Migrate cert.cert if exists

Co-authored-by: juliokele <>

.gitignore

@@ -7,5 +7,5 @@ src/bitBetter/.vs/*
 *.pem
 .vscode/
 *.pfx
-*.cert
+*.cer
 *.vsidx

.servers/serverlist.txt

@@ -1,4 +1,4 @@
 # Uncomment a line below and fill in the missing values or add your own. Every line in this file will be called by build.[sh|ps1] once the patched image is built.
-# docker run -d --name bitwarden -v <full-local-path>\logs:/var/log/bitwarden -v <full-local-path>\bwdata:/etc/bitwarden -p 80:8080 --env-file <full-local-path>\settings.env bitwarden-patch
+# docker run -d --name bitwarden -v <full-local-path>\logs:/var/log/bitwarden -v <full-local-path>\bwdata:/etc/bitwarden -p 80:8080 --env-file <full-local-path>\settings.env bitwarden-patched
 # <OR>
 # docker-compose -f <full-local-path>/docker-compose.yml up -d

README.md

@@ -46,8 +46,8 @@ If you wish to generate your self-signed cert & key manually, you can run the fo
 
 ```bash
 cd .keys
-openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
-openssl x509 -inform DER -in cert.cert -out cert.pem
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cer -days 36500 -outform DER -passout pass:test
+openssl x509 -inform DER -in cert.cer -out cert.pem
 openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
 ```
 
