|
1 |
#!/bin/sh
|
|
2 |
|
|
3 |
# This file is part of Haketilo
|
|
4 |
#
|
|
5 |
# Copyright (C) 2021, Wojtek Kosior
|
|
6 |
#
|
|
7 |
# This program is free software: you can redistribute it and/or modify
|
|
8 |
# it under the terms of the GNU General Public License as published by
|
|
9 |
# the Free Software Foundation, either version 3 of the License, or
|
|
10 |
# (at your option) any later version.
|
|
11 |
#
|
|
12 |
# This program is distributed in the hope that it will be useful,
|
|
13 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
15 |
# GNU General Public License for more details.
|
|
16 |
#
|
|
17 |
# You should have received a copy of the GNU General Public License
|
|
18 |
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
19 |
#
|
|
20 |
#
|
|
21 |
# I, Wojtek Kosior, thereby promise not to sue for violation of this file's
|
|
22 |
# license. Although I request that you do not make use this code in a
|
|
23 |
# proprietary program, I am not going to enforce this in court.
|
|
24 |
|
|
25 |
set -e
|
|
26 |
|
|
27 |
base64url() {
|
|
28 |
echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
|
|
29 |
}
|
|
30 |
|
|
31 |
sha256hmac() {
|
|
32 |
base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
|
|
33 |
}
|
|
34 |
|
|
35 |
if [ $# != 3 ]; then
|
|
36 |
echo "Usage: $0 API_KEY SECRET XPI_PATH" 1>&2
|
|
37 |
exit 1
|
|
38 |
fi
|
|
39 |
|
|
40 |
API_KEY="$1"
|
|
41 |
SECRET="$2"
|
|
42 |
XPI_PATH="$3"
|
|
43 |
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
|
|
44 |
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
|
|
45 |
ISSUED_AT_TIME=$(date -u +%s)
|
|
46 |
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
|
|
47 |
JWT_PAYLOAD=$(cat <<EOF
|
|
48 |
{
|
|
49 |
"iss": "$API_KEY",
|
|
50 |
"jti": "$JWT_ID",
|
|
51 |
"iat": $ISSUED_AT_TIME,
|
|
52 |
"exp": $EXPIRATION_TIME
|
|
53 |
}
|
|
54 |
EOF
|
|
55 |
)
|
|
56 |
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
|
|
57 |
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
|
|
58 |
JWT=$JWT_MESSAGE.$JWT_SIGNATURE
|
|
59 |
|
|
60 |
# Query one of Mozilla endpoints to verify that JWT authentication works.
|
|
61 |
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \
|
|
62 |
-H "Authorization: JWT $JWT"
|
|
63 |
|
|
64 |
# TODO: Do the actual upload.
|
add shell script facilitating generation of JWT