Difference between revisions of "SAP ABAP ENCRIPTACION"
From SapWiki
Line 154: | Line 154: | ||
encoded = p_string_base64. | encoded = p_string_base64. | ||
ENDFORM.</nowiki> | ENDFORM.</nowiki> | ||
+ | |||
+ | ===Uso de OPENSSL=== | ||
+ | <nowiki> | ||
+ | METHOD encrypt. | ||
+ | DATA lt_btcxpm TYPE TABLE OF btcxpm. | ||
+ | |||
+ | DATA lv_parameter type BTCXPGPAR. | ||
+ | |||
+ | IF i_iv_key IS NOT INITIAL. | ||
+ | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. | ||
+ | ELSE. | ||
+ | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. | ||
+ | ENDIF. | ||
+ | |||
+ | REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. | ||
+ | REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. | ||
+ | REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. | ||
+ | REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. | ||
+ | REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. | ||
+ | |||
+ | CALL FUNCTION 'SXPG_COMMAND_EXECUTE' | ||
+ | EXPORTING | ||
+ | commandname = 'ZOPENSSL' | ||
+ | additional_parameters = lv_parameter | ||
+ | TABLES | ||
+ | exec_protocol = lt_btcxpm | ||
+ | EXCEPTIONS | ||
+ | no_permission = 1 | ||
+ | command_not_found = 2 | ||
+ | parameters_too_long = 3 | ||
+ | security_risk = 4 | ||
+ | wrong_check_call_interface = 5 | ||
+ | program_start_error = 6 | ||
+ | program_termination_error = 7 | ||
+ | x_error = 8 | ||
+ | parameter_expected = 9 | ||
+ | too_many_parameters = 10 | ||
+ | illegal_command = 11 | ||
+ | wrong_asynchronous_parameters = 12 | ||
+ | cant_enq_tbtco_entry = 13 | ||
+ | jobcount_generation_error = 14 | ||
+ | OTHERS = 15. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = sy-subrc. | ||
+ | e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | IF lt_btcxpm[] IS NOT INITIAL. | ||
+ | e_subrc = 16. | ||
+ | LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). | ||
+ | ENDLOOP. | ||
+ | e_message = |Error en ecriptación { ls_btcxmp-message }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 17. | ||
+ | e_message = |Error en abrir archivo de salida { i_out_file }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | READ DATASET i_out_file INTO e_base54_enc. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 18. | ||
+ | e_message = |Error en leer archivo de salida { i_out_file }|. | ||
+ | close DATASET i_out_file. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | close DATASET i_out_file. | ||
+ | e_subrc = 0. | ||
+ | ENDMETHOD. | ||
+ | |||
+ | METHOD encrypt_sac_aes256. | ||
+ | DATA lv_key TYPE string. | ||
+ | DATA lv_key_iv TYPE string. | ||
+ | DATA lv_infile TYPE oiuh_char56. | ||
+ | DATA lv_outfile TYPE oiuh_char56. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
+ | EXPORTING | ||
+ | i_parametro = 'AES256-KEY' | ||
+ | RECEIVING | ||
+ | r_key = lv_key. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
+ | EXPORTING | ||
+ | i_parametro = 'AES256-IV' | ||
+ | RECEIVING | ||
+ | r_key = lv_key_iv. | ||
+ | |||
+ | lv_infile = '/tmp'. | ||
+ | CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. | ||
+ | |||
+ | lv_outfile = '/tmp'. | ||
+ | CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. | ||
+ | |||
+ | OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 4. | ||
+ | e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | TRANSFER i_text TO lv_infile. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 4. | ||
+ | e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. | ||
+ | CLOSE DATASET lv_infile. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | CLOSE DATASET lv_infile. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>encrypt | ||
+ | EXPORTING | ||
+ | * i_mode = 'aes-256-cbc' | ||
+ | i_in_file = lv_infile | ||
+ | i_out_file = lv_outfile | ||
+ | i_key = lv_key | ||
+ | i_iv_key = lv_key_iv | ||
+ | IMPORTING | ||
+ | e_base54_enc = e_base54_enc | ||
+ | e_subrc = e_subrc | ||
+ | e_message = e_message. | ||
+ | |||
+ | DELETE DATASET lv_infile. | ||
+ | DELETE DATASET lv_outfile. | ||
+ | |||
+ | ENDMETHOD. | ||
+ | </nowiki> | ||
[[Category:ABAP]] | [[Category:ABAP]] |
Revision as of 19:13, 24 July 2024
Ejemplo AES 256 mode CBC
*&---------------------------------------------------------------------* *& Report YENCRIPT2_DO *&---------------------------------------------------------------------* *& *&---------------------------------------------------------------------* REPORT yencript2_do. * equivale a AES 256 mode CBC * basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR * para test https://www.devglan.com/online-tools/aes-encryption-decryption DATA: blocksize TYPE i , keysize TYPE i , cipher TYPE xstring , block TYPE xstring , rest TYPE i , offset TYPE i , l_iv TYPE xstring , emptyiv TYPE xstring , counter(4) TYPE x , ctroffset TYPE i . DATA iv TYPE xstring. DATA key TYPE xstring. DATA input TYPE xstring. DATA result TYPE xstring. DATA l_plaintext TYPE string. DATA l_plaintext_x TYPE xstring. DATA l_key TYPE string. DATA l_key_x TYPE xstring. DATA lv_message TYPE xstring. DATA lv_message_decrypted TYPE xstring. DATA lr_xstring TYPE xstring. DATA l_base64 TYPE string. DATA lv_message_string TYPE string. DATA i_iv TYPE xstring. DATA: lf_bindata TYPE xstring. *--------------------------------------------------------------------* * *--------------------------------------------------------------------* * ejemplo: archivo JSON o XML PARAMETERS gf_xfile TYPE string LOWER