1. Added setting for Windows Certificate Store

2. Updated so NodeID is only saved on Windows, if Certificate Store is used
2025-12-06 00:13:33 +00:00 · 2019-04-08 17:44:49 -07:00
parent a5000eee85
commit 7bf31b0a28
4 changed files with 40 additions and 14 deletions
--- a/meshcore/agentcore.c
+++ b/meshcore/agentcore.c
@@ -1930,6 +1930,11 @@ int agent_GenerateCertificates(MeshAgentHostContainer *agent, char* certfile)
 	int len = -1;
 	char* str;

+#ifdef WIN32
+	// If there is a cert here, it was Generated by OpenSSL, so we'll force the regenerate to use OpenSSL, to honor how the current cert was generated
+	if (agent->noCertStore == 0) { agent->noCertStore = ILibSimpleDataStore_Get(agent->masterDb, "SelfNodeCert", NULL, 0); }
+#endif
+
 	// Clear the certs in the database.
 	ILibSimpleDataStore_Delete(agent->masterDb, "SelfNodeCert");
 	ILibSimpleDataStore_Delete(agent->masterDb, "SelfNodeTlsCert");
@@ -1940,7 +1945,7 @@ int agent_GenerateCertificates(MeshAgentHostContainer *agent, char* certfile)
 	{
 #if defined(WIN32)
 		char *rootSubject = (agent->capabilities & MeshCommand_AuthInfo_CapabilitiesMask_RECOVERY) == MeshCommand_AuthInfo_CapabilitiesMask_RECOVERY ? "CN=MeshNodeDiagnosticCertificate" : "CN=MeshNodeCertificate";
-		if (wincrypto_open(TRUE, rootSubject) == 0) // Force certificate re-generation
+		if (agent->noCertStore == 0 && wincrypto_open(TRUE, rootSubject) == 0) // Force certificate re-generation
 		{
 			int l;
 			do {
@@ -2051,7 +2056,7 @@ int agent_LoadCertificates(MeshAgentHostContainer *agent)

 		// No cert in this .db file. Try to load or generate a root certificate from a Windows crypto provider. This can be TPM backed which is great.
 		// However, if we don't have the second cert created, we need to regen the root...
-		if (wincrypto_open(FALSE, rootSubject) == 0 && ILibSimpleDataStore_Get(agent->masterDb, "SelfNodeTlsCert", NULL, 0) != 0)
+		if (agent->noCertStore == 0 && wincrypto_open(FALSE, rootSubject) == 0 && ILibSimpleDataStore_Get(agent->masterDb, "SelfNodeTlsCert", NULL, 0) != 0)
 		{
 			char* str = NULL;
 			int l;
@@ -3715,6 +3720,14 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char **
 		{ 
 			agentHost->capabilities |= MeshCommand_AuthInfo_CapabilitiesMask_RECOVERY; parseCommands = 0; 
 		}
+		if (strcmp(param[ri], "-nocertstore") == 0)
+		{
+			parseCommands = 0;
+#ifdef WIN32
+			printf("** Not using Certificate Store **\n");
+			agentHost->noCertStore = 1;
+#endif
+		}
 	}


@@ -3953,11 +3966,14 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char **
 			else { RegDeleteKeyA(hKey, "DiagnosticAgentNodeId"); }
 		}

-		int NodeIDLen = 0;
-		if ((NodeIDLen = ILibSimpleDataStore_Get(agentHost->masterDb, "NodeID", ILibScratchPad, (int)sizeof(ILibScratchPad))) == 0 || !(NodeIDLen == (int)sizeof(agentHost->g_selfid) && memcmp(agentHost->g_selfid, ILibScratchPad, NodeIDLen)==0))
+		if (ILibSimpleDataStore_Get(agentHost->masterDb, "SelfNodeCert", NULL, 0) == 0)
 		{
-			// NodeID isn't saved to db, so let's put it there
-			ILibSimpleDataStore_PutEx(agentHost->masterDb, "NodeID", 6, agentHost->g_selfid, (int)sizeof(agentHost->g_selfid));
+			int NodeIDLen = 0;
+			if ((NodeIDLen = ILibSimpleDataStore_Get(agentHost->masterDb, "NodeID", ILibScratchPad, (int)sizeof(ILibScratchPad))) == 0 || !(NodeIDLen == (int)sizeof(agentHost->g_selfid) && memcmp(agentHost->g_selfid, ILibScratchPad, NodeIDLen) == 0))
+			{
+				// NodeID isn't saved to db, so let's put it there
+				ILibSimpleDataStore_PutEx(agentHost->masterDb, "NodeID", 6, agentHost->g_selfid, (int)sizeof(agentHost->g_selfid));
+			}
 		}

 		// Close the registry key
--- a/meshcore/agentcore.h
+++ b/meshcore/agentcore.h
@@ -180,6 +180,9 @@ typedef struct MeshAgentHostContainer
 	char agentHash[UTIL_SHA384_HASHSIZE];
 	char serverHash[UTIL_SHA384_HASHSIZE];
 #ifndef MICROSTACK_NOTLS
+#ifdef WIN32
+	int noCertStore;
+#endif
 	struct util_cert selfcert;
 	struct util_cert selftlscert;
 	char serverWebHash[UTIL_SHA384_HASHSIZE];
--- a/microscript/ILibDuktape_Polyfills.c
+++ b/microscript/ILibDuktape_Polyfills.c
--- a/modules/_agentNodeId.js
+++ b/modules/_agentNodeId.js
@@ -35,15 +35,22 @@ function _meshNodeId()
            try
            {
                var db = require('SimpleDataStore').Create(process.execPath.replace('.exe', '.db'), { readOnly: true });
-                var v = db.GetBuffer('NodeID');
-                if(v!=null)
+                var v = db.GetBuffer('SelfNodeCert');
+                if (v)
+                {
+                    try
+                    {
+                        ret = require('tls').loadCertificate({ pfx: v, passphrase: 'hidden' }).getKeyHash().toString('hex');
+                    }
+                    catch(e)
+                    {
+                        v = null;
+                    }
+                }
+                if (v == null && (v = db.GetBuffer('NodeID')) != NULL)
                {
                    ret = v.toString('hex');
                }
-                else
-                {
-                    ret = require('tls').loadCertificate({ pfx: db.GetBuffer('SelfNodeCert'), passphrase: 'hidden' }).getKeyHash().toString('hex');
-                }
            }
            catch (e)
            {