SAP ABAP ENCRIPTACION
From SapWiki
Ejemplo AES 256 mode CBC
*&---------------------------------------------------------------------*
*& Report YENCRIPT2_DO
*&---------------------------------------------------------------------*
*&
*&---------------------------------------------------------------------*
REPORT yencript2_do.
* equivale a AES 256 mode CBC
* basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR
* para test https://www.devglan.com/online-tools/aes-encryption-decryption
DATA: blocksize TYPE i
, keysize TYPE i
, cipher TYPE xstring
, block TYPE xstring
, rest TYPE i
, offset TYPE i
, l_iv TYPE xstring
, emptyiv TYPE xstring
, counter(4) TYPE x
, ctroffset TYPE i
.
DATA iv TYPE xstring.
DATA key TYPE xstring.
DATA input TYPE xstring.
DATA result TYPE xstring.
DATA l_plaintext TYPE string.
DATA l_plaintext_x TYPE xstring.
DATA l_key TYPE string.
DATA l_key_x TYPE xstring.
DATA lv_message TYPE xstring.
DATA lv_message_decrypted TYPE xstring.
DATA lr_xstring TYPE xstring.
DATA l_base64 TYPE string.
DATA lv_message_string TYPE string.
DATA i_iv TYPE xstring.
DATA: lf_bindata TYPE xstring.
*--------------------------------------------------------------------*
*
*--------------------------------------------------------------------*
* ejemplo: archivo JSON o XML
PARAMETERS gf_xfile TYPE string LOWER CASE.
*--------------------------------------------------------------------*
AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile.
*--------------------------------------------------------------------*
DATA: window_title TYPE string.
window_title = 'Archivo de entrada'.
cl_secxml_helper=>file_f4(
EXPORTING window_title = window_title
IMPORTING filename = gf_xfile ).
*--------------------------------------------------------------------*
START-OF-SELECTION.
*--------------------------------------------------------------------*
*--------------------------------------------------------------------*
* read xml data
*--------------------------------------------------------------------*
IF gf_xfile IS NOT INITIAL.
cl_secxml_helper=>upload_file(
EXPORTING filename = gf_xfile
IMPORTING bindata = lf_bindata ).
ENDIF.
blocksize = 16.
keysize = 32.
ctroffset = 12.
emptyiv = '00000000000000000000000000000000'.
i_iv = emptyiv.
l_key = '12345678901234567890123456789012'.
l_key_x = cl_abap_hmac=>string_to_xstring( l_key ).
IF lf_bindata IS INITIAL.
l_plaintext = 'Texto a encriptar'.
l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ).
ELSE.
MOVE lf_bindata TO l_plaintext_x.
ENDIF.
iv = i_iv.
key = l_key_x.
input = l_plaintext_x.
IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize.
WRITE:/ 'error en llave o IV'.
RETURN.
ENDIF.
rest = xstrlen( input ).
IF rest < 1.
RETURN. "nothing to encrypt
ENDIF.
*--------------------------------------------------------------------*
* encrypt
*--------------------------------------------------------------------*
CALL METHOD cl_sec_sxml_writer=>encrypt_iv(
EXPORTING
plaintext = input
key = key
iv = iv
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
ciphertext = cipher ).
* padding
lr_xstring = cipher+blocksize.
*--------------------------------------------------------------------*
* codificar archivo encriptado en BASE64
*--------------------------------------------------------------------*
PERFORM encode_base_64x USING lr_xstring CHANGING l_base64.
*--------------------------------------------------------------------*
* decrypt message
*--------------------------------------------------------------------*
cl_sec_sxml_writer=>decrypt(
EXPORTING
ciphertext = cipher
key = l_key_x
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
plaintext = lv_message_decrypted ).
" convert xstring to string for output
cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ).
" output secret message
WRITE lv_message_string.
*----------------------------------------------------------------------*
* FORM .......
*----------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
* --> p1 text
* <-- p2 text
*----------------------------------------------------------------------*
FORM encode_base_64x USING p_xstring TYPE xstring
CHANGING p_string_base64 TYPE string.
DATA: l_http_utility TYPE REF TO cl_http_utility.
DATA: l_string TYPE string.
CREATE OBJECT l_http_utility.
CALL METHOD l_http_utility->encode_x_base64
EXPORTING
unencoded = p_xstring
RECEIVING
encoded = p_string_base64.
ENDFORM.
Uso de OPENSSL
METHOD encrypt.
DATA lt_btcxpm TYPE TABLE OF btcxpm.
DATA lv_parameter type BTCXPGPAR.
IF i_iv_key IS NOT INITIAL.
lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|.
ELSE.
lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|.
ENDIF.
REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode.
REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file.
REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key.
REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key.
REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file.
* crear comando openssl en trn. SM69
CALL FUNCTION 'SXPG_COMMAND_EXECUTE'
EXPORTING
commandname = 'ZOPENSSL'
additional_parameters = lv_parameter
TABLES
exec_protocol = lt_btcxpm
EXCEPTIONS
no_permission = 1
command_not_found = 2
parameters_too_long = 3
security_risk = 4
wrong_check_call_interface = 5
program_start_error = 6
program_termination_error = 7
x_error = 8
parameter_expected = 9
too_many_parameters = 10
illegal_command = 11
wrong_asynchronous_parameters = 12
cant_enq_tbtco_entry = 13
jobcount_generation_error = 14
OTHERS = 15.
IF sy-subrc <> 0.
e_subrc = sy-subrc.
e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'.
RETURN.
ENDIF.
IF lt_btcxpm[] IS NOT INITIAL.
e_subrc = 16.
LOOP AT lt_btcxpm INTO DATA(ls_btcxmp).
ENDLOOP.
e_message = |Error en ecriptación { ls_btcxmp-message }|.
RETURN.
ENDIF.
OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT.
IF sy-subrc <> 0.
e_subrc = 17.
e_message = |Error en abrir archivo de salida { i_out_file }|.
RETURN.
ENDIF.
READ DATASET i_out_file INTO e_base54_enc.
IF sy-subrc <> 0.
e_subrc = 18.
e_message = |Error en leer archivo de salida { i_out_file }|.
close DATASET i_out_file.
RETURN.
ENDIF.
close DATASET i_out_file.
e_subrc = 0.
ENDMETHOD.
METHOD encrypt_sac_aes256.
DATA lv_key TYPE string.
DATA lv_key_iv TYPE string.
DATA lv_infile TYPE oiuh_char56.
DATA lv_outfile TYPE oiuh_char56.
CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
EXPORTING
i_parametro = 'AES256-KEY'
RECEIVING
r_key = lv_key.
CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
EXPORTING
i_parametro = 'AES256-IV'
RECEIVING
r_key = lv_key_iv.
lv_infile = '/tmp'.
CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile.
lv_outfile = '/tmp'.
CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile.
OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
IF sy-subrc <> 0.
e_subrc = 4.
e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|.
RETURN.
ENDIF.
TRANSFER i_text TO lv_infile.
IF sy-subrc <> 0.
e_subrc = 4.
e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|.
CLOSE DATASET lv_infile.
RETURN.
ENDIF.
CLOSE DATASET lv_infile.
CALL METHOD zcl_hr_sac_sap=>encrypt
EXPORTING
* i_mode = 'aes-256-cbc'
i_in_file = lv_infile
i_out_file = lv_outfile
i_key = lv_key
i_iv_key = lv_key_iv
IMPORTING
e_base54_enc = e_base54_enc
e_subrc = e_subrc
e_message = e_message.
DELETE DATASET lv_infile.
DELETE DATASET lv_outfile.
ENDMETHOD.
