Haketilo

#!/bin/sh

# This file is part of Haketilo

#

# Copyright (C) 2021, Wojtek Kosior

#

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <https://www.gnu.org/licenses/>.

#

#

# I, Wojtek Kosior, thereby promise not to sue for violation of this file's

# license. Although I request that you do not make use this code in a

# proprietary program, I am not going to enforce this in court.

set -e

. ./shell_utils.sh

_PROG_NAME="$0"

OPERATION="$1"

API_KEY="$2"

SECRET="$3"

XPI_PATH="$4"

base64url() {

    ech "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='

}

sha256hmac() {

    base64url "$(ech "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"

}

escape_regex_special() {

    ech "$1" | sed 's/\([]\.*?{},()[-]\)/\\\1/g'

}

# Note: We don't actually parse JSON. We extract needed keys with sed regexes

# which does not work in the general case but is sufficient for now.

get_json_key() {

    local KEY_REG="$(escape_regex_special "$1")"

    ech "$2" |

	sed 's/\(.*"'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\)\?.*/\2/' |

	grep . | head -1

}

get_manifest_key() {

    get_json_key "$1" "$(unzip -p "$2" manifest.json)"

}

generate_jwt() {

    local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'

    local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)

    local ISSUED_AT_TIME=$(date -u +%s)

    local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))

    local JWT_PAYLOAD="$(cat <<EOF

{

    "iss": "$API_KEY",

    "jti": "$JWT_ID",

    "iat": $ISSUED_AT_TIME,

    "exp": $EXPIRATION_TIME

}

EOF

	  )"

    local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")

    local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")

    local JWT=$JWT_MESSAGE.$JWT_SIGNATURE

    errcho "Using JWT: $JWT"

    ech $JWT

}

get_extension_url() {

    EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")"

    EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")"

    if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then

	errcho "Couldn't extract extension id and version. Please check if $XPI_PATH contains proper manifest.json file."

	exit 1

    fi

    ech "https://addons.mozilla.org/api/v4/addons/$EXTENSION_ID/versions/$EXTENSION_VER/"

}

usage() {

   errcho "Usage:  $_PROG_NAME upload|check|test API_KEY SECRET XPI_PATH"

}

if [ $# != 4 ]; then

    usage

    exit 1

fi

unset RETURNED_DATA

case "$OPERATION" in

    test)

	curl "https://addons.mozilla.org/api/v4/accounts/profile/" \

	     -g -H "Authorization: JWT $(generate_jwt)"

	echo

	;;

    check)

	RETURNED_DATA="$(curl $(get_extension_url) \

			      -g -H "Authorization: JWT $(generate_jwt)")"

	;;

    upload)

	RETURNED_DATA="$(curl $(get_extension_url) \

			      -g -XPUT --form "upload=@$XPI_PATH" \

			      -H "Authorization: JWT $(generate_jwt)")"

	;;

    *)

	usage

	exit 1

	;;

esac

if [ -n "$RETURNED_DATA" ]; then

    printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA"

    DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")"

    if [ -n "$DOWNLOAD_URL" ]; then

	printf "Downloading extension file from %s\n" "$DOWNLOAD_URL"

	curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O

    fi

fi