Difference between revisions of "SAP ABAP ENCRIPTACION"

From SapWiki
(Created page with " *&---------------------------------------------------------------------* *& Report YENCRIPT2_DO *&---------------------------------------------------------------------* *&...")
 
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
  *&---------------------------------------------------------------------*
+
==Ejemplo AES 256 mode CBC==
*& Report YENCRIPT2_DO
+
  <nowiki>*&---------------------------------------------------------------------*
*&---------------------------------------------------------------------*
+
*& Report YENCRIPT2_DO
*&
+
*&---------------------------------------------------------------------*
*&---------------------------------------------------------------------*
+
*&
REPORT yencript2_do.
+
*&---------------------------------------------------------------------*
* equivale a AES 256 mode CBC
+
REPORT yencript2_do.
* basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR
+
* equivale a AES 256 mode CBC
* para test https://www.devglan.com/online-tools/aes-encryption-decryption
+
* basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR
+
* para test https://www.devglan.com/online-tools/aes-encryption-decryption
DATA: blocksize  TYPE i
 
    , keysize    TYPE i
 
    , cipher    TYPE xstring
 
    , block      TYPE xstring
 
    , rest      TYPE i
 
    , offset    TYPE i
 
    , l_iv      TYPE xstring
 
    , emptyiv    TYPE xstring
 
    , counter(4) TYPE x
 
    , ctroffset  TYPE i
 
    .
 
DATA iv TYPE xstring.
 
DATA key TYPE xstring.
 
DATA input TYPE xstring.
 
DATA result TYPE xstring.
 
DATA l_plaintext TYPE string.
 
DATA l_plaintext_x TYPE xstring.
 
DATA l_key TYPE string.
 
DATA l_key_x TYPE xstring.
 
DATA lv_message TYPE xstring.
 
DATA lv_message_decrypted TYPE xstring.
 
DATA lr_xstring TYPE xstring.
 
DATA l_base64 TYPE string.
 
DATA lv_message_string TYPE string.
 
DATA i_iv TYPE xstring.
 
DATA: lf_bindata TYPE xstring.
 
  
  *--------------------------------------------------------------------*
+
DATA: blocksize TYPE i
*
+
    , keysize    TYPE i
*--------------------------------------------------------------------*
+
    , cipher    TYPE xstring
* ejemplo: archivo JSON o XML
+
    , block      TYPE xstring
PARAMETERS gf_xfile TYPE string LOWER CASE.
+
    , rest      TYPE i
+
    , offset    TYPE i
*--------------------------------------------------------------------*
+
    , l_iv      TYPE xstring
AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile.
+
    , emptyiv    TYPE xstring
*--------------------------------------------------------------------*
+
    , counter(4) TYPE x
  DATA: window_title TYPE string.
+
    , ctroffset  TYPE i
+
    .
  window_title = 'Archivo de entrada'.
+
DATA iv TYPE xstring.
  cl_secxml_helper=>file_f4(
+
DATA key TYPE xstring.
    EXPORTING window_title = window_title
+
DATA input TYPE xstring.
    IMPORTING filename = gf_xfile ).
+
DATA result TYPE xstring.
+
DATA l_plaintext TYPE string.
*--------------------------------------------------------------------*
+
DATA l_plaintext_x TYPE xstring.
START-OF-SELECTION.
+
DATA l_key TYPE string.
*--------------------------------------------------------------------*
+
DATA l_key_x TYPE xstring.
+
DATA lv_message TYPE xstring.
*--------------------------------------------------------------------*
+
DATA lv_message_decrypted TYPE xstring.
* read xml data
+
DATA lr_xstring TYPE xstring.
*--------------------------------------------------------------------*
+
DATA l_base64 TYPE string.
  IF gf_xfile IS NOT INITIAL.
+
DATA lv_message_string TYPE string.
    cl_secxml_helper=>upload_file(
+
DATA i_iv TYPE xstring.
        EXPORTING filename = gf_xfile
+
DATA: lf_bindata TYPE xstring.
        IMPORTING bindata = lf_bindata ).
+
 
