1c19800e8SDoug Rabson/* 2c19800e8SDoug Rabson * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan 3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden). 4c19800e8SDoug Rabson * All rights reserved. 5c19800e8SDoug Rabson * 6c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 7c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 8c19800e8SDoug Rabson * are met: 9c19800e8SDoug Rabson * 10c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 11c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 12c19800e8SDoug Rabson * 13c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 15c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 16c19800e8SDoug Rabson * 17c19800e8SDoug Rabson * 3. Neither the name of the Institute nor the names of its contributors 18c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software 19c19800e8SDoug Rabson * without specific prior written permission. 20c19800e8SDoug Rabson * 21c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31c19800e8SDoug Rabson * SUCH DAMAGE. 32c19800e8SDoug Rabson */ 33c19800e8SDoug Rabson/* $Id$ */ 34c19800e8SDoug Rabson 35c19800e8SDoug Rabsoncommand = { 36c19800e8SDoug Rabson name = "cms-create-sd" 37c19800e8SDoug Rabson name = "cms-sign" 38c19800e8SDoug Rabson option = { 39c19800e8SDoug Rabson long = "certificate" 40c19800e8SDoug Rabson short = "c" 41c19800e8SDoug Rabson type = "strings" 42c19800e8SDoug Rabson argument = "certificate-store" 43c19800e8SDoug Rabson help = "certificate stores to pull certificates from" 44c19800e8SDoug Rabson } 45c19800e8SDoug Rabson option = { 46c19800e8SDoug Rabson long = "signer" 47c19800e8SDoug Rabson short = "s" 48c19800e8SDoug Rabson type = "string" 49c19800e8SDoug Rabson argument = "signer-friendly-name" 50c19800e8SDoug Rabson help = "certificate to sign with" 51c19800e8SDoug Rabson } 52c19800e8SDoug Rabson option = { 53c19800e8SDoug Rabson long = "anchors" 54c19800e8SDoug Rabson type = "strings" 55c19800e8SDoug Rabson argument = "certificate-store" 56c19800e8SDoug Rabson help = "trust anchors" 57c19800e8SDoug Rabson } 58c19800e8SDoug Rabson option = { 59c19800e8SDoug Rabson long = "pool" 60c19800e8SDoug Rabson type = "strings" 61c19800e8SDoug Rabson argument = "certificate-pool" 62c19800e8SDoug Rabson help = "certificate store to pull certificates from" 63c19800e8SDoug Rabson } 64c19800e8SDoug Rabson option = { 65c19800e8SDoug Rabson long = "pass" 66c19800e8SDoug Rabson type = "strings" 67c19800e8SDoug Rabson argument = "password" 68c19800e8SDoug Rabson help = "password, prompter, or environment" 69c19800e8SDoug Rabson } 70c19800e8SDoug Rabson option = { 71c19800e8SDoug Rabson long = "peer-alg" 72c19800e8SDoug Rabson type = "strings" 73c19800e8SDoug Rabson argument = "oid" 74c19800e8SDoug Rabson help = "oid that the peer support" 75c19800e8SDoug Rabson } 76c19800e8SDoug Rabson option = { 77c19800e8SDoug Rabson long = "content-type" 78c19800e8SDoug Rabson type = "string" 79c19800e8SDoug Rabson argument = "oid" 80c19800e8SDoug Rabson help = "content type oid" 81c19800e8SDoug Rabson } 82c19800e8SDoug Rabson option = { 83c19800e8SDoug Rabson long = "content-info" 84c19800e8SDoug Rabson type = "flag" 85c19800e8SDoug Rabson help = "wrapped out-data in a ContentInfo" 86c19800e8SDoug Rabson } 87c19800e8SDoug Rabson option = { 88c19800e8SDoug Rabson long = "pem" 89c19800e8SDoug Rabson type = "flag" 90c19800e8SDoug Rabson help = "wrap out-data in PEM armor" 91c19800e8SDoug Rabson } 92c19800e8SDoug Rabson option = { 93c19800e8SDoug Rabson long = "detached-signature" 94c19800e8SDoug Rabson type = "flag" 95c19800e8SDoug Rabson help = "create a detached signature" 96c19800e8SDoug Rabson } 97c19800e8SDoug Rabson option = { 98c19800e8SDoug Rabson long = "signer" 99c19800e8SDoug Rabson type = "-flag" 100c19800e8SDoug Rabson help = "do not sign" 101c19800e8SDoug Rabson } 102c19800e8SDoug Rabson option = { 103c19800e8SDoug Rabson long = "id-by-name" 104c19800e8SDoug Rabson type = "flag" 105c19800e8SDoug Rabson help = "use subject name for CMS Identifier" 106c19800e8SDoug Rabson } 107c19800e8SDoug Rabson option = { 108c19800e8SDoug Rabson long = "embedded-certs" 109c19800e8SDoug Rabson type = "-flag" 110c19800e8SDoug Rabson help = "dont embedded certficiates" 111c19800e8SDoug Rabson } 112c19800e8SDoug Rabson option = { 113c19800e8SDoug Rabson long = "embed-leaf-only" 114c19800e8SDoug Rabson type = "flag" 115c19800e8SDoug Rabson help = "only embed leaf certificate" 116c19800e8SDoug Rabson } 117c19800e8SDoug Rabson min_args="1" 118c19800e8SDoug Rabson max_args="2" 119c19800e8SDoug Rabson argument="in-file out-file" 120c19800e8SDoug Rabson help = "Wrap a file within a SignedData object" 121c19800e8SDoug Rabson} 122c19800e8SDoug Rabsoncommand = { 123c19800e8SDoug Rabson name = "cms-verify-sd" 124c19800e8SDoug Rabson option = { 125c19800e8SDoug Rabson long = "anchors" 126c19800e8SDoug Rabson short = "D" 127c19800e8SDoug Rabson type = "strings" 128c19800e8SDoug Rabson argument = "certificate-store" 129c19800e8SDoug Rabson help = "trust anchors" 130c19800e8SDoug Rabson } 131c19800e8SDoug Rabson option = { 132c19800e8SDoug Rabson long = "certificate" 133c19800e8SDoug Rabson short = "c" 134c19800e8SDoug Rabson type = "strings" 135c19800e8SDoug Rabson argument = "certificate-store" 136c19800e8SDoug Rabson help = "certificate store to pull certificates from" 137c19800e8SDoug Rabson } 138c19800e8SDoug Rabson option = { 139c19800e8SDoug Rabson long = "pass" 140c19800e8SDoug Rabson type = "strings" 141c19800e8SDoug Rabson argument = "password" 142c19800e8SDoug Rabson help = "password, prompter, or environment" 143c19800e8SDoug Rabson } 144c19800e8SDoug Rabson option = { 145c19800e8SDoug Rabson long = "missing-revoke" 146c19800e8SDoug Rabson type = "flag" 147c19800e8SDoug Rabson help = "missing CRL/OCSP is ok" 148c19800e8SDoug Rabson } 149c19800e8SDoug Rabson option = { 150c19800e8SDoug Rabson long = "content-info" 151c19800e8SDoug Rabson type = "flag" 152c19800e8SDoug Rabson help = "unwrap in-data that's in a ContentInfo" 153c19800e8SDoug Rabson } 154c19800e8SDoug Rabson option = { 155c19800e8SDoug Rabson long = "pem" 156c19800e8SDoug Rabson type = "flag" 157c19800e8SDoug Rabson help = "unwrap in-data from PEM armor" 158c19800e8SDoug Rabson } 159c19800e8SDoug Rabson option = { 160c19800e8SDoug Rabson long = "signer-allowed" 161c19800e8SDoug Rabson type = "-flag" 162c19800e8SDoug Rabson help = "allow no signer" 163c19800e8SDoug Rabson } 164c19800e8SDoug Rabson option = { 165c19800e8SDoug Rabson long = "allow-wrong-oid" 166c19800e8SDoug Rabson type = "flag" 167c19800e8SDoug Rabson help = "allow wrong oid flag" 168c19800e8SDoug Rabson } 169c19800e8SDoug Rabson option = { 170c19800e8SDoug Rabson long = "signed-content" 171c19800e8SDoug Rabson type = "string" 172c19800e8SDoug Rabson help = "file containing content" 173c19800e8SDoug Rabson } 174c19800e8SDoug Rabson min_args="1" 175c19800e8SDoug Rabson max_args="2" 176c19800e8SDoug Rabson argument="in-file [out-file]" 177c19800e8SDoug Rabson help = "Verify a file within a SignedData object" 178c19800e8SDoug Rabson} 179c19800e8SDoug Rabsoncommand = { 180c19800e8SDoug Rabson name = "cms-unenvelope" 181c19800e8SDoug Rabson option = { 182c19800e8SDoug Rabson long = "certificate" 183c19800e8SDoug Rabson short = "c" 184c19800e8SDoug Rabson type = "strings" 185c19800e8SDoug Rabson argument = "certificate-store" 186c19800e8SDoug Rabson help = "certificate used to decrypt the data" 187c19800e8SDoug Rabson } 188c19800e8SDoug Rabson option = { 189c19800e8SDoug Rabson long = "pass" 190c19800e8SDoug Rabson type = "strings" 