@@ -70,7 +70,7 @@ From the BitBetter directory, simply run:
 ./build.[sh|ps1]
 ```
 
-This will create a new self-signed certificate in the `.keys` directory if one does not already exist and then create a modified version of the official `ghcr.io/bitwarden/self-host` image called `bitwarden-patch`.
+This will create a new self-signed certificate in the `.keys` directory if one does not already exist and then create a modified version of the official `ghcr.io/bitwarden/self-host` image called `bitwarden-patched`.
 
 Afterwards it will automatically generate the license generator and start all previously specified containers which are **now ready to accept self-issued licenses.**
 

build.ps1

@@ -7,7 +7,7 @@ $tempdirectory = "$pwd\temp"
 $components = "Api","Identity"
 
 # delete old directories / files if applicable
-if (Test-Path "$tempdirectory") {
+if (Test-Path "$tempdirectory" -PathType Container) {
 	Remove-Item "$tempdirectory" -Recurse -Force
 }
 
@@ -19,33 +19,38 @@ if (Test-Path -Path "$pwd\src\licenseGen\cert.pfx" -PathType Leaf) {
 	Remove-Item "$pwd\src\licenseGen\cert.pfx" -Force
 }
 
-if (Test-Path -Path "$pwd\src\bitBetter\cert.cert" -PathType Leaf) {
-	Remove-Item "$pwd\src\bitBetter\cert.cert" -Force
+if (Test-Path -Path "$pwd\src\bitBetter\cert.cer" -PathType Leaf) {
+	Remove-Item "$pwd\src\bitBetter\cert.cer" -Force
 }
 
+if (Test-Path "$pwd\.keys\cert.cert" -PathType Leaf) {
+	Rename-Item -Path "$pwd\.keys\cert.cert" -NewName "$pwd\.keys\cert.cer"
+}
+
+
 # generate keys if none are available
-if (!(Test-Path "$pwd\.keys")) {
+if (!(Test-Path "$pwd\.keys" -PathType Container)) {
 	.\generateKeys.ps1
 }
 
 # copy the key to bitBetter
-Copy-Item "$pwd\.keys\cert.cert" -Destination "$pwd\src\bitBetter"
+Copy-Item "$pwd\.keys\cert.cer" -Destination "$pwd\src\bitBetter"
 
 # build bitBetter and clean the source directory after
 docker build --no-cache -t bitbetter/bitbetter "$pwd\src\bitBetter"
-Remove-Item "$pwd\src\bitBetter\cert.cert" -Force
+Remove-Item "$pwd\src\bitBetter\cert.cer" -Force
 
-# gather all running instances
+# gather all running instances, cannot run a wildcard filter on Ancestor= :(
 $oldinstances = docker container ps --all -f Name=bitwarden --format '{{.ID}}'
 
-# stop all running instances
+# stop and remove all running instances
 foreach ($instance in $oldinstances) {
 	docker stop $instance
 	docker rm $instance
 }
 
 # update bitwarden itself
-if ($args[0] -eq 'y') {
+if ($args[0] -eq 'update') {
 	docker pull ghcr.io/bitwarden/self-host:beta
 } else {
 	$confirmation = Read-Host "Update (or get) bitwarden source container (y/n)"
@@ -55,12 +60,25 @@ if ($args[0] -eq 'y') {
 }
 
 # stop and remove previous existing patch(ed) container
-docker stop bitwarden-patch
-docker rm bitwarden-patch
-docker image rm bitwarden-patch
+$oldinstances = docker container ps --all -f Ancestor=bitwarden-patched --format '{{.ID}}'
+foreach ($instance in $oldinstances) {
+	docker stop $instance
+	docker rm $instance
+}
+$oldinstances = docker image ls bitwarden-patched --format '{{.ID}}'
+foreach ($instance in $oldinstances) {
+	docker image rm $instance
+}
+
+# remove old extract containers
+$oldinstances = docker container ps --all -f Name=bitwarden-extract --format '{{.ID}}'
+foreach ($instance in $oldinstances) {
+	docker stop $instance
+	docker rm $instance
+}
 
 # start a new bitwarden instance so we can patch it
-$patchinstance = docker run -d --name bitwarden-patch ghcr.io/bitwarden/self-host:beta
+$patchinstance = docker run -d --name bitwarden-extract ghcr.io/bitwarden/self-host:beta
 
 # create our temporary directory
 New-item -ItemType Directory -Path $tempdirectory
@@ -71,15 +89,15 @@ foreach ($component in $components) {
 	docker cp $patchinstance`:/app/$component/Core.dll "$tempdirectory\$component\Core.dll"
 }
 
+# stop and remove our temporary container
+docker stop bitwarden-extract
+docker rm bitwarden-extract
+
 # run bitBetter, this applies our patches to the required files
 docker run -v "$tempdirectory`:/app/mount" --rm bitbetter/bitbetter
 
 # create a new image with the patched files
-docker build . --tag bitwarden-patch --file "$pwd\src\bitBetter\Dockerfile-bitwarden-patch"
-
-# stop and remove our temporary container
-docker stop bitwarden-patch
-docker rm bitwarden-patch
+docker build . --tag bitwarden-patched --file "$pwd\src\bitBetter\Dockerfile-bitwarden-patch"
 
 # start all user requested instances
 if (Test-Path -Path "$pwd\.servers\serverlist.txt" -PathType Leaf) {

build.sh

@@ -20,8 +20,12 @@ if [ -f "$PWD/src/licenseGen/cert.pfx" ]; then
     rm -f "$PWD/src/licenseGen/cert.pfx"
 fi
 
-if [ -f "$PWD/src/bitBetter/cert.cert" ]; then
-    rm -f "$PWD/src/bitBetter/cert.cert"
+if [ -f "$PWD/src/bitBetter/cert.cer" ]; then
