| blob | ec5eb3d4b3bb8df3fc9eb77d113012ba10b71d81 |
1 /*
2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Heimdal: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $
34 $NetBSD$ */
36 command = {
37 name = "cms-create-sd"
38 option = {
39 long = "certificate"
40 short = "c"
41 type = "strings"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
44 }
45 option = {
46 long = "signer"
47 short = "s"
48 type = "string"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
51 }
52 option = {
53 long = "anchors"
54 type = "strings"
55 argument = "certificate-store"
56 help = "trust anchors"
57 }
58 option = {
59 long = "pool"
60 type = "strings"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
63 }
64 option = {
65 long = "pass"
66 type = "strings"
67 argument = "password"
68 help = "password, prompter, or environment"
69 }
70 option = {
71 long = "peer-alg"
72 type = "strings"
73 argument = "oid"
74 help = "oid that the peer support"
75 }
76 option = {
77 long = "content-type"
78 type = "string"
79 argument = "oid"
80 help = "content type oid"
81 }
82 option = {
83 long = "content-info"
84 type = "flag"
85 help = "wrapped out-data in a ContentInfo"
86 }
87 option = {
88 long = "pem"
89 type = "flag"
90 help = "wrap out-data in PEM armor"
91 }
92 option = {
93 long = "detached-signature"
94 type = "flag"
95 help = "create a detached signature"
96 }
97 option = {
98 long = "id-by-name"
99 type = "flag"
100 help = "use subject name for CMS Identifier"
101 }
102 min_args="2"
103 max_args="2"
104 argument="in-file out-file"
105 help = "Wrap a file within a SignedData object"
106 }
107 command = {
108 name = "cms-verify-sd"
109 option = {
110 long = "anchors"
111 type = "strings"
112 argument = "certificate-store"
113 help = "trust anchors"
114 }
115 option = {
116 long = "certificate"
117 short = "c"
118 type = "strings"
119 argument = "certificate-store"
120 help = "certificate store to pull certificates from"
121 }
122 option = {
123 long = "pass"
124 type = "strings"
125 argument = "password"
126 help = "password, prompter, or environment"
127 }
128 option = {
129 long = "missing-revoke"
130 type = "flag"
131 help = "missing CRL/OCSP is ok"
132 }
133 option = {
134 long = "content-info"
135 type = "flag"
136 help = "unwrap in-data that's in a ContentInfo"
137 }
138 option = {
139 long = "signed-content"
140 type = "string"
141 help = "file containing content"
142 }
143 min_args="2"
144 max_args="2"
145 argument="in-file out-file"
146 help = "Verify a file within a SignedData object"
147 }
148 command = {
149 name = "cms-unenvelope"
150 option = {
151 long = "certificate"
152 short = "c"
153 type = "strings"
154 argument = "certificate-store"
155 help = "certificate used to decrypt the data"
156 }
157 option = {
158 long = "pass"
159 type = "strings"
160 argument = "password"
161 help = "password, prompter, or environment"
162 }
163 option = {
164 long = "content-info"
165 type = "flag"
166 help = "wrapped out-data in a ContentInfo"
167 }
168 min_args="2"
169 argument="in-file out-file"
170 help = "Unenvelope a file containing a EnvelopedData object"
171 }
172 command = {
173 name = "cms-envelope"
174 function = "cms_create_enveloped"
175 option = {
176 long = "certificate"
177 short = "c"
178 type = "strings"
179 argument = "certificate-store"
180 help = "certificates used to receive the data"
181 }
182 option = {
183 long = "pass"
184 type = "strings"
185 argument = "password"
186 help = "password, prompter, or environment"
187 }
188 option = {
189 long = "encryption-type"
190 type = "string"
191 argument = "enctype"
192 help = "enctype"
193 }
194 option = {
195 long = "content-type"
196 type = "string"
197 argument = "oid"
198 help = "content type oid"
199 }
