function getEPerson()
{
// get relevant environment vars set by Apache
// SSL_CLIENT_S_DN example:
// /C=EE/O=ESTEID/OU=authentication/CN=SMITH,JOHN,37504170511/
// SN=SMITH/GN=JOHN/serialNumber=37504170511
$ident = getenv("SSL_CLIENT_S_DN");
$verify = getenv("SSL_CLIENT_VERIFY");
//echo $ident;
//echo $verify;
//echo "<p>";
//return True;
// check and parse the values
if (!$ident || $verify != "SUCCESS") {
return False;
}
$ident = certstr2utf8($ident);
// old cards use UCS-2, new cards use UTF-8
//if (strpos($ident,"/C=EE/O=ESTEID")!=0 && ) return False;
$ps = strpos($ident, ",SN=");
$pg = strpos($ident, ",GN=");
$pc = strpos($ident, "serialNumber=");
if (!$ps || !$pg) {
return False;
}
$pse = strpos($ident, ",", $ps + 1);
$pge = strpos($ident, ",", $pg + 1);
$res = array(substr($ident, $ps + 4, $pse - ($ps + 4)), substr($ident, $pg + 4, $pge - ($pg + 4)), substr($ident, $pc + 13, 11));
return $res;
}
header("Content-Type: text/html; charset=UTF-8");
$conf = (include 'conf.php');
$client = $_GET['id'];
if (!isset($conf[$client])) {
die("no client");
}
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $conf[$client]['from']) {
die("wrong from");
}
$s = $_SERVER['SSL_CLIENT_S_DN'];
$l = preg_split('|/|', $s, -1, PREG_SPLIT_NO_EMPTY);
$valid_params = array("SN", "GN", "serialNumber");
foreach ($l as $e) {
list($n, $v) = explode('=', $e, 2);
if (in_array($n, $valid_params)) {
$x = certstr2utf8($v);
$data[$n] = $x;
$unhash .= $x;
// put param to hash
$hidden .= '<input type="hidden" name="' . $n . '" value="' . $x . '">';
}
}
$timestamp = time();
// hash(sha256)
// SN.GN.serialNumber.timestamp.secret
$unhash .= $timestamp . $conf[$client]['secret'];
$hash = hash("sha256", $unhash);
// convert encoding
function certstr2utf8($str)
{
$str = preg_replace("/\\\\x([0-9ABCDEF]{1,2})/e", "chr(hexdec('\\1'))", $str);
