1 // Copyright 2019 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // authtest is a diagnostic tool for implementations of the GOAUTH protocol
6 // described in https://golang.org/issue/26232.
8 // It accepts a single URL as an argument, and executes the GOAUTH protocol to
9 // fetch and display the headers for that URL.
11 // CAUTION: authtest logs the GOAUTH responses, which may include user
12 // credentials, to stderr. Do not post its output unless you are certain that
13 // all of the credentials involved are fake!
32 var v = flag.Bool("v", false, "if true, log GOAUTH responses to stderr")
35 log.SetFlags(log.LstdFlags | log.Lshortfile)
39 log.Fatalf("usage: [GOAUTH=CMD...] %s URL", filepath.Base(os.Args[0]))
42 resp := try(args[0], nil)
43 if resp.StatusCode == http.StatusOK {
47 resp = try(args[0], resp)
48 if resp.StatusCode != http.StatusOK {
53 func try(url string, prev *http.Response) *http.Response {
54 req := new(http.Request)
59 req, err = http.NewRequest("HEAD", os.Args[1], nil)
66 for _, argList := range strings.Split(os.Getenv("GOAUTH"), ";") {
67 // TODO(golang.org/issue/26849): If we escape quoted strings in GOFLAGS, use
68 // the same quoting here.
69 args := strings.Split(argList, " ")
70 if len(args) == 0 || args[0] == "" {
71 log.Fatalf("invalid or empty command in GOAUTH")
74 creds, err := getCreds(args, prev)
78 for _, c := range creds {
80 fmt.Fprintf(os.Stderr, "# request to %s\n", req.URL)
81 fmt.Fprintf(os.Stderr, "%s %s %s\n", req.Method, req.URL, req.Proto)
82 req.Header.Write(os.Stderr)
83 fmt.Fprintln(os.Stderr)
89 resp, err := http.DefaultClient.Do(req)
93 defer resp.Body.Close()
95 if resp.StatusCode != http.StatusOK && resp.StatusCode < 400 || resp.StatusCode > 500 {
96 log.Fatalf("unexpected status: %v", resp.Status)
99 fmt.Fprintf(os.Stderr, "# response from %s\n", resp.Request.URL)
100 formatHead(os.Stderr, resp)
104 func formatHead(out io.Writer, resp *http.Response) {
105 fmt.Fprintf(out, "%s %s\n", resp.Proto, resp.Status)
106 if err := resp.Header.Write(out); err != nil {
113 URLPrefixes []*url.URL
117 func (c Cred) Apply(req *http.Request) bool {
122 for _, prefix := range c.URLPrefixes {
123 if prefix.Host == req.URL.Host &&
124 (req.URL.Path == prefix.Path ||
125 (strings.HasPrefix(req.URL.Path, prefix.Path) &&
126 (strings.HasSuffix(prefix.Path, "/") ||
127 req.URL.Path[len(prefix.Path)] == '/'))) {
136 for k, vs := range c.Header {
138 for _, v := range vs {
145 func (c Cred) String() string {
146 var buf strings.Builder
147 for _, u := range c.URLPrefixes {
148 fmt.Fprintln(&buf, u)
150 buf.WriteString("\n")
152 buf.WriteString("\n")
156 func getCreds(args []string, resp *http.Response) ([]Cred, error) {
157 cmd := exec.Command(args[0], args[1:]...)
158 cmd.Stderr = os.Stderr
161 u := *resp.Request.URL
163 cmd.Args = append(cmd.Args, u.String())
166 var head strings.Builder
168 formatHead(&head, resp)
170 cmd.Stdin = strings.NewReader(head.String())
172 fmt.Fprintf(os.Stderr, "# %s\n", strings.Join(cmd.Args, " "))
173 out, err := cmd.Output()
175 return nil, fmt.Errorf("%s: %v", strings.Join(cmd.Args, " "), err)
178 os.Stderr.WriteString("\n")
181 r := textproto.NewReader(bufio.NewReader(bytes.NewReader(out)))
185 var prefixes []*url.URL
187 prefix, err := r.ReadLine()
189 if len(prefixes) > 0 {
190 return nil, fmt.Errorf("line %d: %v", line, io.ErrUnexpectedEOF)
197 if len(prefixes) == 0 {
198 return nil, fmt.Errorf("line %d: unexpected newline", line)
202 u, err := url.Parse(prefix)
204 return nil, fmt.Errorf("line %d: malformed URL: %v", line, err)
206 if u.Scheme != "https" {
207 return nil, fmt.Errorf("line %d: non-HTTPS URL %q", line, prefix)
209 if len(u.RawQuery) > 0 {
210 return nil, fmt.Errorf("line %d: unexpected query string in URL %q", line, prefix)
212 if len(u.Fragment) > 0 {
213 return nil, fmt.Errorf("line %d: unexpected fragment in URL %q", line, prefix)
215 prefixes = append(prefixes, u)
218 header, err := r.ReadMIMEHeader()
220 return nil, fmt.Errorf("headers at line %d: %v", line, err)
223 creds = append(creds, Cred{
224 URLPrefixes: prefixes,
225 Header: http.Header(header),