paxbun · July 18, 2025 05:47
diff --git a/Generate-AppStore-Jwt.ps1 b/Generate-AppStore-Jwt.ps1
 param (
    [Parameter(Mandatory=$true)] [string] $ApiKey,
    [Parameter(Mandatory=$true)] [string] $ApiIssuer,
    [string] $KeyFile
 )

 function To-Base64Url([byte[]] $Bytes) {
    return [Convert]::ToBase64String($Bytes).Replace("+","-").Replace("/","_").TrimEnd("=");
 }

 if (-not $KeyFile) {
    $searchDirs = @();
    if ($env:API_PRIVATE_KEYS_DIR) {
        $searchDirs += $env:API_PRIVATE_KEYS_DIR;
    }
    $searchDirs += @(
        "./private_keys"
        Join-Path $env:HOME "private_keys"
        Join-Path $env:HOME ".private_keys"
        Join-Path $env:HOME ".appstoreconnect/private_keys"
    );
    foreach ($dir in $searchDirs) {
        $candidate = Join-Path $dir "AuthKey_$ApiKey.p8";
        if (Test-Path $candidate) {
            $KeyFile = $candidate;
            break;
        }
    }
    if (-not $KeyFile) {
        Write-Error "Could not find AuthKey_$ApiKey.p8 in any of: $($searchDirs -join ', ')";
        exit 1;
    }
 }

 # exp = now + 20 minutes
 $expiry = [int]([DateTimeOffset]::UtcNow.ToUnixTimeSeconds() + 1200);
 $header = @{ alg = "ES256"; kid = $ApiKey } | ConvertTo-Json -Compress;
 $payload = @{ iss = $ApiIssuer; exp = $expiry; aud = "appstoreconnect-v1" } | ConvertTo-Json -Compress;

 $headerB64 = To-Base64Url([Text.Encoding]::UTF8.GetBytes($header));
 $payloadB64 = To-Base64Url([Text.Encoding]::UTF8.GetBytes($payload));
 $data = "$headerB64.$payloadB64";

 $keyPem = Get-Content $KeyFile -Raw
 $key = [System.Security.Cryptography.ECDsa]::Create();
 $key.ImportFromPem($keyPem);

 $dataBytes = [Text.Encoding]::ASCII.GetBytes($data);
 $signature = $key.SignData($dataBytes, [System.Security.Cryptography.HashAlgorithmName]::SHA256);

 $signatureB64 = To-Base64Url($signature);
 $jwt = "$data.$signatureB64";
 return $jwt;
	param (
	[Parameter(Mandatory=$true)] [string] $ApiKey,
	[Parameter(Mandatory=$true)] [string] $ApiIssuer,
	[string] $KeyFile
	)

	function To-Base64Url([byte[]] $Bytes) {
	return [Convert]::ToBase64String($Bytes).Replace("+","-").Replace("/","_").TrimEnd("=");
	}

	if (-not $KeyFile) {
	$searchDirs = @();
	if ($env:API_PRIVATE_KEYS_DIR) {
	$searchDirs += $env:API_PRIVATE_KEYS_DIR;
	}
	$searchDirs += @(
	"./private_keys"
	Join-Path $env:HOME "private_keys"
	Join-Path $env:HOME ".private_keys"
	Join-Path $env:HOME ".appstoreconnect/private_keys"
	);
	foreach ($dir in $searchDirs) {
	$candidate = Join-Path $dir "AuthKey_$ApiKey.p8";
	if (Test-Path $candidate) {
	$KeyFile = $candidate;
	break;
	}
	}
	if (-not $KeyFile) {
	Write-Error "Could not find AuthKey_$ApiKey.p8 in any of: $($searchDirs -join ', ')";
	exit 1;
	}
	}

	# exp = now + 20 minutes
	$expiry = [int]([DateTimeOffset]::UtcNow.ToUnixTimeSeconds() + 1200);
	$header = @{ alg = "ES256"; kid = $ApiKey } \| ConvertTo-Json -Compress;
	$payload = @{ iss = $ApiIssuer; exp = $expiry; aud = "appstoreconnect-v1" } \| ConvertTo-Json -Compress;

	$headerB64 = To-Base64Url([Text.Encoding]::UTF8.GetBytes($header));
	$payloadB64 = To-Base64Url([Text.Encoding]::UTF8.GetBytes($payload));
	$data = "$headerB64.$payloadB64";

	$keyPem = Get-Content $KeyFile -Raw
	$key = [System.Security.Cryptography.ECDsa]::Create();
	$key.ImportFromPem($keyPem);

	$dataBytes = [Text.Encoding]::ASCII.GetBytes($data);
	$signature = $key.SignData($dataBytes, [System.Security.Cryptography.HashAlgorithmName]::SHA256);

	$signatureB64 = To-Base64Url($signature);
	$jwt = "$data.$signatureB64";
	return $jwt;