  ENDIF.
+
*--------------------------------------------------------------------*
+
*
  blocksize = 16.
+
*--------------------------------------------------------------------*
  keysize  = 32.
+
* ejemplo: archivo JSON o XML
  ctroffset = 12.
+
PARAMETERS gf_xfile TYPE string LOWER CASE.
  emptyiv  = '00000000000000000000000000000000'.
+
 
+
*--------------------------------------------------------------------*
  i_iv = emptyiv.
+
AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile.
  l_key = '12345678901234567890123456789012'.
+
*--------------------------------------------------------------------*
  l_key_x = cl_abap_hmac=>string_to_xstring( l_key ).
+
  DATA: window_title TYPE string.
+
 
  IF lf_bindata IS INITIAL.
+
  window_title = 'Archivo de entrada'.
    l_plaintext = 'Texto a encriptar'.
+
  cl_secxml_helper=>file_f4(
    l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ).
+
    EXPORTING window_title = window_title
  ELSE.
+
    IMPORTING filename = gf_xfile ).
    MOVE lf_bindata TO l_plaintext_x.
+
 
  ENDIF.
+
*--------------------------------------------------------------------*
+
START-OF-SELECTION.
  iv = i_iv.
+
*--------------------------------------------------------------------*
  key = l_key_x.
+
 
  input = l_plaintext_x.
+
*--------------------------------------------------------------------*
+
* read xml data
  IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize.
+
*--------------------------------------------------------------------*
    WRITE:/ 'error en llave o IV'.
+
  IF gf_xfile IS NOT INITIAL.
    RETURN.
+
    cl_secxml_helper=>upload_file(
  ENDIF.
+
      EXPORTING filename = gf_xfile
+
      IMPORTING bindata = lf_bindata ).
  rest = xstrlen( input ).
+
  ENDIF.
  IF rest < 1.
+
 
    RETURN. "nothing to encrypt
+
  blocksize = 16.
  ENDIF.
+
  keysize  = 32.
+
  ctroffset = 12.
*--------------------------------------------------------------------*
+
  emptyiv  = '00000000000000000000000000000000'.
* encrypt
+
 
*--------------------------------------------------------------------*
+
  i_iv = emptyiv.
  CALL METHOD cl_sec_sxml_writer=>encrypt_iv(
+
  l_key = '12345678901234567890123456789012'.
    EXPORTING
+
  l_key_x = cl_abap_hmac=>string_to_xstring( l_key ).
      plaintext  = input
+
 
      key        = key
+
  IF lf_bindata IS INITIAL.
      iv        = iv
+
    l_plaintext = 'Texto a encriptar'.
      algorithm  = cl_sec_sxml_writer=>co_aes256_algorithm_pem
+
    l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ).
    IMPORTING
+
  ELSE.
      ciphertext = cipher ).
+
    MOVE lf_bindata TO l_plaintext_x.
+
  ENDIF.
* padding
+
 
  lr_xstring = cipher+blocksize.
+
  iv = i_iv.
+
  key = l_key_x.
*--------------------------------------------------------------------*
+
  input = l_plaintext_x.
* codificar archivo encriptado en BASE64
+
 
*--------------------------------------------------------------------*
+
  IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize.
  PERFORM encode_base_64x USING lr_xstring CHANGING l_base64.
+
    WRITE:/ 'error en llave o IV'.
+
    RETURN.
*--------------------------------------------------------------------*
+
  ENDIF.
* decrypt message
+
 
*--------------------------------------------------------------------*
+
  rest = xstrlen( input ).
  cl_sec_sxml_writer=>decrypt(
+
  IF rest < 1.
    EXPORTING
+
    RETURN. "nothing to encrypt
      ciphertext = cipher
+
  ENDIF.
      key =        l_key_x
+
 
      algorithm =  cl_sec_sxml_writer=>co_aes256_algorithm_pem
+
*--------------------------------------------------------------------*
    IMPORTING
+
* encrypt
      plaintext = lv_message_decrypted ).
+
*--------------------------------------------------------------------*
+
  CALL METHOD cl_sec_sxml_writer=>encrypt_iv(
  " convert xstring to string for output
+
    EXPORTING
  cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ).
+
      plaintext  = input
+
      key        = key
  " output secret message
+
      iv        = iv
  WRITE lv_message_string.
+
      algorithm  = cl_sec_sxml_writer=>co_aes256_algorithm_pem
+
    IMPORTING
*----------------------------------------------------------------------*
+
      ciphertext = cipher ).
*      FORM .......
+
 
