1178825Sdfr/* 2233294Sstas * Copyright (c) 2005 - 2007 Kungliga Tekniska H��gskolan 3178825Sdfr * (Royal Institute of Technology, Stockholm, Sweden). 4178825Sdfr * All rights reserved. 5178825Sdfr * 6178825Sdfr * Redistribution and use in source and binary forms, with or without 7178825Sdfr * modification, are permitted provided that the following conditions 8178825Sdfr * are met: 9178825Sdfr * 10178825Sdfr * 1. Redistributions of source code must retain the above copyright 11178825Sdfr * notice, this list of conditions and the following disclaimer. 12178825Sdfr * 13178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright 14178825Sdfr * notice, this list of conditions and the following disclaimer in the 15178825Sdfr * documentation and/or other materials provided with the distribution. 16178825Sdfr * 17178825Sdfr * 3. Neither the name of the Institute nor the names of its contributors 18178825Sdfr * may be used to endorse or promote products derived from this software 19178825Sdfr * without specific prior written permission. 20178825Sdfr * 21178825Sdfr * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24178825Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31178825Sdfr * SUCH DAMAGE. 32178825Sdfr */ 33233294Sstas/* $Id$ */ 34178825Sdfr 35178825Sdfrcommand = { 36178825Sdfr name = "cms-create-sd" 37233294Sstas name = "cms-sign" 38178825Sdfr option = { 39178825Sdfr long = "certificate" 40178825Sdfr short = "c" 41178825Sdfr type = "strings" 42178825Sdfr argument = "certificate-store" 43178825Sdfr help = "certificate stores to pull certificates from" 44178825Sdfr } 45178825Sdfr option = { 46178825Sdfr long = "signer" 47178825Sdfr short = "s" 48178825Sdfr type = "string" 49178825Sdfr argument = "signer-friendly-name" 50178825Sdfr help = "certificate to sign with" 51178825Sdfr } 52178825Sdfr option = { 53178825Sdfr long = "anchors" 54178825Sdfr type = "strings" 55178825Sdfr argument = "certificate-store" 56178825Sdfr help = "trust anchors" 57178825Sdfr } 58178825Sdfr option = { 59178825Sdfr long = "pool" 60178825Sdfr type = "strings" 61178825Sdfr argument = "certificate-pool" 62178825Sdfr help = "certificate store to pull certificates from" 63178825Sdfr } 64178825Sdfr option = { 65178825Sdfr long = "pass" 66178825Sdfr type = "strings" 67178825Sdfr argument = "password" 68178825Sdfr help = "password, prompter, or environment" 69178825Sdfr } 70178825Sdfr option = { 71178825Sdfr long = "peer-alg" 72178825Sdfr type = "strings" 73178825Sdfr argument = "oid" 74178825Sdfr help = "oid that the peer support" 75178825Sdfr } 76178825Sdfr option = { 77178825Sdfr long = "content-type" 78178825Sdfr type = "string" 79178825Sdfr argument = "oid" 80178825Sdfr help = "content type oid" 81178825Sdfr } 82178825Sdfr option = { 83178825Sdfr long = "content-info" 84178825Sdfr type = "flag" 85178825Sdfr help = "wrapped out-data in a ContentInfo" 86178825Sdfr } 87178825Sdfr option = { 88178825Sdfr long = "pem" 89178825Sdfr type = "flag" 90178825Sdfr help = "wrap out-data in PEM armor" 91178825Sdfr } 92178825Sdfr option = { 93178825Sdfr long = "detached-signature" 94178825Sdfr type = "flag" 95178825Sdfr help = "create a detached signature" 96178825Sdfr } 97178825Sdfr option = { 98233294Sstas long = "signer" 99233294Sstas type = "-flag" 100233294Sstas help = "do not sign" 101233294Sstas } 102233294Sstas option = { 103178825Sdfr long = "id-by-name" 104178825Sdfr type = "flag" 105178825Sdfr help = "use subject name for CMS Identifier" 106178825Sdfr } 107233294Sstas option = { 108233294Sstas long = "embedded-certs" 109233294Sstas type = "-flag" 110233294Sstas help = "dont embedded certficiates" 111233294Sstas } 112233294Sstas option = { 113233294Sstas long = "embed-leaf-only" 114233294Sstas type = "flag" 115233294Sstas help = "only embed leaf certificate" 116233294Sstas } 117233294Sstas min_args="1" 118178825Sdfr max_args="2" 119178825Sdfr argument="in-file out-file" 120178825Sdfr help = "Wrap a file within a SignedData object" 121178825Sdfr} 122178825Sdfrcommand = { 123178825Sdfr name = "cms-verify-sd" 124178825Sdfr option = { 125178825Sdfr long = "anchors" 126233294Sstas short = "D" 127178825Sdfr type = "strings" 128178825Sdfr argument = "certificate-store" 129178825Sdfr help = "trust anchors" 130178825Sdfr } 131178825Sdfr option = { 132178825Sdfr long = "certificate" 133178825Sdfr short = "c" 134178825Sdfr type = "strings" 135178825Sdfr argument = "certificate-store" 136178825Sdfr help = "certificate store to pull certificates from" 137178825Sdfr } 138178825Sdfr option = { 139178825Sdfr long = "pass" 140178825Sdfr type = "strings" 141178825Sdfr argument = "password" 142178825Sdfr help = "password, prompter, or environment" 143178825Sdfr } 144178825Sdfr option = { 145178825Sdfr long = "missing-revoke" 146178825Sdfr type = "flag" 147178825Sdfr help = "missing CRL/OCSP is ok" 148178825Sdfr } 149178825Sdfr option = { 150178825Sdfr long = "content-info" 151178825Sdfr type = "flag" 152178825Sdfr help = "unwrap in-data that's in a ContentInfo" 153178825Sdfr } 154178825Sdfr option = { 155233294Sstas long = "pem" 156233294Sstas type = "flag" 157233294Sstas help = "unwrap in-data from PEM armor" 158233294Sstas } 159233294Sstas option = { 160233294Sstas long = "signer-allowed" 161233294Sstas type = "-flag" 162233294Sstas help = "allow no signer" 163233294Sstas } 164233294Sstas option = { 165233294Sstas long = "allow-wrong-oid" 166233294Sstas type = "flag" 167233294Sstas help = "allow wrong oid flag" 168233294Sstas } 169233294Sstas option = { 170178825Sdfr long = "signed-content" 171178825Sdfr type = "string" 172178825Sdfr help = "file containing content" 173178825Sdfr } 174233294Sstas min_args="1" 175178825Sdfr max_args="2" 176233294Sstas argument="in-file [out-file]" 177178825Sdfr help = "Verify a file within a SignedData object" 178178825Sdfr} 179178825Sdfrcommand = { 180178825Sdfr name = "cms-unenvelope" 181178825Sdfr option = { 182178825Sdfr long = "certificate" 183178825Sdfr short = "c" 184178825Sdfr type = "strings" 185178825Sdfr argument = "certificate-store" 186178825Sdfr help = "certificate used to decrypt the data" 187178825Sdfr } 188178825Sdfr option = { 189178825Sdfr long = "pass" 190178825Sdfr type = "strings" 191178825Sdfr argument = "password" 192178825Sdfr help = "password, prompter, or environment" 193178825Sdfr } 194178825Sdfr option = { 195178825Sdfr long = "content-info" 196178825Sdfr type = "flag" 197178825Sdfr help = "wrapped out-data in a ContentInfo" 198178825Sdfr } 199233294Sstas option = { 200233294Sstas long = "allow-weak-crypto" 201233294Sstas type = "flag" 202233294Sstas help = "allow weak crypto" 203233294Sstas } 204178825Sdfr min_args="2" 205178825Sdfr argument="in-file out-file" 206178825Sdfr help = "Unenvelope a file containing a EnvelopedData object" 207178825Sdfr} 208178825Sdfrcommand = { 209178825Sdfr name = "cms-envelope" 210178825Sdfr function = "cms_create_enveloped" 211178825Sdfr option = { 212178825Sdfr long = "certificate" 