problem in Computing hash of certificates
am 12.12.2009 11:55:08 von Tanveer ChowdhuryHi all,
I was willing to match two certificates using hash fn but the problem
is when I fetch the certificate from apache its in pem format and when
I fetch the cert from LDAP its in der so only this one needs
to be converted to .pem format which I m doing but its showing me two
diff. hashes.
When I read the cert from LDAP and convert it to pem then it cannot
print also when I use parse function and when print the cert then
inside the BEGIN and END it doesn't print the whole certificate.
Is it normal or it can't fetch the whole cert from ldap?
include_once 'ldapconnect.php';
$HASH_ALG=3D"md5";
$loginCert =3D openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]);
echo "
";
openssl_x509_export ($loginCert, $login_cert_String);
if (empty ($login_cert_String)) echo "empty";
$login_cert_hash =3D hash ($HASH_ALG, $login_cert_String);
echo "Browser HASH=3D ". $login_cert_hash;
//$ssl=3Dopenssl_x509_parse($loginCert);
//print_r ($ssl);
echo "
";
//////////////////////////////////////////////////////////// ////////////
$cn=3D"John Albert";
$dn =3D "dc=3Dexample, dc=3Dcom";
$filter=3D"(cn=3D$cn)";
=A0 $justthese =3D array("userCertificate;binary","cn");
=A0 $sr=3Dldap_search($ldapconnect, $dn, $filter, $justth=
ese);
=A0 $info =3D ldap_get_entries($ldapconnect, $sr);
=A0 $entry =3Dldap_first_entry($ldapconnect, $sr);
=A0 $attributes =3D ldap_get_attributes($ldapconnect,$ent=
ry);
=A0 $certificate =3D$attributes["userCertificate;binary"]=
[0];
=A0 //convert certificate into .PEM format for further pr=
ocessing.
=A0 //$cert2=3D der2pem($certificate);
=A0 $pem =3D chunk_split(base64_encode($certificate), 64, "\n");
=A0 $pem =3D "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICA=
TE-----\n";
=A0 $cert2 =3D $pem;
// It does not print the certificate as array here
$ssl2=3Dopenssl_x509_parse($cert2);
print_r ($ssl2);
echo "
";
// here it prints the certificate but it doesn't print the whole
certificate between the BEGIN CERTIFICATE and END CERTIFICATE
// Does that mean it can't read the whole centent.
echo $cert2;
//openssl_x509_export($cert2,$certS);
echo "
LDAP HASH:";
echo hash("md5",$cert2);
?>
thanks in advance.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php