Oct 5, 2020

Verify Client SSL at Server side

Restricting client to hit the server from unknown origins and allow to access server resources after verifying their SSL.

Pre-requisites:

You need to define “Access-Control-Allow-Origin” in your request.

Here we define the client request with “Access-Control-Allow-Origin”

Client side Request:

<?php

// Call server API using cURL

$curl = curl_init(); // Initialize the cURL

// Define cURL options

curl_setopt_array($curl, array(

  CURLOPT_URL => "https://server.com/test-ssl.php",

  CURLOPT_RETURNTRANSFER => true,

  CURLOPT_ENCODING => "",

  CURLOPT_MAXREDIRS => 10,

  CURLOPT_TIMEOUT => 30,

  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,

  CURLOPT_CUSTOMREQUEST => "POST",

  CURLOPT_POSTFIELDS => "",

  CURLOPT_SSL_VERIFYHOST => 0,

  CURLOPT_SSL_VERIFYPEER => 0,

  CURLOPT_HTTPHEADER => array('Access-Control-Allow-Origin: https://abc.com'),

));

$response  = curl_exec($curl); // Execute request and get response

echo $response; // Print response

curl_close($curl); // Close cURL

 

At server side you need to get the request headers and verify the SSL using domain name.

Server Side Code:

<?php

$header_info = getallheaders(); //Get all request headers

$url = $header_info['Access-Control-Allow-Origin']; //Get request origin, request domain must be define in origin (https://www.abc.com)

$orignal_parse = parse_url($url, PHP_URL_HOST); //Host URL

$ssl_options = array("capture_peer_cert" => TRUE, "capture_peer_cert_chain" => true, "allow_self_signed"=> false, "CN_match" => $orignal_parse, "verify_peer" => true, "SNI_enabled" => true, "SNI_server_name" => $orignal_parse);

$get = stream_context_create(array("ssl" => $ssl_options)); // Create Stream

$read = stream_socket_client("ssl://".$orignal_parse.":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get); // Connect

$cert = stream_context_get_params($read); //Read response

$certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']); //Get certificate details

// check if certificate exists

if($certinfo) {

  $fromDate = date('Y-m-d H:i:s', $certinfo['validFrom_time_t']); // Certificate valid from

  $toDate = date('Y-m-d H:i:s', $certinfo['validTo_time_t']); // Certificate expiry

  // If current date is between $fromDate to $toDate then certificate is valid and you can do your process

  // Your process here...

}

Output:



Posted by at No comments:
Tags: , , ,

Oct 4, 2020

Running Clock using Java Script

Creating a running clock for local and any specified time zone using pure Java Script (JS)

This is a simple example of creating running clock for any time zone. You don't need any type of class and plugin to develop this clock. Simply save this piece of code in .HTML format and run it in a browser.

Sample Code:

<div id="indian"></div> // HTML element to display clock

<div id="france"></div> // HTML element to display clock

<script>

// Functions to create clock for Indian time zone

function startIndianTime() { 

var indian = new Date(); 

var h=indian.getHours(); 

var m=indian.getMinutes(); 

var s=indian.getSeconds(); 

m=checkTime(m);

s=checkTime(s);

// Set time on HTML element by element ID

document.getElementById('indian').innerHTML="Indian Time: "+ h+":"+m+":"+s; 

t=setTimeout(function(){startIndianTime()},500); 

}

// Function to create clock for any timezone

function startTimeWithZone(timeZone="Europe/Paris") { 

var dif=new Date().toLocaleString("en-US", {timeZone: timeZone}); // Get date with time zone

var today = new Date(dif); 

var h=today.getHours(); 

var m=today.getMinutes(); 

var s=today.getSeconds(); 

m=checkTime(m);

s=checkTime(s); 

// Set time on HTML element by element ID

document.getElementById('france').innerHTML="France Time: "+ h+":"+m+":"+s; 

t=setTimeout(function(){startTimeWithZone()},500); 

function checkTime(i) { if (i<10) { i="0" + i; } return i; } 

startIndianTime(); // Function call

startTimeWithZone(); // Function call

</script>

Output:



Posted by at No comments:
Tags: ,
Subscribe to: Posts (Atom)