CASE. *--------------------------------------------------------------------* AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile. *--------------------------------------------------------------------* DATA: window_title TYPE string. window_title = 'Archivo de entrada'. cl_secxml_helper=>file_f4( EXPORTING window_title = window_title IMPORTING filename = gf_xfile ). *--------------------------------------------------------------------* START-OF-SELECTION. *--------------------------------------------------------------------* *--------------------------------------------------------------------* * read xml data *--------------------------------------------------------------------* IF gf_xfile IS NOT INITIAL. cl_secxml_helper=>upload_file( EXPORTING filename = gf_xfile IMPORTING bindata = lf_bindata ). ENDIF. blocksize = 16. keysize = 32. ctroffset = 12. emptyiv = '00000000000000000000000000000000'. i_iv = emptyiv. l_key = '12345678901234567890123456789012'. l_key_x = cl_abap_hmac=>string_to_xstring( l_key ). IF lf_bindata IS INITIAL. l_plaintext = 'Texto a encriptar'. l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ). ELSE. MOVE lf_bindata TO l_plaintext_x. ENDIF. iv = i_iv. key = l_key_x. input = l_plaintext_x. IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize. WRITE:/ 'error en llave o IV'. RETURN. ENDIF. rest = xstrlen( input ). IF rest < 1. RETURN. "nothing to encrypt ENDIF. *--------------------------------------------------------------------* * encrypt *--------------------------------------------------------------------* CALL METHOD cl_sec_sxml_writer=>encrypt_iv( EXPORTING plaintext = input key = key iv = iv algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING ciphertext = cipher ). * padding lr_xstring = cipher+blocksize. *--------------------------------------------------------------------* * codificar archivo encriptado en BASE64 *--------------------------------------------------------------------* PERFORM encode_base_64x USING lr_xstring CHANGING l_base64. *--------------------------------------------------------------------* * decrypt message *--------------------------------------------------------------------* cl_sec_sxml_writer=>decrypt( EXPORTING ciphertext = cipher key = l_key_x algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING plaintext = lv_message_decrypted ). " convert xstring to string for output cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ). " output secret message WRITE lv_message_string. *----------------------------------------------------------------------* * FORM ....... *----------------------------------------------------------------------* * text *----------------------------------------------------------------------* * --> p1 text * <-- p2 text *----------------------------------------------------------------------* FORM encode_base_64x USING p_xstring TYPE xstring CHANGING p_string_base64 TYPE string. DATA: l_http_utility TYPE REF TO cl_http_utility. DATA: l_string TYPE string. CREATE OBJECT l_http_utility. CALL METHOD l_http_utility->encode_x_base64 EXPORTING unencoded = p_xstring RECEIVING encoded = p_string_base64. ENDFORM.
Uso de OPENSSL
METHOD encrypt. DATA lt_btcxpm TYPE TABLE OF btcxpm. DATA lv_parameter type BTCXPGPAR. IF i_iv_key IS NOT INITIAL. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. ELSE. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. ENDIF. REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. CALL FUNCTION 'SXPG_COMMAND_EXECUTE' EXPORTING commandname = 'ZOPENSSL' additional_parameters = lv_parameter TABLES exec_protocol = lt_btcxpm EXCEPTIONS no_permission = 1 command_not_found = 2 parameters_too_long = 3 security_risk = 4 wrong_check_call_interface = 5 program_start_error = 6 program_termination_error = 7 x_error = 8 parameter_expected = 9 too_many_parameters = 10 illegal_command = 11 wrong_asynchronous_parameters = 12 cant_enq_tbtco_entry = 13 jobcount_generation_error = 14 OTHERS = 15. IF sy-subrc <> 0. e_subrc = sy-subrc. e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. RETURN. ENDIF. IF lt_btcxpm[] IS NOT INITIAL. e_subrc = 16. LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). ENDLOOP. e_message = |Error en ecriptación { ls_btcxmp-message }|. RETURN. ENDIF. OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 17. e_message = |Error en abrir archivo de salida { i_out_file }|. RETURN. ENDIF. READ DATASET i_out_file INTO e_base54_enc. IF sy-subrc <> 0. e_subrc = 18. e_message = |Error en leer archivo de salida { i_out_file }|. close DATASET i_out_file. RETURN. ENDIF. close DATASET i_out_file. e_subrc = 0. ENDMETHOD. METHOD encrypt_sac_aes256. DATA lv_key TYPE string. DATA lv_key_iv TYPE string. DATA lv_infile TYPE oiuh_char56. DATA lv_outfile TYPE oiuh_char56. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-KEY' RECEIVING r_key = lv_key. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-IV' RECEIVING r_key = lv_key_iv. lv_infile = '/tmp'. CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. lv_outfile = '/tmp'. CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. RETURN. ENDIF. TRANSFER i_text TO lv_infile. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. CLOSE DATASET lv_infile. RETURN. ENDIF. CLOSE DATASET lv_infile. CALL METHOD zcl_hr_sac_sap=>encrypt EXPORTING * i_mode = 'aes-256-cbc' i_in_file = lv_infile i_out_file = lv_outfile i_key = lv_key i_iv_key = lv_key_iv IMPORTING e_base54_enc = e_base54_enc e_subrc = e_subrc e_message = e_message. DELETE DATASET lv_infile. DELETE DATASET lv_outfile. ENDMETHOD.