*----------------------------------------------------------------------*
+
* padding
*      text
+
  lr_xstring = cipher+blocksize.
*----------------------------------------------------------------------*
+
 
*  -->  p1        text
+
*--------------------------------------------------------------------*
*  <--  p2        text
+
* codificar archivo encriptado en BASE64
*----------------------------------------------------------------------*
+
*--------------------------------------------------------------------*
FORM encode_base_64x USING p_xstring TYPE xstring
+
  PERFORM encode_base_64x USING lr_xstring CHANGING l_base64.
                  CHANGING p_string_base64 TYPE string.
+
 
  DATA: l_http_utility TYPE REF TO cl_http_utility.
+
*--------------------------------------------------------------------*
  DATA: l_string TYPE string.
+
* decrypt message
+
*--------------------------------------------------------------------*
  CREATE OBJECT l_http_utility.
+
  cl_sec_sxml_writer=>decrypt(
+
    EXPORTING
  CALL METHOD l_http_utility->encode_x_base64
+
      ciphertext = cipher
    EXPORTING
+
      key =        l_key_x
      unencoded = p_xstring
+
      algorithm =  cl_sec_sxml_writer=>co_aes256_algorithm_pem
    RECEIVING
+
    IMPORTING
      encoded  = p_string_base64.
+
      plaintext = lv_message_decrypted ).
ENDFORM.
+
 
 +
  " convert xstring to string for output
 +
  cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ).
 +
 
 +
  " output secret message
 +
  WRITE lv_message_string.
 +
 
 +
*----------------------------------------------------------------------*
 +
*      FORM .......
 +
*----------------------------------------------------------------------*
 +
*      text
 +
*----------------------------------------------------------------------*
 +
*  -->  p1        text
 +
*  <--  p2        text
 +
*----------------------------------------------------------------------*
 +
FORM encode_base_64x USING p_xstring TYPE xstring
 +
                  CHANGING p_string_base64 TYPE string.
 +
  DATA: l_http_utility TYPE REF TO cl_http_utility.
 +
  DATA: l_string TYPE string.
 +
 
 +
  CREATE OBJECT l_http_utility.
 +
 
 +
  CALL METHOD l_http_utility->encode_x_base64
 +
    EXPORTING
 +
      unencoded = p_xstring
 +
    RECEIVING
 +
      encoded  = p_string_base64.
 +
ENDFORM.</nowiki>
 +
 
 +
===Uso de OPENSSL===
 +
<nowiki>
 +
  METHOD encrypt.
 +
    DATA lt_btcxpm TYPE TABLE OF btcxpm.
 +
 
 +
    DATA lv_parameter type BTCXPGPAR.
 +
 
 +
    IF i_iv_key IS NOT INITIAL.
 +
      lv_parameter =  |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|.
 +
    ELSE.
 +
      lv_parameter =  |enc -&1 -e -a -A -in &2 -K &3 -out &5|.
 +
    ENDIF.
 +
 
 +
    REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode.
 +
    REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file.
 +
    REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key.
 +
    REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key.
 +
    REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file.
 +
 
 +
* crear comando openssl en trn. SM69
 +
    CALL FUNCTION 'SXPG_COMMAND_EXECUTE'
 +
      EXPORTING
 +
        commandname                  = 'ZOPENSSL'
 +
        additional_parameters        = lv_parameter
 +
      TABLES
 +
        exec_protocol                = lt_btcxpm
 +
      EXCEPTIONS
 +
        no_permission                = 1
 +
        command_not_found            = 2
 +
        parameters_too_long          = 3
 +
        security_risk                = 4
 +
        wrong_check_call_interface    = 5
 +
        program_start_error          = 6
 +
        program_termination_error    = 7
 +
        x_error                      = 8
 +
        parameter_expected            = 9
 +
        too_many_parameters          = 10
 +
        illegal_command              = 11
 +
        wrong_asynchronous_parameters = 12
 +
        cant_enq_tbtco_entry          = 13
 +
        jobcount_generation_error    = 14
 +
        OTHERS                        = 15.
 +
    IF sy-subrc <> 0.
 +
      e_subrc = sy-subrc.
 +
      e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'.
 +
      RETURN.
 +
    ENDIF.
 +
 
 +
    IF lt_btcxpm[] IS NOT INITIAL.
 +
      e_subrc = 16.
 +
      LOOP AT lt_btcxpm INTO DATA(ls_btcxmp).
 +
      ENDLOOP.
 +
      e_message = |Error en ecriptación { ls_btcxmp-message }|.
 +
      RETURN.
 +
    ENDIF.
 +
 
 +
    OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT.
 +
    IF sy-subrc <> 0.
 +
      e_subrc = 17.
 +
      e_message = |Error en abrir archivo de salida { i_out_file }|.
 +
      RETURN.
 +
    ENDIF.
 +
 
 +
    READ DATASET i_out_file INTO e_base54_enc.
 +
    IF sy-subrc <> 0.
 +
      e_subrc = 18.
 +
      e_message = |Error en leer archivo de salida { i_out_file }|.
 +
      close DATASET i_out_file.
 +
      RETURN.
 +
    ENDIF.
 +
    close DATASET i_out_file.
 +
    e_subrc = 0.
 +
  ENDMETHOD.
 +
 
 +
  METHOD encrypt_sac_aes256.
 +
    DATA lv_key TYPE string.
 +
    DATA lv_key_iv TYPE string.
 +
    DATA lv_infile TYPE oiuh_char56.
 +
    DATA lv_outfile TYPE oiuh_char56.
 +
 
 +
    CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
 +
      EXPORTING
 +
        i_parametro = 'AES256-KEY'
 +
      RECEIVING
 +
        r_key      = lv_key.
 +
 
 +
    CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
 +
      EXPORTING
 +
        i_parametro = 'AES256-IV'
 +
      RECEIVING
 +
        r_key      = lv_key_iv.
 +
 
 +
    lv_infile = '/tmp'.
 +
    CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile.
 +
 
 +
    lv_outfile = '/tmp'.
 +
    CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile.
 +
 
 +
    OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
 +
    IF sy-subrc <> 0.
 +
      e_subrc = 4.
 +
      e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|.
 +
      RETURN.
 +
    ENDIF.
 +
 
 +
    TRANSFER i_text TO lv_infile.
 +
    IF sy-subrc <> 0.
 +
      e_subrc = 4.
 +
      e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|.
 +
      CLOSE DATASET lv_infile.
 +
      RETURN.
 +
    ENDIF.
 +
    CLOSE DATASET lv_infile.
 +
 
 +
    CALL METHOD zcl_hr_sac_sap=>encrypt
 +
      EXPORTING
 +
*      i_mode      = 'aes-256-cbc'
 +
        i_in_file    = lv_infile
 +
        i_out_file  = lv_outfile
 +
        i_key        = lv_key
 +
        i_iv_key    = lv_key_iv
 +
      IMPORTING
 +
        e_base54_enc = e_base54_enc
 +
        e_subrc      = e_subrc
 +
        e_message    = e_message.
 +
 
 +
    DELETE DATASET lv_infile.
 +
    DELETE DATASET lv_outfile.
 +
 
 +
  ENDMETHOD.
 +
</nowiki>
 +
 
 +
[[Category:ABAP]]

Latest revision as of 19:14, 24 July 2024

Ejemplo AES 256 mode CBC

*&---------------------------------------------------------------------*
*& Report YENCRIPT2_DO
*&---------------------------------------------------------------------*
*&
*&---------------------------------------------------------------------*
REPORT yencript2_do.
* equivale a AES 256 mode CBC
* basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR
* para test https://www.devglan.com/online-tools/aes-encryption-decryption

