| blob | 02dbd0ad00c6390394ac155b4f10c8b8703b17b1 |
1 /*
2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "cms-create-sd"
37 name = "sign"
38 option = {
39 long = "certificate"
40 short = "c"
41 type = "strings"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
44 }
45 option = {
46 long = "signer"
47 short = "s"
48 type = "string"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
51 }
52 option = {
53 long = "anchors"
54 type = "strings"
55 argument = "certificate-store"
56 help = "trust anchors"
57 }
58 option = {
59 long = "pool"
60 type = "strings"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
63 }
64 option = {
65 long = "pass"
66 type = "strings"
67 argument = "password"
68 help = "password, prompter, or environment"
69 }
70 option = {
71 long = "peer-alg"
72 type = "strings"
73 argument = "oid"
74 help = "oid that the peer support"
75 }
76 option = {
77 long = "content-type"
78 type = "string"
79 argument = "oid"
80 help = "content type oid"
81 }
82 option = {
83 long = "content-info"
84 type = "flag"
85 help = "wrapped out-data in a ContentInfo"
86 }
87 option = {
88 long = "pem"
89 type = "flag"
90 help = "wrap out-data in PEM armor"
91 }
92 option = {
93 long = "detached-signature"
94 type = "flag"
95 help = "create a detached signature"
96 }
97 option = {
98 long = "signer"
99 type = "-flag"
100 help = "do not sign"
101 }
102 option = {
103 long = "id-by-name"
104 type = "flag"
105 help = "use subject name for CMS Identifier"
106 }
107 min_args="1"
108 max_args="2"
109 argument="in-file out-file"
110 help = "Wrap a file within a SignedData object"
111 }
112 command = {
113 name = "cms-verify-sd"
114 name = "verify"
115 option = {
116 long = "anchors"
117 type = "strings"
118 argument = "certificate-store"
119 help = "trust anchors"
120 }
121 option = {
122 long = "certificate"
123 short = "c"
124 type = "strings"
125 argument = "certificate-store"
126 help = "certificate store to pull certificates from"
127 }
128 option = {
129 long = "pass"
130 type = "strings"
131 argument = "password"
132 help = "password, prompter, or environment"
133 }
134 option = {
135 long = "missing-revoke"
136 type = "flag"
137 help = "missing CRL/OCSP is ok"
138 }
139 option = {
140 long = "content-info"
141 type = "flag"
142 help = "unwrap in-data that's in a ContentInfo"
143 }
144 option = {
145 long = "pem"
146 type = "flag"
147 help = "unwrap in-data from PEM armor"
148 }
149 option = {
150 long = "signer-allowed"
151 type = "-flag"
152 help = "allow no signer"
153 }
154 option = {
155 long = "signed-content"
156 type = "string"
157 help = "file containing content"
158 }
159 min_args="1"
160 max_args="2"
161 argument="in-file [out-file]"
162 help = "Verify a file within a SignedData object"
163 }
164 command = {
165 name = "cms-unenvelope"
166 option = {
167 long = "certificate"
168 short = "c"
169 type = "strings"
170 argument = "certificate-store"
171 help = "certificate used to decrypt the data"
172 }
173 option = {
174 long = "pass"
175 type = "strings"
176 argument = "password"
177 help = "password, prompter, or environment"
178 }
179 option = {
180 long = "content-info"
181 type = "flag"
182 help = "wrapped out-data in a ContentInfo"
183 }
184 option = {
185 long = "allow-weak-crypto"
186 type = "flag"
187 help = "allow weak crypto"
188 }
189 min_args="2"
190 argument="in-file out-file"
191 help = "Unenvelope a file containing a EnvelopedData object"
192 }
193 command = {
194 name = "cms-envelope"
195 function = "cms_create_enveloped"
196 option = {
197 long = "certificate"
198 short = "c"
199 type = "strings"
200 argument = "certificate-store"
201 help = "certificates used to receive the data"
202 }
203 option = {
204 long = "pass"
205 type = "strings"
206 argument = "password"
207 help = "password, prompter, or environment"
208 }
209 option = {
210 long = "encryption-type"
211 type = "string"
