-
Notifications
You must be signed in to change notification settings - Fork 211
/
scurl.sh
executable file
·58 lines (48 loc) · 1.48 KB
/
scurl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the Apache 2.0 License.
set -e
# Loop through all arguments and find request data and private key
next_is_data=false
next_is_privk=false
for item in "$@" ; do
if [ "$next_is_data" == true ]; then
request=$item
next_is_data=false
fi
if [ "$next_is_privk" == true ]; then
privk=$item
next_is_privk=false
fi
if [ "$item" == "-d" ] || [ "$item" == "--data-binary" ]; then
next_is_data=true
fi
if [ "$item" == "--key" ]; then
next_is_privk=true
fi
done
if [ -z "$request" ]; then
echo "No request found in arguments (-d or --data-binary)"
exit 1
fi
if [ -z "$privk" ]; then
echo "No private key found in arguments (--key)"
exit 1
fi
# If the first letter of the request is @, consider it a filename
if [ "$(echo "$request" | cut -c1)" == "@" ]; then
request="${request:1}"
request=$(cat "$request")
fi
date=$(date "+%a, %d %b %Y %H:%M:%S %Z")
req_digest=$(echo -n "$request" | openssl dgst -sha256 -binary | openssl base64)
# Construct string to sign
string_to_sign="date: $date
digest: SHA-256=$req_digest"
# Compute signature
signed_raw=$(echo -n "$string_to_sign" | openssl dgst -sha256 -sign "$privk" | openssl base64 -A)
curl \
-H "Date: $date" \
-H "Digest: SHA-256=$req_digest" \
-H "Authorization: Signature keyId=\"tls\",algorithm=\"ecdsa-sha256\",headers=\"date digest\",signature=\"$signed_raw\"" \
"$@"