| blob | d5cc72b312761c281f78988745348629689535bc |
1 /*
2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* Id */
35 command = {
36 name = "cms-create-sd"
37 name = "cms-sign"
38 option = {
39 long = "certificate"
40 short = "c"
41 type = "strings"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
44 }
45 option = {
46 long = "signer"
47 short = "s"
48 type = "string"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
51 }
52 option = {
53 long = "anchors"
54 type = "strings"
55 argument = "certificate-store"
56 help = "trust anchors"
57 }
58 option = {
59 long = "pool"
60 type = "strings"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
63 }
64 option = {
65 long = "pass"
66 type = "strings"
67 argument = "password"
68 help = "password, prompter, or environment"
69 }
70 option = {
71 long = "peer-alg"
72 type = "strings"
73 argument = "oid"
74 help = "oid that the peer support"
75 }
76 option = {
77 long = "content-type"
78 type = "string"
79 argument = "oid"
80 help = "content type oid"
81 }
82 option = {
83 long = "content-info"
84 type = "flag"
85 help = "wrapped out-data in a ContentInfo"
86 }
87 option = {
88 long = "pem"
89 type = "flag"
90 help = "wrap out-data in PEM armor"
91 }
92 option = {
93 long = "detached-signature"
94 type = "flag"
95 help = "create a detached signature"
96 }
97 option = {
98 long = "signer"
99 type = "-flag"
100 help = "do not sign"
101 }
102 option = {
103 long = "id-by-name"
104 type = "flag"
105 help = "use subject name for CMS Identifier"
106 }
107 option = {
108 long = "embedded-certs"
109 type = "-flag"
110 help = "dont embedded certficiates"
111 }
112 option = {
113 long = "embed-leaf-only"
114 type = "flag"
115 help = "only embed leaf certificate"
116 }
117 min_args="1"
118 max_args="2"
119 argument="in-file out-file"
120 help = "Wrap a file within a SignedData object"
121 }
122 command = {
123 name = "cms-verify-sd"
124 option = {
125 long = "anchors"
126 short = "D"
127 type = "strings"
128 argument = "certificate-store"
129 help = "trust anchors"
130 }
131 option = {
132 long = "certificate"
133 short = "c"
134 type = "strings"
135 argument = "certificate-store"
136 help = "certificate store to pull certificates from"
137 }
138 option = {
139 long = "pass"
140 type = "strings"
141 argument = "password"
142 help = "password, prompter, or environment"
143 }
144 option = {
145 long = "missing-revoke"
146 type = "flag"
147 help = "missing CRL/OCSP is ok"
148 }
149 option = {
150 long = "content-info"
151 type = "flag"
152 help = "unwrap in-data that's in a ContentInfo"
153 }
154 option = {
155 long = "pem"
156 type = "flag"
157 help = "unwrap in-data from PEM armor"
158 }
159 option = {
160 long = "signer-allowed"
161 type = "-flag"
162 help = "allow no signer"
163 }
164 option = {
165 long = "allow-wrong-oid"
166 type = "flag"
167 help = "allow wrong oid flag"
168 }
169 option = {
170 long = "signed-content"
171 type = "string"
172 help = "file containing content"
173 }
174 min_args="1"
175 max_args="2"
176 argument="in-file [out-file]"
177 help = "Verify a file within a SignedData object"
178 }
179 command = {
180 name = "cms-unenvelope"
181 option = {
182 long = "certificate"
183 short = "c"
184 type = "strings"
185 argument = "certificate-store"
186 help = "certificate used to decrypt the data"
187 }
188 option = {
189 long = "pass"
190 type = "strings"
191 argument = "password"
192 help = "password, prompter, or environment"
193 }
194 option = {
195 long = "content-info"
196 type = "flag"
197 help = "wrapped out-data in a ContentInfo"
198 }
199 option = {
200 long = "allow-weak-crypto"
201 type = "flag"
202 help = "allow weak crypto"
203 }
204 min_args="2"
205 argument="in-file out-file"
206 help = "Unenvelope a file containing a EnvelopedData object"
207 }
208 command = {
209 name = "cms-envelope"
210 function = "cms_create_enveloped"
211 option = {
212 long = "certificate"
213 short = "c"
214 type = "strings"
215 argument = "certificate-store"
216 help = "certificates used to receive the data"
217 }
218 option = {
