Skip to content

Instantly share code, notes, and snippets.

@amanaplan

amanaplan/README.md

Forked from cgagner/README.md
Created March 7, 2023 19:01
Show Gist options
  • Save amanaplan/be396fcb8703dd891d85e96a80cc47a8 to your computer and use it in GitHub Desktop.
Save amanaplan/be396fcb8703dd891d85e96a80cc47a8 to your computer and use it in GitHub Desktop.
Download ZIP
Electron client certification test
Raw
README.md

Electron Client Certificate Test

Electron smart card authentication is not working on Linux. The smart card authentication relies on client certifications. This gist has instructions for testing client certifications, which will be used to test smart card authentication.

Simple example

The main.js handles the 'select-client-certificate' event from the App class which prints the list of certificates, and selects the first certificate in the list. The example then creates a BrowserWindow and load the Test Page.

Use the following commands to run start electron:

electron main.js

If there are no client certificates installed, the website will load with and displays Error: No TLS client certificate presented.

If smart card support is enabled and a smart card is inserted, the website should load and prompt for a password/pin to access the certificates on the smart card. However, this fails to happen. However, if you load the Test Page using the Chrome browser, a password/pin prompt is displayed. It should be noted that the Chrome Browser and Electron should be using the same certificate store: ${HOME}/.pki/nsssdb

Lastly, to test that the 'select-client-certificate' is working, a dummy client certificate can be added to certificate store (see instructions below). After adding the dummy certificate, the website will load, the 'select-client-certificate' event should get fired, and the certificates will get printed out. If a smart card is inserted, the available certificates on the smart card should be printed. However, as in the case above, Electron fails to display the password prompt to access the smart card.

Setup Client Certificates on Linux

Smart Cards on Ubuntu/Debian

Install NSS Tools and smart card libraries on Ubuntu/Debian:

sudo apt-get install -y libnss3-tools opensc-pkcs11 opensc

Add smart card support to Chromium:

modutil -dbdir ${HOME}/.pki/nssdb -add "Smart Card" -libfile /usr/lib/$(uname -m)*/opensc-pkcs11.so

Smart Cards on Red Hat Enterprise Linux 8

Install NSS Tools and smart card libraries on RHEL8:

sudo yum install -y nss-tools opensc

Add smart card support to Chromium:

modutil -dbdir ${HOME}/.pki/nssdb -add "Smart Card" -libfile /usr/lib64/pkcs11/opensc-pkcs11.so

Add a Client Certificate

Use the following command to add a client certificate:

certutil -S  -d ${HOME}/.pki/nssdb -n "John Doe" -x -t ',,' -s "CN=John Doe"
Raw
main.js
// Modules to control application life and create native browser window
const {app, BrowserWindow} = require('electron')
const path = require('path')
app.on('select-client-certificate', (event, webContents, url, list, callback) => {
console.log('select-client-certificate called')
console.log('Available Certs: ')
console.log(list)
event.preventDefault()
callback(list[0])
})
function createWindow () {
// Create the browser window.
const mainWindow = new BrowserWindow({
width: 800,
height: 600
})
mainWindow.loadURL('https://prod.idrix.eu/secure/')
}
// This method will be called when Electron has finished
// initialization and is ready to create browser windows.
// Some APIs can only be used after this event occurs.
app.whenReady().then(() => {
createWindow()
app.on('activate', function () {
// On macOS it's common to re-create a window in the app when the
// dock icon is clicked and there are no other windows open.
if (BrowserWindow.getAllWindows().length === 0) createWindow()
})
console.log('Window Ready')
})
app.on('window-all-closed', function () {
if (process.platform !== 'darwin') app.quit()
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment