How to read a certificate and compute hash of it

How to read a certificate and compute hash of it

am 04.12.2009 11:48:01 von Tanveer Chowdhury

--0023541872d082011d0479e4d7c6
Content-Type: text/plain; charset=ISO-8859-1

Hi

Currently I am doing some coding in php to match a client certifcate with an
openldap certificate of that same user just to verify.
I mean the user stored one copy of this certficate in openldap previously
and now when he shows his certificate to server the server will then fetch
that users certificate from ldap and match.

and later I want to do hash. Now in ldap its stored in .der format and in
browser its in .p12
So what I am doing is as below:

$HASH_ALG='md5';
include_once '../ldapconnect.php';
//////////////////////////////////////////////////////////// //////////////////////
//Reading the client certificate from web server
$loginCert = openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]);

//convert the certificate into string
$pemb = chunk_split(base64_encode($loginCert), 64, "\n");
$pemb = "-----BEGIN CERTIFICATE-----\n".$pemb."-----END CERTIFICATE-----\n";

openssl_x509_export($pemb,$cert_pemb_string);

$login_cert_hash = hash ($HASH_ALG, $cert_pemb_string);
echo "Browser HASH= ". $login_cert_hash;
echo "
";

//////////////////////////////////////////////////////////// ///////////////////////

$userName=$_SERVER["SSL_CLIENT_S_DN_CN"];
$filter="(cn=$userName)";
$justthese = array ("userCertificate;binary");
$result=ldap_search ($ldapconnect,"ou=people,dc=example,dc=com", $filter);
$entry = ldap_first_entry($ldapconnect,$result);
$attributes= ldap_get_attributes($ldapconnect,$entry);
$cert_der =$attributes["userCertificate;binary"][0];

// converting der to pem
$pem = chunk_split(base64_encode($cert_der), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
openssl_x509_export($pem,$cert_pem_string);
$ldap_cert_hash = hash($HASH_ALG, $cert_pem_string);

Now finally I will match $login_cert_hash and $ldap_cert_hash but problem is
its always giving me the same output of hash even if I manually change the
certificate of client to make sure.
I don't get it.

Thank in advance.

--0023541872d082011d0479e4d7c6--