diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-10-01 13:13:55 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-10-01 13:13:55 +0200 |
commit | ea30326e242a73d3cb06589fb97cf81b674ae2e3 (patch) | |
tree | 1c9875f8661f8d354ab9555a1d685111aabb43e4 | |
parent | 960363e7dd98a724246320e49c3fbaff9d68d1bd (diff) | |
download | browser-extension-ea30326e242a73d3cb06589fb97cf81b674ae2e3.tar.gz browser-extension-ea30326e242a73d3cb06589fb97cf81b674ae2e3.zip |
add shell script facilitating generation of JWT
-rw-r--r-- | copyright | 5 | ||||
-rwxr-xr-x | upload_amo.sh | 64 |
2 files changed, 69 insertions, 0 deletions
@@ -11,6 +11,11 @@ Copyright: 2021 Wojtek Kosior <koszko@koszko.org> 2021 jahoti <jahoti@tilde.team> License: CC0 +Files: upload_amo.sh +Copyright: 2021 Wojtek Kosior <koszko@koszko.org> +License: GPL-3+ +Comment: Wojtek Kosior promises not to sue. + Files: icons/* Copyright: 2017 David Lyons <https://openclipart.org/artist/davidblyons> License: CC0 or CC-BY-SA-4.0 diff --git a/upload_amo.sh b/upload_amo.sh new file mode 100755 index 0000000..3ac7028 --- /dev/null +++ b/upload_amo.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# This file is part of Haketilo +# +# Copyright (C) 2021, Wojtek Kosior +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. +# +# +# I, Wojtek Kosior, thereby promise not to sue for violation of this file's +# license. Although I request that you do not make use this code in a +# proprietary program, I am not going to enforce this in court. + +set -e + +base64url() { + echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '=' +} + +sha256hmac() { + base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)" +} + +if [ $# != 3 ]; then + echo "Usage: $0 API_KEY SECRET XPI_PATH" 1>&2 + exit 1 +fi + +API_KEY="$1" +SECRET="$2" +XPI_PATH="$3" +JWT_HEAD='{"alg":"HS256", "typ":"JWT"}' +JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64) +ISSUED_AT_TIME=$(date -u +%s) +EXPIRATION_TIME=$((ISSUED_AT_TIME + 300)) +JWT_PAYLOAD=$(cat <<EOF +{ + "iss": "$API_KEY", + "jti": "$JWT_ID", + "iat": $ISSUED_AT_TIME, + "exp": $EXPIRATION_TIME +} +EOF + ) +JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD") +JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE") +JWT=$JWT_MESSAGE.$JWT_SIGNATURE + +# Query one of Mozilla endpoints to verify that JWT authentication works. +curl "https://addons.mozilla.org/api/v5/accounts/profile/" \ + -H "Authorization: JWT $JWT" + +# TODO: Do the actual upload. |