213178825Sdfr short = "c" 214178825Sdfr type = "strings" 215178825Sdfr argument = "certificate-store" 216178825Sdfr help = "certificates used to receive the data" 217178825Sdfr } 218178825Sdfr option = { 219178825Sdfr long = "pass" 220178825Sdfr type = "strings" 221178825Sdfr argument = "password" 222178825Sdfr help = "password, prompter, or environment" 223178825Sdfr } 224178825Sdfr option = { 225178825Sdfr long = "encryption-type" 226178825Sdfr type = "string" 227178825Sdfr argument = "enctype" 228178825Sdfr help = "enctype" 229178825Sdfr } 230178825Sdfr option = { 231178825Sdfr long = "content-type" 232178825Sdfr type = "string" 233178825Sdfr argument = "oid" 234178825Sdfr help = "content type oid" 235178825Sdfr } 236178825Sdfr option = { 237178825Sdfr long = "content-info" 238178825Sdfr type = "flag" 239178825Sdfr help = "wrapped out-data in a ContentInfo" 240178825Sdfr } 241233294Sstas option = { 242233294Sstas long = "allow-weak-crypto" 243233294Sstas type = "flag" 244233294Sstas help = "allow weak crypto" 245233294Sstas } 246178825Sdfr min_args="2" 247178825Sdfr argument="in-file out-file" 248178825Sdfr help = "Envelope a file containing a EnvelopedData object" 249178825Sdfr} 250178825Sdfrcommand = { 251178825Sdfr name = "verify" 252178825Sdfr function = "pcert_verify" 253178825Sdfr option = { 254178825Sdfr long = "pass" 255178825Sdfr type = "strings" 256178825Sdfr argument = "password" 257178825Sdfr help = "password, prompter, or environment" 258178825Sdfr } 259178825Sdfr option = { 260178825Sdfr long = "allow-proxy-certificate" 261178825Sdfr type = "flag" 262178825Sdfr help = "allow proxy certificates" 263178825Sdfr } 264178825Sdfr option = { 265178825Sdfr long = "missing-revoke" 266178825Sdfr type = "flag" 267178825Sdfr help = "missing CRL/OCSP is ok" 268178825Sdfr } 269178825Sdfr option = { 270178825Sdfr long = "time" 271178825Sdfr type = "string" 272178825Sdfr help = "time when to validate the chain" 273178825Sdfr } 274178825Sdfr option = { 275178825Sdfr long = "verbose" 276178825Sdfr short = "v" 277178825Sdfr type = "flag" 278178825Sdfr help = "verbose logging" 279178825Sdfr } 280178825Sdfr option = { 281178825Sdfr long = "max-depth" 282178825Sdfr type = "integer" 283178825Sdfr help = "maximum search length of certificate trust anchor" 284178825Sdfr } 285178825Sdfr option = { 286178825Sdfr long = "hostname" 287178825Sdfr type = "string" 288178825Sdfr help = "match hostname to certificate" 289178825Sdfr } 290178825Sdfr argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2" 291178825Sdfr help = "Verify certificate chain" 292178825Sdfr} 293178825Sdfrcommand = { 294178825Sdfr name = "print" 295178825Sdfr function = "pcert_print" 296178825Sdfr option = { 297178825Sdfr long = "pass" 298178825Sdfr type = "strings" 299178825Sdfr argument = "password" 300178825Sdfr help = "password, prompter, or environment" 301178825Sdfr } 302178825Sdfr option = { 303178825Sdfr long = "content" 304178825Sdfr type = "flag" 305178825Sdfr help = "print the content of the certificates" 306178825Sdfr } 307178825Sdfr option = { 308233294Sstas long = "never-fail" 309233294Sstas type = "flag" 310233294Sstas help = "never fail with an error code" 311233294Sstas } 312233294Sstas option = { 313178825Sdfr long = "info" 314178825Sdfr type = "flag" 315178825Sdfr help = "print the information about the certificate store" 316178825Sdfr } 317178825Sdfr min_args="1" 318178825Sdfr argument="certificate ..." 