200 option = {
201 long = "content-info"
202 type = "flag"
203 help = "wrapped out-data in a ContentInfo"
204 }
205 min_args="2"
206 argument="in-file out-file"
207 help = "Envelope a file containing a EnvelopedData object"
208 }
209 command = {
210 name = "verify"
211 function = "pcert_verify"
212 option = {
213 long = "pass"
214 type = "strings"
215 argument = "password"
216 help = "password, prompter, or environment"
217 }
218 option = {
219 long = "allow-proxy-certificate"
220 type = "flag"
221 help = "allow proxy certificates"
222 }
223 option = {
224 long = "missing-revoke"
225 type = "flag"
226 help = "missing CRL/OCSP is ok"
227 }
228 option = {
229 long = "time"
230 type = "string"
231 help = "time when to validate the chain"
232 }
233 option = {
234 long = "verbose"
235 short = "v"
236 type = "flag"
237 help = "verbose logging"
238 }
239 option = {
240 long = "max-depth"
241 type = "integer"
242 help = "maximum search length of certificate trust anchor"
243 }
244 option = {
245 long = "hostname"
246 type = "string"
247 help = "match hostname to certificate"
248 }
249 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
250 help = "Verify certificate chain"
251 }
252 command = {
253 name = "print"
254 function = "pcert_print"
255 option = {
256 long = "pass"
257 type = "strings"
258 argument = "password"
259 help = "password, prompter, or environment"
260 }
261 option = {
262 long = "content"
263 type = "flag"
264 help = "print the content of the certificates"
265 }
266 option = {
267 long = "info"
268 type = "flag"
269 help = "print the information about the certificate store"
270 }
271 min_args="1"
272 argument="certificate ..."
273 help = "Print certificates"
274 }
275 command = {
276 name = "validate"
277 function = "pcert_validate"
278 option = {
279 long = "pass"
280 type = "strings"
281 argument = "password"
282 help = "password, prompter, or environment"
283 }
284 min_args="1"
285 argument="certificate ..."
286 help = "Validate content of certificates"
287 }
288 command = {
289 name = "certificate-copy"
290 name = "cc"
291 option = {
292 long = "in-pass"
293 type = "strings"
294 argument = "password"
295 help = "password, prompter, or environment"
296 }
297 option = {
298 long = "out-pass"
299 type = "string"
300 argument = "password"
301 help = "password, prompter, or environment"
302 }
303 min_args="2"
304 argument="in-certificates-1 ... out-certificate"
305 help = "Copy in certificates stores into out certificate store"
306 }
307 command = {
308 name = "ocsp-fetch"
309 option = {
310 long = "pass"
311 type = "strings"
312 argument = "password"
313 help = "password, prompter, or environment"
314 }
315 option = {
316 long = "sign"
317 type = "string"
318 argument = "certificate"
319 help = "certificate use to sign the request"
320 }
321 option = {
322 long = "url-path"
323 type = "string"
324 argument = "url"
325 help = "part after host in url to put in the request"
326 }
327 option = {
328 long = "nonce"
329 type = "-flag"
330 default = "1"
331 help = "don't include nonce in request"
332 }
333 option = {
334 long = "pool"
335 type = "strings"
336 argument = "certificate-store"
337 help = "pool to find parent certificate in"
338 }
339 min_args="2"
340 argument="outfile certs ..."
341 help = "Fetch OCSP responses for the following certs"
342 }
343 command = {
344 option = {
345 long = "ocsp-file"
346 type = "string"
347 help = "OCSP file"
348 }
349 name = "ocsp-verify"
350 min_args="1"
351 argument="certificates ..."
352 help = "Check that certificates are in OCSP file and valid"
353 }
354 command = {
355 name = "ocsp-print"
356 option = {
357 long = "verbose"
358 type = "flag"
359 help = "verbose"
360 }
361 min_args="1"
362 argument="ocsp-response-file ..."
