path: root/upload_amo.sh

#!/bin/sh

# This file is part of Haketilo
#
# Copyright (C) 2021, Wojtek Kosior
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
#
#
# I, Wojtek Kosior, thereby promise not to sue for violation of this file's
# license. Although I request that you do not make use this code in a
# proprietary program, I am not going to enforce this in court.

set -e

base64url() {
    echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
}

sha256hmac() {
    base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
}

if [ $# != 3 ]; then
   echo "Usage:  $0 API_KEY SECRET XPI_PATH" 1>&2
   exit 1
fi

API_KEY="$1"
SECRET="$2"
XPI_PATH="$3"
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
ISSUED_AT_TIME=$(date -u +%s)
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
JWT_PAYLOAD=$(cat <<EOF
{
    "iss": "$API_KEY",
    "jti": "$JWT_ID",
    "iat": $ISSUED_AT_TIME,
    "exp": $EXPIRATION_TIME
}
EOF
	   )
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
JWT=$JWT_MESSAGE.$JWT_SIGNATURE

# Query one of Mozilla endpoints to verify that JWT authentication works.
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \
     -H "Authorization: JWT $JWT"

# TODO: Do the actual upload.