From eb0b8da9111711e0f1f9c1cd3b978e16bb2abe3c Mon Sep 17 00:00:00 2001
From: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Date: Wed, 14 Jul 2021 14:41:15 -0400
Subject: [PATCH] Fix for Identity.pfx containing multiple certs (#1457)

* Fix for Identity.pfx containing multiple certs

* Remove unused import

* Update fix to use existing certificate and key instead of generating new
---
 util/Setup/Program.cs | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/util/Setup/Program.cs b/util/Setup/Program.cs
index c5f0d1bb05..b56b2ec4b4 100644
--- a/util/Setup/Program.cs
+++ b/util/Setup/Program.cs
@@ -136,6 +136,25 @@ namespace Bit.Setup
 
         private static void Update()
         {
+            // This portion of code checks for multiple certs in the Identity.pfx PKCS12 bag.  If found, it generates
+            // a new cert and bag to replace the old Identity.pfx.  This fixes an issue that came up as a result of
+            // moving the project to .NET 5.
+            _context.Install.IdentityCertPassword = Helpers.GetValueFromEnvFile("global", "globalSettings__identityServer__certificatePassword");
+            var certCountString = Helpers.Exec("openssl pkcs12 -nokeys -info -in /bitwarden/identity/identity.pfx " + 
+                $"-passin pass:{_context.Install.IdentityCertPassword} 2> /dev/null | grep -c \"\\-----BEGIN CERTIFICATE----\"", true);
+            if (int.TryParse(certCountString, out var certCount) && certCount > 1)
+            {
+                // Extract key from identity.pfx
+                Helpers.Exec("openssl pkcs12 -in /bitwarden/identity/identity.pfx -nocerts -nodes -out identity.key " +
+                    $"-passin pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1");
+                // Extract certificate from identity.pfx
+                Helpers.Exec("openssl pkcs12 -in /bitwarden/identity/identity.pfx -clcerts -nokeys -out identity.crt " +
+                    $"-passin pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1");
+                // Create new PKCS12 bag with certificate and key
+                Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
+                    $"-in identity.crt -passout pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1");
+            }
+
             if (_context.Parameters.ContainsKey("db"))
             {
                 MigrateDatabase();