1

In SAP (AS ABAP 7.4) I have configured a set of RFC Destinations (Transaction SM59), including an SSL configuration using a client certificate for authentication at the service.

Say, one of these RFC Destinations goes to: myserver:443 and myserver requieres SSL client certificate authentication.

In my ABAP class I am given an arbitrary URL such as https://myserver:443/my/ressouce.xml

I am using CL_HTTP_CLIENT to fetch the ressource, but as far as I can see, there is no way to initialize the HTTP client in a way that it uses the correct SSL client certificate, except passing the appropriate RFC Destination using CL_HTTP_CLIENT.CREATE_BY_DESTINATION

To achieve this, one can manually read/parse the SAPs RFCDST table and map the given URL to the correct RFC destination.

My question is if there is a better way in SAP (e.g. a standard SAP function) than this manual approach?

Sandra Rossi
  • 11,934
  • 5
  • 22
  • 48
pmenze
  • 38
  • 1
  • 6
  • As it's about security, I think you should better control the list of RFC destinations allowed by defining a whitelist somewhere, especially in the case that one RFC destination is added in the future, which should not be allowed in your context. – Sandra Rossi Feb 08 '18 at 21:01
  • Why do you start with the URL in the first place - why don't you use the RFC destination as a starting point instead? – vwegert Feb 11 '18 at 15:29
  • @SandraRossi That's a good point, I should add such a white list to my mapping function. – pmenze Feb 12 '18 at 09:44
  • @vwegert The problem to solve is: I am retrieving a list of PDF or JPG documents from another server within my site. This list is an XML document containing some meta data (author, date etc) for each document, as well as a URL pointing to the actual PDF or JPG binary. Both, the metadata list request and the binary URL request require a SSL client certificate that is configured within a RFC destination. I want to read the binary without having to hard-wire the RFC destination in my ABAP code. – pmenze Feb 12 '18 at 09:56

1 Answers1

0

The only viable way appears to be:

  • "Manually" select the destination names from RFCDES with RFCTYPE = IF_DEST_ROOT~CO_TYPE_HTTP_EXT
  • Parse the settings of each destination using RFC_READ_HTTP_DESTINATION
  • Compare the values against the given URL - you will have to strip some part from either side, so that would have to be be custom code anyway.
vwegert
  • 18,371
  • 3
  • 37
  • 55