-
Notifications
You must be signed in to change notification settings - Fork 27
/
gen.go
99 lines (82 loc) · 2.1 KB
/
gen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// +build ignore
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
package main
import (
"crypto/x509"
"log"
"net/http"
"os"
"strings"
"text/template"
"time"
"bufio"
"bytes"
)
func main() {
if len(os.Args) != 2 || !strings.HasPrefix(os.Args[1], "https://") {
log.Fatal("usage: go run gen.go <url>")
}
url := os.Args[1]
resp, err := http.Get(url)
if err != nil {
log.Fatal(err)
}
if resp.StatusCode != 200 {
log.Fatal("expected 200, got", resp.StatusCode)
}
defer resp.Body.Close()
var bundle bytes.Buffer
scanner := bufio.NewScanner(resp.Body)
for scanner.Scan() {
b := scanner.Bytes()
if len(b) == 0 || b[0] == '#' {
continue
}
bundle.Write(b)
bundle.WriteByte('\n')
}
if err := scanner.Err(); err != nil {
log.Fatal("failed to read response body fully", err)
}
pool := x509.NewCertPool()
if !pool.AppendCertsFromPEM(bundle.Bytes()) {
log.Fatalf("can't parse cerficiates from %s", url)
}
fp, err := os.Create("certifi.go")
if err != nil {
log.Fatal(err)
}
defer fp.Close()
tmpl.Execute(fp, struct {
Timestamp time.Time
URL string
Bundle string
}{
Timestamp: time.Now(),
URL: url,
Bundle: bundle.String(),
})
}
var tmpl = template.Must(template.New("").Parse(`// Code generated by go generate; DO NOT EDIT.
// {{ .Timestamp }}
// {{ .URL }}
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
package gocertifi
//go:generate go run gen.go "{{ .URL }}"
import "crypto/x509"
const pemcerts string = ` + "`" + `
{{ .Bundle }}
` + "`" + `
// CACerts builds an X.509 certificate pool containing the
// certificate bundle from {{ .URL }} fetch on {{ .Timestamp }}.
// Will never actually return an error.
func CACerts() (*x509.CertPool, error) {
pool := x509.NewCertPool()
pool.AppendCertsFromPEM([]byte(pemcerts))
return pool, nil
}
`))