Bitbetter identity Core.dll (#14)

* Added a Key Generating script

To make the keygen process a bit easier I've added a `generate-keys.sh` script that can be found in the `.keys` directory. It will generate the key & cert and bundle them into the required pkcs#12 file automatically when running the build script if none already exist.

* Generate bitbetter/identiry container with modified Core.dll

Added the generation of a second modified container, bitbetter/identity, which contains the modified dll. Fixes #12.

This works on my testing environment but has not gone through extensive testing. I'd recommend a review and cleanup of this commit before it is merged into the develop or master branches.

.circleci/config.yml

@@ -10,6 +10,9 @@ jobs:
           command: date
       - setup_remote_docker
       - run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' }
+      - run:
+          name: Generate Keys
+          command: ./.keys/generate-keys.sh
       - run:
           name: Build script
           command: ./build.sh

.keys/generate-keys.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Check for openssl
+command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found.  Aborting."; exit 1; }
+
+# Remove any existing key files
+[ ! -e cert.pem ]  || rm cert.pem
+[ ! -e key.pem ]   || rm key.pem
+[ ! -e cert.cert ] || rm cert.cert
+[ ! -e cert.pfx ]  || rm cert.pfx
+
+# Generate new keys
+openssl	req -x509 -newkey rsa:4096 -keyout .keys/key.pem -out .keys/cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US'  -outform DER -passout pass:test
+openssl x509 -inform DER -in .keys/cert.cert -out .keys/cert.pem
+openssl pkcs12 -export -out .keys/cert.pfx -inkey .keys/key.pem -in .keys/cert.pem -passin pass:test -passout pass:test
+
+ls