+    rm -f "$PWD/src/bitBetter/cert.cer"
+fi
+
+if [ -f "$PWD/.keys/cert.cert" ]; then
+    mv "$PWD/.keys/cert.cert" "$PWD/.keys/cert.cer"
 fi
 
 # generate keys if none are available
@@ -30,16 +34,16 @@ if [ ! -d "$PWD/.keys" ]; then
 fi
 
 # copy the key to bitBetter
-cp -f "$PWD/.keys/cert.cert" "$PWD/src/bitBetter"
+cp -f "$PWD/.keys/cert.cer" "$PWD/src/bitBetter"
 
 # build bitBetter and clean the source directory after
 docker build --no-cache -t bitbetter/bitbetter "$PWD/src/bitBetter"
-rm -f "$PWD/src/bitBetter/cert.cert"
+rm -f "$PWD/src/bitBetter/cert.cer"
 
-# gather all running instances
+# gather all running instances, cannot run a wildcard filter on Ancestor= :(
 OLDINSTANCES=$(docker container ps --all -f Name=bitwarden --format '{{.ID}}')
 
-# stop all running instances
+# stop and remove all running instances
 for INSTANCE in ${OLDINSTANCES[@]}; do
 	docker stop $INSTANCE
 	docker rm $INSTANCE
@@ -58,12 +62,25 @@ else
 fi
 
 # stop and remove previous existing patch(ed) container
-docker stop bitwarden-patch
-docker rm bitwarden-patch
-docker image rm bitwarden-patch
+OLDINSTANCES=$(docker container ps --all -f Ancestor=bitwarden-patched --format '{{.ID}}')
+for INSTANCE in ${OLDINSTANCES[@]}; do
+	docker stop $INSTANCE
+	docker rm $INSTANCE
+done
+OLDINSTANCES=$(docker image ls bitwarden-patched --format '{{.ID}}')
+for INSTANCE in ${OLDINSTANCES[@]}; do
+	docker image rm $INSTANCE
+done
+
+# remove old extract containers
+OLDINSTANCES=$(docker container ps --all -f Name=bitwarden-extract --format '{{.ID}}')
+for INSTANCE in ${OLDINSTANCES[@]}; do
+	docker stop $INSTANCE
+	docker rm $INSTANCE
+done
 
 # start a new bitwarden instance so we can patch it
-PATCHINSTANCE=$(docker run -d --name bitwarden-patch ghcr.io/bitwarden/self-host:beta)
+PATCHINSTANCE=$(docker run -d --name bitwarden-extract ghcr.io/bitwarden/self-host:beta)
 
 # create our temporary directory
 mkdir $TEMPDIRECTORY
@@ -74,21 +91,21 @@ for COMPONENT in ${COMPONENTS[@]}; do
 	docker cp $PATCHINSTANCE:/app/$COMPONENT/Core.dll "$TEMPDIRECTORY/$COMPONENT/Core.dll"
 done
 
+# stop and remove our temporary container
+docker stop bitwarden-extract
+docker rm bitwarden-extract
+
 # run bitBetter, this applies our patches to the required files
 docker run -v "$TEMPDIRECTORY:/app/mount" --rm bitbetter/bitbetter
 
 # create a new image with the patched files
-docker build . --tag bitwarden-patch --file "$PWD/src/bitBetter/Dockerfile-bitwarden-patch"
-
-# stop and remove our temporary container
-docker stop bitwarden-patch
-docker rm bitwarden-patch
+docker build . --tag bitwarden-patched --file "$PWD/src/bitBetter/Dockerfile-bitwarden-patch"
 
 # start all user requested instances
-if [ -f "$PWD/src/bitBetter/cert.cert" ]; then
+if [ -f "$PWD/src/bitBetter/cert.cer" ]; then
 	sed -i 's/\r$//' "$PWD/.servers/serverlist.txt"
 	cat "$PWD/.servers/serverlist.txt" | while read -r LINE; do
-		if [[ $LINE == "#*" ]] ;
+		if [[ $LINE == "#*" ]]; then
 			bash -c "$LINE"
 		fi
 	done

generateKeys.ps1

@@ -20,6 +20,6 @@ if (Test-Path "$pwd\.keys")
 New-item -ItemType Directory -Path "$pwd\.keys"
 
 # generate actual keys
-Invoke-Expression "& '$opensslbinary' req -x509 -newkey rsa:4096 -keyout `"$pwd\.keys\key.pem`" -out `"$pwd\.keys\cert.cert`" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test"
-Invoke-Expression "& '$opensslbinary' x509 -inform DER -in `"$pwd\.keys\cert.cert`" -out `"$pwd\.keys\cert.pem`""
+Invoke-Expression "& '$opensslbinary' req -x509 -newkey rsa:4096 -keyout `"$pwd\.keys\key.pem`" -out `"$pwd\.keys\cert.cer`" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test"
+Invoke-Expression "& '$opensslbinary' x509 -inform DER -in `"$pwd\.keys\cert.cer`" -out `"$pwd\.keys\cert.pem`""
 Invoke-Expression "& '$opensslbinary' pkcs12 -export -out `"$pwd\.keys\cert.pfx`" -inkey `"$pwd\.keys\key.pem`" -in `"$pwd\.keys\cert.pem`" -passin pass:test -passout pass:test"

generateKeys.sh

@@ -15,6 +15,6 @@ fi
 mkdir "$DIR"
 
 # Generate new keys
-openssl	req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cert" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US'  -outform DER -passout pass:test
-openssl x509 -inform DER -in "$DIR/cert.cert" -out "$DIR/cert.pem"
+openssl	req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cer" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US'  -outform DER -passout pass:test
+openssl x509 -inform DER -in "$DIR/cert.cer" -out "$DIR/cert.pem"
 openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test

src/bitBetter/Dockerfile

@@ -2,7 +2,7 @@ FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 WORKDIR /bitBetter
 
 COPY . /bitBetter
-COPY cert.cert /app/
+COPY cert.cer /app/
 
 RUN dotnet restore