363 help = "Print the OCSP responses"
364 }
365 command = {
366 name = "request-create"
367 option = {
368 long = "subject"
369 type = "string"
370 help = "Subject DN"
371 }
372 option = {
373 long = "email"
374 type = "strings"
375 help = "Email address in SubjectAltName"
376 }
377 option = {
378 long = "dnsname"
379 type = "strings"
380 help = "Hostname or domainname in SubjectAltName"
381 }
382 option = {
383 long = "type"
384 type = "string"
385 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
386 }
387 option = {
388 long = "key"
389 type = "string"
390 help = "Key-pair"
391 }
392 option = {
393 long = "generate-key"
394 type = "string"
395 help = "keytype"
396 }
397 option = {
398 long = "key-bits"
399 type = "integer"
400 help = "number of bits in the generated key";
401 }
402 option = {
403 long = "verbose"
404 type = "flag"
405 help = "verbose status"
406 }
407 min_args="1"
408 max_args="1"
409 argument="output-file"
410 help = "Create a CRMF or PKCS10 request"
411 }
412 command = {
413 name = "request-print"
414 option = {
415 long = "verbose"
416 type = "flag"
417 help = "verbose printing"
418 }
419 min_args="1"
420 argument="requests ..."
421 help = "Print requests"
422 }
423 command = {
424 name = "query"
425 option = {
426 long = "exact"
427 type = "flag"
428 help = "exact match"
429 }
430 option = {
431 long = "private-key"
432 type = "flag"
433 help = "search for private key"
434 }
435 option = {
436 long = "friendlyname"
437 type = "string"
438 argument = "name"
439 help = "match on friendly name"
440 }
441 option = {
442 long = "keyEncipherment"
443 type = "flag"
444 help = "match keyEncipherment certificates"
445 }
446 option = {
447 long = "digitalSignature"
448 type = "flag"
449 help = "match digitalSignature certificates"
450 }
451 option = {
452 long = "print"
453 type = "flag"
454 help = "print matches"
455 }
456 option = {
457 long = "pass"
458 type = "strings"
459 argument = "password"
460 help = "password, prompter, or environment"
461 }
462 min_args="1"
463 argument="certificates ..."
464 help = "Query the certificates for a match"
465 }
466 command = {
467 name = "info"
468 }
469 command = {
470 name = "random-data"
471 min_args="1"
472 argument="bytes"
473 help = "Generates random bytes and prints them to standard output"
474 }
475 command = {
476 option = {
477 long = "type"
478 type = "string"
479 help = "type of CMS algorithm"
480 }
481 name = "crypto-available"
482 min_args="0"
483 help = "Print available CMS crypto types"
484 }
485 command = {
486 option = {
487 long = "type"
488 type = "string"
489 help = "type of CMS algorithm"
490 }
491 option = {
492 long = "certificate"
493 type = "string"
494 help = "source certificate limiting the choices"
495 }
496 option = {
497 long = "peer-cmstype"
498 type = "strings"
499 help = "peer limiting cmstypes"
500 }
501 name = "crypto-select"
502 min_args="0"
503 help = "Print selected CMS type"
504 }
505 command = {
506 option = {
507 long = "decode"
508 short = "d"
509 type = "flag"
510 help = "decode instead of encode"
511 }
512 name = "hex"
513 function = "hxtool_hex"
514 min_args="0"
515 help = "Encode input to hex"
516 }
517 command = {
518 option = {
519 long = "issue-ca"
520 type = "flag"
521 help = "Issue a CA certificate"
522 }
523 option = {
524 long = "issue-proxy"
525 type = "flag"
526 help = "Issue a proxy certificate"
527 }
528 option = {
529 long = "domain-controller"
530 type = "flag"
531 help = "Issue a MS domaincontroller certificate"
532 }
533 option = {
534 long = "subject"
535 type = "string"
536 help = "Subject of issued certificate"
