diff --git a/scripts/tsh-certs.sh b/scripts/tsh-certs.sh new file mode 100755 index 00000000..680f22f4 --- /dev/null +++ b/scripts/tsh-certs.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +set -o errexit # abort on nonzero exit status +set -o errtrace # pass ERR trap down to functions, substitutions, etc +set -o nounset # abort on unbound variable +set -o pipefail # don’t hide errors within pipes + +# Function to display usage information +usage() { + echo "Usage: $0 + + Arguments: + Specify the teleport tunnel to use + Specify the destination folder to copy files to + " +} + +main() { + if [[ "$#" -ne 2 ]]; then + usage + exit 1 + fi + + local teleport_tunnel="${1}" + local destination_folder="${2}" + + local -r files=( + "70000001.extra.raw" + "70000001.signature.raw" + "70000001.pubkey.raw" + "70000002.extra.raw" + "70000002.signature.raw" + "70000002.pubkey.raw" + "7fff0206.chip_id.raw" + "7fff0206.extra.raw" + "7fff0206.signature.raw" + "f0000013.cert" + "sss_70000001_0002_0040.bin" + "sss_70000002_0002_0040.bin" + "sss_F0000012_0002_0040.bin" + "sss_fat.bin" + ) + + # Create destination folder if it doesn't exist + mkdir -p "${destination_folder}" + + # Loop through the files and use tsh scp to copy each one + local file + for file in "${files[@]}"; do + echo "Copying ${file} from ${teleport_tunnel}..." + if ! tsh scp "worldcoin@${teleport_tunnel}:/usr/persistent/se/keystore/${file}" "${destination_folder}/"; then + echo "Error: Failed to copy ${file}" + fi + done +} + +# Ensure that main only runs when called as a script +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi diff --git a/scripts/upload-certs.sh b/scripts/upload-certs.sh new file mode 100755 index 00000000..b1fb5008 --- /dev/null +++ b/scripts/upload-certs.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env bash + +set -o errexit # abort on nonzero exit status +set -o errtrace # pass ERR trap down to functions, substitutions, etc +set -o nounset # abort on unbound variable +set -o pipefail # don’t hide errors within pipes + +# Function to display usage information +usage() { + echo "Usage: $0 [options] + options: + -h, --help Display this help message + -t, --token Bearer token for authentication. + -b, --backend (stage|prod) Targets the stage or prod backend. + + Environment variables (overriden by options): + FM_CLI_ENV: Must be either 'stage' or 'prod'. + FM_CLI_ORB_AUTH_INTERNAL_TOKEN: Bearer token for authentication. + + Example: + $0 -t -b stage 349df8b0 /path/to/provisioning_material" +} + +# Function to get Cloudflared access token +get_cloudflared_token() { + local -r domain="${1}" + + cloudflared access login --quiet "${domain}" + cloudflared access token -app="${domain}" +} + +main() { + local bearer="${FM_CLI_ORB_AUTH_INTERNAL_TOKEN:-""}" + local backend="${FM_CLI_ENV:-""}" + local positional_args=() + local arg + while [[ "$#" -gt 0 ]]; do + arg="${1}"; shift + case "${arg}" in + -h|--help) + usage; exit 0 ;; + -t|--bearer-token) + bearer="${1}"; shift ;; + -b|--backend) + backend="${1}"; shift ;; + -*) + echo "Unknown option: ${arg}" + usage; exit 1 ;; + *) + positional_args+=("${arg}") ;; + esac + done + set -- "${positional_args[@]}" + + if [[ $# -ne 2 ]]; then + echo "must pass " + usage + exit 1 + fi + + if [[ -z "${bearer}" ]]; then + echo "Bearer token not found. Please export FM_CLI_ORB_MANAGER_INTERNAL_TOKEN, + or pass it as an argument: -t " + exit 1 + fi + + if [[ -z "${backend}" ]]; then + echo "Environment not found. Please export FM_CLI_ENV, + or pass it as an argument: -b (stage|prod)" + exit 1 + fi + + if [[ "${backend}" != "prod" && "${backend}" != "stage" ]]; then + echo "Invalid environment: ${backend}. Must be either 'prod' or 'stage'." + exit 1 + fi + + local -r orb_id="${1}" + local -r keypath="${2}" + + # Determine the domain based on the environment + local domain + if [[ "${backend}" == "prod" ]]; then + domain="auth.internal.orb.worldcoin.dev" + else + domain="auth.internal.stage.orb.worldcoin.dev" + fi + + # Ensure the keypath exists + if [[ ! -d "$keypath" ]]; then + echo "Error: Keypath directory '$keypath' does not exist." + exit 1 + fi + + local certificate + certificate=$(sed 's/$/\\n/' "${keypath}/f0000013.cert" | tr -d \\n) + local signup_pubkey + signup_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000002_0002_0040.bin" | tr -d \\n) + local attestation_pubkey + attestation_pubkey=$(sed 's/$/\\n/' "${keypath}/sss_70000001_0002_0040.bin" | tr -d \\n) + + # Get Cloudflared token + echo "Getting Cloudflared access token..." + local cf_token + cf_token="$(get_cloudflared_token "${domain}")" + + # Post certificate + curl --fail --location \ + -H "Authorization: Bearer ${bearer}" \ + -H "cf-access-token: ${cf_token}" \ + -X POST "https://${domain}/api/v1/certificate" \ + -d '{ "orbId": "'"${orb_id}"'", "certificate": "'"${certificate}"'" }' + + # Post signup key + curl --fail --location \ + -H "Authorization: Bearer ${bearer}" \ + -H "cf-access-token: ${cf_token}" \ + -X POST "https://${domain}/api/v1/key" \ + -d '{ + "orbId": "'"${orb_id}"'", + "type": "signup", + "key": "'"${signup_pubkey}"'", + "signature": "'$(base64 -w 0 -i "${keypath}/70000002.signature.raw")'", + "extraData": "'$(base64 -w 0 -i "${keypath}/70000002.extra.raw")'" + }' + + # Post attestation key + curl --fail --location \ + -H "Authorization: Bearer ${bearer}" \ + -H "cf-access-token: ${cf_token}" \ + -X POST "https://${domain}/api/v1/key" \ + -d '{ + "orbId": "'"${orb_id}"'", + "type": "attestation", + "key": "'"${attestation_pubkey}"'", + "signature": "'$(base64 -w 0 -i "${keypath}/70000001.signature.raw")'", + "extraData": "'$(base64 -w 0 -i "${keypath}/70000001.extra.raw")'" + }' + + # Post chip ID + curl --fail --location \ + -H "Authorization: Bearer ${bearer}" \ + -H "cf-access-token: ${cf_token}" \ + -X POST "https://${domain}/api/v1/key" \ + -d '{ + "orbId": "'"${orb_id}"'", + "type": "chipid", + "key": "'"$(base64 -w 0 -i "${keypath}/7fff0206.chip_id.raw")"'", + "signature": "'$(base64 -w 0 -i "${keypath}/7fff0206.signature.raw")'", + "extraData": "'$(base64 -w 0 -i "${keypath}/7fff0206.extra.raw")'" + }' +} + +# Ensure that main only runs when called as a script +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi +