Revision d7e48c58
Added by koszko almost 2 years ago
| upload_amo.sh | ||
|---|---|---|
| 24 | 24 |
|
| 25 | 25 |
set -e |
| 26 | 26 |
|
| 27 |
. ./shell_utils.sh |
|
| 28 |
|
|
| 29 |
_PROG_NAME="$0" |
|
| 30 |
OPERATION="$1" |
|
| 31 |
API_KEY="$2" |
|
| 32 |
SECRET="$3" |
|
| 33 |
XPI_PATH="$4" |
|
| 34 |
|
|
| 27 | 35 |
base64url() {
|
| 28 |
echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
|
|
| 36 |
ech "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '=' |
|
| 29 | 37 |
} |
| 30 | 38 |
|
| 31 | 39 |
sha256hmac() {
|
| 32 |
base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
|
|
| 40 |
base64url "$(ech "$2" | openssl dgst -sha256 -hmac "$1" -binary -)" |
|
| 33 | 41 |
} |
| 34 | 42 |
|
| 35 |
if [ $# != 3 ]; then |
|
| 36 |
echo "Usage: $0 API_KEY SECRET XPI_PATH" 1>&2 |
|
| 37 |
exit 1 |
|
| 38 |
fi |
|
| 43 |
escape_regex_special() {
|
|
| 44 |
ech "$1" | sed 's/\([]\.*?{},()[-]\)/\\\1/g'
|
|
| 45 |
} |
|
| 46 |
|
|
| 47 |
# Note: We don't actually parse JSON. We extract needed keys with sed regexes |
|
| 48 |
# which does not work in the general case but is sufficient for now. |
|
| 49 |
get_json_key() {
|
|
| 50 |
local KEY_REG="$(escape_regex_special "$1")" |
|
| 51 |
ech "$2" | |
|
| 52 |
sed 's/\(.*"'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\)\?.*/\2/' | |
|
| 53 |
grep . | head -1 |
|
| 54 |
} |
|
| 55 |
|
|
| 56 |
get_manifest_key() {
|
|
| 57 |
get_json_key "$1" "$(unzip -p "$2" manifest.json)" |
|
| 58 |
} |
|
| 39 | 59 |
|
| 40 |
API_KEY="$1" |
|
| 41 |
SECRET="$2" |
|
| 42 |
XPI_PATH="$3" |
|
| 43 |
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
|
|
| 44 |
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64) |
|
| 45 |
ISSUED_AT_TIME=$(date -u +%s) |
|
| 46 |
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300)) |
|
| 47 |
JWT_PAYLOAD=$(cat <<EOF |
|
| 60 |
generate_jwt() {
|
|
| 61 |
local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
|
|
| 62 |
local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64) |
|
| 63 |
local ISSUED_AT_TIME=$(date -u +%s) |
|
| 64 |
local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300)) |
|
| 65 |
local JWT_PAYLOAD="$(cat <<EOF |
|
| 48 | 66 |
{
|
| 49 | 67 |
"iss": "$API_KEY", |
| 50 | 68 |
"jti": "$JWT_ID", |
| ... | ... | |
| 52 | 70 |
"exp": $EXPIRATION_TIME |
| 53 | 71 |
} |
| 54 | 72 |
EOF |
| 55 |
) |
|
| 56 |
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD") |
|
| 57 |
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE") |
|
| 58 |
JWT=$JWT_MESSAGE.$JWT_SIGNATURE |
|
| 73 |
)" |
|
| 74 |
local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD") |
|
| 75 |
local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE") |
|
| 76 |
local JWT=$JWT_MESSAGE.$JWT_SIGNATURE |
|
| 77 |
errcho "Using JWT: $JWT" |
|
| 78 |
ech $JWT |
|
| 79 |
} |
|
| 80 |
|
|
| 81 |
get_extension_url() {
|
|
| 82 |
EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")" |
|
| 83 |
EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")" |
|
| 59 | 84 |
|
| 60 |
# Query one of Mozilla endpoints to verify that JWT authentication works. |
|
| 61 |
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \ |
|
| 62 |
-H "Authorization: JWT $JWT" |
|
| 85 |
if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then |
|
| 86 |
errcho "Couldn't extract extension id and version. Please check if $XPI_PATH contains proper manifest.json file." |
|
| 87 |
exit 1 |
|
| 88 |
fi |
|
| 63 | 89 |
|
| 64 |
# TODO: Do the actual upload. |
|
| 90 |
ech "https://addons.mozilla.org/api/v4/addons/$EXTENSION_ID/versions/$EXTENSION_VER/" |
|
| 91 |
} |
|
| 92 |
|
|
| 93 |
usage() {
|
|
| 94 |
errcho "Usage: $_PROG_NAME upload|check|test API_KEY SECRET XPI_PATH" |
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
if [ $# != 4 ]; then |
|
| 98 |
usage |
|
| 99 |
exit 1 |
|
| 100 |
fi |
|
| 101 |
|
|
| 102 |
unset RETURNED_DATA |
|
| 103 |
|
|
| 104 |
case "$OPERATION" in |
|
| 105 |
test) |
|
| 106 |
curl "https://addons.mozilla.org/api/v4/accounts/profile/" \ |
|
| 107 |
-g -H "Authorization: JWT $(generate_jwt)" |
|
| 108 |
echo |
|
| 109 |
;; |
|
| 110 |
check) |
|
| 111 |
RETURNED_DATA="$(curl $(get_extension_url) \ |
|
| 112 |
-g -H "Authorization: JWT $(generate_jwt)")" |
|
| 113 |
;; |
|
| 114 |
upload) |
|
| 115 |
RETURNED_DATA="$(curl $(get_extension_url) \ |
|
| 116 |
-g -XPUT --form "upload=@$XPI_PATH" \ |
|
| 117 |
-H "Authorization: JWT $(generate_jwt)")" |
|
| 118 |
;; |
|
| 119 |
*) |
|
| 120 |
usage |
|
| 121 |
exit 1 |
|
| 122 |
;; |
|
| 123 |
esac |
|
| 124 |
|
|
| 125 |
if [ -n "$RETURNED_DATA" ]; then |
|
| 126 |
printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA" |
|
| 127 |
DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")" |
|
| 128 |
if [ -n "$DOWNLOAD_URL" ]; then |
|
| 129 |
printf "Downloading extension file from %s\n" "$DOWNLOAD_URL" |
|
| 130 |
curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O |
|
| 131 |
fi |
|
| 132 |
fi |
|
Also available in: Unified diff
Add complete firefox extension upload and download functionality