 RUN dotnet publish -c Release -o /app --no-restore

src/bitBetter/Program.cs

@@ -14,7 +14,7 @@ internal class Program
 {
     private static Int32 Main()
     {
-        const String certFile = "/app/cert.cert";
+        const String certFile = "/app/cert.cer";
         String[] files = Directory.GetFiles("/app/mount", "Core.dll", SearchOption.AllDirectories);
 
         foreach (String file in files)

src/licenseGen/Dockerfile

@@ -12,4 +12,4 @@ FROM mcr.microsoft.com/dotnet/sdk:8.0
 WORKDIR /app
 COPY --from=build /app .
 
-ENTRYPOINT ["dotnet", "/app/licenseGen.dll", "--cert=/app/cert.pfx", "--core=/app/Core.dll"]
+ENTRYPOINT ["dotnet", "/app/licenseGen.dll", "--cert=/app/cert.pfx", "--core=/app/Core.dll"]

src/licenseGen/Program.cs

@@ -27,7 +27,7 @@ internal class Program
             {
                 Check();
                 Console.WriteLine("Interactive license mode...");
-                
+
                 while (licenseType == "")
                 {
                     Console.WriteLine("What would you like to generate, a [u]ser license or an [o]rg license: ");
@@ -210,7 +210,7 @@ internal class Program
             CommandArgument storage = config.Argument("Storage", "extra storage space in GB. Maximum is " + Int16.MaxValue + " (optional, default = max)");
             CommandArgument businessName = config.Argument("BusinessName", "name for the organization (optional)");
             CommandArgument key = config.Argument("Key", "your key id (optional)");
-            
+
             config.OnExecute(() =>
             {
                 Check();
@@ -431,8 +431,8 @@ internal class Program
         Set(type, license, "BillingEmail", email);
         Set(type, license, "BusinessName", String.IsNullOrWhiteSpace(businessName) ? "BitBetter" : businessName);
         Set(type, license, "Enabled", true);
-		Set(type, license, "Plan", "Enterprise (Annually)");
-		Set(type, license, "PlanType", Enum.Parse(planTypeEnum, "EnterpriseAnnually"));
+        Set(type, license, "Plan", "Enterprise (Annually)");
+        Set(type, license, "PlanType", Enum.Parse(planTypeEnum, "EnterpriseAnnually"));
         Set(type, license, "Seats", Int32.MaxValue);
         Set(type, license, "MaxCollections", Int16.MaxValue);
         Set(type, license, "UsePolicies", true);
@@ -446,26 +446,24 @@ internal class Program
         Set(type, license, "Use2fa", true);
         Set(type, license, "UseApi", true);
         Set(type, license, "UseResetPassword", true);
-		Set(type, license, "UseCustomPermissions", true);
         Set(type, license, "MaxStorageGb", storage == 0 ? Int16.MaxValue : storage);
         Set(type, license, "SelfHost", true);
-        Set(type, license, "UsersGetPremium", true);
+        Set(type, license, "UsersGetPremium", true);        
+        Set(type, license, "UseCustomPermissions", true);
+        Set(type, license, "Version", 16);
+        Set(type, license, "Issued", DateTime.UtcNow);
+        Set(type, license, "Refresh", DateTime.UtcNow.AddYears(100).AddMonths(-1));
+        Set(type, license, "Expires", DateTime.UtcNow.AddYears(100));
+        Set(type, license, "ExpirationWithoutGracePeriod", DateTime.UtcNow.AddYears(100));
         Set(type, license, "UsePasswordManager", true);
         Set(type, license, "UseSecretsManager", true);
         Set(type, license, "SmSeats", Int32.MaxValue);
         Set(type, license, "SmServiceAccounts", Int32.MaxValue);
-        Set(type, license, "Version", 15); //This is set to 15 to use AllowAdminAccessToAllCollectionItems can be changed to 13 to just use Secrets Manager
-        Set(type, license, "Issued", DateTime.UtcNow);
-        Set(type, license, "Refresh", DateTime.UtcNow.AddYears(100).AddMonths(-1));
-        Set(type, license, "Expires", DateTime.UtcNow.AddYears(100));
+        Set(type, license, "UseRiskInsights", true);
+        Set(type, license, "LimitCollectionCreationDeletion", true);
+        Set(type, license, "AllowAdminAccessToAllCollectionItems", true);
         Set(type, license, "Trial", false);
         Set(type, license, "LicenseType", Enum.Parse(licenseTypeEnum, "Organization"));
-		Set(type, license, "LimitCollectionCreationDeletion", true); //This will be used in the new version of BitWarden but can be applied now
-		Set(type, license, "AllowAdminAccessToAllCollectionItems", true);
-		Set(type, license, "UseRiskInsights", true);
-		Set(type, license, "UseOrganizationDomains", true);
-		Set(type, license, "UseAdminSponsoredFamilies", true);
-		Set(type, license, "UseRiskInsights", true);
         Set(type, license, "UseOrganizationDomains", true);
         Set(type, license, "UseAdminSponsoredFamilies", true);
         Set(type, license, "Hash", Convert.ToBase64String((Byte[])computeHash.Invoke(license, [])!));