219 long = "pass"
220 type = "strings"
221 argument = "password"
222 help = "password, prompter, or environment"
223 }
224 option = {
225 long = "encryption-type"
226 type = "string"
227 argument = "enctype"
228 help = "enctype"
229 }
230 option = {
231 long = "content-type"
232 type = "string"
233 argument = "oid"
234 help = "content type oid"
235 }
236 option = {
237 long = "content-info"
238 type = "flag"
239 help = "wrapped out-data in a ContentInfo"
240 }
241 option = {
242 long = "allow-weak-crypto"
243 type = "flag"
244 help = "allow weak crypto"
245 }
246 min_args="2"
247 argument="in-file out-file"
248 help = "Envelope a file containing a EnvelopedData object"
249 }
250 command = {
251 name = "verify"
252 function = "pcert_verify"
253 option = {
254 long = "pass"
255 type = "strings"
256 argument = "password"
257 help = "password, prompter, or environment"
258 }
259 option = {
260 long = "allow-proxy-certificate"
261 type = "flag"
262 help = "allow proxy certificates"
263 }
264 option = {
265 long = "missing-revoke"
266 type = "flag"
267 help = "missing CRL/OCSP is ok"
268 }
269 option = {
270 long = "time"
271 type = "string"
272 help = "time when to validate the chain"
273 }
274 option = {
275 long = "verbose"
276 short = "v"
277 type = "flag"
278 help = "verbose logging"
279 }
280 option = {
281 long = "max-depth"
282 type = "integer"
283 help = "maximum search length of certificate trust anchor"
284 }
285 option = {
286 long = "hostname"
287 type = "string"
288 help = "match hostname to certificate"
289 }
290 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
291 help = "Verify certificate chain"
292 }
293 command = {
294 name = "print"
295 function = "pcert_print"
296 option = {
297 long = "pass"
298 type = "strings"
299 argument = "password"
300 help = "password, prompter, or environment"
301 }
302 option = {
303 long = "content"
304 type = "flag"
305 help = "print the content of the certificates"
306 }
307 option = {
308 long = "never-fail"
309 type = "flag"
310 help = "never fail with an error code"
311 }
312 option = {
313 long = "info"
314 type = "flag"
315 help = "print the information about the certificate store"
316 }
317 min_args="1"
318 argument="certificate ..."
319 help = "Print certificates"
320 }
321 command = {
322 name = "validate"
323 function = "pcert_validate"
324 option = {
325 long = "pass"
326 type = "strings"
327 argument = "password"
328 help = "password, prompter, or environment"
329 }
330 min_args="1"
331 argument="certificate ..."
332 help = "Validate content of certificates"
333 }
334 command = {
335 name = "certificate-copy"
336 name = "cc"
337 option = {
338 long = "in-pass"
339 type = "strings"
340 argument = "password"
341 help = "password, prompter, or environment"
342 }
343 option = {
344 long = "out-pass"
345 type = "string"
346 argument = "password"
347 help = "password, prompter, or environment"
348 }
349 min_args="2"
350 argument="in-certificates-1 ... out-certificate"
351 help = "Copy in certificates stores into out certificate store"
352 }
353 command = {
354 name = "ocsp-fetch"
355 option = {
356 long = "pass"
357 type = "strings"
358 argument = "password"
359 help = "password, prompter, or environment"
360 }
361 option = {
362 long = "sign"
363 type = "string"
364 argument = "certificate"
365 help = "certificate use to sign the request"
366 }
367 option = {
368 long = "url-path"
369 type = "string"
370 argument = "url"
371 help = "part after host in url to put in the request"
372 }
373 option = {
374 long = "nonce"
375 type = "-flag"
376 default = "1"
377 help = "don't include nonce in request"
378 }
379 option = {
380 long = "pool"
381 type = "strings"
382 argument = "certificate-store"
383 help = "pool to find parent certificate in"
384 }
385 min_args="2"
386 argument="outfile certs ..."
387 help = "Fetch OCSP responses for the following certs"
388 }
389 command = {
390 option = {
391 long = "ocsp-file"
392 type = "string"
393 help = "OCSP file"
394 }
395 name = "ocsp-verify"
396 min_args="1"
397 argument="certificates ..."
398 help = "Check that certificates are in OCSP file and valid"
399 }
400 command = {
401 name = "ocsp-print"
402 option = {
403 long = "verbose"
404 type = "flag"
405 help = "verbose"
406 }
407 min_args="1"
408 argument="ocsp-response-file ..."
409 help = "Print the OCSP responses"
410 }
411 command = {
412 name = "request-create"
413 option = {
414 long = "subject"
415 type = "string"
416 help = "Subject DN"
417 }
418 option = {
419 long = "email"
420 type = "strings"
421 help = "Email address in SubjectAltName"
422 }
423 option = {
424 long = "dnsname"
425 type = "strings"
426 help = "Hostname or domainname in SubjectAltName"
427 }
428 option = {
429 long = "type"
430 type = "string"
431 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
432 }
433 option = {
434 long = "key"
435 type = "string"
436 help = "Key-pair"
437 }
438 option = {
439 long = "generate-key"
440 type = "string"
441 help = "keytype"
442 }
443 option = {
444 long = "key-bits"
445 type = "integer"
446 help = "number of bits in the generated key";
447 }
448 option = {
449 long = "verbose"
450 type = "flag"
451 help = "verbose status"
452 }
453 min_args="1"
454 max_args="1"
455 argument="output-file"
456 help = "Create a CRMF or PKCS10 request"
457 }
458 command = {
459 name = "request-print"
460 option = {
461 long = "verbose"
462 type = "flag"
463 help = "verbose printing"
464 }
465 min_args="1"
466 argument="requests ..."
467 help = "Print requests"
468 }
469 command = {
470 name = "query"
471 option = {
472 long = "exact"
473 type = "flag"
474 help = "exact match"
475 }
476 option = {
477 long = "private-key"
478 type = "flag"
479 help = "search for private key"
480 }
481 option = {
482 long = "friendlyname"
483 type = "string"
484 argument = "name"
485 help = "match on friendly name"
486 }
487 option = {
488 long = "eku"
489 type = "string"
490 argument = "oid-string"
491 help = "match on EKU"
492 }
493 option = {
494 long = "expr"
495 type = "string"
496 argument = "expression"
497 help = "match on expression"
498 }
499 option = {
500 long = "keyEncipherment"
501 type = "flag"
502 help = "match keyEncipherment certificates"
503 }
504 option = {
505 long = "digitalSignature"
506 type = "flag"
507 help = "match digitalSignature certificates"
508 }
509 option = {
510 long = "print"
511 type = "flag"
512 help = "print matches"
513 }
514 option = {
515 long = "pass"
516 type = "strings"
517 argument = "password"
518 help = "password, prompter, or environment"
519 }
520 min_args="1"
521 argument="certificates ..."
522 help = "Query the certificates for a match"
523 }
524 command = {
525 name = "info"
526 }
527 command = {
528 name = "random-data"
529 min_args="1"
530 argument="bytes"
531 help = "Generates random bytes and prints them to standard output"
532 }
533 command = {
534 option = {
535 long = "type"
536 type = "string"
537 help = "type of CMS algorithm"
538 }
539 name = "crypto-available"
540 min_args="0"
541 help = "Print available CMS crypto types"
542 }
543 command = {
544 option = {
545 long = "type"
546 type = "string"
547 help = "type of CMS algorithm"
548 }
549 option = {
550 long = "certificate"
551 type = "string"
552 help = "source certificate limiting the choices"
553 }
554 option = {
555 long = "peer-cmstype"
556 type = "strings"
557 help = "peer limiting cmstypes"
558 }
559 name = "crypto-select"
560 min_args="0"
561 help = "Print selected CMS type"
562 }
563 command = {
564 option = {
565 long = "decode"
566 short = "d"
567 type = "flag"
568 help = "decode instead of encode"
569 }
570 name = "hex"
571 function = "hxtool_hex"
572 min_args="0"
573 help = "Encode input to hex"
574 }
575 command = {
576 option = {
577 long = "issue-ca"
578 type = "flag"
579 help = "Issue a CA certificate"
580 }
581 option = {
582 long = "issue-proxy"
583 type = "flag"
584 help = "Issue a proxy certificate"
