Dear Experts/Friends,
I need your valuable and immediate help securing digital signature for
synchronous webservice call on SAP PI 7.3(dual stack). I will try to
explain the requirement
Scenario
- SAP PI makes a request to the MSB , it would digitally
sign it’s request using it’s own organization X509 certs according to
WS-Security standards. - The MSB would then validate the digital signature of incoming request to ensure it’s
coming from authentic organization. - The MSB would than perform all the necessary processing on the received request and
signs the response using the x509cert before sending it back to requesting
organization. - The requesting organization would then validate the digital signature of the
response to ensure it comes from authentic MSB. - The soap header, body, timestamp are all to be signed.
Can I use Soap adapter with webservice security profile?
Or Do I have to go for java mapping. Can I please get the sample code to implement digital signature.
Please provide pointers on implementing this in PI7.3 dual stack.
SOAP header template as provided by MSB
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" … … >
<soapenv:Header
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<wsa:Action>http://EMRX.........../InitiateService</wsa:Action>
<wsa:To>
</wsa:To>
<wsse:Security
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-12920412"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
ADSADEFVgAwIBVDSVSDVSD
BgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJTRzEoMCYGA1UEChMfTmV0cnVzdCBDZXJ0aWZpY2F0ZSBB
… … … …
+I/4/8fZ6z6dcS/4jBibmGqDFVXKq1T/zcC5EVSDVVVIkjow==
</wsse:BinarySecurityToken>
<ds:Signature
Id="Signature-470236280"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference
URI="#id-1204288632">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<ds:DigestValue>JCNAKJCUA2WII72DIJOJDLIDJD=</ds:DigestValue>
</ds:Reference>
<ds:Reference
URI="#CertId-12920412">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CSJDKJCHSDKCVNKSDCNKJSDNCK=</ds:DigestValue>
</ds:Reference>
<ds:Reference
URI="#STRId-314276984">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CdSDVCSDVSVSDVSDVSDVSDAVEWR=</ds:DigestValue>
</ds:Reference>
<ds:Reference
URI="#Timestamp-1168931960">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>VZSDVSZDVSDVSD/VSDVSSVDSVVV=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-1205533816">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>VSDVSADVSDAVSDREREREJETJTJJ=</ds:DigestValue>
</ds:Reference>
<ds:Reference
URI="#id-1205402744">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>CSASDAVCSDVDVCEWJTRRKRTKUKK=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
HDSVSDVSDVZSKDVNKSMLjkhlkjlkjklkshdLJNCLSAJMNLCALKNLKNLKnlnlkLKNLVMKJDSLV08h
GHKuLCASCASCSAKJCHKUASJKNCASCASCASCSAKJCKJSANCASNCLKASNLCKNASLCNASCASCASCSAC
ACSASCSDCVSDCSAEWGVV=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-310213752">
<wsse:SecurityTokenReference wsu:Id="STRId-314276984"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-12920412"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
wsu:Id="Timestamp-1168931960" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2007-10-01T06:33:12.484Z</wsu:Created>
<wsu:Expires>2007-10-01T07:03:12.484Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>