Be able to retrieve certificate from smartcard plugged in the computer

[maximelehericy]

How to use GitHub

• Please use the 👍 reaction to show that you want to have the same feature implemented.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Context

Depending on authentication architectures, a client can have to provide a certificate x509 to authenticate itself against the architecture, before the connection to Nextcloud is allowed. Usually, all clients are able to retrieve this kind of x509 certificates from the user keystore on the user machine.

However, when this x509 certificate is stored on a smartcard protected by PIN code, plugged in the computer on a smartcard reader:

• some clients can retrieve it natively (Chrome, Edge, MountainDuck),
• some clients requires additional configuration (Firefox),
• some clients don't handle this authentication case (Nextcloud Desktop client)

In the two first cases, when accessing a web site using a browser, the PIN code is prompted, so the client has access to the certificate. In the latter case, even if Nextcloud Desktop client is able to handle a x509 certificate to authenticate itself, as it is not able to retrieve the x509 certificate, the WAF rejects all requests, and the user cannot even begin the login process.

Feature description

Make the Nextcloud Desktop client able to retrieve certificates stored on smartcards (Oberthur, Idemia).

Other details

• https://github.com/OpenSC/OpenSC

[maximelehericy]

@tobiasKaminsky can you take this into account ? ;)