How to get a SHA256 Hash to use in Kalipso Application from a WebServer in PHP

  Kalipso General, PHP Scripts

The easiest way is to create a function to get the HASH with a simple online request.

The script to see the HASH in the browser (PHP):

<?php

function get_hash($address)
{

  function x509_fingerprint($pem,$hash='sha1')
  {
      $hash = in_array($hash,array('sha1','md5','sha256')) ? $hash: 'sha1';
      $pem = preg_replace('/\-+BEGIN CERTIFICATE\-+/','',$pem);
      $pem = preg_replace('/\-+END CERTIFICATE\-+/','',$pem);
      $pem = str_replace( array("\n","\r"), '', trim($pem));
      return strtoupper(hash($hash,base64_decode($pem)));
  }

  $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
  $r = fopen($address, "rb", false, $g);
  $cont = stream_context_get_params($r);
  openssl_x509_export($cont["options"]["ssl"]["peer_certificate"],$cert);

  // Echo's the certificate key.
  //return $cert;

  // Echo's the SHA256 from the certificate spited and with ID.
  //return 'SHA256 Fingerprint='.implode(":", str_split( x509_fingerprint($cert,$hash='sha256'), 2))."\n";

  // Echo's the SHA256 KEY Only.
  return implode("", str_split( x509_fingerprint($cert,$hash='sha256'), 2))."\n";

}

echo get_hash('https://pss.kalipso.support');

?>

 

The script as a function and a HTTP Request (PHP):

HTTP Request with POST method

<?php

function get_hash($address)
{

  function x509_fingerprint($pem,$hash='sha1')
  {
      $hash = in_array($hash,array('sha1','md5','sha256')) ? $hash: 'sha1';
      $pem = preg_replace('/\-+BEGIN CERTIFICATE\-+/','',$pem);
      $pem = preg_replace('/\-+END CERTIFICATE\-+/','',$pem);
      $pem = str_replace( array("\n","\r"), '', trim($pem));
      return strtoupper(hash($hash,base64_decode($pem)));
  }

  $g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
  $r = fopen($address, "rb", false, $g);
  $cont = stream_context_get_params($r);
  openssl_x509_export($cont["options"]["ssl"]["peer_certificate"],$cert);

  // Echo's the certificate key.
  //return $cert;

  // Echo's the SHA256 from the certificate spited and with ID.
  //return 'SHA256 Fingerprint='.implode(":", str_split( x509_fingerprint($cert,$hash='sha256'), 2))."\n";

  // Echo's the SHA256 KEY Only.
  return implode("", str_split( x509_fingerprint($cert,$hash='sha256'), 2))."\n";

}

if (@$_POST['Request'] == "GETHASH")
{
  echo get_hash('https://pss.kalipso.support');
}

?>

After getting the HASH all the requests have to be made with the HASH as exemplified below. That will avoid the certificate pinning.