParameter extends AbstractTransformation {

  public void transform(TransformationInput input, TransformationOutput output)

  throws StreamTransformationException {

  try {

  BASE64Encoder encoder = new BASE64Encoder();

  InputStream inputStream = input.getInputPayload().getInputStream();

  inputStream.close();

  String strFlatData = IOUtil.copyToString(inputStream, "UTF-8");

  String base64EncodedData = encoder.encode( strFlatData.getBytes());

  byte[] signedDataBytes = getSignedDataStream(inputStream);

  String base64EncodedSignedData = encoder.encode(signedDataBytes);

  String httpBodyString = "strXmlData=" + base64EncodedData + "&strSignature=" + base64EncodedSignedData;

  output.getOutputPayload().getOutputStream().write(httpBodyString.getBytes());

  } catch (Exception ie) {

  // do nothing

  }

  }

   private byte[] getSignedDataStream(InputStream inputStream) throws Exception{

  ISsfData data = new SsfDataPKCS7(inputStream);

  InitialContext ctx = new InitialContext();

  Object o = (Object) ctx.lookup("keystore");

  KeystoreManager manager = (KeystoreManager) o;

  KeyStore keyStore = manager.getKeystore("DEFAULT");

  String alias = "sign_test";

  SsfProfileKeyStore profile = new SsfProfileKeyStore(keyStore, alias, null);

  data.sign(profile);

  ByteArrayOutputStream baos = new ByteArrayOutputStream();

  data.writeTo(baos);

  return baos.toByteArray();

  }

}

Questions

1- What are "DEFAULT" and "alias" , do I need to replace it after the actual certificate installation on PI server? is it related to what we give the name of certificate(signed by CA)  while installing?

2- The code is error free, However do you guys think my code will work based on my requirement, more specifically to access keystore as java? if not please provide your valuable input based on my requirement .  I need your help, I am not very much expert in java

3- On PI server under "Entry Import" only two entry types(PKCS#12 and PKCS#8Key Pair) are available, but I need to use PKCS#7, can I use PKCS#8 instead? is it related to certificate?

4- Can I test my code now without the actual certificate installed on PI server,can I install some trail certificate eg. verisign  ? if yes which one I can use from the default available certificates?

5- while installing the certificate, is it mandatory to put under "TrustedCAs" on PI server? if we are using certificate signed by CA.

Thanks,

Farhan