212 argument = "enctype"
213 help = "enctype"
214 }
215 option = {
216 long = "content-type"
217 type = "string"
218 argument = "oid"
219 help = "content type oid"
220 }
221 option = {
222 long = "content-info"
223 type = "flag"
224 help = "wrapped out-data in a ContentInfo"
225 }
226 option = {
227 long = "allow-weak-crypto"
228 type = "flag"
229 help = "allow weak crypto"
230 }
231 min_args="2"
232 argument="in-file out-file"
233 help = "Envelope a file containing a EnvelopedData object"
234 }
235 command = {
236 name = "verify"
237 function = "pcert_verify"
238 option = {
239 long = "pass"
240 type = "strings"
241 argument = "password"
242 help = "password, prompter, or environment"
243 }
244 option = {
245 long = "allow-proxy-certificate"
246 type = "flag"
247 help = "allow proxy certificates"
248 }
249 option = {
250 long = "missing-revoke"
251 type = "flag"
252 help = "missing CRL/OCSP is ok"
253 }
254 option = {
255 long = "time"
256 type = "string"
257 help = "time when to validate the chain"
258 }
259 option = {
260 long = "verbose"
261 short = "v"
262 type = "flag"
263 help = "verbose logging"
264 }
265 option = {
266 long = "max-depth"
267 type = "integer"
268 help = "maximum search length of certificate trust anchor"
269 }
270 option = {
271 long = "hostname"
272 type = "string"
273 help = "match hostname to certificate"
274 }
275 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
276 help = "Verify certificate chain"
277 }
278 command = {
279 name = "print"
280 function = "pcert_print"
281 option = {
282 long = "pass"
283 type = "strings"
284 argument = "password"
285 help = "password, prompter, or environment"
286 }
287 option = {
288 long = "content"
289 type = "flag"
290 help = "print the content of the certificates"
291 }
292 option = {
293 long = "never-fail"
294 type = "flag"
295 help = "never fail with an error code"
296 }
297 option = {
298 long = "info"
299 type = "flag"
300 help = "print the information about the certificate store"
301 }
302 min_args="1"
303 argument="certificate ..."
304 help = "Print certificates"
305 }
306 command = {
307 name = "validate"
308 function = "pcert_validate"
309 option = {
310 long = "pass"
311 type = "strings"
312 argument = "password"
313 help = "password, prompter, or environment"
314 }
315 min_args="1"
316 argument="certificate ..."
317 help = "Validate content of certificates"
318 }
319 command = {
320 name = "certificate-copy"
321 name = "cc"
322 option = {
323 long = "in-pass"
324 type = "strings"
325 argument = "password"
326 help = "password, prompter, or environment"
327 }
328 option = {
329 long = "out-pass"
330 type = "string"
331 argument = "password"
332 help = "password, prompter, or environment"
333 }
334 min_args="2"
335 argument="in-certificates-1 ... out-certificate"
336 help = "Copy in certificates stores into out certificate store"
337 }
338 command = {
339 name = "ocsp-fetch"
340 option = {
341 long = "pass"
342 type = "strings"
343 argument = "password"
344 help = "password, prompter, or environment"
345 }
346 option = {
347 long = "sign"
348 type = "string"
349 argument = "certificate"
350 help = "certificate use to sign the request"
351 }
352 option = {
353 long = "url-path"
354 type = "string"
355 argument = "url"
356 help = "part after host in url to put in the request"
357 }
358 option = {
359 long = "nonce"
360 type = "-flag"
361 default = "1"
362 help = "don't include nonce in request"
363 }
364 option = {
365 long = "pool"
366 type = "strings"
367 argument = "certificate-store"
368 help = "pool to find parent certificate in"
369 }
370 min_args="2"
371 argument="outfile certs ..."
372 help = "Fetch OCSP responses for the following certs"
373 }
374 command = {
375 option = {
376 long = "ocsp-file"
377 type = "string"
378 help = "OCSP file"
379 }
380 name = "ocsp-verify"
381 min_args="1"
382 argument="certificates ..."
