blob: 71e12ca0b3de6532ff86ed1c77325aae2d4e8346 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
#!/bin/sh
# This file is part of Haketilo
#
# Copyright (C) 2021, Wojtek Kosior
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the CC0 1.0 Universal License as published by
# the Creative Commons Corporation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# CC0 1.0 Universal License for more details.
set -e
. ./shell_utils.sh
_PROG_NAME="$0"
OPERATION="$1"
API_KEY="$2"
SECRET="$3"
XPI_PATH="$4"
base64url() {
printf %s "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
}
sha256hmac() {
base64url "$(printf %s "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
}
get_manifest_key() {
get_json_key "$1" "$(unzip -p "$2" manifest.json)"
}
generate_jwt() {
local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
local ISSUED_AT_TIME=$(date -u +%s)
local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
local JWT_PAYLOAD="$(cat <<EOF
{
"iss": "$API_KEY",
"jti": "$JWT_ID",
"iat": $ISSUED_AT_TIME,
"exp": $EXPIRATION_TIME
}
EOF
)"
local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
local JWT=$JWT_MESSAGE.$JWT_SIGNATURE
printf "Using JWT: $JWT\n" >&2
printf $JWT
}
get_extension_url() {
EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")"
EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")"
if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then
printf "Couldn't extract extension id and version. Please check if %s contains proper manifest.json file.\n" \
"$XPI_PATH" >&2
exit 1
fi
printf 'https://addons.mozilla.org/api/v4/addons/%s/versions/%s/' \
"$EXTENSION_ID" "$EXTENSION_VER"
}
print_usage() {
printf 'Usage: %s upload|check|test API_KEY SECRET XPI_PATH\n' \
"$_PROG_NAME" >&2
}
if [ $# != 4 ]; then
print_usage
exit 1
fi
unset RETURNED_DATA
case "$OPERATION" in
test)
curl "https://addons.mozilla.org/api/v4/accounts/profile/" \
-g -H "Authorization: JWT $(generate_jwt)"
printf '\n'
;;
check)
RETURNED_DATA="$(curl $(get_extension_url) \
-g -H "Authorization: JWT $(generate_jwt)")"
;;
upload)
RETURNED_DATA="$(curl $(get_extension_url) \
-g -XPUT --form "upload=@$XPI_PATH" \
-H "Authorization: JWT $(generate_jwt)")"
;;
*)
print_usage
exit 1
;;
esac
if [ -n "$RETURNED_DATA" ]; then
printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA"
DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")"
if [ -n "$DOWNLOAD_URL" ]; then
printf "Downloading extension file from %s\n" "$DOWNLOAD_URL"
curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O
fi
fi
|
