| blob | 66e35f5f1debd79575cc158d3a8a3b34ae1bad65 |
1 /*
2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "cms-create-sd"
37 name = "cms-sign"
38 option = {
39 long = "certificate"
40 short = "c"
41 type = "strings"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
44 }
45 option = {
46 long = "signer"
47 short = "s"
48 type = "string"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
51 }
52 option = {
53 long = "anchors"
54 type = "strings"
55 argument = "certificate-store"
56 help = "trust anchors"
57 }
58 option = {
59 long = "pool"
60 type = "strings"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
63 }
64 option = {
65 long = "pass"
66 type = "strings"
67 argument = "password"
68 help = "password, prompter, or environment"
69 }
70 option = {
71 long = "peer-alg"
72 type = "strings"
73 argument = "oid"
74 help = "oid that the peer support"
75 }
76 option = {
77 long = "content-type"
78 type = "string"
79 argument = "oid"
80 help = "content type oid"
81 }
82 option = {
83 long = "content-info"
84 type = "flag"
85 help = "wrapped out-data in a ContentInfo"
86 }
87 option = {
88 long = "pem"
89 type = "flag"
90 help = "wrap out-data in PEM armor"
91 }
92 option = {
93 long = "detached-signature"
94 type = "flag"
95 help = "create a detached signature"
96 }
97 option = {
98 long = "signer"
99 type = "-flag"
100 help = "do not sign"
101 }
102 option = {
103 long = "id-by-name"
104 type = "flag"
105 help = "use subject name for CMS Identifier"
106 }
107 min_args="1"
108 max_args="2"
109 argument="in-file out-file"
110 help = "Wrap a file within a SignedData object"
111 }
112 command = {
113 name = "cms-verify-sd"
114 option = {
115 long = "anchors"
116 short = "D"
117 type = "strings"
118 argument = "certificate-store"
119 help = "trust anchors"
120 }
121 option = {
122 long = "certificate"
123 short = "c"
124 type = "strings"
125 argument = "certificate-store"
126 help = "certificate store to pull certificates from"
127 }
128 option = {
129 long = "pass"
130 type = "strings"
131 argument = "password"
132 help = "password, prompter, or environment"
133 }
134 option = {
135 long = "missing-revoke"
136 type = "flag"
137 help = "missing CRL/OCSP is ok"
138 }
139 option = {
140 long = "content-info"
141 type = "flag"
142 help = "unwrap in-data that's in a ContentInfo"
143 }
144 option = {
145 long = "pem"
146 type = "flag"
147 help = "unwrap in-data from PEM armor"
148 }
149 option = {
150 long = "signer-allowed"
151 type = "-flag"
152 help = "allow no signer"
153 }
154 option = {
155 long = "allow-wrong-oid"
156 type = "flag"
157 help = "allow wrong oid flag"
158 }
159 option = {
160 long = "signed-content"
161 type = "string"
162 help = "file containing content"
163 }
164 min_args="1"
165 max_args="2"
166 argument="in-file [out-file]"
167 help = "Verify a file within a SignedData object"
168 }
169 command = {
170 name = "cms-unenvelope"
171 option = {
172 long = "certificate"
173 short = "c"
174 type = "strings"
175 argument = "certificate-store"
176 help = "certificate used to decrypt the data"
177 }
178 option = {
179 long = "pass"
180 type = "strings"
181 argument = "password"
182 help = "password, prompter, or environment"
183 }
184 option = {
185 long = "content-info"
186 type = "flag"
187 help = "wrapped out-data in a ContentInfo"
188 }
189 option = {
190 long = "allow-weak-crypto"
191 type = "flag"
192 help = "allow weak crypto"
193 }
194 min_args="2"
195 argument="in-file out-file"
196 help = "Unenvelope a file containing a EnvelopedData object"
197 }
198 command = {
199 name = "cms-envelope"
200 function = "cms_create_enveloped"
201 option = {
202 long = "certificate"
203 short = "c"
204 type = "strings"
205 argument = "certificate-store"
206 help = "certificates used to receive the data"
207 }
208 option = {
209 long = "pass"
210 type = "strings"
211 argument = "password"
212 help = "password, prompter, or environment"
213 }
214 option = {
215 long = "encryption-type"
216 type = "string"
217 argument = "enctype"
218 help = "enctype"
219 }
220 option = {
221 long = "content-type"
222 type = "string"
223 argument = "oid"
224 help = "content type oid"
225 }
226 option = {
227 long = "content-info"
228 type = "flag"
229 help = "wrapped out-data in a ContentInfo"
230 }
231 option = {
232 long = "allow-weak-crypto"
233 type = "flag"
234 help = "allow weak crypto"
235 }
236 min_args="2"
237 argument="in-file out-file"
238 help = "Envelope a file containing a EnvelopedData object"
239 }
240 command = {
241 name = "verify"
242 function = "pcert_verify"
243 option = {
244 long = "pass"
245 type = "strings"
246 argument = "password"
247 help = "password, prompter, or environment"
248 }
249 option = {
250 long = "allow-proxy-certificate"
251 type = "flag"
252 help = "allow proxy certificates"
253 }
254 option = {
255 long = "missing-revoke"
256 type = "flag"
257 help = "missing CRL/OCSP is ok"
258 }
259 option = {
260 long = "time"
261 type = "string"
262 help = "time when to validate the chain"
263 }
264 option = {
265 long = "verbose"
266 short = "v"
267 type = "flag"
268 help = "verbose logging"
269 }
270 option = {
271 long = "max-depth"
272 type = "integer"
273 help = "maximum search length of certificate trust anchor"
274 }
275 option = {
276 long = "hostname"
277 type = "string"
278 help = "match hostname to certificate"
279 }
280 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
281 help = "Verify certificate chain"
282 }
283 command = {
284 name = "print"
285 function = "pcert_print"
286 option = {
287 long = "pass"
288 type = "strings"
289 argument = "password"
290 help = "password, prompter, or environment"
291 }
292 option = {
293 long = "content"
294 type = "flag"
295 help = "print the content of the certificates"
296 }
297 option = {
298 long = "never-fail"
299 type = "flag"
300 help = "never fail with an error code"
301 }
302 option = {
303 long = "info"
304 type = "flag"
305 help = "print the information about the certificate store"
306 }
307 min_args="1"
308 argument="certificate ..."
309 help = "Print certificates"
310 }
311 command = {
312 name = "validate"
313 function = "pcert_validate"
314 option = {
315 long = "pass"
316 type = "strings"
317 argument = "password"
318 help = "password, prompter, or environment"
319 }
320 min_args="1"
321 argument="certificate ..."
322 help = "Validate content of certificates"
323 }
324 command = {
325 name = "certificate-copy"
326 name = "cc"
327 option = {
328 long = "in-pass"
329 type = "strings"
330 argument = "password"
331 help = "password, prompter, or environment"
332 }
333 option = {
334 long = "out-pass"
335 type = "string"
336 argument = "password"
337 help = "password, prompter, or environment"
338 }
339 min_args="2"
340 argument="in-certificates-1 ... out-certificate"
341 help = "Copy in certificates stores into out certificate store"
342 }
343 command = {
344 name = "ocsp-fetch"
345 option = {
346 long = "pass"
347 type = "strings"
348 argument = "password"
349 help = "password, prompter, or environment"
350 }
351 option = {
352 long = "sign"
353 type = "string"
354 argument = "certificate"
355 help = "certificate use to sign the request"
356 }
357 option = {
358 long = "url-path"
359 type = "string"
360 argument = "url"
361 help = "part after host in url to put in the request"
362 }
363 option = {
364 long = "nonce"
365 type = "-flag"
366 default = "1"
367 help = "don't include nonce in request"
368 }
369 option = {
370 long = "pool"
371 type = "strings"
372 argument = "certificate-store"
373 help = "pool to find parent certificate in"
374 }
375 min_args="2"
376 argument="outfile certs ..."
377 help = "Fetch OCSP responses for the following certs"
378 }
379 command = {
380 option = {
381 long = "ocsp-file"
382 type = "string"
383 help = "OCSP file"
384 }
385 name = "ocsp-verify"
386 min_args="1"
387 argument="certificates ..."
388 help = "Check that certificates are in OCSP file and valid"
389 }
390 command = {
391 name = "ocsp-print"
392 option = {
393 long = "verbose"
394 type = "flag"
395 help = "verbose"
396 }
397 min_args="1"
398 argument="ocsp-response-file ..."
399 help = "Print the OCSP responses"
400 }
401 command = {
402 name = "request-create"
403 option = {
404 long = "subject"
405 type = "string"
406 help = "Subject DN"
407 }
408 option = {
409 long = "email"
410 type = "strings"
411 help = "Email address in SubjectAltName"
412 }
413 option = {
414 long = "dnsname"
415 type = "strings"
416 help = "Hostname or domainname in SubjectAltName"
417 }
418 option = {
419 long = "type"
420 type = "string"
421 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
422 }
423 option = {
424 long = "key"
425 type = "string"
426 help = "Key-pair"
427 }
428 option = {
429 long = "generate-key"
430 type = "string"
431 help = "keytype"
432 }
433 option = {
434 long = "key-bits"
435 type = "integer"
436 help = "number of bits in the generated key";
437 }
438 option = {
439 long = "verbose"
440 type = "flag"
441 help = "verbose status"
442 }
443 min_args="1"
444 max_args="1"
445 argument="output-file"
446 help = "Create a CRMF or PKCS10 request"
447 }
448 command = {
449 name = "request-print"
450 option = {
451 long = "verbose"
452 type = "flag"
453 help = "verbose printing"
454 }
455 min_args="1"
456 argument="requests ..."
457 help = "Print requests"
458 }
459 command = {
460 name = "query"
461 option = {
462 long = "exact"
463 type = "flag"
464 help = "exact match"
465 }
466 option = {
467 long = "private-key"
468 type = "flag"
469 help = "search for private key"
470 }
471 option = {
472 long = "friendlyname"
473 type = "string"
474 argument = "name"
475 help = "match on friendly name"
476 }
477 option = {
478 long = "eku"
479 type = "string"
480 argument = "oid-string"
481 help = "match on EKU"
482 }
483 option = {
484 long = "expr"
485 type = "string"
486 argument = "expression"
487 help = "match on expression"
488 }
489 option = {
490 long = "keyEncipherment"
491 type = "flag"
492 help = "match keyEncipherment certificates"
493 }
494 option = {
495 long = "digitalSignature"
496 type = "flag"
497 help = "match digitalSignature certificates"
498 }
499 option = {
500 long = "print"
501 type = "flag"
502 help = "print matches"
503 }
504 option = {
505 long = "pass"
506 type = "strings"
507 argument = "password"
508 help = "password, prompter, or environment"
509 }
510 min_args="1"
511 argument="certificates ..."
512 help = "Query the certificates for a match"
513 }
514 command = {
515 name = "info"
516 }
517 command = {
518 name = "random-data"
519 min_args="1"
520 argument="bytes"
521 help = "Generates random bytes and prints them to standard output"
522 }
523 command = {
524 option = {
525 long = "type"
526 type = "string"
527 help = "type of CMS algorithm"
528 }
529 name = "crypto-available"
530 min_args="0"
531 help = "Print available CMS crypto types"
532 }
533 command = {
534 option = {
535 long = "type"
536 type = "string"
537 help = "type of CMS algorithm"
538 }
539 option = {
540 long = "certificate"
541 type = "string"
542 help = "source certificate limiting the choices"
543 }
544 option = {
545 long = "peer-cmstype"
546 type = "strings"
547 help = "peer limiting cmstypes"
548 }
549 name = "crypto-select"
550 min_args="0"
551 help = "Print selected CMS type"
552 }
553 command = {
554 option = {
555 long = "decode"
556 short = "d"
557 type = "flag"
558 help = "decode instead of encode"
559 }
560 name = "hex"
561 function = "hxtool_hex"
562 min_args="0"
563 help = "Encode input to hex"
564 }
565 command = {
566 option = {
567 long = "issue-ca"
568 type = "flag"
569 help = "Issue a CA certificate"
570 }
571 option = {
572 long = "issue-proxy"
573 type = "flag"
574 help = "Issue a proxy certificate"
