Jump to content

problem reading client certificate from openldap and compute hash

tanveer

By tanveer
in PHP Coding Help

 Share

Recommended Posts

tanveer Member

tanveer

Posted
Posted

Hi

 

Currently I am doing some coding in php to match a client certifcate with an

openldap certificate of that same user just to verify.

I mean the user stored one copy of this certficate in openldap previously

and now when he shows his certificate to server the server will then fetch

that users certificate from ldap and match.

 

and later I want to do hash. Now in ldap its stored in .der format and in

browser its in .p12

So what I am doing is as below:

 

<?php
$HASH_ALG='md5';
include_once '../ldapconnect.php';
//////////////////////////////////////////////////////////////////////////////////
//Reading the client certificate from web server
$loginCert = openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]);

//convert the certificate into string
$pemb = chunk_split(base64_encode($loginCert), 64, "\n");
$pemb = "-----BEGIN CERTIFICATE-----\n".$pemb."-----END CERTIFICATE-----\n";

openssl_x509_export($pemb,$cert_pemb_string);

$login_cert_hash = hash ($HASH_ALG, $cert_pemb_string);
echo "Browser HASH= ". $login_cert_hash;
echo "<br />";

///////////////////////////////////////////////////////////////////////////////////

$userName=$_SERVER["SSL_CLIENT_S_DN_CN"];
$filter="(cn=$userName)";
$justthese = array ("userCertificate;binary");
$result=ldap_search ($ldapconnect,"ou=people,dc=example,dc=com", $filter);
$entry = ldap_first_entry($ldapconnect,$result);
$attributes= ldap_get_attributes($ldapconnect,$entry);
$cert_der =$attributes["userCertificate;binary"][0];

// converting der to pem
$pem = chunk_split(base64_encode($cert_der), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
openssl_x509_export($pem,$cert_pem_string);
$ldap_cert_hash = hash($HASH_ALG, $cert_pem_string);

 

Now finally I will match $login_cert_hash and $ldap_cert_hash but problem is

its always giving me the same output of hash even if I manually change the

certificate of client to make sure.

I don't get it.

 

Thank in advance.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.