DATA: blocksize  TYPE i
    , keysize    TYPE i
    , cipher     TYPE xstring
    , block      TYPE xstring
    , rest       TYPE i
    , offset     TYPE i
    , l_iv       TYPE xstring
    , emptyiv    TYPE xstring
    , counter(4) TYPE x
    , ctroffset  TYPE i
    .
DATA iv TYPE xstring.
DATA key TYPE xstring.
DATA input TYPE xstring.
DATA result TYPE xstring.
DATA l_plaintext TYPE string.
DATA l_plaintext_x TYPE xstring.
DATA l_key TYPE string.
DATA l_key_x TYPE xstring.
DATA lv_message TYPE xstring.
DATA lv_message_decrypted TYPE xstring.
DATA lr_xstring TYPE xstring.
DATA l_base64 TYPE string.
DATA lv_message_string TYPE string.
DATA i_iv TYPE xstring.
DATA: lf_bindata TYPE xstring.

*--------------------------------------------------------------------*
*
*--------------------------------------------------------------------* 
* ejemplo: archivo JSON o XML
PARAMETERS gf_xfile TYPE string LOWER CASE.

*--------------------------------------------------------------------*
AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile.
*--------------------------------------------------------------------*
  DATA: window_title TYPE string.

  window_title = 'Archivo de entrada'.
  cl_secxml_helper=>file_f4(
    EXPORTING window_title = window_title
    IMPORTING filename = gf_xfile ).

*--------------------------------------------------------------------*
START-OF-SELECTION.
*--------------------------------------------------------------------*

*--------------------------------------------------------------------*
* read xml data
*--------------------------------------------------------------------*
  IF gf_xfile IS NOT INITIAL.
    cl_secxml_helper=>upload_file(
       EXPORTING filename = gf_xfile
       IMPORTING bindata = lf_bindata ).
  ENDIF.

  blocksize = 16.
  keysize   = 32.
  ctroffset = 12.
  emptyiv   = '00000000000000000000000000000000'.

  i_iv = emptyiv.
  l_key = '12345678901234567890123456789012'.
  l_key_x = cl_abap_hmac=>string_to_xstring( l_key ).

  IF lf_bindata IS INITIAL.
    l_plaintext = 'Texto a encriptar'.
    l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ).
  ELSE.
    MOVE lf_bindata TO l_plaintext_x.
  ENDIF.

  iv = i_iv.
  key = l_key_x.
  input = l_plaintext_x.

  IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize.
    WRITE:/ 'error en llave o IV'.
    RETURN.
  ENDIF.

  rest = xstrlen( input ).
  IF rest < 1.
    RETURN. "nothing to encrypt
  ENDIF.

*--------------------------------------------------------------------*
* encrypt
*--------------------------------------------------------------------*
  CALL METHOD cl_sec_sxml_writer=>encrypt_iv(
    EXPORTING
      plaintext  = input
      key        = key
      iv         = iv
      algorithm  = cl_sec_sxml_writer=>co_aes256_algorithm_pem
    IMPORTING
      ciphertext = cipher ).

* padding
  lr_xstring = cipher+blocksize.

*--------------------------------------------------------------------*
* codificar archivo encriptado en BASE64
*--------------------------------------------------------------------*
  PERFORM encode_base_64x USING lr_xstring CHANGING l_base64.

*--------------------------------------------------------------------*
* decrypt message
*--------------------------------------------------------------------*
  cl_sec_sxml_writer=>decrypt(
    EXPORTING
      ciphertext = cipher
      key =        l_key_x
      algorithm =  cl_sec_sxml_writer=>co_aes256_algorithm_pem
    IMPORTING
      plaintext = lv_message_decrypted ).

  " convert xstring to string for output
  cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ).

  " output secret message
  WRITE lv_message_string.

*----------------------------------------------------------------------*
*       FORM .......
*----------------------------------------------------------------------*
*       text
*----------------------------------------------------------------------*
*  -->  p1        text
*  <--  p2        text
*----------------------------------------------------------------------*
FORM encode_base_64x USING p_xstring TYPE xstring
                  CHANGING p_string_base64 TYPE string.
  DATA: l_http_utility TYPE REF TO cl_http_utility.
  DATA: l_string TYPE string.

