bradfitz/dlgo.go

## dlgo.go
package main

import (
	"bytes"
	"crypto/x509"
	"encoding/hex"
	"flag"
	"io"
	"log"
	"net/http"
	"os"
	"path"
	"strings"
)

var (
	guessFilename = flag.Bool("O", false, "guess filename")
	outFile       = flag.String("o", "", "filename to write to; if blank, stdout")
)

func main() {
	flag.Parse()
	if flag.NArg() != 1 {
		log.Fatal("Usage: dlgo <URL>")
	}
	u := flag.Arg(0)
	if !strings.HasPrefix(u, "https://storage.googleapis.com/golang/") {
		log.Fatalf("Invalid Go URL %q; doesn't start with https://storage.googleapis.com/golang/")
	}
	if *guessFilename {
		if *outFile != "" {
			log.Fatalf("incompatible options -o and -O")
		}
		*outFile = path.Base(u)
	}

	of := os.Stdout
	if *outFile != "" {
		var err error
		of, err = os.Create(*outFile)
		if err != nil {
			log.Fatal(err)
		}
	}

	// Google Internet Authority G2, valid until end of 2016
	googCASig, err := hex.DecodeString("" +
		"aafaa920cd6a6783ed5ed47ede1dc47fe0250600" +
		"c524fba9c82d6d7ede9d82652c816334663ee952" +
		"c208b4cb2ff75f993a6a9c507a85058c7dd12a48" +
		"84d3096c7cc2cd359ff382ee52de685fe4008a17" +
		"2096f7298d9a4dcba8de86c80d6f5687037d033f" +
		"dcfa797d2119f9c83a2f51768cc74192718f25ce" +
		"37f84a4c0023efc43510aee02380737c4d342ec8" +
		"6e90d6101e9984731a70f2ed550eee1706ea67ee" +
		"32eb2cdd67073ff68bc270de5b00e6bb1bd3361a" +
		"226c6cb035426c90093d93e96409220e85069fc2" +
		"7321d3e65f80e48d85223a7303b1608eae68e2f4" +
		"3e97e76012096836de3ad6e243955b378192811f" +
		"bb8dd7ad5264165796d95e347ec835d8",
	)
	if err != nil {
		log.Fatal(err)
	}

	req, _ := http.NewRequest("GET", u, nil)
	res, err := http.DefaultTransport.RoundTrip(req)
	if err != nil {
		log.Fatal(err)
	}
	if res.TLS == nil {
		log.Fatalf("Not TLS")
	}
	sawGoog := false
	for _, verifiedChain := range res.TLS.VerifiedChains {
		for _, cert := range verifiedChain {
			if cert.IsCA &&
				cert.Subject.CommonName == "Google Internet Authority G2" &&
				cert.SignatureAlgorithm == x509.SHA256WithRSA &&
				bytes.Equal(cert.Signature, googCASig) {
				sawGoog = true
				break
			}
		}
	}
	if !sawGoog {
		log.Fatalf("didn't see Google's CA cert in the TLS chain")
	}
	if res.StatusCode != 200 {
		log.Fatalf("Invalid response status code: %v", res.Status)
	}
	if _, err := io.Copy(of, res.Body); err != nil {
		log.Fatal(err)
	}
	if err := of.Close(); err != nil {
		log.Fatal(err)
	}
}
	package main

	import (
	"bytes"
	"crypto/x509"
	"encoding/hex"
	"flag"
	"io"
	"log"
	"net/http"
	"os"
	"path"
	"strings"
	)

	var (
	guessFilename = flag.Bool("O", false, "guess filename")
	outFile = flag.String("o", "", "filename to write to; if blank, stdout")
	)

	func main() {
	flag.Parse()
	if flag.NArg() != 1 {
	log.Fatal("Usage: dlgo <URL>")
	}
	u := flag.Arg(0)
	if !strings.HasPrefix(u, "https://storage.googleapis.com/golang/") {
	log.Fatalf("Invalid Go URL %q; doesn't start with https://storage.googleapis.com/golang/")
	}
	if *guessFilename {
	if *outFile != "" {
	log.Fatalf("incompatible options -o and -O")
	}
	*outFile = path.Base(u)
	}

	of := os.Stdout
	if *outFile != "" {
	var err error
	of, err = os.Create(*outFile)
	if err != nil {
	log.Fatal(err)
	}
	}

	// Google Internet Authority G2, valid until end of 2016
	googCASig, err := hex.DecodeString("" +
	"aafaa920cd6a6783ed5ed47ede1dc47fe0250600" +
	"c524fba9c82d6d7ede9d82652c816334663ee952" +
	"c208b4cb2ff75f993a6a9c507a85058c7dd12a48" +
	"84d3096c7cc2cd359ff382ee52de685fe4008a17" +
	"2096f7298d9a4dcba8de86c80d6f5687037d033f" +
	"dcfa797d2119f9c83a2f51768cc74192718f25ce" +
	"37f84a4c0023efc43510aee02380737c4d342ec8" +
	"6e90d6101e9984731a70f2ed550eee1706ea67ee" +
	"32eb2cdd67073ff68bc270de5b00e6bb1bd3361a" +
	"226c6cb035426c90093d93e96409220e85069fc2" +
	"7321d3e65f80e48d85223a7303b1608eae68e2f4" +
	"3e97e76012096836de3ad6e243955b378192811f" +
	"bb8dd7ad5264165796d95e347ec835d8",
	)
	if err != nil {
	log.Fatal(err)
	}

	req, _ := http.NewRequest("GET", u, nil)
	res, err := http.DefaultTransport.RoundTrip(req)
	if err != nil {
	log.Fatal(err)
	}
	if res.TLS == nil {
	log.Fatalf("Not TLS")
	}
	sawGoog := false
	for _, verifiedChain := range res.TLS.VerifiedChains {
	for _, cert := range verifiedChain {
	if cert.IsCA &&
	cert.Subject.CommonName == "Google Internet Authority G2" &&
	cert.SignatureAlgorithm == x509.SHA256WithRSA &&
	bytes.Equal(cert.Signature, googCASig) {
	sawGoog = true
	break
	}
	}
	}
	if !sawGoog {
	log.Fatalf("didn't see Google's CA cert in the TLS chain")
	}
	if res.StatusCode != 200 {
	log.Fatalf("Invalid response status code: %v", res.Status)
	}
	if _, err := io.Copy(of, res.Body); err != nil {
	log.Fatal(err)
	}
	if err := of.Close(); err != nil {
	log.Fatal(err)
	}
	}