191c19800e8SDoug Rabson argument = "password" 192c19800e8SDoug Rabson help = "password, prompter, or environment" 193c19800e8SDoug Rabson } 194c19800e8SDoug Rabson option = { 195c19800e8SDoug Rabson long = "content-info" 196c19800e8SDoug Rabson type = "flag" 197c19800e8SDoug Rabson help = "wrapped out-data in a ContentInfo" 198c19800e8SDoug Rabson } 199c19800e8SDoug Rabson option = { 200c19800e8SDoug Rabson long = "allow-weak-crypto" 201c19800e8SDoug Rabson type = "flag" 202c19800e8SDoug Rabson help = "allow weak crypto" 203c19800e8SDoug Rabson } 204c19800e8SDoug Rabson min_args="2" 205c19800e8SDoug Rabson argument="in-file out-file" 206c19800e8SDoug Rabson help = "Unenvelope a file containing a EnvelopedData object" 207c19800e8SDoug Rabson} 208c19800e8SDoug Rabsoncommand = { 209c19800e8SDoug Rabson name = "cms-envelope" 210c19800e8SDoug Rabson function = "cms_create_enveloped" 211c19800e8SDoug Rabson option = { 212c19800e8SDoug Rabson long = "certificate" 213c19800e8SDoug Rabson short = "c" 214c19800e8SDoug Rabson type = "strings" 215c19800e8SDoug Rabson argument = "certificate-store" 216c19800e8SDoug Rabson help = "certificates used to receive the data" 217c19800e8SDoug Rabson } 218c19800e8SDoug Rabson option = { 219c19800e8SDoug Rabson long = "pass" 220c19800e8SDoug Rabson type = "strings" 221c19800e8SDoug Rabson argument = "password" 222c19800e8SDoug Rabson help = "password, prompter, or environment" 223c19800e8SDoug Rabson } 224c19800e8SDoug Rabson option = { 225c19800e8SDoug Rabson long = "encryption-type" 226c19800e8SDoug Rabson type = "string" 227c19800e8SDoug Rabson argument = "enctype" 228c19800e8SDoug Rabson help = "enctype" 229c19800e8SDoug Rabson } 230c19800e8SDoug Rabson option = { 231c19800e8SDoug Rabson long = "content-type" 232c19800e8SDoug Rabson type = "string" 233c19800e8SDoug Rabson argument = "oid" 234c19800e8SDoug Rabson help = "content type oid" 235c19800e8SDoug Rabson } 236c19800e8SDoug Rabson option = { 237c19800e8SDoug Rabson long = "content-info" 238c19800e8SDoug Rabson type = "flag" 239c19800e8SDoug Rabson help = "wrapped out-data in a ContentInfo" 240c19800e8SDoug Rabson } 241c19800e8SDoug Rabson option = { 242c19800e8SDoug Rabson long = "allow-weak-crypto" 243c19800e8SDoug Rabson type = "flag" 244c19800e8SDoug Rabson help = "allow weak crypto" 245c19800e8SDoug Rabson } 246c19800e8SDoug Rabson min_args="2" 247c19800e8SDoug Rabson argument="in-file out-file" 248c19800e8SDoug Rabson help = "Envelope a file containing a EnvelopedData object" 249c19800e8SDoug Rabson} 250c19800e8SDoug Rabsoncommand = { 251c19800e8SDoug Rabson name = "verify" 252c19800e8SDoug Rabson function = "pcert_verify" 253c19800e8SDoug Rabson option = { 254c19800e8SDoug Rabson long = "pass" 255c19800e8SDoug Rabson type = "strings" 256c19800e8SDoug Rabson argument = "password" 257c19800e8SDoug Rabson help = "password, prompter, or environment" 258c19800e8SDoug Rabson } 259c19800e8SDoug Rabson option = { 260c19800e8SDoug Rabson long = "allow-proxy-certificate" 261c19800e8SDoug Rabson type = "flag" 262c19800e8SDoug Rabson help = "allow proxy certificates" 263c19800e8SDoug Rabson } 264c19800e8SDoug Rabson option = { 265c19800e8SDoug Rabson long = "missing-revoke" 266c19800e8SDoug Rabson type = "flag" 267c19800e8SDoug Rabson help = "missing CRL/OCSP is ok" 268c19800e8SDoug Rabson } 269c19800e8SDoug Rabson option = { 270c19800e8SDoug Rabson long = "time" 271c19800e8SDoug Rabson type = "string" 272c19800e8SDoug Rabson help = "time when to validate the chain" 273c19800e8SDoug Rabson } 274c19800e8SDoug Rabson option = { 275c19800e8SDoug Rabson long = "verbose" 276c19800e8SDoug Rabson short = "v" 277c19800e8SDoug Rabson type = "flag" 278c19800e8SDoug Rabson help = "verbose logging" 279c19800e8SDoug Rabson } 280c19800e8SDoug Rabson option = { 281c19800e8SDoug Rabson long = "max-depth" 282c19800e8SDoug Rabson type = "integer" 283c19800e8SDoug Rabson help = "maximum search length of certificate trust anchor" 284c19800e8SDoug Rabson } 285c19800e8SDoug Rabson option = { 286c19800e8SDoug Rabson long = "hostname" 287c19800e8SDoug Rabson type = "string" 288c19800e8SDoug Rabson help = "match hostname to certificate" 289c19800e8SDoug Rabson } 290c19800e8SDoug Rabson argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2" 291c19800e8SDoug Rabson help = "Verify certificate chain" 292c19800e8SDoug Rabson} 293c19800e8SDoug Rabsoncommand = { 294c19800e8SDoug Rabson name = "print" 295c19800e8SDoug Rabson function = "pcert_print" 296c19800e8SDoug Rabson option = { 297c19800e8SDoug Rabson long = "pass" 298c19800e8SDoug Rabson type = "strings" 299c19800e8SDoug Rabson argument = "password" 300c19800e8SDoug Rabson help = "password, prompter, or environment" 301c19800e8SDoug Rabson } 302c19800e8SDoug Rabson option = { 303c19800e8SDoug Rabson long = "content" 304c19800e8SDoug Rabson type = "flag" 305c19800e8SDoug Rabson help = "print the content of the certificates" 306c19800e8SDoug Rabson } 307c19800e8SDoug Rabson option = { 308c19800e8SDoug Rabson long = "never-fail" 309c19800e8SDoug Rabson type = "flag" 310c19800e8SDoug Rabson help = "never fail with an error code" 311c19800e8SDoug Rabson } 312c19800e8SDoug Rabson option = { 313c19800e8SDoug Rabson long = "info" 314c19800e8SDoug Rabson type = "flag" 315c19800e8SDoug Rabson help = "print the information about the certificate store" 316c19800e8SDoug Rabson } 317c19800e8SDoug Rabson min_args="1" 318c19800e8SDoug Rabson argument="certificate ..." 319c19800e8SDoug Rabson help = "Print certificates" 320c19800e8SDoug Rabson} 321c19800e8SDoug Rabsoncommand = { 322c19800e8SDoug Rabson name = "validate" 323c19800e8SDoug Rabson function = "pcert_validate" 324c19800e8SDoug Rabson option = { 325c19800e8SDoug Rabson long = "pass" 326c19800e8SDoug Rabson type = "strings" 327c19800e8SDoug Rabson argument = "password" 328c19800e8SDoug Rabson help = "password, prompter, or environment" 329c19800e8SDoug Rabson } 330c19800e8SDoug Rabson min_args="1" 331c19800e8SDoug Rabson argument="certificate ..." 332c19800e8SDoug Rabson help = "Validate content of certificates" 333c19800e8SDoug Rabson} 334c19800e8SDoug Rabsoncommand = { 335c19800e8SDoug Rabson name = "certificate-copy" 336c19800e8SDoug Rabson name = "cc" 337c19800e8SDoug Rabson option = { 338c19800e8SDoug Rabson long = "in-pass" 339c19800e8SDoug Rabson type = "strings" 340c19800e8SDoug Rabson argument = "password" 341c19800e8SDoug Rabson help = "password, prompter, or environment" 342c19800e8SDoug Rabson } 343c19800e8SDoug Rabson option = { 344c19800e8SDoug Rabson long = "out-pass" 345c19800e8SDoug Rabson type = "string" 346c19800e8SDoug Rabson argument = "password" 347c19800e8SDoug Rabson help = "password, prompter, or environment" 348c19800e8SDoug Rabson } 349c19800e8SDoug Rabson min_args="2" 350c19800e8SDoug Rabson argument="in-certificates-1 ... out-certificate" 351c19800e8SDoug Rabson help = "Copy in certificates stores into out certificate store" 352c19800e8SDoug Rabson} 353c19800e8SDoug Rabsoncommand = { 354c19800e8SDoug Rabson name = "ocsp-fetch" 355c19800e8SDoug Rabson option = { 356c19800e8SDoug Rabson long = "pass" 357c19800e8SDoug Rabson type = "strings" 358c19800e8SDoug Rabson argument = "password" 359c19800e8SDoug Rabson help = "password, prompter, or environment" 360c19800e8SDoug Rabson } 361c19800e8SDoug Rabson option = { 362c19800e8SDoug Rabson long = "sign" 363c19800e8SDoug Rabson type = "string" 364c19800e8SDoug Rabson argument = "certificate" 365c19800e8SDoug Rabson help = "certificate use to sign the request" 366c19800e8SDoug Rabson } 367c19800e8SDoug Rabson option = { 368c19800e8SDoug Rabson long = "url-path" 369c19800e8SDoug Rabson type = "string" 370c19800e8SDoug Rabson argument = "url" 371c19800e8SDoug Rabson help = "part after host in url to put in the request" 372c19800e8SDoug Rabson } 373c19800e8SDoug Rabson option = { 374c19800e8SDoug Rabson long = "nonce" 375c19800e8SDoug Rabson type = "-flag" 376c19800e8SDoug Rabson default = "1" 377c19800e8SDoug Rabson help = "don't include nonce in request" 378c19800e8SDoug Rabson } 379c19800e8SDoug Rabson option = { 380c19800e8SDoug Rabson long = "pool" 381c19800e8SDoug Rabson type = "strings" 382c19800e8SDoug Rabson argument = "certificate-store" 383c19800e8SDoug Rabson help = "pool to find parent certificate in" 384c19800e8SDoug Rabson } 385c19800e8SDoug Rabson min_args="2" 386c19800e8SDoug Rabson argument="outfile certs ..." 387c19800e8SDoug Rabson help = "Fetch OCSP responses for the following certs" 388c19800e8SDoug Rabson} 389c19800e8SDoug Rabsoncommand = { 390c19800e8SDoug Rabson option = { 391c19800e8SDoug Rabson long = "ocsp-file" 392c19800e8SDoug Rabson type = "string" 393c19800e8SDoug Rabson help = "OCSP file" 394c19800e8SDoug Rabson } 395c19800e8SDoug Rabson name = "ocsp-verify" 396c19800e8SDoug Rabson min_args="1" 397c19800e8SDoug Rabson argument="certificates ..." 398c19800e8SDoug Rabson help = "Check that certificates are in OCSP file and valid" 399c19800e8SDoug Rabson} 400c19800e8SDoug Rabsoncommand = { 401c19800e8SDoug Rabson name = "ocsp-print" 402c19800e8SDoug Rabson option = { 403c19800e8SDoug Rabson long = "verbose" 404c19800e8SDoug Rabson type = "flag" 405c19800e8SDoug Rabson help = "verbose" 406c19800e8SDoug Rabson } 407c19800e8SDoug Rabson min_args="1" 408c19800e8SDoug Rabson argument="ocsp-response-file ..." 409c19800e8SDoug Rabson help = "Print the OCSP responses" 410c19800e8SDoug Rabson} 411c19800e8SDoug Rabsoncommand = { 412c19800e8SDoug Rabson name = "request-create" 413c19800e8SDoug Rabson option = { 414c19800e8SDoug Rabson long = "subject" 415c19800e8SDoug Rabson type = "string" 416c19800e8SDoug Rabson help = "Subject DN" 417c19800e8SDoug Rabson } 418c19800e8SDoug Rabson option = { 419c19800e8SDoug Rabson long = "email" 420c19800e8SDoug Rabson type = "strings" 421c19800e8SDoug Rabson help = "Email address in SubjectAltName" 422c19800e8SDoug Rabson } 423c19800e8SDoug Rabson option = { 424c19800e8SDoug Rabson long = "dnsname" 425c19800e8SDoug Rabson type = "strings" 426c19800e8SDoug Rabson help = "Hostname or domainname in SubjectAltName" 427c19800e8SDoug Rabson } 428c19800e8SDoug Rabson option = { 429c19800e8SDoug Rabson long = "type" 430c19800e8SDoug Rabson type = "string" 431c19800e8SDoug Rabson help = "Type of request CRMF or PKCS10, defaults to PKCS10" 432c19800e8SDoug Rabson } 433c19800e8SDoug Rabson option = { 434c19800e8SDoug Rabson long = "key" 435c19800e8SDoug Rabson type = "string" 436c19800e8SDoug Rabson help = "Key-pair" 437c19800e8SDoug Rabson } 438c19800e8SDoug Rabson option = { 439c19800e8SDoug Rabson long = "generate-key" 440c19800e8SDoug Rabson type = "string" 441c19800e8SDoug Rabson help = "keytype" 442c19800e8SDoug Rabson } 443c19800e8SDoug Rabson option = { 444c19800e8SDoug Rabson long = "key-bits" 445c19800e8SDoug Rabson type = "integer" 446c19800e8SDoug Rabson help = "number of bits in the generated key"; 447c19800e8SDoug Rabson } 448c19800e8SDoug Rabson option = { 449c19800e8SDoug Rabson long = "verbose" 450c19800e8SDoug Rabson type = "flag" 451c19800e8SDoug Rabson help = "verbose status" 452c19800e8SDoug Rabson } 453c19800e8SDoug Rabson min_args="1" 454c19800e8SDoug Rabson max_args="1" 455c19800e8SDoug Rabson argument="output-file" 456c19800e8SDoug Rabson help = "Create a CRMF or PKCS10 request" 457c19800e8SDoug Rabson} 458c19800e8SDoug Rabsoncommand = { 459c19800e8SDoug Rabson name = "request-print" 460c19800e8SDoug Rabson option = { 461c19800e8SDoug Rabson long = "verbose" 462c19800e8SDoug Rabson type = "flag" 463c19800e8SDoug Rabson help = "verbose printing" 464c19800e8SDoug Rabson } 465c19800e8SDoug Rabson min_args="1" 466c19800e8SDoug Rabson argument="requests ..." 