  CREATE OBJECT l_http_utility.

  CALL METHOD l_http_utility->encode_x_base64
    EXPORTING
      unencoded = p_xstring
    RECEIVING
      encoded   = p_string_base64.
ENDFORM.

Uso de OPENSSL

  METHOD encrypt.
    DATA lt_btcxpm TYPE TABLE OF btcxpm.

    DATA lv_parameter type BTCXPGPAR.

    IF i_iv_key IS NOT INITIAL.
      lv_parameter =  |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|.
    ELSE.
      lv_parameter =  |enc -&1 -e -a -A -in &2 -K &3 -out &5|.
    ENDIF.

    REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode.
    REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file.
    REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key.
    REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key.
    REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file.

* crear comando openssl en trn. SM69
    CALL FUNCTION 'SXPG_COMMAND_EXECUTE'
      EXPORTING
        commandname                   = 'ZOPENSSL'
        additional_parameters         = lv_parameter
      TABLES
        exec_protocol                 = lt_btcxpm
      EXCEPTIONS
        no_permission                 = 1
        command_not_found             = 2
        parameters_too_long           = 3
        security_risk                 = 4
        wrong_check_call_interface    = 5
        program_start_error           = 6
        program_termination_error     = 7
        x_error                       = 8
        parameter_expected            = 9
        too_many_parameters           = 10
        illegal_command               = 11
        wrong_asynchronous_parameters = 12
        cant_enq_tbtco_entry          = 13
        jobcount_generation_error     = 14
        OTHERS                        = 15.
    IF sy-subrc <> 0.
      e_subrc = sy-subrc.
      e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'.
      RETURN.
    ENDIF.

    IF lt_btcxpm[] IS NOT INITIAL.
      e_subrc = 16.
      LOOP AT lt_btcxpm INTO DATA(ls_btcxmp).
      ENDLOOP.
      e_message = |Error en ecriptación { ls_btcxmp-message }|.
      RETURN.
    ENDIF.

    OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT.
    IF sy-subrc <> 0.
      e_subrc = 17.
      e_message = |Error en abrir archivo de salida { i_out_file }|.
      RETURN.
    ENDIF.

    READ DATASET i_out_file INTO e_base54_enc.
    IF sy-subrc <> 0.
      e_subrc = 18.
      e_message = |Error en leer archivo de salida { i_out_file }|.
      close DATASET i_out_file.
      RETURN.
    ENDIF.
    close DATASET i_out_file.
    e_subrc = 0.
  ENDMETHOD.

  METHOD encrypt_sac_aes256.
    DATA lv_key TYPE string.
    DATA lv_key_iv TYPE string.
    DATA lv_infile TYPE oiuh_char56.
    DATA lv_outfile TYPE oiuh_char56.

    CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
      EXPORTING
        i_parametro = 'AES256-KEY'
      RECEIVING
        r_key       = lv_key.

    CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
      EXPORTING
        i_parametro = 'AES256-IV'
      RECEIVING
        r_key       = lv_key_iv.

    lv_infile = '/tmp'.
    CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile.

    lv_outfile = '/tmp'.
    CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile.

    OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
    IF sy-subrc <> 0.
      e_subrc = 4.
      e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|.
      RETURN.
    ENDIF.

    TRANSFER i_text TO lv_infile.
    IF sy-subrc <> 0.
      e_subrc = 4.
      e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|.
      CLOSE DATASET lv_infile.
      RETURN.
    ENDIF.
    CLOSE DATASET lv_infile.

    CALL METHOD zcl_hr_sac_sap=>encrypt
      EXPORTING
*       i_mode       = 'aes-256-cbc'
        i_in_file    = lv_infile
        i_out_file   = lv_outfile
        i_key        = lv_key
        i_iv_key     = lv_key_iv
      IMPORTING
        e_base54_enc = e_base54_enc
        e_subrc      = e_subrc
        e_message    = e_message.

    DELETE DATASET lv_infile.
    DELETE DATASET lv_outfile.

  ENDMETHOD.