problem in Computing hash of certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,
I was willing to match two certificates using hash fn but the problem
is when I fetch the certificate from apache its in pem format and when
I fetch the cert from LDAP its in der so only this one needs
to be converted to .pem format which I m doing but its showing me two
diff. hashes.
When I read the cert from LDAP and convert it to pem then it cannot
print also when I use parse function and when print the cert then
inside the BEGIN and END it doesn't print the whole certificate.
Is it normal or it can't fetch the whole cert from ldap?

<?php

include_once 'ldapconnect.php';
$HASH_ALG="md5";

$loginCert = openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]);
echo "<br />";

openssl_x509_export ($loginCert, $login_cert_String);
if (empty ($login_cert_String)) echo "empty";
$login_cert_hash = hash ($HASH_ALG, $login_cert_String);

echo "Browser HASH= ". $login_cert_hash;

//$ssl=openssl_x509_parse($loginCert);
//print_r ($ssl);
echo "<br />";

////////////////////////////////////////////////////////////////////////

$cn="John Albert";
$dn = "dc=example, dc=com";

$filter="(cn=$cn)";
        $justthese = array("userCertificate;binary","cn");
        $sr=ldap_search($ldapconnect, $dn, $filter, $justthese);
        $info = ldap_get_entries($ldapconnect, $sr);
        $entry =ldap_first_entry($ldapconnect, $sr);
        $attributes = ldap_get_attributes($ldapconnect,$entry);
        $certificate =$attributes["userCertificate;binary"][0];

        //convert certificate into .PEM format for further processing.
        //$cert2= der2pem($certificate);
    $pem = chunk_split(base64_encode($certificate), 64, "\n");
    $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
    $cert2 = $pem;
// It does not print the certificate as array here
     $ssl2=openssl_x509_parse($cert2);
     print_r ($ssl2);
     echo "<br />";
// here it prints the certificate but it doesn't print the whole
certificate between the BEGIN CERTIFICATE and END CERTIFICATE
// Does that mean it can't read the whole centent.
     echo $cert2;

//openssl_x509_export($cert2,$certS);
echo "<BR /> LDAP HASH:";
echo hash("md5",$cert2);
?>

thanks in advance.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux