| blob | 6d105d68671dd4a42587febeee09398a2d859162 |
1 /*
2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "cms-create-sd"
37 option = {
38 long = "certificate"
39 short = "c"
40 type = "strings"
41 argument = "certificate-store"
42 help = "certificate stores to pull certificates from"
43 }
44 option = {
45 long = "signer"
46 short = "s"
47 type = "string"
48 argument = "signer-friendly-name"
49 help = "certificate to sign with"
50 }
51 option = {
52 long = "anchors"
53 type = "strings"
54 argument = "certificate-store"
55 help = "trust anchors"
56 }
57 option = {
58 long = "pool"
59 type = "strings"
60 argument = "certificate-pool"
61 help = "certificate store to pull certificates from"
62 }
63 option = {
64 long = "pass"
65 type = "strings"
66 argument = "password"
67 help = "password, prompter, or environment"
68 }
69 option = {
70 long = "peer-alg"
71 type = "strings"
72 argument = "oid"
73 help = "oid that the peer support"
74 }
75 option = {
76 long = "content-type"
77 type = "string"
78 argument = "oid"
79 help = "content type oid"
80 }
81 option = {
82 long = "content-info"
83 type = "flag"
84 help = "wrapped out-data in a ContentInfo"
85 }
86 option = {
87 long = "pem"
88 type = "flag"
89 help = "wrap out-data in PEM armor"
90 }
91 option = {
92 long = "detached-signature"
93 type = "flag"
94 help = "create a detached signature"
95 }
96 option = {
97 long = "id-by-name"
98 type = "flag"
99 help = "use subject name for CMS Identifier"
100 }
101 min_args="2"
102 max_args="2"
103 argument="in-file out-file"
104 help = "Wrap a file within a SignedData object"
105 }
106 command = {
107 name = "cms-verify-sd"
108 option = {
109 long = "anchors"
110 type = "strings"
111 argument = "certificate-store"
112 help = "trust anchors"
113 }
114 option = {
115 long = "certificate"
116 short = "c"
117 type = "strings"
118 argument = "certificate-store"
119 help = "certificate store to pull certificates from"
120 }
121 option = {
122 long = "pass"
123 type = "strings"
124 argument = "password"
125 help = "password, prompter, or environment"
126 }
127 option = {
128 long = "missing-revoke"
129 type = "flag"
130 help = "missing CRL/OCSP is ok"
131 }
132 option = {
133 long = "content-info"
134 type = "flag"
135 help = "unwrap in-data that's in a ContentInfo"
136 }
137 option = {
138 long = "pem"
139 type = "flag"
140 help = "unwrap in-data from PEM armor"
141 }
142 option = {
143 long = "signed-content"
144 type = "string"
145 help = "file containing content"
146 }
147 min_args="2"
148 max_args="2"
149 argument="in-file out-file"
150 help = "Verify a file within a SignedData object"
151 }
152 command = {
153 name = "cms-unenvelope"
154 option = {
155 long = "certificate"
156 short = "c"
157 type = "strings"
158 argument = "certificate-store"
159 help = "certificate used to decrypt the data"
160 }
161 option = {
162 long = "pass"
163 type = "strings"
164 argument = "password"
165 help = "password, prompter, or environment"
166 }
167 option = {
168 long = "content-info"
169 type = "flag"
170 help = "wrapped out-data in a ContentInfo"
171 }
172 min_args="2"
173 argument="in-file out-file"
174 help = "Unenvelope a file containing a EnvelopedData object"
175 }
176 command = {
177 name = "cms-envelope"
178 function = "cms_create_enveloped"
179 option = {
180 long = "certificate"
181 short = "c"
182 type = "strings"
183 argument = "certificate-store"
184 help = "certificates used to receive the data"
185 }
186 option = {
187 long = "pass"
188 type = "strings"
189 argument = "password"
190 help = "password, prompter, or environment"
191 }
192 option = {
193 long = "encryption-type"
194 type = "string"
195 argument = "enctype"
196 help = "enctype"
197 }
198 option = {
199 long = "content-type"
200 type = "string"
201 argument = "oid"
202 help = "content type oid"
203 }
204 option = {
205 long = "content-info"
206 type = "flag"
207 help = "wrapped out-data in a ContentInfo"
208 }
209 min_args="2"
210 argument="in-file out-file"
211 help = "Envelope a file containing a EnvelopedData object"
212 }
213 command = {
214 name = "verify"
215 function = "pcert_verify"
216 option = {
217 long = "pass"
218 type = "strings"
219 argument = "password"
220 help = "password, prompter, or environment"
221 }
222 option = {
223 long = "allow-proxy-certificate"
224 type = "flag"
225 help = "allow proxy certificates"
226 }
227 option = {
228 long = "missing-revoke"
229 type = "flag"
230 help = "missing CRL/OCSP is ok"
231 }
232 option = {
233 long = "time"
234 type = "string"
235 help = "time when to validate the chain"
236 }
237 option = {
238 long = "verbose"
239 short = "v"
240 type = "flag"
241 help = "verbose logging"
242 }
243 option = {
244 long = "max-depth"
245 type = "integer"
246 help = "maximum search length of certificate trust anchor"
247 }
248 option = {
249 long = "hostname"
250 type = "string"
251 help = "match hostname to certificate"
252 }
253 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
254 help = "Verify certificate chain"
255 }
256 command = {
257 name = "print"
258 function = "pcert_print"
259 option = {
260 long = "pass"
261 type = "strings"
262 argument = "password"
263 help = "password, prompter, or environment"
264 }
265 option = {
266 long = "content"
267 type = "flag"
268 help = "print the content of the certificates"
269 }
270 option = {
271 long = "info"
272 type = "flag"
273 help = "print the information about the certificate store"
274 }
275 min_args="1"
276 argument="certificate ..."
277 help = "Print certificates"
278 }
279 command = {
280 name = "validate"
281 function = "pcert_validate"
282 option = {
283 long = "pass"
284 type = "strings"
285 argument = "password"
286 help = "password, prompter, or environment"
287 }
288 min_args="1"
289 argument="certificate ..."
290 help = "Validate content of certificates"
291 }
292 command = {
293 name = "certificate-copy"
294 name = "cc"
295 option = {
296 long = "in-pass"
297 type = "strings"
298 argument = "password"
299 help = "password, prompter, or environment"
300 }
301 option = {
302 long = "out-pass"
303 type = "string"
304 argument = "password"
305 help = "password, prompter, or environment"
306 }
307 min_args="2"
308 argument="in-certificates-1 ... out-certificate"
309 help = "Copy in certificates stores into out certificate store"
310 }
311 command = {
312 name = "ocsp-fetch"
313 option = {
314 long = "pass"
315 type = "strings"
316 argument = "password"
317 help = "password, prompter, or environment"
318 }
319 option = {
320 long = "sign"
321 type = "string"
322 argument = "certificate"
323 help = "certificate use to sign the request"
324 }
325 option = {
326 long = "url-path"
327 type = "string"
328 argument = "url"
329 help = "part after host in url to put in the request"
330 }
331 option = {
332 long = "nonce"
333 type = "-flag"
334 default = "1"
335 help = "don't include nonce in request"
336 }
337 option = {
338 long = "pool"
339 type = "strings"
340 argument = "certificate-store"
341 help = "pool to find parent certificate in"
342 }
343 min_args="2"
344 argument="outfile certs ..."
345 help = "Fetch OCSP responses for the following certs"
346 }
347 command = {
348 option = {
349 long = "ocsp-file"
350 type = "string"
351 help = "OCSP file"
352 }
353 name = "ocsp-verify"
354 min_args="1"
355 argument="certificates ..."
356 help = "Check that certificates are in OCSP file and valid"
357 }
358 command = {
359 name = "ocsp-print"
360 option = {
361 long = "verbose"
362 type = "flag"
363 help = "verbose"
364 }
365 min_args="1"
366 argument="ocsp-response-file ..."
367 help = "Print the OCSP responses"
368 }
369 command = {
370 name = "request-create"
371 option = {
372 long = "subject"
373 type = "string"
374 help = "Subject DN"
375 }
376 option = {
377 long = "email"
378 type = "strings"
379 help = "Email address in SubjectAltName"
380 }
381 option = {
382 long = "dnsname"
383 type = "strings"
384 help = "Hostname or domainname in SubjectAltName"
385 }
386 option = {
387 long = "type"
388 type = "string"
389 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
390 }
391 option = {
392 long = "key"
393 type = "string"
394 help = "Key-pair"
395 }
396 option = {
397 long = "generate-key"
398 type = "string"
399 help = "keytype"
400 }
401 option = {
402 long = "key-bits"
403 type = "integer"
404 help = "number of bits in the generated key";
405 }
406 option = {
407 long = "verbose"
408 type = "flag"
409 help = "verbose status"
410 }
411 min_args="1"
412 max_args="1"
413 argument="output-file"
414 help = "Create a CRMF or PKCS10 request"
415 }
416 command = {
417 name = "request-print"
418 option = {
419 long = "verbose"
420 type = "flag"
421 help = "verbose printing"
422 }
423 min_args="1"
424 argument="requests ..."
425 help = "Print requests"
426 }
427 command = {
428 name = "query"
429 option = {
430 long = "exact"
431 type = "flag"
432 help = "exact match"
433 }
434 option = {
435 long = "private-key"
436 type = "flag"
437 help = "search for private key"
438 }
439 option = {
440 long = "friendlyname"
441 type = "string"
442 argument = "name"
443 help = "match on friendly name"
444 }
445 option = {
446 long = "eku"
447 type = "string"
448 argument = "oid-string"
449 help = "match on EKU"
450 }
451 option = {
452 long = "expr"
453 type = "string"
454 argument = "expression"
455 help = "match on expression"
456 }
457 option = {
458 long = "keyEncipherment"
459 type = "flag"
460 help = "match keyEncipherment certificates"
461 }
462 option = {
463 long = "digitalSignature"
464 type = "flag"
465 help = "match digitalSignature certificates"
466 }
467 option = {
468 long = "print"
469 type = "flag"
470 help = "print matches"
471 }
472 option = {
473 long = "pass"
474 type = "strings"
475 argument = "password"
476 help = "password, prompter, or environment"
477 }
478 min_args="1"
479 argument="certificates ..."
480 help = "Query the certificates for a match"
481 }
482 command = {
483 name = "info"
484 }
485 command = {
486 name = "random-data"
487 min_args="1"
488 argument="bytes"
489 help = "Generates random bytes and prints them to standard output"
490 }
491 command = {
492 option = {
493 long = "type"
494 type = "string"
495 help = "type of CMS algorithm"
496 }
497 name = "crypto-available"
498 min_args="0"
499 help = "Print available CMS crypto types"
500 }
501 command = {
502 option = {
503 long = "type"
504 type = "string"
505 help = "type of CMS algorithm"
506 }
507 option = {
508 long = "certificate"
509 type = "string"
510 help = "source certificate limiting the choices"
511 }
512 option = {
513 long = "peer-cmstype"
514 type = "strings"
515 help = "peer limiting cmstypes"
516 }
517 name = "crypto-select"
518 min_args="0"
519 help = "Print selected CMS type"
520 }
521 command = {
522 option = {
523 long = "decode"
524 short = "d"
525 type = "flag"
526 help = "decode instead of encode"
527 }
528 name = "hex"
529 function = "hxtool_hex"
530 min_args="0"
531 help = "Encode input to hex"
532 }
533 command = {
534 option = {
535 long = "issue-ca"
536 type = "flag"
537 help = "Issue a CA certificate"
538 }
539 option = {
540 long = "issue-proxy"
541 type = "flag"
542 help = "Issue a proxy certificate"
543 }
544 option = {
545 long = "domain-controller"
546 type = "flag"
547 help = "Issue a MS domaincontroller certificate"