585 }
586 option = {
587 long = "domain-controller"
588 type = "flag"
589 help = "Issue a MS domaincontroller certificate"
590 }
591 option = {
592 long = "subject"
593 type = "string"
594 help = "Subject of issued certificate"
595 }
596 option = {
597 long = "ca-certificate"
598 type = "string"
599 help = "Issuing CA certificate"
600 }
601 option = {
602 long = "self-signed"
603 type = "flag"
604 help = "Issuing a self-signed certificate"
605 }
606 option = {
607 long = "ca-private-key"
608 type = "string"
609 help = "Private key for self-signed certificate"
610 }
611 option = {
612 long = "certificate"
613 type = "string"
614 help = "Issued certificate"
615 }
616 option = {
617 long = "type"
618 type = "strings"
619 help = "Types of certificate to issue (can be used more then once)"
620 }
621 option = {
622 long = "lifetime"
623 type = "string"
624 help = "Lifetime of certificate"
625 }
626 option = {
627 long = "serial-number"
628 type = "string"
629 help = "serial-number of certificate"
630 }
631 option = {
632 long = "path-length"
633 default = "-1"
634 type = "integer"
635 help = "Maximum path length (CA and proxy certificates), -1 no limit"
636 }
637 option = {
638 long = "hostname"
639 type = "strings"
640 help = "DNS names this certificate is allowed to serve"
641 }
642 option = {
643 long = "email"
644 type = "strings"
645 help = "email addresses assigned to this certificate"
646 }
647 option = {
648 long = "pk-init-principal"
649 type = "string"
650 help = "PK-INIT principal (for SAN)"
651 }
652 option = {
653 long = "ms-upn"
654 type = "string"
655 help = "Microsoft UPN (for SAN)"
656 }
657 option = {
658 long = "jid"
659 type = "string"
660 help = "XMPP jabber id (for SAN)"
661 }
662 option = {
663 long = "req"
664 type = "string"
665 help = "certificate request"
666 }
667 option = {
668 long = "certificate-private-key"
669 type = "string"
670 help = "private-key"
671 }
672 option = {
673 long = "generate-key"
674 type = "string"
675 help = "keytype"
676 }
677 option = {
678 long = "key-bits"
679 type = "integer"
680 help = "number of bits in the generated key"
681 }
682 option = {
683 long = "crl-uri"
684 type = "string"
685 help = "URI to CRL"
686 }
687 option = {
688 long = "template-certificate"
689 type = "string"
690 help = "certificate"
691 }
692 option = {
693 long = "template-fields"
694 type = "string"
695 help = "flag"
696 }
697 name = "certificate-sign"
698 name = "cert-sign"
699 name = "issue-certificate"
700 name = "ca"
701 function = "hxtool_ca"
702 min_args="0"
703 help = "Issue a certificate"
704 }
705 command = {
706 name = "test-crypto"
707 option = {
708 long = "pass"
709 type = "strings"
710 argument = "password"
711 help = "password, prompter, or environment"
712 }
713 option = {
714 long = "verbose"
715 type = "flag"
716 help = "verbose printing"
717 }
718 min_args="1"
719 argument="certificates..."
720 help = "Test crypto system related to the certificates"
721 }
722 command = {
723 option = {
724 long = "type"
725 type = "integer"
726 help = "type of statistics"
727 }
728 name = "statistic-print"
729 min_args="0"
730 help = "Print statistics"
731 }
732 command = {
733 option = {
734 long = "signer"
735 type = "string"
736 help = "signer certificate"
737 }
738 option = {
739 long = "pass"
740 type = "strings"
741 argument = "password"
742 help = "password, prompter, or environment"
743 }
744 option = {
745 long = "crl-file"
746 type = "string"
747 help = "CRL output file"
748 }
749 option = {
750 long = "lifetime"
751 type = "string"
752 help = "time the crl will be valid"
753 }
754 name = "crl-sign"
755 min_args="0"
756 argument="certificates..."
757 help = "Create a CRL"
758 }
759 command = {
760 name = "help"
761 name = "?"
762 argument = "[command]"
763 min_args = "0"
764 max_args = "1"
765 help = "Help! I need somebody"
766 }