383 help = "Check that certificates are in OCSP file and valid"
384 }
385 command = {
386 name = "ocsp-print"
387 option = {
388 long = "verbose"
389 type = "flag"
390 help = "verbose"
391 }
392 min_args="1"
393 argument="ocsp-response-file ..."
394 help = "Print the OCSP responses"
395 }
396 command = {
397 name = "request-create"
398 option = {
399 long = "subject"
400 type = "string"
401 help = "Subject DN"
402 }
403 option = {
404 long = "email"
405 type = "strings"
406 help = "Email address in SubjectAltName"
407 }
408 option = {
409 long = "dnsname"
410 type = "strings"
411 help = "Hostname or domainname in SubjectAltName"
412 }
413 option = {
414 long = "type"
415 type = "string"
416 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
417 }
418 option = {
419 long = "key"
420 type = "string"
421 help = "Key-pair"
422 }
423 option = {
424 long = "generate-key"
425 type = "string"
426 help = "keytype"
427 }
428 option = {
429 long = "key-bits"
430 type = "integer"
431 help = "number of bits in the generated key";
432 }
433 option = {
434 long = "verbose"
435 type = "flag"
436 help = "verbose status"
437 }
438 min_args="1"
439 max_args="1"
440 argument="output-file"
441 help = "Create a CRMF or PKCS10 request"
442 }
443 command = {
444 name = "request-print"
445 option = {
446 long = "verbose"
447 type = "flag"
448 help = "verbose printing"
449 }
450 min_args="1"
451 argument="requests ..."
452 help = "Print requests"
453 }
454 command = {
455 name = "query"
456 option = {
457 long = "exact"
458 type = "flag"
459 help = "exact match"
460 }
461 option = {
462 long = "private-key"
463 type = "flag"
464 help = "search for private key"
465 }
466 option = {
467 long = "friendlyname"
468 type = "string"
469 argument = "name"
470 help = "match on friendly name"
471 }
472 option = {
473 long = "eku"
474 type = "string"
475 argument = "oid-string"
476 help = "match on EKU"
477 }
478 option = {
479 long = "expr"
480 type = "string"
481 argument = "expression"
482 help = "match on expression"
483 }
484 option = {
485 long = "keyEncipherment"
486 type = "flag"
487 help = "match keyEncipherment certificates"
488 }
489 option = {
490 long = "digitalSignature"
491 type = "flag"
492 help = "match digitalSignature certificates"
493 }
494 option = {
495 long = "print"
496 type = "flag"
497 help = "print matches"
498 }
499 option = {
500 long = "pass"
501 type = "strings"
502 argument = "password"
503 help = "password, prompter, or environment"
504 }
505 min_args="1"
506 argument="certificates ..."
507 help = "Query the certificates for a match"
508 }
509 command = {
510 name = "info"
511 }
512 command = {
513 name = "random-data"
514 min_args="1"
515 argument="bytes"
516 help = "Generates random bytes and prints them to standard output"
517 }
518 command = {
519 option = {
520 long = "type"
521 type = "string"
522 help = "type of CMS algorithm"
523 }
524 name = "crypto-available"
525 min_args="0"
526 help = "Print available CMS crypto types"
527 }
528 command = {
529 option = {
530 long = "type"
531 type = "string"
532 help = "type of CMS algorithm"
533 }
534 option = {
535 long = "certificate"
536 type = "string"
537 help = "source certificate limiting the choices"
538 }
539 option = {
540 long = "peer-cmstype"
541 type = "strings"
542 help = "peer limiting cmstypes"
543 }
544 name = "crypto-select"
545 min_args="0"
546 help = "Print selected CMS type"
547 }
548 command = {
549 option = {
550 long = "decode"
551 short = "d"
552 type = "flag"
553 help = "decode instead of encode"
554 }
555 name = "hex"
556 function = "hxtool_hex"
557 min_args="0"
558 help = "Encode input to hex"
559 }
560 command = {
561 option = {
562 long = "issue-ca"
563 type = "flag"
564 help = "Issue a CA certificate"
565 }
566 option = {
567 long = "issue-proxy"
568 type = "flag"
569 help = "Issue a proxy certificate"
