Introduction
For one of our Integrations to Salesforce, we had to send data to Salesforce APEX Webservices as a Encrypted Payload. Salesforce has standard methods for Encryption and Decryption as documented here. Our requirement was to send the data as AES128 Encrypted from Cloud Integration. Of course you might think of using SAP Cloud Integration PKCS7 Encryptor (Encrypt and Sign the Message Content with PKCS#7/CMS Encryptor) but Cloud Integration PKCS7 Encryptor works on Asymmetric Keys ( Private and Public Certificates) whereas in the case of our requirement we needed to use Symmetric Encryption ( Same key for both Encryption and Decryption.
AES (Symmetric) Encryption using Groovy in Cloud Integration
As veteran Integration experts on Cloud Integration would have guessed, the only approach to handling this is to use Groovy in Cloud Integration / CPI. Below is the code snippet that encrypts the Payload / Message Body as AES-128 in Cloud Integration.
import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
def Message processData(Message message) {
//Body
def body = message.getBody(java.lang.String) as String;
// Provided Key and IV as String (make sure these are correctly formatted for your use case)
String keyString = "<<key>>" // Replace with actual key string
String ivString = "<<InitializationVector>>" // Replace with actual IV string
// Convert strings to binary formats suitable for the encryption algorithm
byte[] keyBytes = keyString.bytes // This assumes the key is directly in a suitable format
byte[] ivBytes = ivString.bytes
// Ensure key and iv have correct lengths (16 bytes for AES-128)
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES")
IvParameterSpec iv = new IvParameterSpec(ivBytes)
// Prepare the cipher for encryption
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(Cipher.ENCRYPT_MODE, key, iv)
// Data to be encrypted
String dataToEncrypt = body
byte[] encryptedData = cipher.doFinal(dataToEncrypt.bytes)
// Encode encrypted data as Base64 for easier handling
String base64Encrypted = encryptedData.encodeBase64().toString()
message.setBody(base64Encrypted)
return message;
}
Testing in Cloud Integration
AES (Symmetric) Decryption Using Groovy in Cloud Integration
import com.sap.gateway.ip.core.customdev.util.Message;
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
import java.util.HashMap;
def Message processData(Message message) {
//Body
def base64Encrypted = message.getBody(java.lang.String) as String;
// Assume these are provided by your Salesforce team and properly formatted
String keyString = "<<key>>" // Replace with actual key string
String ivString = "<<InitializationVector>>" // Replace with actual IV string
// Convert the provided key and IV strings to binary format
byte[] keyBytes = keyString.bytes // Ensure this conversion aligns with how your key is actually encoded (e.g., Base64, Hex)
byte[] ivBytes = ivString.bytes
// Create the key and IV specifications from the bytes
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES")
IvParameterSpec iv = new IvParameterSpec(ivBytes)
// Initialize the Cipher for decryption
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(Cipher.DECRYPT_MODE, key, iv)
// Decode the encrypted data from Base64 to binary
byte[] encryptedData = base64Encrypted.decodeBase64()
// Decrypt the data
byte[] decryptedData = cipher.doFinal(encryptedData)
// Convert the decrypted binary data to string
String decryptedString = new String(decryptedData)
message.setBody(decryptedString)
return message;
}
Testing Decryption
Final Thoughts
That’s it! You can do standard AES Encryption / Decryption for Symmetric Keys in Cloud Integration using Standard Groovy Scripting!
Leave a Reply