Martin Voros wrote:
Hi,
I think that part of documentation is obsolete. SAP uses this to protect credit card details if stored in SAP. I don't think you need additional product for this but I am not 100% sure.
If you do "where used" for this FM you will see that it's used in method EXTERNAL_ENCYPTING of class CL_PCA_SECURITY. This may give you an idea how to call this FM. From top of my head you can define an application in table SSFARGS. Here you define which PSE with certificate will be used and corresponding options for output format and algorithms. You can use FM SSF_GET_PARAMETER to read these settings from this table for an application. In reciepient list you need to use values returned by SSF_GET_PARAMETER. Unless you protect PSE with password you don't have to populate STR_PAB_PASSWORD. STR_PAB comes from SSF_GET_PARAMETER.
You can also see how it's done in report SSF01.
Cheers
Martin! thanks for you answer.
Fortunally, I can find out how I have to excecute this FM.
The problem here was when I executed the FM SSF_GET_PARAMETER.
As you said, this FM returns the parameters of a SSF application (location of the pse, encryption algorithm, etc..), but what I realy needed were the parameters of the certificate that is included in that SSF application.
So, I resolve it in this way:
1- Call SSF_GET_PARAMETER to get the information of SSFA
2- Call SSFC_GET_CERTIFICATELIST to get the certificate list of that SSFA
3- Call SSFC_PARSE_CERTIFICATE for every certificate in the list of certificates.
The code is something like this:
*Read SSFA information
CALL FUNCTION 'SSF_GET_PARAMETER'
EXPORTING
application = 'SSFA'
IMPORTING
str_pab = str_pab
str_pab_password = str_pab_password
str_profileid = str_profileid
str_profile = str_profile
str_encralg = str_encralg
EXCEPTIONS
ssf_parameter_not_found = 1
OTHERS = 2.
*Read certificates included in SSFA
CALL FUNCTION 'SSFC_GET_CERTIFICATELIST'
EXPORTING
profile = str_profile
IMPORTING
certificatelist = lt_certificatelist.
*Here you can obtein the information of each certificate. In my case is just one
LOOP AT lt_certificatelist INTO lv_certificate.
CALL FUNCTION 'SSFC_PARSE_CERTIFICATE'
EXPORTING
certificate = lv_certificate
IMPORTING
subject = l_subject
issuer = l_issuer
serialno = l_serialno
validfrom = l_validfrom
validto = l_validto
algid = l_algid
fingerprint = l_fingerprint
summary = l_summary
all = l_all
EXCEPTIONS
ssf_krn_error = 1
ssf_krn_nomemory = 2
ssf_krn_nossflib = 3
ssf_krn_invalid_par = 4
OTHERS = 5.
ENDLOOP.
lw_recipient-id = l_subject
INSERT lw_recipient INTO TABLE lt_recipient.
*Finally, call the FM to encrypt the document:
CALL FUNCTION 'SSF_KRN_ENVELOPE'
EXPORTING
ostr_input_data_l = lv_bin_data_len
str_pab = str_pab
str_pab_password = str_pab_password
str_sym_encr_alg = 'AES128-CBC'
IMPORTING
ostr_enveloped_data_l = lv_enveloped_data_len
crc = lv_crc
TABLES
ostr_input_data = lt_bin_data
recipient_list = lt_recipient
ostr_enveloped_data = lt_enveloped_data
EXCEPTIONS
ssf_krn_error = 1
ssf_krn_noop = 2
ssf_krn_nomemory = 3
ssf_krn_opinv = 4
ssf_krn_nossflib = 5
ssf_krn_recipient_list_error = 6
ssf_krn_input_data_error = 7
ssf_krn_invalid_par = 8
ssf_krn_invalid_parlen = 9
ssf_fb_input_parameter_error = 10
OTHERS = 11.
I hope this can help anybody with the same problem.
Regards.
--
German Guzelj