467c19800e8SDoug Rabson help = "Print requests" 468c19800e8SDoug Rabson} 469c19800e8SDoug Rabsoncommand = { 470c19800e8SDoug Rabson name = "query" 471c19800e8SDoug Rabson option = { 472c19800e8SDoug Rabson long = "exact" 473c19800e8SDoug Rabson type = "flag" 474c19800e8SDoug Rabson help = "exact match" 475c19800e8SDoug Rabson } 476c19800e8SDoug Rabson option = { 477c19800e8SDoug Rabson long = "private-key" 478c19800e8SDoug Rabson type = "flag" 479c19800e8SDoug Rabson help = "search for private key" 480c19800e8SDoug Rabson } 481c19800e8SDoug Rabson option = { 482c19800e8SDoug Rabson long = "friendlyname" 483c19800e8SDoug Rabson type = "string" 484c19800e8SDoug Rabson argument = "name" 485c19800e8SDoug Rabson help = "match on friendly name" 486c19800e8SDoug Rabson } 487c19800e8SDoug Rabson option = { 488c19800e8SDoug Rabson long = "eku" 489c19800e8SDoug Rabson type = "string" 490c19800e8SDoug Rabson argument = "oid-string" 491c19800e8SDoug Rabson help = "match on EKU" 492c19800e8SDoug Rabson } 493c19800e8SDoug Rabson option = { 494c19800e8SDoug Rabson long = "expr" 495c19800e8SDoug Rabson type = "string" 496c19800e8SDoug Rabson argument = "expression" 497c19800e8SDoug Rabson help = "match on expression" 498c19800e8SDoug Rabson } 499c19800e8SDoug Rabson option = { 500c19800e8SDoug Rabson long = "keyEncipherment" 501c19800e8SDoug Rabson type = "flag" 502c19800e8SDoug Rabson help = "match keyEncipherment certificates" 503c19800e8SDoug Rabson } 504c19800e8SDoug Rabson option = { 505c19800e8SDoug Rabson long = "digitalSignature" 506c19800e8SDoug Rabson type = "flag" 507c19800e8SDoug Rabson help = "match digitalSignature certificates" 508c19800e8SDoug Rabson } 509c19800e8SDoug Rabson option = { 510c19800e8SDoug Rabson long = "print" 511c19800e8SDoug Rabson type = "flag" 512c19800e8SDoug Rabson help = "print matches" 513c19800e8SDoug Rabson } 514c19800e8SDoug Rabson option = { 515c19800e8SDoug Rabson long = "pass" 516c19800e8SDoug Rabson type = "strings" 517c19800e8SDoug Rabson argument = "password" 518c19800e8SDoug Rabson help = "password, prompter, or environment" 519c19800e8SDoug Rabson } 520c19800e8SDoug Rabson min_args="1" 521c19800e8SDoug Rabson argument="certificates ..." 522c19800e8SDoug Rabson help = "Query the certificates for a match" 523c19800e8SDoug Rabson} 524c19800e8SDoug Rabsoncommand = { 525c19800e8SDoug Rabson name = "info" 526c19800e8SDoug Rabson} 527c19800e8SDoug Rabsoncommand = { 528c19800e8SDoug Rabson name = "random-data" 529c19800e8SDoug Rabson min_args="1" 530c19800e8SDoug Rabson argument="bytes" 531c19800e8SDoug Rabson help = "Generates random bytes and prints them to standard output" 532c19800e8SDoug Rabson} 533c19800e8SDoug Rabsoncommand = { 534c19800e8SDoug Rabson option = { 535c19800e8SDoug Rabson long = "type" 536c19800e8SDoug Rabson type = "string" 537c19800e8SDoug Rabson help = "type of CMS algorithm" 538c19800e8SDoug Rabson } 539c19800e8SDoug Rabson name = "crypto-available" 540c19800e8SDoug Rabson min_args="0" 541c19800e8SDoug Rabson help = "Print available CMS crypto types" 542c19800e8SDoug Rabson} 543c19800e8SDoug Rabsoncommand = { 544c19800e8SDoug Rabson option = { 545c19800e8SDoug Rabson long = "type" 546c19800e8SDoug Rabson type = "string" 547c19800e8SDoug Rabson help = "type of CMS algorithm" 548c19800e8SDoug Rabson } 549c19800e8SDoug Rabson option = { 550c19800e8SDoug Rabson long = "certificate" 551c19800e8SDoug Rabson type = "string" 552c19800e8SDoug Rabson help = "source certificate limiting