Thanks to this recipe [1] I've been able to download SAP Notes from SAP.
The code:
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# File: sapnote.py
import urllib2
import sys
import re
import base64
from urlparse import urlparse
asapnote = "http://service.sap.com/sap/support/notes/1775242"
username = "S00XXXXXXXX"
password = "XXXXXXXXXXX"
req = urllib2.Request(asapnote)
try: handle = urllib2.urlopen(req)
except IOError, e: pass # here we *want* to fail
else: # If we don't fail then the page isn't protected print "This page isn't protected by authentication." sys.exit(1)
if not hasattr(e, 'code') or e.code != 401: # we got an error - but not a 401 error print "This page isn't protected by authentication." print 'But we failed for another reason.' sys.exit(1)
authline = e.headers['www-authenticate']
# this gets the www-authenticate line from the headers
# which has the authentication scheme and realm in it
authobj = re.compile(r'''(?:\s*www-authenticate\s*:)?\s*(\w*)\s+realm=['"]([^'"]+)['"]''', re.IGNORECASE)
# this regular expression is used to extract scheme and realm
matchobj = authobj.match(authline)
if not matchobj: # if the authline isn't matched by the regular expression # then something is wrong print 'The authentication header is badly formed.' print authline sys.exit(1)
scheme = matchobj.group(1)
realm = matchobj.group(2)
# here we've extracted the scheme
# and the realm from the header
if scheme.lower() != 'basic': print 'This example only works with BASIC authentication.' sys.exit(1)
base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
authheader = "Basic %s" % base64string
req.add_header("Authorization", authheader)
try: handle = urllib2.urlopen(req)
except IOError, e: # here we shouldn't fail if the username/password is right print "It looks like the username or password is wrong." sys.exit(1)
sapnote = handle.read()
print sapnoteBut the html source code is awful:
<html> <head> <title>1775242 - SAP Solution Manager 7.1 SP8 - Basic functions</title> <link rel="Shortcut Icon" type="image/x-icon" href="http://www.sap.com/SAPFavicon.ico" /> <link rel="icon" type="image/ico" href="http://www.sap.com/SAPFavicon.ico"> <script language="JavaScript">
var frame_A="25D24E0DFABDFD4996AB0A2039A0D59D_A";
function startBSPApplication(name)
{ doc=window.frames[name].document; doc.writeln('<html><body onload="document.f.submit();">'); doc.writeln('<form id="f" name="f" target="25D24E0DFABDFD4996AB0A2039A0D59D_A" method="POST" action="/sap/bc/bsp/sno/ui/main.do?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3137373532343226">');
doc.writeln('<input type="hidden" name="param" value="69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3137373532343226">');
doc.writeln('<input type="hidden" name="bspapplicationffields" value="cGFyYW09Njk3NjVGNkQ2RjY0NjUzRDMwMzAzMTI2Njk3NjVGNzM2MTcwNkU2Rjc0NjU3MzVGNkU3NTZENjI2NTcyM0QzMTM3MzczNTMyMzQzMjI2">'); doc.writeln('<table border="0" width="100%" height="100%"><tr><td align="CENTER" valign="MIDDLE"><span style="font-family:Arial,sans-serif;">Loading...</span></td></tr></table>'); doc.writeln('</form></body></html>'); doc.close();
}
function exitBSPApplication()
{
var myDoc;
var el;
var sid;
var name;
var app;
var ns;
try
{ myDoc = window.frames[frame_A].document; el = myDoc.forms[0].sid; sid = el.value; el = myDoc.forms[0].cookie_name; name = el.value; el = myDoc.forms[0].appl_name; app = el.value; el = myDoc.forms[0].appl_ns; ns = el.value;
}
catch(err)
{}
var url="/sap/bc/bsp/sno/ui_entry/sessionexit.htm?application_list[1].exit_url=/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm%3Fsap-sessioncmd=logoff";
url+="&sid=" + sid;
url+="&name=" + name;
url+="&app=" + app;
url+="&ns=" + ns;
var win_prop = "";
try
{
//win_prop = "height=100,width=400,top="+(screen.height-100)/2+",left="+(screen.width-400)/2;
}
catch(err)
{ win_prop = "height=100,width=400";
}
win_prop = "height=100,width=400";
var out = window.open(url,'_blank',win_prop); document.getElementById("25D24E0DFABDFD4996AB0A2039A0D59D_FRAMESET").onunload = null;
} </script> </head> <frameset id="25D24E0DFABDFD4996AB0A2039A0D59D_FRAMESET" rows="*,0" onload="startBSPApplication('25D24E0DFABDFD4996AB0A2039A0D59D_A');" onunload="exitBSPApplication();" FRAMEBORDER=0 FRAMESPACING=0 BORDER=0> <frame name="25D24E0DFABDFD4996AB0A2039A0D59D_A" src="entry_default_content.htm" NORESIZE SCROLLING=AUTO MARGINHEIGHT=0 MARGINWIDTH=0> <noframes>This browser does not support frames.</noframes> </frameset></html>
I do not understand why SAP has to obfuscate the code in this way. Why not serve only html without frames neither server side scripting? What do they have to hide?
So, I am done.