570 }
571 option = {
572 long = "domain-controller"
573 type = "flag"
574 help = "Issue a MS domaincontroller certificate"
575 }
576 option = {
577 long = "subject"
578 type = "string"
579 help = "Subject of issued certificate"
580 }
581 option = {
582 long = "ca-certificate"
583 type = "string"
584 help = "Issuing CA certificate"
585 }
586 option = {
587 long = "self-signed"
588 type = "flag"
589 help = "Issuing a self-signed certificate"
590 }
591 option = {
592 long = "ca-private-key"
593 type = "string"
594 help = "Private key for self-signed certificate"
595 }
596 option = {
597 long = "certificate"
598 type = "string"
599 help = "Issued certificate"
600 }
601 option = {
602 long = "type"
603 type = "strings"
604 help = "Types of certificate to issue (can be used more then once)"
605 }
606 option = {
607 long = "lifetime"
608 type = "string"
609 help = "Lifetime of certificate"
610 }
611 option = {
612 long = "serial-number"
613 type = "string"
614 help = "serial-number of certificate"
615 }
616 option = {
617 long = "path-length"
618 default = "-1"
619 type = "integer"
620 help = "Maximum path length (CA and proxy certificates), -1 no limit"
621 }
622 option = {
623 long = "hostname"
624 type = "strings"
625 help = "DNS names this certificate is allowed to serve"
626 }
627 option = {
628 long = "email"
629 type = "strings"
630 help = "email addresses assigned to this certificate"
631 }
632 option = {
633 long = "pk-init-principal"
634 type = "string"
635 help = "PK-INIT principal (for SAN)"
636 }
637 option = {
638 long = "ms-upn"
639 type = "string"
640 help = "Microsoft UPN (for SAN)"
641 }
642 option = {
643 long = "jid"
644 type = "string"
645 help = "XMPP jabber id (for SAN)"
646 }
647 option = {
648 long = "req"
649 type = "string"
650 help = "certificate request"
651 }
652 option = {
653 long = "certificate-private-key"
654 type = "string"
655 help = "private-key"
656 }
657 option = {
658 long = "generate-key"
659 type = "string"
660 help = "keytype"
661 }
662 option = {
663 long = "key-bits"
664 type = "integer"
665 help = "number of bits in the generated key"
666 }
667 option = {
668 long = "crl-uri"
669 type = "string"
670 help = "URI to CRL"
671 }
672 option = {
673 long = "template-certificate"
674 type = "string"
675 help = "certificate"
676 }
677 option = {
678 long = "template-fields"
679 type = "string"
680 help = "flag"
681 }
682 name = "certificate-sign"
683 name = "cert-sign"
684 name = "issue-certificate"
685 name = "ca"
686 function = "hxtool_ca"
687 min_args="0"
688 help = "Issue a certificate"
689 }
690 command = {
691 name = "test-crypto"
692 option = {
693 long = "pass"
694 type = "strings"
695 argument = "password"
696 help = "password, prompter, or environment"
697 }
698 option = {
699 long = "verbose"
700 type = "flag"
701 help = "verbose printing"
702 }
703 min_args="1"
704 argument="certificates..."
705 help = "Test crypto system related to the certificates"
706 }
707 command = {
708 option = {
709 long = "type"
710 type = "integer"
711 help = "type of statistics"
712 }
713 name = "statistic-print"
714 min_args="0"
715 help = "Print statistics"
716 }
717 command = {
718 option = {
719 long = "signer"
720 type = "string"
721 help = "signer certificate"
722 }
723 option = {
724 long = "pass"
725 type = "strings"
726 argument = "password"
727 help = "password, prompter, or environment"
728 }
729 option = {
730 long = "crl-file"
731 type = "string"
732 help = "CRL output file"
733 }
734 option = {
735 long = "lifetime"
736 type = "string"
737 help = "time the crl will be valid"
738 }
739 name = "crl-sign"
740 min_args="0"
741 argument="certificates..."
742 help = "Create a CRL"
743 }
744 command = {
745 name = "help"
746 name = "?"
747 argument = "[command]"
748 min_args = "0"
749 max_args = "1"
750 help = "Help! I need somebody"
751 }