Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JWT With RSA256 Encryption ABAP Stack

FI3
Discoverer

‎04-02-2024 1:31 PM

0 Kudos

Hello.

I'm trying to create a JWT like on the website https://jwt.io/.

The signature section uses the SHA256withRSA / RSA256 algorithm with the private key provided.

How to make SHA256withRSA / RSA256 encryption with abap stack.

I have tried using Class cl_abap_hmac=>calculate_hmac_for_char and cl_abap_message_digest=>calculate_hash_for_char but it doesn't work. 

Has anyone an idea how to achieve this? 

ABAP Development 

ABAP Development
ABAP Development
Programming Tool
Labels:
2 REPLIES 2

caner_genis
Explorer

‎04-04-2024 8:22 AM - edited ‎04-04-2024 8:27 AM

0 Kudos

Hello FI3,

Could you please check this code?

 

 

PRIVATE SECTION.
    TYPES:
      BEGIN OF ty_jwt_header,
        alg TYPE string,
        typ TYPE string,
      END OF ty_jwt_header .

    TYPES:
      BEGIN OF ty_jwt_payload,
        secret TYPE string, " private key
        iat    TYPE i, "Issued At
        exp    TYPE i, "Expiration Time
      END OF ty_jwt_payload .
METHOD generate_jwttoken.
    TRY.
        DATA(ls_header) = VALUE ty_jwt_header( alg = me->t_params[ name = c_alg ]-value  "HS256
                                               typ = me->t_params[ name = c_typ ]-value ).  "JWT

        DATA(lv_json_header) = /ui2/cl_json=>serialize( data        = ls_header
                                                        compress    = abap_on
                                                        pretty_name = /ui2/cl_json=>pretty_mode-low_case ).
        DATA(lv_b64_header) = cl_http_utility=>if_http_utility~encode_base64( lv_json_header ).

        DATA(lv_currentts) = zcl_bc_util=>generate_timestamp( iv_tzone = 'TURKEY' ).
        DATA(lv_plus5min)  = lv_currentts + 300.
        DATA(ls_payload)   = VALUE ty_jwt_payload( secret = me->t_params[ name = c_private ]-value
                                                   iat    = lv_currentts
                                                   exp    = lv_plus5min ).

        DATA(lv_json_payload) = /ui2/cl_json=>serialize( data        = ls_payload
                                                         compress    = abap_on
                                                         pretty_name = /ui2/cl_json=>pretty_mode-low_case ).
        DATA(lv_b64_payload) = cl_http_utility=>if_http_utility~encode_base64( lv_json_payload ).
        DATA(lv_xpublic)     = zcl_bc_util=>conv_string_to_xstring( CONV string( me->t_params[ name = c_public ]-value ) ).
        DATA(lv_data)        = lv_b64_header && '.' && lv_b64_payload.

        cl_abap_hmac=>calculate_hmac_for_char( EXPORTING if_algorithm     = CONV string( me->t_params[ name = c_algorithm ]-value )  "SHA256
                                                         if_key           = lv_xpublic
                                                         if_data          = lv_data
                                               IMPORTING ef_hmacb64string = DATA(lv_b64_hmac) ).

        DATA(lv_off) = strlen( lv_b64_hmac ) - 1.
        lv_b64_hmac  = lv_b64_hmac(lv_off).

        REPLACE ALL OCCURRENCES OF: '/' IN lv_b64_hmac WITH '_',
                                    '+' IN lv_b64_hmac WITH '-'.

        me->v_token  = lv_data && '.' && lv_b64_hmac.

      CATCH cx_abap_message_digest INTO DATA(lx_hmac). " Exception Class for Message Digest
        RAISE EXCEPTION TYPE zcx_kw
          EXPORTING
            textid = lx_hmac->if_t100_message~t100key.

*      CATCH zcx_bc_util INTO DATA(lx_bc). " 
*        RAISE EXCEPTION TYPE zcx_kw
*          EXPORTING
*            textid = lx_bc->if_t100_message~t100key.

    ENDTRY.
ENDMETHOD.

 

 

 

 

 

METHOD generate_timestamp.
*   IMPORTING !iv_tzone      TYPE tznzone DEFAULT 'UTC'
*   RETURNING VALUE(rv_secs) TYPE tzntstmpl
*   RAISING   zcx_bc_util.

    DATA ts1 TYPE c LENGTH 20.

    GET TIME STAMP FIELD DATA(ts).
    CONVERT TIME STAMP ts TIME ZONE iv_tzone INTO DATE DATA(dt) TIME DATA(tm).
    ts1 = dt && tm.

    DATA(ts2) = CONV tzntstmpl( '19700101000000' ).

    TRY.
        " Time Interval in Seconds
        rv_secs = CONV int4( cl_abap_tstmp=>subtract( EXPORTING tstmp1 = CONV tzntstmpl( ts1 )
                                                                tstmp2 = ts2 ) ).

      CATCH cx_parameter_invalid_range INTO DATA(lx_range). " Parameter with invalid value range
        "DATA(ls_t100) = set_message_from_obj( lx_range ).

      CATCH cx_parameter_invalid_type INTO DATA(lx_type).  " Parameter with Invalid Type
        "ls_t100 = set_message_from_obj( lx_type ).

    ENDTRY.

    CHECK ls_t100 IS NOT INITIAL.
*    RAISE EXCEPTION TYPE zcx_bc_util
*      EXPORTING
*        textid = ls_t100.

ENDMETHOD.

 

 

 

 

METHOD conv_string_to_xstring.
    DATA: ls_t100 TYPE scx_t100key.

    CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
      EXPORTING
        text     = iv_str
        mimetype = 'charset=utf-8'
        encoding = '4110'
      IMPORTING
        buffer   = rv_xstr
      EXCEPTIONS
        failed   = 1
        OTHERS   = 2.

    CHECK sy-subrc <> 0.

*    ls_t100 = set_messagge_from_sy( ).

*    RAISE EXCEPTION TYPE zcx_bc_util
*      EXPORTING
*        textid = ls_t100.

ENDMETHOD.

 

 

Good luck.

Caner.

 

 

 

FI3
Discoverer
In response to caner_genis

‎04-04-2024 10:34 AM

0 Kudos

Hello Caner.

Thankyou for the code. really appreciate it.

But for the requierement, i need to encrypt the signature with RS256 Algorithm instead of SHA256.

if we try at jwt.io we can choose RS256 in the dropdown list. 

FI3_1-1712223080691.png

the output will be different beetween RS256 and SHA256. 

i tried with cl_abap_hmac=>calculate_hmac_for_char with exporting if_algoritm = 'RSA256' then error occured.

is the RS256 algorithm not supported in SAP ?

Regrads.
FI3