319178825Sdfr help = "Print certificates" 320178825Sdfr} 321178825Sdfrcommand = { 322178825Sdfr name = "validate" 323178825Sdfr function = "pcert_validate" 324178825Sdfr option = { 325178825Sdfr long = "pass" 326178825Sdfr type = "strings" 327178825Sdfr argument = "password" 328178825Sdfr help = "password, prompter, or environment" 329178825Sdfr } 330178825Sdfr min_args="1" 331178825Sdfr argument="certificate ..." 332178825Sdfr help = "Validate content of certificates" 333178825Sdfr} 334178825Sdfrcommand = { 335178825Sdfr name = "certificate-copy" 336178825Sdfr name = "cc" 337178825Sdfr option = { 338178825Sdfr long = "in-pass" 339178825Sdfr type = "strings" 340178825Sdfr argument = "password" 341178825Sdfr help = "password, prompter, or environment" 342178825Sdfr } 343178825Sdfr option = { 344178825Sdfr long = "out-pass" 345178825Sdfr type = "string" 346178825Sdfr argument = "password" 347178825Sdfr help = "password, prompter, or environment" 348178825Sdfr } 349178825Sdfr min_args="2" 350178825Sdfr argument="in-certificates-1 ... out-certificate" 351178825Sdfr help = "Copy in certificates stores into out certificate store" 352178825Sdfr} 353178825Sdfrcommand = { 354178825Sdfr name = "ocsp-fetch" 355178825Sdfr option = { 356178825Sdfr long = "pass" 357178825Sdfr type = "strings" 358178825Sdfr argument = "password" 359178825Sdfr help = "password, prompter, or environment" 360178825Sdfr } 361178825Sdfr option = { 362178825Sdfr long = "sign" 363178825Sdfr type = "string" 364178825Sdfr argument = "certificate" 365178825Sdfr help = "certificate use to sign the request" 366178825Sdfr } 367178825Sdfr option = { 368178825Sdfr long = "url-path" 369178825Sdfr type = "string" 370178825Sdfr argument = "url" 371178825Sdfr help = "part after host in url to put in the request" 372178825Sdfr } 373178825Sdfr option = { 374178825Sdfr long = "nonce" 375178825Sdfr type = "-flag" 376178825Sdfr default = "1" 377178825Sdfr help = "don't include nonce in request" 378178825Sdfr } 379178825Sdfr option = { 380178825Sdfr long = "pool" 381178825Sdfr type = "strings" 382178825Sdfr argument = "certificate-store" 383178825Sdfr help = "pool to find parent certificate in" 384178825Sdfr } 385178825Sdfr min_args="2" 386178825Sdfr argument="outfile certs ..." 387178825Sdfr help = "Fetch OCSP responses for the following certs" 388178825Sdfr} 389178825Sdfrcommand = { 390178825Sdfr option = { 391178825Sdfr long = "ocsp-file" 392178825Sdfr type = "string" 393178825Sdfr help = "OCSP file" 394178825Sdfr } 395178825Sdfr name = "ocsp-verify" 396178825Sdfr min_args="1" 397178825Sdfr argument="certificates ..." 398178825Sdfr help = "Check that certificates are in OCSP file and valid" 399178825Sdfr} 400178825Sdfrcommand = { 401178825Sdfr name = "ocsp-print" 402178825Sdfr option = { 403178825Sdfr long = "verbose" 404178825Sdfr type = "flag" 405178825Sdfr help = "verbose" 406178825Sdfr } 407178825Sdfr min_args="1" 408178825Sdfr argument="ocsp-response-file ..." 409178825Sdfr help = "Print the OCSP responses" 410178825Sdfr} 411178825Sdfrcommand = { 412178825Sdfr name = "request-create" 413178825Sdfr option = { 414178825Sdfr long = "subject" 415178825Sdfr type = "string" 416178825Sdfr help = "Subject DN" 417178825Sdfr } 418178825Sdfr option = { 419178825Sdfr long = "email" 420178825Sdfr type = "strings" 421178825Sdfr help = "Email address in SubjectAltName" 422178825Sdfr } 423178825Sdfr option = { 424178825Sdfr long = "dnsname" 425178825Sdfr type = "strings" 426178825Sdfr help = "Hostname or domainname in SubjectAltName" 