1
|
#!/bin/sh
|
2
|
|
3
|
# This file is part of Haketilo
|
4
|
#
|
5
|
# Copyright (C) 2021, Wojtek Kosior
|
6
|
#
|
7
|
# This program is free software: you can redistribute it and/or modify
|
8
|
# it under the terms of the CC0 1.0 Universal License as published by
|
9
|
# the Creative Commons Corporation.
|
10
|
#
|
11
|
# This program is distributed in the hope that it will be useful,
|
12
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
# CC0 1.0 Universal License for more details.
|
15
|
|
16
|
set -e
|
17
|
|
18
|
_PROG_NAME="$0"
|
19
|
OPERATION="$1"
|
20
|
API_KEY="$2"
|
21
|
SECRET="$3"
|
22
|
XPI_PATH="$4"
|
23
|
|
24
|
escape_regex_special() {
|
25
|
printf %s "$1" | sed 's/\([]\.*[-]\)/\\\1/g'
|
26
|
}
|
27
|
|
28
|
# Note: We don't actually parse JSON. We extract needed keys with sed regexes
|
29
|
# which does not work in the general case but is sufficient for now.
|
30
|
_get_json_key() {
|
31
|
local KEY_REG="$(escape_regex_special "$1")"
|
32
|
printf %s "$2" |
|
33
|
awk '{printf "%s", $0}' |
|
34
|
sed 's/^.*\("'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\).*$/\2/'
|
35
|
}
|
36
|
|
37
|
get_json_key() {
|
38
|
local JSON="$2"
|
39
|
local VALUE="$(_get_json_key "$@")"
|
40
|
if [ "x$VALUE" != "x$JSON" ]; then
|
41
|
printf %s "$VALUE"
|
42
|
fi
|
43
|
}
|
44
|
|
45
|
base64url() {
|
46
|
printf %s "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
|
47
|
}
|
48
|
|
49
|
sha256hmac() {
|
50
|
base64url "$(printf %s "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
|
51
|
}
|
52
|
|
53
|
get_manifest_key() {
|
54
|
get_json_key "$1" "$(unzip -p "$2" manifest.json)"
|
55
|
}
|
56
|
|
57
|
generate_jwt() {
|
58
|
local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
|
59
|
local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
|
60
|
local ISSUED_AT_TIME=$(date -u +%s)
|
61
|
local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
|
62
|
local JWT_PAYLOAD="$(cat <<EOF
|
63
|
{
|
64
|
"iss": "$API_KEY",
|
65
|
"jti": "$JWT_ID",
|
66
|
"iat": $ISSUED_AT_TIME,
|
67
|
"exp": $EXPIRATION_TIME
|
68
|
}
|
69
|
EOF
|
70
|
)"
|
71
|
local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
|
72
|
local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
|
73
|
local JWT=$JWT_MESSAGE.$JWT_SIGNATURE
|
74
|
printf "Using JWT: $JWT\n" >&2
|
75
|
printf $JWT
|
76
|
}
|
77
|
|
78
|
get_extension_url() {
|
79
|
EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")"
|
80
|
EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")"
|
81
|
|
82
|
if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then
|
83
|
printf "Couldn't extract extension id and version. Please check if %s contains proper manifest.json file.\n" \
|
84
|
"$XPI_PATH" >&2
|
85
|
exit 1
|
86
|
fi
|
87
|
|
88
|
printf 'https://addons.mozilla.org/api/v4/addons/%s/versions/%s/' \
|
89
|
"$EXTENSION_ID" "$EXTENSION_VER"
|
90
|
}
|
91
|
|
92
|
print_usage() {
|
93
|
printf 'Usage: %s upload|check|test API_KEY SECRET XPI_PATH\n' \
|
94
|
"$_PROG_NAME" >&2
|
95
|
}
|
96
|
|
97
|
if [ $# != 4 ]; then
|
98
|
print_usage
|
99
|
exit 1
|
100
|
fi
|
101
|
|
102
|
unset RETURNED_DATA
|
103
|
|
104
|
case "$OPERATION" in
|
105
|
test)
|
106
|
curl "https://addons.mozilla.org/api/v4/accounts/profile/" \
|
107
|
-g -H "Authorization: JWT $(generate_jwt)"
|
108
|
printf '\n'
|
109
|
;;
|
110
|
check)
|
111
|
RETURNED_DATA="$(curl $(get_extension_url) \
|
112
|
-g -H "Authorization: JWT $(generate_jwt)")"
|
113
|
;;
|
114
|
upload)
|
115
|
RETURNED_DATA="$(curl $(get_extension_url) \
|
116
|
-g -XPUT --form "upload=@$XPI_PATH" \
|
117
|
-H "Authorization: JWT $(generate_jwt)")"
|
118
|
;;
|
119
|
*)
|
120
|
print_usage
|
121
|
exit 1
|
122
|
;;
|
123
|
esac
|
124
|
|
125
|
if [ -n "$RETURNED_DATA" ]; then
|
126
|
printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA"
|
127
|
DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")"
|
128
|
if [ -n "$DOWNLOAD_URL" ]; then
|
129
|
printf "Downloading extension file from %s\n" "$DOWNLOAD_URL"
|
130
|
curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O
|
131
|
fi
|
132
|
fi
|