https-get

#!/usr/bin/env ruby
# frozen_string_literal: true

# Copyright (c) 2011 The University of Manchester, UK.
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice,
#    this list of conditions and the following disclaimer.
#
#  * Redistributions in binary form must reproduce the above copyright notice,
#    this list of conditions and the following disclaimer in the documentation
#    and/or other materials provided with the distribution.
#
#  * Neither the names of The University of Manchester nor the names of its
#    contributors may be used to endorse or promote products derived from this
#    software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# Author: Robert Haines

require 'uri'
require 'net/https'
require 'optparse'

CA_PATH = '/etc/ssl/certs'

options = { ca_path: CA_PATH }
opts = OptionParser.new do |opt|
  opt.banner = 'Usage: https-get [options] URI'
  opt.separator '  GET the first 200 bytes of whatever is at the supplied URI,'
  opt.separator '  where URI is a https URI and [options] (curl-like) can be:'
  opt.on('-E CERT_FILE:PASSWORD', '--cert=CERT_FILE:PASSWORD', 'Use the ' \
    'specified client certificate file. If the optional password is not ' \
    'provided it will be asked for on the command line. Must be in PEM ' \
    'format.') do |val|
    cert, pass = val.chomp.split(':', 2)
    options[:client_cert] = cert
    options[:client_pass] = pass if pass
  end
  opt.on('--cacert=CERT_FILE', 'Use the specified certificate file to ' \
    'verify the peer. Must be in PEM format.') do |val|
    options[:ca_file] = val.chomp
  end
  opt.on('--capath=CERTS_PATH', 'Use the specified certificate directory to ' \
    'verify the peer. Certificates must be in PEM format (defaults to ' \
    "'#{CA_PATH}').") do |val|
    options[:ca_path] = val.chomp
  end
  opt.on('-k', '--insecure', 'Allow insecure connections: no peer ' \
    'verification.') do
    options[:no_verify] = true
  end
  opt.on_tail('-h', '-?', '--help', 'Show this help message.') do
    puts opt
    exit
  end
  opt.on_tail('-v', '--version', 'Show the version.') do
    puts '2.0'
    exit
  end
end

opts.parse!

begin
  uri = URI.parse(ARGV[0])
rescue StandardError
  puts opts
  exit(1)
end

unless uri.scheme == 'https'
  puts 'Please use a https address'
  puts opts
  exit(1)
end

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

# Peer verification
if options[:no_verify]
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
else
  if options[:ca_file]
    http.ca_file = options[:ca_file]
  else
    http.ca_path = options[:ca_path]
  end
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
end

# Client authentication
if options[:client_cert]
  pem = File.read(options[:client_cert])
  http.cert = OpenSSL::X509::Certificate.new(pem)
  http.key = OpenSSL::PKey::RSA.new(pem, options[:client_pass])
end

request = Net::HTTP::Get.new(uri.path)
request['Accept'] = '*/*'
request['Range'] = 'bytes=0-199'
response = http.request(request)

puts "Status: #{response.code}\n  Body:\n#{response.body}..."