README.md

@@ -40,38 +40,44 @@ dotnet add package Newtonsoft.Json --version 11.0.0
 cd ../bitBetter
 dotnet add package Newtonsoft.Json --version 11.0.0 
 ```
-
-Next, we need to generate the self-signed certificate we will use to sign any licenses we generate.
-
-```bash
-openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
-openssl x509 -inform DER -in cert.cert -out cert.pem
-openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
-```
-
-Note that the password here must be `test`.<sup>[1](#f1)</sup>
-
 ## Building BitBetter
 
-Now that you've generated your own own self-signed certificate, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` docker image.
+Now that you've set up your build environment, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images.
 
 From the BitBetter directory, simply run:
 ```bash
 ./build.sh
 ```
 
-This will create a modified version of the official `bitwarden/api` called `bitbetter/api`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image.
+This will create a new self-signed certificate in the `.keys` directory one does not already exist and then create a modified version of the official `bitwarden/api` called `bitbetter/api` and a modified version of the `bitwarden/identity` called `bitbetter/identity`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image.
 
 Edit your  `/path/to/bwdata/docker/docker-compose.yml`.
 
 > Replace `image: bitwarden/api:x.xx.x`<br>with `image: bitbetter/api`
 
+> Replace `image: bitwarden/identity:x.xx.x`<br>with `image: bitbetter/identity`
+
 You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`.
 
 > Replace `dockerComposePull`<br>with `#dockerComposePull`
 
 You can now start or restart Bitwarden as normal and the modified api will be used. <b>It is now ready to accept self-issued licenses.</b>
 
+---
+**Note: Manually generating Certificate & Key**
+
+If you wish to generate your self-signed cert & key manually, you can run the following commands.
+
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
+openssl x509 -inform DER -in cert.cert -out cert.pem
+openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
+```
+
+Note that the password here must be `test`.<sup>[1](#f1)</sup>
+
+---
+
 ## Generating Signed Licenses
 
 There is a tool included in the directory `src/licenseGen/` that will generate new individual and organization licenses. These licenses will be accepted by the modified Bitwarden because they will be signed by the certificate you generated in earlier steps.

ReadMeInstall

@@ -0,0 +1,95 @@
+These are the commands I used (and a few of my notes) for a minimal Debian Stretch install..
+Software Selection - "SSH server" and 'standard system utilities" only
+
+
+
+sudo apt-get update
+sudo apt-get install vim vim-doc vim-scripts wget curl git
+sudo apt-get dist-upgrade
+sudo reboot
+
+---The next few lines I setup my server authentication and other misc profile settings you can skip until sudo apt-get
+
+ssh-keygen
+
+echo "ssh-rsa AA...1Q== " >>  .ssh/authorized_keys
+
+echo ":set mouse=" >> .vimrc
+echo "set nocompatible" >> .vimrc
+
+vi .bashrc
+
+sudo visudo  ---- tom ALL=(ALL) NOPASSWD:ALL
+
+sudo vi /etc/ssh/sshd_config  -  Enable 'PermitRootLogin prohibit-password' and 'PasswordAuthentication no'
+
+sudo apt-get update
+sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
+sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+sudo apt update
+apt-cache policy docker-ce
+sudo apt install docker-ce
+sudo systemctl status docker
+sudo usermod -aG docker ${USER}
+exit
+
+id -nG
+docker version
+docker info
+docker run hello-world
+
+sudo curl -L --fail https://github.com/docker/compose/releases/download/1.23.1/run.sh -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
+
+wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
+sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
+wget -q https://packages.microsoft.com/config/debian/9/prod.list
+sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
+sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
+sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
+
+curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh && sudo chmod u+x bitwarden.sh
+./bitwarden.sh install
+
+sudo apt-get update
+sudo apt-get install dotnet-sdk-2.1
+
+git clone https://github.com/online-stuff/BitBetter.git
+
+cd BitBetter/src/licenseGen/
+dotnet add package Newtonsoft.Json --version 11.0.0 
+
+cd ~/BitBetter/src/bitBetter
+dotnet add package Newtonsoft.Json --version 11.0.0 
+
+cd ~/BitBetter/.keys
+rm *
+
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
+openssl x509 -inform DER -in cert.cert -out cert.pem
+openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
+
+
+cd ~/BitBetter
+./build.sh
+
+cd src/licenseGen/
+./build.sh
+
+cd ~
+
+vi ~/bwdata/docker/docker-compose.yml   -  Change image: bitwarden/api:1.26.0 to image: bitbetter/api and image: bitwarden/identity:x.xx.x to image: bitbetter/identity
+vi ~/bwdata/env/global.override.env    -  Enter mail__smtp relay settings
+vi ~/bwdata/scripts/run.sh   -   function restart() {   dockerComposePull to  #dockerComposePull
+
+./bitwarden start
+
+----Server should be up and running..  Create a user account
+
+cd ~/BitBetter/src/licenseGen/
+./build.sh
+./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID"
+	Get User-GUID from the admin portal of the BitWarden server
+
+./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server from bitwarden.com/host"

build.sh

@@ -1,13 +1,23 @@
 #!/bin/bash
 
-mkdir ./src/bitBetter/.keys
+# If there aren't any keys, generate them first.
+[ -e ./keys/cert.cert] || ./.keys/generate-keys.sh
 
-cp .keys/cert.cert ./src/bitBetter/.keys
+[ -e ./source/bitBetter/api/.keys ]  || mkdir ./src/bitBetter/api/.keys
+[ -e ./source/bitBetter/identity/.keys ]  || mkdir ./src/bitBetter/identity/.keys
+cp .keys/cert.cert ./src/bitBetter/api/.keys
+cp .keys/cert.cert ./src/bitBetter/identity/.keys
 
 cd ./src/bitBetter
 
 dotnet restore
 dotnet publish
 
+cp -r bin/ api/
+cp -r bin/ identity/
+
+cd ./api
 docker build --pull . -t bitbetter/api # --squash
 
+cd ../identity
+docker build --pull . -t bitbetter/identity # --squash

src/bitBetter/identity/Dockerfile

@@ -0,0 +1,12 @@
+FROM bitwarden/identity
+
+COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/
+COPY ./.keys/cert.cert /newLicensing.cer
+
+RUN dotnet /bitBetter/bitBetter.dll && \
+    echo "modified dll" && \
+    mv /app/Core.dll /app/Core.orig.dll && \
+    mv /app/modified.dll /app/Core.dll && \
+    echo "replaced dll" && \
+    rm -rf /bitBetter && rm -rf /newLicensing.cer && \
+    echo "cleaned up"