427178825Sdfr } 428178825Sdfr option = { 429178825Sdfr long = "type" 430178825Sdfr type = "string" 431178825Sdfr help = "Type of request CRMF or PKCS10, defaults to PKCS10" 432178825Sdfr } 433178825Sdfr option = { 434178825Sdfr long = "key" 435178825Sdfr type = "string" 436178825Sdfr help = "Key-pair" 437178825Sdfr } 438178825Sdfr option = { 439178825Sdfr long = "generate-key" 440178825Sdfr type = "string" 441178825Sdfr help = "keytype" 442178825Sdfr } 443178825Sdfr option = { 444178825Sdfr long = "key-bits" 445178825Sdfr type = "integer" 446178825Sdfr help = "number of bits in the generated key"; 447178825Sdfr } 448178825Sdfr option = { 449178825Sdfr long = "verbose" 450178825Sdfr type = "flag" 451178825Sdfr help = "verbose status" 452178825Sdfr } 453178825Sdfr min_args="1" 454178825Sdfr max_args="1" 455178825Sdfr argument="output-file" 456178825Sdfr help = "Create a CRMF or PKCS10 request" 457178825Sdfr} 458178825Sdfrcommand = { 459178825Sdfr name = "request-print" 460178825Sdfr option = { 461178825Sdfr long = "verbose" 462178825Sdfr type = "flag" 463178825Sdfr help = "verbose printing" 464178825Sdfr } 465178825Sdfr min_args="1" 466178825Sdfr argument="requests ..." 467178825Sdfr help = "Print requests" 468178825Sdfr} 469178825Sdfrcommand = { 470178825Sdfr name = "query" 471178825Sdfr option = { 472178825Sdfr long = "exact" 473178825Sdfr type = "flag" 474178825Sdfr help = "exact match" 475178825Sdfr } 476178825Sdfr option = { 477178825Sdfr long = "private-key" 478178825Sdfr type = "flag" 479178825Sdfr help = "search for private key" 480178825Sdfr } 481178825Sdfr option = { 482178825Sdfr long = "friendlyname" 483178825Sdfr type = "string" 484178825Sdfr argument = "name" 485178825Sdfr help = "match on friendly name" 486178825Sdfr } 487178825Sdfr option = { 488233294Sstas long = "eku" 489233294Sstas type = "string" 490233294Sstas argument = "oid-string" 491233294Sstas help = "match on EKU" 492233294Sstas } 493233294Sstas option = { 494233294Sstas long = "expr" 495233294Sstas type = "string" 496233294Sstas argument = "expression" 497233294Sstas help = "match on expression" 498233294Sstas } 499233294Sstas option = { 500178825Sdfr long = "keyEncipherment" 501178825Sdfr type = "flag" 502178825Sdfr help = "match keyEncipherment certificates" 503178825Sdfr } 504178825Sdfr option = { 505178825Sdfr long = "digitalSignature" 506178825Sdfr type = "flag" 507178825Sdfr help = "match digitalSignature certificates" 508178825Sdfr } 509178825Sdfr option = { 510178825Sdfr long = "print" 511178825Sdfr type = "flag" 512178825Sdfr help = "print matches" 513178825Sdfr } 514178825Sdfr option = { 515178825Sdfr long = "pass" 516178825Sdfr type = "strings" 517178825Sdfr argument = "password" 518178825Sdfr help = "password, prompter, or environment" 519178825Sdfr } 520178825Sdfr min_args="1" 521178825Sdfr argument="certificates ..." 522178825Sdfr help = "Query the certificates for a match" 523178825Sdfr} 524178825Sdfrcommand = { 525178825Sdfr name = "info" 526178825Sdfr} 527178825Sdfrcommand = { 528178825Sdfr name = "random-data" 529178825Sdfr min_args="1" 530178825Sdfr argument="bytes" 531178825Sdfr help = "Generates random bytes and prints them to standard output" 532178825Sdfr} 533178825Sdfrcommand = { 534178825Sdfr option = { 535178825Sdfr long = "type" 536178825Sdfr type = "string" 537178825Sdfr help = "type of CMS algorithm" 538178825Sdfr } 539178825Sdfr name = "crypto-available" 540178825Sdfr min_args="0" 541178825Sdfr help = "Print