537 }
538 option = {
539 long = "ca-certificate"
540 type = "string"
541 help = "Issuing CA certificate"
542 }
543 option = {
544 long = "self-signed"
545 type = "flag"
546 help = "Issuing a self-signed certificate"
547 }
548 option = {
549 long = "ca-private-key"
550 type = "string"
551 help = "Private key for self-signed certificate"
552 }
553 option = {
554 long = "certificate"
555 type = "string"
556 help = "Issued certificate"
557 }
558 option = {
559 long = "type"
560 type = "strings"
561 help = "Type of certificate to issue"
562 }
563 option = {
564 long = "lifetime"
565 type = "string"
566 help = "Lifetime of certificate"
567 }
568 option = {
569 long = "serial-number"
570 type = "string"
571 help = "serial-number of certificate"
572 }
573 option = {
574 long = "path-length"
575 default = "-1"
576 type = "integer"
577 help = "Maximum path length (CA and proxy certificates), -1 no limit"
578 }
579 option = {
580 long = "hostname"
581 type = "strings"
582 help = "DNS names this certificate is allowed to serve"
583 }
584 option = {
585 long = "email"
586 type = "strings"
587 help = "email addresses assigned to this certificate"
588 }
589 option = {
590 long = "pk-init-principal"
591 type = "string"
592 help = "PK-INIT principal (for SAN)"
593 }
594 option = {
595 long = "ms-upn"
596 type = "string"
597 help = "Microsoft UPN (for SAN)"
598 }
599 option = {
600 long = "jid"
601 type = "string"
602 help = "XMPP jabber id (for SAN)"
603 }
604 option = {
605 long = "req"
606 type = "string"
607 help = "certificate request"
608 }
609 option = {
610 long = "certificate-private-key"
611 type = "string"
612 help = "private-key"
613 }
614 option = {
615 long = "generate-key"
616 type = "string"
617 help = "keytype"
618 }
619 option = {
620 long = "key-bits"
621 type = "integer"
622 help = "number of bits in the generated key"
623 }
624 option = {
625 long = "crl-uri"
626 type = "string"
627 help = "URI to CRL"
628 }
629 option = {
630 long = "template-certificate"
631 type = "string"
632 help = "certificate"
633 }
634 option = {
635 long = "template-fields"
636 type = "string"
637 help = "flag"
638 }
639 name = "certificate-sign"
640 name = "cert-sign"
641 name = "issue-certificate"
642 name = "ca"
643 function = "hxtool_ca"
644 min_args="0"
645 help = "Issue a certificate"
646 }
647 command = {
648 name = "test-crypto"
649 option = {
650 long = "pass"
651 type = "strings"
652 argument = "password"
653 help = "password, prompter, or environment"
654 }
655 option = {
656 long = "verbose"
657 type = "flag"
658 help = "verbose printing"
659 }
660 min_args="1"
661 argument="certificates..."
662 help = "Test crypto system related to the certificates"
663 }
664 command = {
665 option = {
666 long = "type"
667 type = "integer"
668 help = "type of statistics"
669 }
670 name = "statistic-print"
671 min_args="0"
672 help = "Print statistics"
673 }
674 command = {
675 option = {
676 long = "signer"
677 type = "string"
678 help = "signer certificate"
679 }
680 option = {
681 long = "pass"
682 type = "strings"
683 argument = "password"
684 help = "password, prompter, or environment"
685 }
686 option = {
687 long = "crl-file"
688 type = "string"
689 help = "CRL output file"
690 }
691 option = {
692 long = "lifetime"
693 type = "string"
694 help = "time the crl will be valid"
695 }
696 name = "crl-sign"
697 min_args="0"
698 argument="certificates..."
699 help = "Create a CRL"
700 }
701 command = {
702 name = "help"
703 name = "?"
704 argument = "[command]"
705 min_args = "0"
706 max_args = "1"
707 help = "Help! I need somebody"
708 }