1/* 2 * Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* $Id: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $ */ 34 35command = { 36 name = "cms-create-sd" 37 option = { 38 long = "certificate" 39 short = "c" 40 type = "strings" 41 argument = "certificate-store" 42 help = "certificate stores to pull certificates from" 43 } 44 option = { 45 long = "signer" 46 short = "s" 47 type = "string" 48 argument = "signer-friendly-name" 49 help = "certificate to sign with" 50 } 51 option = { 52 long = "anchors" 53 type = "strings" 54 argument = "certificate-store" 55 help = "trust anchors" 56 } 57 option = { 58 long = "pool" 59 type = "strings" 60 argument = "certificate-pool" 61 help = "certificate store to pull certificates from" 62 } 63 option = { 64 long = "pass" 65 type = "strings" 66 argument = "password" 67 help = "password, prompter, or environment" 68 } 69 option = { 70 long = "peer-alg" 71 type = "strings" 72 argument = "oid" 73 help = "oid that the peer support" 74 } 75 option = { 76 long = "content-type" 77 type = "string" 78 argument = "oid" 79 help = "content type oid" 80 } 81 option = { 82 long = "content-info" 83 type = "flag" 84 help = "wrapped out-data in a ContentInfo" 85 } 86 option = { 87 long = "pem" 88 type = "flag" 89 help = "wrap out-data in PEM armor" 90 } 91 option = { 92 long = "detached-signature" 93 type = "flag" 94 help = "create a detached signature" 95 } 96 option = { 97 long = "id-by-name" 98 type = "flag" 99 help = "use subject name for CMS Identifier" 100 } 101 min_args="2" 102 max_args="2" 103 argument="in-file out-file" 104 help = "Wrap a file within a SignedData object" 105} 106command = { 107 name = "cms-verify-sd" 108 option = { 109 long = "anchors" 110 type = "strings" 111 argument = "certificate-store" 112 help = "trust anchors" 113 } 114 option = { 115 long = "certificate" 116 short = "c" 117 type = "strings" 118 argument = "certificate-store" 119 help = "certificate store to pull certificates from" 120 } 121 option = { 122 long = "pass" 123 type = "strings" 124 argument = "password" 125 help = "password, prompter, or environment" 126 } 127 option = { 128 long = "missing-revoke" 129 type = "flag" 130 help = "missing CRL/OCSP is ok" 131 } 132 option = { 133 long = "content-info" 134 type = "flag" 135 help = "unwrap in-data that's in a ContentInfo" 136 } 137 option = { 138 long = "signed-content" 139 type = "string" 140 help = "file containing content" 141 } 142 min_args="2" 143 max_args="2" 144 argument="in-file out-file" 145 help = "Verify a file within a SignedData object" 146} 147command = { 148 name = "cms-unenvelope" 149 option = { 150 long = "certificate" 151 short = "c" 152 type = "strings" 153 argument = "certificate-store" 154 help = "certificate used to decrypt the data" 155 } 156 option = { 157 long = "pass" 158 type = "strings" 159 argument = "password" 160 help = "password, prompter, or environment" 161 } 162 option = { 163 long = "content-info" 164 type = "flag" 165 help = "wrapped out-data in a ContentInfo" 166 } 167 min_args="2" 168 argument="in-file out-file" 169 help = "Unenvelope a file containing a EnvelopedData object" 170} 171command = { 172 name = "cms-envelope" 173 function = "cms_create_enveloped" 174 option = { 175 long = "certificate" 176 short = "c" 177 type = "strings" 178 argument = "certificate-store" 179 help = "certificates used to receive the data" 180 } 181 option = { 182 long = "pass" 183 type = "strings" 184 argument = "password" 185 help = "password, prompter, or environment" 186 } 187 option = { 188 long = "encryption-type" 189 type = "string" 190 argument = "enctype" 191 help = "enctype" 192 } 193 option = { 194 long = "content-type" 195 type = "string" 196 argument = "oid" 197 help = "content type oid" 198 } 199 option = { 200 long = "content-info" 201 type = "flag" 202 help = "wrapped out-data in a ContentInfo" 203 } 204 min_args="2" 205 argument="in-file out-file" 206 help = "Envelope a file containing a EnvelopedData object" 207} 208command = { 209 name = "verify" 210 function = "pcert_verify" 211 option = { 212 long = "pass" 213 type = "strings" 214 argument = "password" 215 help = "password, prompter, or environment" 216 } 217 option = { 218 long = "allow-proxy-certificate" 219 type = "flag" 220 help = "allow proxy certificates" 221 } 222 option = { 223 long = "missing-revoke" 224 type = "flag" 225 help = "missing CRL/OCSP is ok" 226 } 227 option = { 228 long = "time" 229 type = "string" 230 help = "time when to validate the chain" 231 } 232 option = { 233 long = "verbose" 234 short = "v" 235 type = "flag" 236 help = "verbose logging" 237 } 238 option = { 239 long = "max-depth" 240 type = "integer" 241 help = "maximum search length of certificate trust anchor" 242 } 243 option = { 244 long = "hostname" 245 type = "string" 246 help = "match hostname to certificate" 247 } 248 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2" 249 help = "Verify certificate chain" 250} 251command = { 252 name = "print" 253 function = "pcert_print" 254 option = { 255 long = "pass" 256 type = "strings" 257 argument = "password" 258 help = "password, prompter, or environment" 259 } 260 option = { 261 long = "content" 262 type = "flag" 263 help = "print the content of the certificates" 264 } 265 option = { 266 long = "info" 267 type = "flag" 268 help = "print the information about the certificate store" 269 } 270 min_args="1" 271 argument="certificate ..." 272 help = "Print certificates" 273} 274command = { 275 name = "validate" 276 function = "pcert_validate" 277 option = { 278 long = "pass" 279 type = "strings" 280 argument = "password" 281 help = "password, prompter, or environment" 282 } 283 min_args="1" 284 argument="certificate ..." 285 help = "Validate content of certificates" 286} 287command = { 288 name = "certificate-copy" 289 name = "cc" 290 option = { 291 long = "in-pass" 292 type = "strings" 293 argument = "password" 294 help = "password, prompter, or environment" 295 } 296 option = { 297 long = "out-pass" 298 type = "string" 299 argument = "password" 300 help = "password, prompter, or environment" 301 } 302 min_args="2" 303 argument="in-certificates-1 ... out-certificate" 304 help = "Copy in certificates stores into out certificate store" 305} 306command = { 307 name = "ocsp-fetch" 308 option = { 309 long = "pass" 310 type = "strings" 311 argument = "password" 312 help = "password, prompter, or environment" 313 } 314 option = { 315 long = "sign" 316 type = "string" 317 argument = "certificate" 318 help = "certificate use to sign the request" 319 } 320 option = { 321 long = "url-path" 322 type = "string" 323 argument = "url" 324 help = "part after host in url to put in the request" 325 } 326 option = { 327 long = "nonce" 328 type = "-flag" 329 default = "1" 330 help = "don't include nonce in request" 331 } 332 option = { 333 long = "pool" 334 type = "strings" 335 argument = "certificate-store" 336 help = "pool to find parent certificate in" 337 } 338 min_args="2" 339 argument="outfile certs ..." 340 help = "Fetch OCSP responses for the following certs" 341} 342command = { 343 option = { 344 long = "ocsp-file" 345 type = "string" 346 help = "OCSP file" 347 } 348 name = "ocsp-verify" 349 min_args="1" 350 argument="certificates ..." 