Is there a way from the front-end to query for a client certificate and use its header in javascript?
For context, I am working on an app that needs to read a smart card X509 certificate header, to pull the user’s name and ID into pre-populated form fields.
I do not need to accomplish the full mutual TLS handshake in any way – I just want to be able to read the header of their client certificate so that I can auto-populate their name and id into form fields.
I am researching the window.navigator.credentials API to be able to accomplish this – since the variables which I need the header for are all on the front-end.
https://developer.mozilla.org/enUS/docs/Web/API/Navigator/credentials
function cert() {
if (window.navigator.credentials && window.navigator.credentials.get) {
const challenge = new Uint8Array(32); // Generate a valid challenge value
const credentialPromise = window.navigator.credentials.get({
publicKey: {
challenge,
// Add any other options or filters if necessary
},
});
credentialPromise
.then((credential) => {
// Access the credential and its client certificate
if (credential && credential.rawId) {
// Get the client certificate as an ArrayBuffer
const certificateBuffer = new Uint8Array(credential.response.clientDataJSON);
// Convert the ArrayBuffer to a string
const certificateHeader = btoa(String.fromCharCode.apply(null, certificateBuffer));
// Do something with the client certificate header
console.log('Client certificate header:', certificateHeader);
} else {
console.error('No client certificate found');
}
})
.catch((error) => {
console.error('Error retrieving client certificate:', error);
});
} else {
console.error('Web Credentials API not supported');
}
}
When I run this function in the browser I get:
Error retrieving client certificate: DOMException: This is an invalid domain.