x509roots: check HTTP response status code and media type

The HTTP response status code is expected to be 200 OK, and
the certdata.txt file media type is expected to be plain text.
Check that it is before proceeding with parsing it.

Might help avoid repeats of CL 535735.

Change-Id: I1a7896b3e20d33a23fdc53c572ae9700c9eae1ef
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536717
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Commit-Queue: Roland Shoemaker <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>

Author: dmitshur

x509roots/gen_fallback_bundle.go

@@ -17,6 +17,7 @@ import (
 	"go/format"
 	"io"
 	"log"
+	"mime"
 	"net/http"
 	"os"
 	"sort"
@@ -86,6 +87,16 @@ func main() {
 			log.Fatalf("failed to request %q: %s", *certDataURL, err)
 		}
 		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			body, _ := io.ReadAll(io.LimitReader(resp.Body, 4<<10))
+			log.Fatalf("got non-200 OK status code: %v body: %q", resp.Status, body)
+		} else if ct, want := resp.Header.Get("Content-Type"), `text/plain; charset="UTF-8"`; ct != want {
+			if mediaType, _, err := mime.ParseMediaType(ct); err != nil {
+				log.Fatalf("bad Content-Type header %q: %v", ct, err)
+			} else if mediaType != "text/plain" {
+				log.Fatalf("got media type %q, want %q", mediaType, "text/plain")
+			}
+		}
 		certdata = resp.Body
 	}