Hi
Currently I am doing some coding in php to match a client certifcate with an
openldap certificate of that same user just to verify.
I mean the user stored one copy of this certficate in openldap previously
and now when he shows his certificate to server the server will then fetch
that users certificate from ldap and match.
and later I want to do hash. Now in ldap its stored in .der format and in
browser its in .p12
So what I am doing is as below:
<?php
$HASH_ALG='md5';
include_once '../ldapconnect.php';
//////////////////////////////////////////////////////////////////////////////////
//Reading the client certificate from web server
$loginCert = openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]);
//convert the certificate into string
$pemb = chunk_split(base64_encode($loginCert), 64, "\n");
$pemb = "-----BEGIN CERTIFICATE-----\n".$pemb."-----END CERTIFICATE-----\n";
openssl_x509_export($pemb,$cert_pemb_string);
$login_cert_hash = hash ($HASH_ALG, $cert_pemb_string);
echo "Browser HASH= ". $login_cert_hash;
echo "<br />";
///////////////////////////////////////////////////////////////////////////////////
$userName=$_SERVER["SSL_CLIENT_S_DN_CN"];
$filter="(cn=$userName)";
$justthese = array ("userCertificate;binary");
$result=ldap_search ($ldapconnect,"ou=people,dc=example,dc=com", $filter);
$entry = ldap_first_entry($ldapconnect,$result);
$attributes= ldap_get_attributes($ldapconnect,$entry);
$cert_der =$attributes["userCertificate;binary"][0];
// converting der to pem
$pem = chunk_split(base64_encode($cert_der), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
openssl_x509_export($pem,$cert_pem_string);
$ldap_cert_hash = hash($HASH_ALG, $cert_pem_string);
Now finally I will match $login_cert_hash and $ldap_cert_hash but problem is
its always giving me the same output of hash even if I manually change the
certificate of client to make sure.
I don't get it.
Thank in advance.
