Dear all,
we're archiving documents from SAP to an Open Text archive which should be accessed from other non-SAP applications.
According to the ArchiveLink specification access to the documents is protected with seckeys on the archive server.
When a SAP System accesses a document the ArchiveLink-URL for retrieving is signed automatically by the corresponding function module.
If I want to access a document from a non-SAP Applikation I have to sign the ArchiveLink request by my own and therefore had a look in the corresponding specification:
http://help.sap.com/printdocu/core/Print46c/de/data/pdf/BCSRVARL/BCSRVARL.pdf (Page 243)
Depending on the access-type (https://cw.sdn.sap.com/cw/docs/DOC-33934 --> SAP Content Server HTTP 4.5 Interface --> Introduction --> Security --> secKey) the the values of the parameters contRep, docId, accessMode, authId, expiration are concatenated to a string which should be signed with a private key. Verfication is done by the archive server who has imported a certificate containing the public key of my key pair.
According to the documentation the following algrithms are used to create / verify the signature
Format of digital signature: PKCS#7 "signed data"
Public key procedure: DSS
Key length: 512 u2013 1024 bits
Public exponent: 216 + 1
Public key format: X.509 v3 certificate
MD (message digest) algorithm: MD5 or RIPEMD-160
My Example:
Content Repository: ZZ
DociD: 12334
acessMode: r
authID: CN%3DTestClient,%20OU%3DmyOrgUnit,%20C%3DDE
expiration: 20101231120000
What do I have to do if I want to sign the string "ZZ12334rCN%3DTestClient,%20OU%3DmyOrgUnit,%20C%3DDE20101231120000" with the algorithms needed by archive link standard.
I'm looking for an example in Open SSL (prefered so I can adapt it to other programming languages), JAVA, PHP or C#
Thanks in advance
Christoph