available CMS crypto types" 542178825Sdfr} 543178825Sdfrcommand = { 544178825Sdfr option = { 545178825Sdfr long = "type" 546178825Sdfr type = "string" 547178825Sdfr help = "type of CMS algorithm" 548178825Sdfr } 549178825Sdfr option = { 550178825Sdfr long = "certificate" 551178825Sdfr type = "string" 552178825Sdfr help = "source certificate limiting the choices" 553178825Sdfr } 554178825Sdfr option = { 555178825Sdfr long = "peer-cmstype" 556178825Sdfr type = "strings" 557178825Sdfr help = "peer limiting cmstypes" 558178825Sdfr } 559178825Sdfr name = "crypto-select" 560178825Sdfr min_args="0" 561178825Sdfr help = "Print selected CMS type" 562178825Sdfr} 563178825Sdfrcommand = { 564178825Sdfr option = { 565178825Sdfr long = "decode" 566178825Sdfr short = "d" 567178825Sdfr type = "flag" 568178825Sdfr help = "decode instead of encode" 569178825Sdfr } 570178825Sdfr name = "hex" 571178825Sdfr function = "hxtool_hex" 572178825Sdfr min_args="0" 573178825Sdfr help = "Encode input to hex" 574178825Sdfr} 575178825Sdfrcommand = { 576178825Sdfr option = { 577178825Sdfr long = "issue-ca" 578178825Sdfr type = "flag" 579178825Sdfr help = "Issue a CA certificate" 580178825Sdfr } 581178825Sdfr option = { 582178825Sdfr long = "issue-proxy" 583178825Sdfr type = "flag" 584178825Sdfr help = "Issue a proxy certificate" 585178825Sdfr } 586178825Sdfr option = { 587178825Sdfr long = "domain-controller" 588178825Sdfr type = "flag" 589178825Sdfr help = "Issue a MS domaincontroller certificate" 590178825Sdfr } 591178825Sdfr option = { 592178825Sdfr long = "subject" 593178825Sdfr type = "string" 594178825Sdfr help = "Subject of issued certificate" 595178825Sdfr } 596178825Sdfr option = { 597178825Sdfr long = "ca-certificate" 598178825Sdfr type = "string" 599178825Sdfr help = "Issuing CA certificate" 600178825Sdfr } 601178825Sdfr option = { 602178825Sdfr long = "self-signed" 603178825Sdfr type = "flag" 604178825Sdfr help = "Issuing a self-signed certificate" 605178825Sdfr } 606178825Sdfr option = { 607178825Sdfr long = "ca-private-key" 608178825Sdfr type = "string" 609178825Sdfr help = "Private key for self-signed certificate" 610178825Sdfr } 611178825Sdfr option = { 612178825Sdfr long = "certificate" 613178825Sdfr type = "string" 614178825Sdfr help = "Issued certificate" 615178825Sdfr } 616178825Sdfr option = { 617178825Sdfr long = "type" 618178825Sdfr type = "strings" 619233294Sstas help = "Types of certificate to issue (can be used more then once)" 620178825Sdfr } 621178825Sdfr option = { 622178825Sdfr long = "lifetime" 623178825Sdfr type = "string" 624178825Sdfr help = "Lifetime of certificate" 625178825Sdfr } 626178825Sdfr option = { 627178825Sdfr long = "serial-number" 628178825Sdfr type = "string" 629178825Sdfr help = "serial-number of certificate" 630178825Sdfr } 631178825Sdfr option = { 632178825Sdfr long = "path-length" 633178825Sdfr default = "-1" 634178825Sdfr type = "integer" 635178825Sdfr help = "Maximum path length (CA and proxy certificates), -1 no limit" 636178825Sdfr } 637178825Sdfr option = { 638178825Sdfr long = "hostname" 639178825Sdfr type = "strings" 640178825Sdfr help = "DNS names this certificate is allowed to serve" 641178825Sdfr } 642178825Sdfr option = { 643178825Sdfr long = "email" 644178825Sdfr type = "strings" 645178825Sdfr help = "email addresses assigned to this certificate" 646178825Sdfr } 647178825Sdfr option = { 648178825Sdfr long = "pk-init-principal" 649178825Sdfr type = "string" 650178825Sdfr help = "PK-INIT principal (for SAN)" 651178825Sdfr } 652178825Sdfr option = { 653178825Sdfr long = "ms-upn" 654178825Sdfr type = "string" 655178825Sdfr help = "Microsoft UPN (for SAN)" 656178825Sdfr } 657178825Sdfr option = { 658178825Sdfr long = "jid" 659178825Sdfr type = "string" 660178825Sdfr help = "XMPP jabber id (for SAN)" 661178825Sdfr } 662178825Sdfr option = { 663178825Sdfr long = "req" 664178825Sdfr type = "string" 665178825Sdfr help = "certificate request" 666178825Sdfr } 667178825Sdfr option = { 668178825Sdfr long = "certificate-private-key" 669178825Sdfr type = "string" 670178825Sdfr help = "private-key" 671178825Sdfr } 672178825Sdfr option = { 673178825Sdfr long = "generate-key" 674178825Sdfr type = "string" 675178825Sdfr help = "keytype" 676178825Sdfr } 677178825Sdfr option = { 678178825Sdfr long = "key-bits" 679178825Sdfr type = "integer" 680178825Sdfr help = "number of bits in the generated key" 681178825Sdfr } 682178825Sdfr option = { 683178825Sdfr long = "crl-uri" 684178825Sdfr type = "string" 685178825Sdfr help = "URI to CRL" 686178825Sdfr } 687178825Sdfr option = { 688178825Sdfr long = "template-certificate" 689178825Sdfr type = "string" 690178825Sdfr help = "certificate" 691178825Sdfr } 692178825Sdfr option = { 693178825Sdfr long = "template-fields" 694178825Sdfr type = "string" 695178825Sdfr help = "flag" 696178825Sdfr } 697178825Sdfr name = "certificate-sign" 698178825Sdfr name = "cert-sign" 699178825Sdfr name = "issue-certificate" 700178825Sdfr name = "ca" 701178825Sdfr function = "hxtool_ca" 702178825Sdfr min_args="0" 703178825Sdfr help = "Issue a certificate" 704178825Sdfr} 705178825Sdfrcommand = { 706178825Sdfr name = "test-crypto" 707178825Sdfr option = { 708178825Sdfr long = "pass" 709178825Sdfr type = "strings" 710178825Sdfr argument = "password" 711178825Sdfr help = "password, prompter, or environment" 712178825Sdfr } 713178825Sdfr option = { 714178825Sdfr long = "verbose" 715178825Sdfr type = "flag" 716178825Sdfr help = "verbose printing" 717178825Sdfr } 718178825Sdfr min_args="1" 719178825Sdfr argument="certificates..." 720178825Sdfr help = "Test crypto system related to the certificates" 721178825Sdfr} 722178825Sdfrcommand = { 723178825Sdfr option = { 724178825Sdfr long = "type" 725178825Sdfr type = "integer" 726178825Sdfr help = "type of statistics" 727178825Sdfr } 728178825Sdfr name = "statistic-print" 729178825Sdfr min_args="0" 730178825Sdfr help = "Print statistics" 731178825Sdfr} 732178825Sdfrcommand = { 733178825Sdfr option = { 734178825Sdfr long = "signer" 735178825Sdfr type = "string" 736178825Sdfr help = "signer certificate" 737178825Sdfr } 738178825Sdfr option = { 739178825Sdfr long = "pass" 740178825Sdfr type = "strings" 741178825Sdfr argument = "password" 742178825Sdfr help = "password, prompter, or environment" 743178825Sdfr } 744178825Sdfr option = { 745178825Sdfr long = "crl-file" 746178825Sdfr type = "string" 747178825Sdfr help = "CRL output file" 748178825Sdfr } 749178825Sdfr option = { 750178825Sdfr long = "lifetime" 751178825Sdfr type = "string" 752178825Sdfr help = "time the crl will be valid" 753178825Sdfr } 754178825Sdfr name = "crl-sign" 755178825Sdfr min_args="0" 756178825Sdfr argument="certificates..." 757178825Sdfr help = "Create a CRL" 758178825Sdfr} 759178825Sdfrcommand = { 760178825Sdfr name = "help" 761178825Sdfr name = "?" 762178825Sdfr argument = "[command]" 763178825Sdfr min_args = "0" 764178825Sdfr max_args = "1" 765178825Sdfr help = "Help! I need somebody" 766178825Sdfr} 767