Project

General

Profile

« Previous | Next » 

Revision ea30326e

Added by koszko almost 2 years ago

add shell script facilitating generation of JWT

View differences:

copyright
11 11
   2021 jahoti <jahoti@tilde.team>
12 12
License: CC0
13 13

  
14
Files: upload_amo.sh
15
Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
16
License: GPL-3+
17
Comment: Wojtek Kosior promises not to sue.
18

  
14 19
Files: icons/*
15 20
Copyright: 2017 David Lyons <https://openclipart.org/artist/davidblyons>
16 21
License: CC0 or CC-BY-SA-4.0
upload_amo.sh
1
#!/bin/sh
2

  
3
# This file is part of Haketilo
4
#
5
# Copyright (C) 2021, Wojtek Kosior
6
#
7
# This program is free software: you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License as published by
9
# the Free Software Foundation, either version 3 of the License, or
10
# (at your option) any later version.
11
#
12
# This program is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
# GNU General Public License for more details.
16
#
17
# You should have received a copy of the GNU General Public License
18
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
19
#
20
#
21
# I, Wojtek Kosior, thereby promise not to sue for violation of this file's
22
# license. Although I request that you do not make use this code in a
23
# proprietary program, I am not going to enforce this in court.
24

  
25
set -e
26

  
27
base64url() {
28
    echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
29
}
30

  
31
sha256hmac() {
32
    base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
33
}
34

  
35
if [ $# != 3 ]; then
36
   echo "Usage:  $0 API_KEY SECRET XPI_PATH" 1>&2
37
   exit 1
38
fi
39

  
40
API_KEY="$1"
41
SECRET="$2"
42
XPI_PATH="$3"
43
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
44
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
45
ISSUED_AT_TIME=$(date -u +%s)
46
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
47
JWT_PAYLOAD=$(cat <<EOF
48
{
49
    "iss": "$API_KEY",
50
    "jti": "$JWT_ID",
51
    "iat": $ISSUED_AT_TIME,
52
    "exp": $EXPIRATION_TIME
53
}
54
EOF
55
	   )
56
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
57
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
58
JWT=$JWT_MESSAGE.$JWT_SIGNATURE
59

  
60
# Query one of Mozilla endpoints to verify that JWT authentication works.
61
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \
62
     -H "Authorization: JWT $JWT"
63

  
64
# TODO: Do the actual upload.

Also available in: Unified diff