548 }
549 option = {
550 long = "subject"
551 type = "string"
552 help = "Subject of issued certificate"
553 }
554 option = {
555 long = "ca-certificate"
556 type = "string"
557 help = "Issuing CA certificate"
558 }
559 option = {
560 long = "self-signed"
561 type = "flag"
562 help = "Issuing a self-signed certificate"
563 }
564 option = {
565 long = "ca-private-key"
566 type = "string"
567 help = "Private key for self-signed certificate"
568 }
569 option = {
570 long = "certificate"
571 type = "string"
572 help = "Issued certificate"
573 }
574 option = {
575 long = "type"
576 type = "strings"
577 help = "Type of certificate to issue"
578 }
579 option = {
580 long = "lifetime"
581 type = "string"
582 help = "Lifetime of certificate"
583 }
584 option = {
585 long = "serial-number"
586 type = "string"
587 help = "serial-number of certificate"
588 }
589 option = {
590 long = "path-length"
591 default = "-1"
592 type = "integer"
593 help = "Maximum path length (CA and proxy certificates), -1 no limit"
594 }
595 option = {
596 long = "hostname"
597 type = "strings"
598 help = "DNS names this certificate is allowed to serve"
599 }
600 option = {
601 long = "email"
602 type = "strings"
603 help = "email addresses assigned to this certificate"
604 }
605 option = {
606 long = "pk-init-principal"
607 type = "string"
608 help = "PK-INIT principal (for SAN)"
609 }
610 option = {
611 long = "ms-upn"
612 type = "string"
613 help = "Microsoft UPN (for SAN)"
614 }
615 option = {
616 long = "jid"
617 type = "string"
618 help = "XMPP jabber id (for SAN)"
619 }
620 option = {
621 long = "req"
622 type = "string"
623 help = "certificate request"
624 }
625 option = {
626 long = "certificate-private-key"
627 type = "string"
628 help = "private-key"
629 }
630 option = {
631 long = "generate-key"
632 type = "string"
633 help = "keytype"
634 }
635 option = {
636 long = "key-bits"
637 type = "integer"
638 help = "number of bits in the generated key"
639 }
640 option = {
641 long = "crl-uri"
642 type = "string"
643 help = "URI to CRL"
644 }
645 option = {
646 long = "template-certificate"
647 type = "string"
648 help = "certificate"
649 }
650 option = {
651 long = "template-fields"
652 type = "string"
653 help = "flag"
654 }
655 name = "certificate-sign"
656 name = "cert-sign"
657 name = "issue-certificate"
658 name = "ca"
659 function = "hxtool_ca"
660 min_args="0"
661 help = "Issue a certificate"
662 }
663 command = {
664 name = "test-crypto"
665 option = {
666 long = "pass"
667 type = "strings"
668 argument = "password"
669 help = "password, prompter, or environment"
670 }
671 option = {
672 long = "verbose"
673 type = "flag"
674 help = "verbose printing"
675 }
676 min_args="1"
677 argument="certificates..."
678 help = "Test crypto system related to the certificates"
679 }
680 command = {
681 option = {
682 long = "type"
683 type = "integer"
684 help = "type of statistics"
685 }
686 name = "statistic-print"
687 min_args="0"
688 help = "Print statistics"
689 }
690 command = {
691 option = {
692 long = "signer"
693 type = "string"
694 help = "signer certificate"
695 }
696 option = {
697 long = "pass"
698 type = "strings"
699 argument = "password"
700 help = "password, prompter, or environment"
701 }
702 option = {
703 long = "crl-file"
704 type = "string"
705 help = "CRL output file"
706 }
707 option = {
708 long = "lifetime"
709 type = "string"
710 help = "time the crl will be valid"
711 }
712 name = "crl-sign"
713 min_args="0"
714 argument="certificates..."
715 help = "Create a CRL"
716 }
717 command = {
718 name = "help"
719 name = "?"
720 argument = "[command]"
721 min_args = "0"
722 max_args = "1"
723 help = "Help! I need somebody"
724 }