#!/bin/sh # This file is part of Haketilo # # Copyright (C) 2021, Wojtek Kosior # # This program is free software: you can redistribute it and/or modify # it under the terms of the CC0 1.0 Universal License as published by # the Creative Commons Corporation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # CC0 1.0 Universal License for more details. set -e _PROG_NAME="$0" OPERATION="$1" API_KEY="$2" SECRET="$3" XPI_PATH="$4" escape_regex_special() { printf %s "$1" | sed 's/\([]\.*[-]\)/\\\1/g' } # Note: We don't actually parse JSON. We extract needed keys with sed regexes # which does not work in the general case but is sufficient for now. _get_json_key() { local KEY_REG="$(escape_regex_special "$1")" printf %s "$2" | awk '{printf "%s", $0}' | sed 's/^.*\("'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\).*$/\2/' } get_json_key() { local JSON="$2" local VALUE="$(_get_json_key "$@")" if [ "x$VALUE" != "x$JSON" ]; then printf %s "$VALUE" fi } base64url() { printf %s "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '=' } sha256hmac() { base64url "$(printf %s "$2" | openssl dgst -sha256 -hmac "$1" -binary -)" } get_manifest_key() { get_json_key "$1" "$(unzip -p "$2" manifest.json)" } generate_jwt() { local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}' local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64) local ISSUED_AT_TIME=$(date -u +%s) local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300)) local JWT_PAYLOAD="$(cat <<EOF { "iss": "$API_KEY", "jti": "$JWT_ID", "iat": $ISSUED_AT_TIME, "exp": $EXPIRATION_TIME } EOF )" local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD") local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE") local JWT=$JWT_MESSAGE.$JWT_SIGNATURE printf "Using JWT: $JWT\n" >&2 printf $JWT } get_extension_url() { EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")" EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")" if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then printf "Couldn't extract extension id and version. Please check if %s contains proper manifest.json file.\n" \ "$XPI_PATH" >&2 exit 1 fi printf 'https://addons.mozilla.org/api/v4/addons/%s/versions/%s/' \ "$EXTENSION_ID" "$EXTENSION_VER" } print_usage() { printf 'Usage: %s upload|check|test API_KEY SECRET XPI_PATH\n' \ "$_PROG_NAME" >&2 } if [ $# != 4 ]; then print_usage exit 1 fi unset RETURNED_DATA case "$OPERATION" in test) curl "https://addons.mozilla.org/api/v4/accounts/profile/" \ -g -H "Authorization: JWT $(generate_jwt)" printf '\n' ;; check) RETURNED_DATA="$(curl $(get_extension_url) \ -g -H "Authorization: JWT $(generate_jwt)")" ;; upload) RETURNED_DATA="$(curl $(get_extension_url) \ -g -XPUT --form "upload=@$XPI_PATH" \ -H "Authorization: JWT $(generate_jwt)")" ;; *) print_usage exit 1 ;; esac if [ -n "$RETURNED_DATA" ]; then printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA" DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")" if [ -n "$DOWNLOAD_URL" ]; then printf "Downloading extension file from %s\n" "$DOWNLOAD_URL" curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O fi fi