351 help = "Check that certificates are in OCSP file and valid" 352} 353command = { 354 name = "ocsp-print" 355 option = { 356 long = "verbose" 357 type = "flag" 358 help = "verbose" 359 } 360 min_args="1" 361 argument="ocsp-response-file ..." 362 help = "Print the OCSP responses" 363} 364command = { 365 name = "request-create" 366 option = { 367 long = "subject" 368 type = "string" 369 help = "Subject DN" 370 } 371 option = { 372 long = "email" 373 type = "strings" 374 help = "Email address in SubjectAltName" 375 } 376 option = { 377 long = "dnsname" 378 type = "strings" 379 help = "Hostname or domainname in SubjectAltName" 380 } 381 option = { 382 long = "type" 383 type = "string" 384 help = "Type of request CRMF or PKCS10, defaults to PKCS10" 385 } 386 option = { 387 long = "key" 388 type = "string" 389 help = "Key-pair" 390 } 391 option = { 392 long = "generate-key" 393 type = "string" 394 help = "keytype" 395 } 396 option = { 397 long = "key-bits" 398 type = "integer" 399 help = "number of bits in the generated key"; 400 } 401 option = { 402 long = "verbose" 403 type = "flag" 404 help = "verbose status" 405 } 406 min_args="1" 407 max_args="1" 408 argument="output-file" 409 help = "Create a CRMF or PKCS10 request" 410} 411command = { 412 name = "request-print" 413 option = { 414 long = "verbose" 415 type = "flag" 416 help = "verbose printing" 417 } 418 min_args="1" 419 argument="requests ..." 420 help = "Print requests" 421} 422command = { 423 name = "query" 424 option = { 425 long = "exact" 426 type = "flag" 427 help = "exact match" 428 } 429 option = { 430 long = "private-key" 431 type = "flag" 432 help = "search for private key" 433 } 434 option = { 435 long = "friendlyname" 436 type = "string" 437 argument = "name" 438 help = "match on friendly name" 439 } 440 option = { 441 long = "keyEncipherment" 442 type = "flag" 443 help = "match keyEncipherment certificates" 444 } 445 option = { 446 long = "digitalSignature" 447 type = "flag" 448 help = "match digitalSignature certificates" 449 } 450 option = { 451 long = "print" 452 type = "flag" 453 help = "print matches" 454 } 455 option = { 456 long = "pass" 457 type = "strings" 458 argument = "password" 459 help = "password, prompter, or environment" 460 } 461 min_args="1" 462 argument="certificates ..." 463 help = "Query the certificates for a match" 464} 465command = { 466 name = "info" 467} 468command = { 469 name = "random-data" 470 min_args="1" 471 argument="bytes" 472 help = "Generates random bytes and prints them to standard output" 473} 474command = { 475 option = { 476 long = "type" 477 type = "string" 478 help = "type of CMS algorithm" 479 } 480 name = "crypto-available" 481 min_args="0" 482 help = "Print available CMS crypto types" 483} 484command = { 485 option = { 486 long = "type" 487 type = "string" 488 help = "type of CMS algorithm" 489 } 490 option = { 491 long = "certificate" 492 type = "string" 493 help = "source certificate limiting the choices" 494 } 495 option = { 496 long = "peer-cmstype" 497 type = "strings" 498 help = "peer limiting cmstypes" 499 } 500 name = "crypto-select" 501 min_args="0" 502 help = "Print selected CMS type" 503} 504command = { 505 option = { 506 long = "decode" 507 short = "d" 508 type = "flag" 509 help = "decode instead of encode" 510 } 511 name = "hex" 512 function = "hxtool_hex" 513 min_args="0" 514 help = "Encode input to hex" 515} 516command = { 517 option = { 518 long = "issue-ca" 519 type = "flag" 520 help = "Issue a CA certificate" 521 } 522 option = { 523 long = "issue-proxy" 524 type = "flag" 525 help = "Issue a proxy certificate" 526 } 527 option = { 528 long = "domain-controller" 529 type = "flag" 530 help = "Issue a MS domaincontroller certificate" 531 } 532 option = { 533 long = "subject" 534 type = "string" 535 help = "Subject of issued certificate" 536 } 537 option = { 538 long = "ca-certificate" 539 type = "string" 540 help = "Issuing CA certificate" 541 } 542 option = { 543 long = "self-signed" 544 type = "flag" 545 help = "Issuing a self-signed certificate" 546 } 547 option = { 548 long = "ca-private-key" 549 type = "string" 550 help = "Private key for self-signed certificate" 551 } 552 option = { 553 long = "certificate" 554 type = "string" 555 help = "Issued certificate" 556 } 557 option = { 558 long = "type" 559 type = "strings" 560 help = "Type of certificate to issue" 561 } 562 option = { 563 long = "lifetime" 564 type = "string" 565 help = "Lifetime of certificate" 566 } 567 option = { 568 long = "serial-number" 569 type = "string" 570 help = "serial-number of certificate" 571 } 572 option = { 573 long = "path-length" 574 default = "-1" 575 type = "integer" 576 help = "Maximum path length (CA and proxy certificates), -1 no limit" 577 } 578 option = { 579 long = "hostname" 580 type = "strings" 581 help = "DNS names this certificate is allowed to serve" 582 } 583 option = { 584 long = "email" 585 type = "strings" 586 help = "email addresses assigned to this certificate" 587 } 588 option = { 589 long = "pk-init-principal" 590 type = "string" 591 help = "PK-INIT principal (for SAN)" 592 } 593 option = { 594 long = "ms-upn" 595 type = "string" 596 help = "Microsoft UPN (for SAN)" 597 } 598 option = { 599 long = "jid" 600 type = "string" 601 help = "XMPP jabber id (for SAN)" 602 } 603 option = { 604 long = "req" 605 type = "string" 606 help = "certificate request" 607 } 608 option = { 609 long = "certificate-private-key" 610 type = "string" 611 help = "private-key" 612 } 613 option = { 614 long = "generate-key" 615 type = "string" 616 help = "keytype" 617 } 618 option = { 619 long = "key-bits" 620 type = "integer" 621 help = "number of bits in the generated key" 622 } 623 option = { 624 long = "crl-uri" 625 type = "string" 626 help = "URI to CRL" 627 } 628 option = { 629 long = "template-certificate" 630 type = "string" 631 help = "certificate" 632 } 633 option = { 634 long = "template-fields" 635 type = "string" 636 help = "flag" 637 } 638 name = "certificate-sign" 639 name = "cert-sign" 640 name = "issue-certificate" 641 name = "ca" 642 function = "hxtool_ca" 643 min_args="0" 644 help = "Issue a certificate" 645} 646command = { 647 name = "test-crypto" 648 option = { 649 long = "pass" 650 type = "strings" 651 argument = "password" 652 help = "password, prompter, or environment" 653 } 654 option = { 655 long = "verbose" 656 type = "flag" 657 help = "verbose printing" 658 } 659 min_args="1" 660 argument="certificates..." 661 help = "Test crypto system related to the certificates" 662} 663command = { 664 option = { 665 long = "type" 666 type = "integer" 667 help = "type of statistics" 668 } 669 name = "statistic-print" 670 min_args="0" 671 help = "Print statistics" 672} 673command = { 674 option = { 675 long = "signer" 676 type = "string" 677 help = "signer certificate" 678 } 679 option = { 680 long = "pass" 681 type = "strings" 682 argument = "password" 683 help = "password, prompter, or environment" 684 } 685 option = { 686 long = "crl-file" 687 type = "string" 688 help = "CRL output file" 689 } 690 option = { 691 long = "lifetime" 692 type = "string" 693 help = "time the crl will be valid" 694 } 695 name = "crl-sign" 696 min_args="0" 697 argument="certificates..." 698 help = "Create a CRL" 699} 700command = { 701 name = "help" 702 name = "?" 703 argument = "[command]" 704 min_args = "0" 705 max_args = "1" 706 help = "Help! I need somebody" 707} 708