RTCCertificate: getFingerprints() method

The getFingerprints() method of the RTCCertificate interface is used to get an array of certificate fingerprints.

An application can use this method to compare the client certificate fingerprints with the certificate fingerprints from the server. The server and client may support different sets of algorithms: all fingerprint values for the set of algorithms supported by both client and server should match.

Syntax

js

getFingerprints()

Parameters

None

Return value

An Array of fingerprint values. Each fingerprint is represented by an object with the following properties:

algorithm

A string indicating the hash function algorithm used to create the fingerprint in value. Allowed values include: "sha-1", "sha-224", "sha-256","sha-384", "sha-512", "md5", "md2".

value

A string containing the certificate fingerprint in lowercase hex string, as calculated with the algorithm hash function. The format is more precisely defined in RFC4572, Section 5.

Examples

Getting certificate fingerprints

This example shows how you might get certificate fingerprints and compare them to fingerprints from a server.

First we create a connection and get the fingerprints. We also get the fingerprints from the server using "some mechanism".

js

const rtcPeerConnection = new RTCPeerConnection();

// Get the certificate fingerprints from the client.
const fingerprintsFromClient = rtcPeerConnection.certificate.getFingerprints();

// Get the certificate fingerprints from the server (pseudo code)
const fingerprintsFromServer = ...;

There are numerous ways to compare the fingerprint arrays. Here we convert the arrays to dictionary objects where the algorithm name is the property and then compare them. This works because only one fingerprint value can exist for each algorithm. (There are many other ways to sort and compare the two arrays).

js

let clientFingerprintDict = Object.fromEntries(
  fingerprintsFromClient.map((x) => [x.algorithm, x.value])
);
let serverFingerprintDict = Object.fromEntries(
  fingerprintsFromServer.map((x) => [x.algorithm, x.value])
);

// Function to compare two objects and return true if there are common properties
// and all common properties match.
function compareObjects(obj1, obj2) {
  const commonProperties = Object.keys(obj1).filter((prop) =>
    obj2.hasOwnProperty(prop)
  );
  // Return false if there are no common properties
  if (Object.keys(commonProperties).length === 0) return false;

  // Return false if any common properties don't match
  for (const prop of commonProperties) {
    if (obj1[prop] !== obj2[prop]) {
      return false;
    }
  }

  return true;
}

const matchingFingerprints = compareObjects(
  clientFingerprintDict,
  serverFingerprintDict
);
console.log(matchingFingerprints);

Specifications

Specification
WebRTC: Real-Time Communication in Browsers
# dom-rtccertificate-getfingerprints

Browser compatibility

BCD tables only load in the browser