575 }
576 option = {
577 long = "domain-controller"
578 type = "flag"
579 help = "Issue a MS domaincontroller certificate"
580 }
581 option = {
582 long = "subject"
583 type = "string"
584 help = "Subject of issued certificate"
585 }
586 option = {
587 long = "ca-certificate"
588 type = "string"
589 help = "Issuing CA certificate"
590 }
591 option = {
592 long = "self-signed"
593 type = "flag"
594 help = "Issuing a self-signed certificate"
595 }
596 option = {
597 long = "ca-private-key"
598 type = "string"
599 help = "Private key for self-signed certificate"
600 }
601 option = {
602 long = "certificate"
603 type = "string"
604 help = "Issued certificate"
605 }
606 option = {
607 long = "type"
608 type = "strings"
609 help = "Types of certificate to issue (can be used more then once)"
610 }
611 option = {
612 long = "lifetime"
613 type = "string"
614 help = "Lifetime of certificate"
615 }
616 option = {
617 long = "serial-number"
618 type = "string"
619 help = "serial-number of certificate"
620 }
621 option = {
622 long = "path-length"
623 default = "-1"
624 type = "integer"
625 help = "Maximum path length (CA and proxy certificates), -1 no limit"
626 }
627 option = {
628 long = "hostname"
629 type = "strings"
630 help = "DNS names this certificate is allowed to serve"
631 }
632 option = {
633 long = "email"
634 type = "strings"
635 help = "email addresses assigned to this certificate"
636 }
637 option = {
638 long = "pk-init-principal"
639 type = "string"
640 help = "PK-INIT principal (for SAN)"
641 }
642 option = {
643 long = "ms-upn"
644 type = "string"
645 help = "Microsoft UPN (for SAN)"
646 }
647 option = {
648 long = "jid"
649 type = "string"
650 help = "XMPP jabber id (for SAN)"
651 }
652 option = {
653 long = "req"
654 type = "string"
655 help = "certificate request"
656 }
657 option = {
658 long = "certificate-private-key"
659 type = "string"
660 help = "private-key"
661 }
662 option = {
663 long = "generate-key"
664 type = "string"
665 help = "keytype"
666 }
667 option = {
668 long = "key-bits"
669 type = "integer"
670 help = "number of bits in the generated key"
671 }
672 option = {
673 long = "crl-uri"
674 type = "string"
675 help = "URI to CRL"
676 }
677 option = {
678 long = "template-certificate"
679 type = "string"
680 help = "certificate"
681 }
682 option = {
683 long = "template-fields"
684 type = "string"
685 help = "flag"
686 }
687 name = "certificate-sign"
688 name = "cert-sign"
689 name = "issue-certificate"
690 name = "ca"
691 function = "hxtool_ca"
692 min_args="0"
693 help = "Issue a certificate"
694 }
695 command = {
696 name = "test-crypto"
697 option = {
698 long = "pass"
699 type = "strings"
700 argument = "password"
701 help = "password, prompter, or environment"
702 }
703 option = {
704 long = "verbose"
705 type = "flag"
706 help = "verbose printing"
707 }
708 min_args="1"
709 argument="certificates..."
710 help = "Test crypto system related to the certificates"
711 }
712 command = {
713 option = {
714 long = "type"
715 type = "integer"
716 help = "type of statistics"
717 }
718 name = "statistic-print"
719 min_args="0"
720 help = "Print statistics"
721 }
722 command = {
723 option = {
724 long = "signer"
725 type = "string"
726 help = "signer certificate"
727 }
728 option = {
729 long = "pass"
730 type = "strings"
731 argument = "password"
732 help = "password, prompter, or environment"
733 }
734 option = {
735 long = "crl-file"
736 type = "string"
737 help = "CRL output file"
738 }
739 option = {
740 long = "lifetime"
741 type = "string"
742 help = "time the crl will be valid"
743 }
744 name = "crl-sign"
745 min_args="0"
746 argument="certificates..."
747 help = "Create a CRL"
748 }
749 command = {
750 name = "help"
751 name = "?"
752 argument = "[command]"
753 min_args = "0"
754 max_args = "1"
755 help = "Help! I need somebody"
756 }