function getEPerson() { // get relevant environment vars set by Apache // SSL_CLIENT_S_DN example: // /C=EE/O=ESTEID/OU=authentication/CN=SMITH,JOHN,37504170511/ // SN=SMITH/GN=JOHN/serialNumber=37504170511 $ident = getenv("SSL_CLIENT_S_DN"); $verify = getenv("SSL_CLIENT_VERIFY"); //echo $ident; //echo $verify; //echo "<p>"; //return True; // check and parse the values if (!$ident || $verify != "SUCCESS") { return False; } $ident = certstr2utf8($ident); // old cards use UCS-2, new cards use UTF-8 //if (strpos($ident,"/C=EE/O=ESTEID")!=0 && ) return False; $ps = strpos($ident, ",SN="); $pg = strpos($ident, ",GN="); $pc = strpos($ident, "serialNumber="); if (!$ps || !$pg) { return False; } $pse = strpos($ident, ",", $ps + 1); $pge = strpos($ident, ",", $pg + 1); $res = array(substr($ident, $ps + 4, $pse - ($ps + 4)), substr($ident, $pg + 4, $pge - ($pg + 4)), substr($ident, $pc + 13, 11)); return $res; }
header("Content-Type: text/html; charset=UTF-8"); $conf = (include 'conf.php'); $client = $_GET['id']; if (!isset($conf[$client])) { die("no client"); } if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $conf[$client]['from']) { die("wrong from"); } $s = $_SERVER['SSL_CLIENT_S_DN']; $l = preg_split('|/|', $s, -1, PREG_SPLIT_NO_EMPTY); $valid_params = array("SN", "GN", "serialNumber"); foreach ($l as $e) { list($n, $v) = explode('=', $e, 2); if (in_array($n, $valid_params)) { $x = certstr2utf8($v); $data[$n] = $x; $unhash .= $x; // put param to hash $hidden .= '<input type="hidden" name="' . $n . '" value="' . $x . '">'; } } $timestamp = time(); // hash(sha256) // SN.GN.serialNumber.timestamp.secret $unhash .= $timestamp . $conf[$client]['secret']; $hash = hash("sha256", $unhash); // convert encoding function certstr2utf8($str) { $str = preg_replace("/\\\\x([0-9ABCDEF]{1,2})/e", "chr(hexdec('\\1'))", $str);