the choices" 553c19800e8SDoug Rabson } 554c19800e8SDoug Rabson option = { 555c19800e8SDoug Rabson long = "peer-cmstype" 556c19800e8SDoug Rabson type = "strings" 557c19800e8SDoug Rabson help = "peer limiting cmstypes" 558c19800e8SDoug Rabson } 559c19800e8SDoug Rabson name = "crypto-select" 560c19800e8SDoug Rabson min_args="0" 561c19800e8SDoug Rabson help = "Print selected CMS type" 562c19800e8SDoug Rabson} 563c19800e8SDoug Rabsoncommand = { 564c19800e8SDoug Rabson option = { 565c19800e8SDoug Rabson long = "decode" 566c19800e8SDoug Rabson short = "d" 567c19800e8SDoug Rabson type = "flag" 568c19800e8SDoug Rabson help = "decode instead of encode" 569c19800e8SDoug Rabson } 570c19800e8SDoug Rabson name = "hex" 571c19800e8SDoug Rabson function = "hxtool_hex" 572c19800e8SDoug Rabson min_args="0" 573c19800e8SDoug Rabson help = "Encode input to hex" 574c19800e8SDoug Rabson} 575c19800e8SDoug Rabsoncommand = { 576c19800e8SDoug Rabson option = { 577c19800e8SDoug Rabson long = "issue-ca" 578c19800e8SDoug Rabson type = "flag" 579c19800e8SDoug Rabson help = "Issue a CA certificate" 580c19800e8SDoug Rabson } 581c19800e8SDoug Rabson option = { 582c19800e8SDoug Rabson long = "issue-proxy" 583c19800e8SDoug Rabson type = "flag" 584c19800e8SDoug Rabson help = "Issue a proxy certificate" 585c19800e8SDoug Rabson } 586c19800e8SDoug Rabson option = { 587c19800e8SDoug Rabson long = "domain-controller" 588c19800e8SDoug Rabson type = "flag" 589c19800e8SDoug Rabson help = "Issue a MS domaincontroller certificate" 590c19800e8SDoug Rabson } 591c19800e8SDoug Rabson option = { 592c19800e8SDoug Rabson long = "subject" 593c19800e8SDoug Rabson type = "string" 594c19800e8SDoug Rabson help = "Subject of issued certificate" 595c19800e8SDoug Rabson } 596c19800e8SDoug Rabson option = { 597c19800e8SDoug Rabson long = "ca-certificate" 598c19800e8SDoug Rabson type = "string" 599c19800e8SDoug Rabson help = "Issuing CA certificate" 600c19800e8SDoug Rabson } 601c19800e8SDoug Rabson option = { 602c19800e8SDoug Rabson long = "self-signed" 603c19800e8SDoug Rabson type = "flag" 604c19800e8SDoug Rabson help = "Issuing a self-signed certificate" 605c19800e8SDoug Rabson } 606c19800e8SDoug Rabson option = { 607c19800e8SDoug Rabson long = "ca-private-key" 608c19800e8SDoug Rabson type = "string" 609c19800e8SDoug Rabson help = "Private key for self-signed certificate" 610c19800e8SDoug Rabson } 611c19800e8SDoug Rabson option = { 612c19800e8SDoug Rabson long = "certificate" 613c19800e8SDoug Rabson type = "string" 614c19800e8SDoug Rabson help = "Issued certificate" 615c19800e8SDoug Rabson } 616c19800e8SDoug Rabson option = { 617c19800e8SDoug Rabson long = "type" 618c19800e8SDoug Rabson type = "strings" 619c19800e8SDoug Rabson help = "Types of certificate to issue (can be used more then once)" 620c19800e8SDoug Rabson } 621c19800e8SDoug Rabson option = { 622c19800e8SDoug Rabson long = "lifetime" 623c19800e8SDoug Rabson type = "string" 624c19800e8SDoug Rabson help = "Lifetime of certificate" 625c19800e8SDoug Rabson } 626c19800e8SDoug Rabson option = { 627c19800e8SDoug Rabson long = "serial-number" 628c19800e8SDoug Rabson type = "string" 629c19800e8SDoug Rabson help = "serial-number of certificate" 630c19800e8SDoug Rabson } 631c19800e8SDoug Rabson option = { 632c19800e8SDoug Rabson long = "path-length" 633c19800e8SDoug Rabson default = "-1" 634c19800e8SDoug Rabson type = "integer" 635c19800e8SDoug Rabson help = "Maximum path length (CA and proxy certificates), -1 no limit" 636c19800e8SDoug Rabson } 637c19800e8SDoug Rabson option = { 638c19800e8SDoug Rabson long = "hostname" 639c19800e8SDoug Rabson type = "strings" 640c19800e8SDoug Rabson help = "DNS names this certificate is allowed to serve" 641c19800e8SDoug Rabson } 642c19800e8SDoug Rabson option = { 643c19800e8SDoug Rabson long = "email" 644c19800e8SDoug Rabson type = "strings" 645c19800e8SDoug Rabson help = "email addresses assigned to this certificate" 646c19800e8SDoug Rabson } 647c19800e8SDoug Rabson option = { 648c19800e8SDoug Rabson long = "pk-init-principal" 649c19800e8SDoug Rabson type = "string" 650c19800e8SDoug Rabson help = "PK-INIT principal (for SAN)" 651c19800e8SDoug Rabson } 652c19800e8SDoug Rabson option = { 653c19800e8SDoug Rabson long = "ms-upn" 654c19800e8SDoug Rabson type = "string" 655c19800e8SDoug Rabson help = "Microsoft UPN (for SAN)" 656c19800e8SDoug Rabson } 657c19800e8SDoug Rabson option = { 658c19800e8SDoug Rabson long = "jid" 659c19800e8SDoug Rabson type = "string" 660c19800e8SDoug Rabson help = "XMPP jabber id (for SAN)" 661c19800e8SDoug Rabson } 662c19800e8SDoug Rabson option = { 663c19800e8SDoug Rabson long = "req" 664c19800e8SDoug Rabson type = "string" 665c19800e8SDoug Rabson help = "certificate request" 666c19800e8SDoug Rabson } 667c19800e8SDoug Rabson option = { 668c19800e8SDoug Rabson long = "certificate-private-key" 669c19800e8SDoug Rabson type = "string" 670c19800e8SDoug Rabson help = "private-key" 671c19800e8SDoug Rabson } 672c19800e8SDoug Rabson option = { 673c19800e8SDoug Rabson long = "generate-key" 674c19800e8SDoug Rabson type = "string" 675c19800e8SDoug Rabson help = "keytype" 676c19800e8SDoug Rabson } 677c19800e8SDoug Rabson option = { 678c19800e8SDoug Rabson long = "key-bits" 679c19800e8SDoug Rabson type = "integer" 680c19800e8SDoug Rabson help = "number of bits in the generated key" 681c19800e8SDoug Rabson } 682c19800e8SDoug Rabson option = { 683c19800e8SDoug Rabson long = "crl-uri" 684c19800e8SDoug Rabson type = "string" 685c19800e8SDoug Rabson help = "URI to CRL" 686c19800e8SDoug Rabson } 687c19800e8SDoug Rabson option = { 688c19800e8SDoug Rabson long = "template-certificate" 689c19800e8SDoug Rabson type = "string" 690c19800e8SDoug Rabson help = "certificate" 691c19800e8SDoug Rabson } 692c19800e8SDoug Rabson option = { 693c19800e8SDoug Rabson long = "template-fields" 694c19800e8SDoug Rabson type = "string" 695c19800e8SDoug Rabson help = "flag" 696c19800e8SDoug Rabson } 697c19800e8SDoug Rabson name = "certificate-sign" 698c19800e8SDoug Rabson name = "cert-sign" 699c19800e8SDoug Rabson name = "issue-certificate" 700c19800e8SDoug Rabson name = "ca" 701c19800e8SDoug Rabson function = "hxtool_ca" 702c19800e8SDoug Rabson min_args="0" 703c19800e8SDoug Rabson help = "Issue a certificate" 704c19800e8SDoug Rabson} 705c19800e8SDoug Rabsoncommand = { 706c19800e8SDoug Rabson name = "test-crypto" 707c19800e8SDoug Rabson option = { 708 long = "pass" 709 type = "strings" 710 argument = "password" 711 help = "password, prompter, or environment" 712 } 713 option = { 714 long = "verbose" 715 type = "flag" 716 help = "verbose printing" 717 } 718 min_args="1" 719 argument="certificates..." 720 help = "Test crypto system related to the certificates" 721} 722command = { 723 option = { 724 long = "type" 725 type = "integer" 726 help = "type of statistics" 727 } 728 name = "statistic-print" 729 min_args="0" 730 help = "Print statistics" 731} 732command = { 733 option = { 734 long = "signer" 735 type = "string" 736 help = "signer certificate" 737 } 738 option = { 739 long = "pass" 740 type = "strings" 741 argument = "password" 742 help = "password, prompter, or environment" 743 } 744 option = { 745 long = "crl-file" 746 type = "string" 747 help = "CRL output file" 748 } 749 option = { 750 long = "lifetime" 751 type = "string" 752 help = "time the crl will be valid" 753 } 754 name = "crl-sign" 755 min_args="0" 756 argument="certificates..." 757 help = "Create a CRL" 758} 759command = { 760 name = "help" 761 name = "?" 762 argument = "[command]" 763 min_args = "0" 764 max_args = "1" 765 help = "Help! I need somebody" 766} 767