summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--copyright5
-rwxr-xr-xupload_amo.sh64
2 files changed, 69 insertions, 0 deletions
diff --git a/copyright b/copyright
index de411e0..bc79477 100644
--- a/copyright
+++ b/copyright
@@ -11,6 +11,11 @@ Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
2021 jahoti <jahoti@tilde.team>
License: CC0
+Files: upload_amo.sh
+Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
+License: GPL-3+
+Comment: Wojtek Kosior promises not to sue.
+
Files: icons/*
Copyright: 2017 David Lyons <https://openclipart.org/artist/davidblyons>
License: CC0 or CC-BY-SA-4.0
diff --git a/upload_amo.sh b/upload_amo.sh
new file mode 100755
index 0000000..3ac7028
--- /dev/null
+++ b/upload_amo.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+# This file is part of Haketilo
+#
+# Copyright (C) 2021, Wojtek Kosior
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+#
+# I, Wojtek Kosior, thereby promise not to sue for violation of this file's
+# license. Although I request that you do not make use this code in a
+# proprietary program, I am not going to enforce this in court.
+
+set -e
+
+base64url() {
+ echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
+}
+
+sha256hmac() {
+ base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
+}
+
+if [ $# != 3 ]; then
+ echo "Usage: $0 API_KEY SECRET XPI_PATH" 1>&2
+ exit 1
+fi
+
+API_KEY="$1"
+SECRET="$2"
+XPI_PATH="$3"
+JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
+JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
+ISSUED_AT_TIME=$(date -u +%s)
+EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
+JWT_PAYLOAD=$(cat <<EOF
+{
+ "iss": "$API_KEY",
+ "jti": "$JWT_ID",
+ "iat": $ISSUED_AT_TIME,
+ "exp": $EXPIRATION_TIME
+}
+EOF
+ )
+JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
+JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
+JWT=$JWT_MESSAGE.$JWT_SIGNATURE
+
+# Query one of Mozilla endpoints to verify that JWT authentication works.
+curl "https://addons.mozilla.org/api/v5/accounts/profile/" \
+ -H "Authorization: JWT $JWT"
+
+# TODO: Do the actual upload.