diff options
Diffstat (limited to '')
-rw-r--r-- | src/certtool-options.c | 857 |
1 files changed, 857 insertions, 0 deletions
diff --git a/src/certtool-options.c b/src/certtool-options.c new file mode 100644 index 0000000..0c97da3 --- /dev/null +++ b/src/certtool-options.c @@ -0,0 +1,857 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "certtool-options.h" +#include <errno.h> +#include <error.h> +#include <getopt.h> +#include <limits.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#ifndef _WIN32 +#include <unistd.h> +#endif /* !_WIN32 */ +#include <limits.h> + +struct certtool_options certtool_options; + +static long +parse_number (const char *arg) +{ + char *endptr = NULL; + errno = 0; + long result; + + if (strncmp (arg, "0x", 2) == 0) + result = strtol (arg + 2, &endptr, 16); + else if (strncmp (arg, "0", 1) == 0 + && strspn (arg, "012345678") == strlen (optarg)) + result = strtol (arg + 1, &endptr, 8); + else + result = strtol (arg, &endptr, 10); + + if (errno != 0 || (endptr && *endptr != '\0')) + error (EXIT_FAILURE, errno, "'%s' is not a recognizable number.", + arg); + + return result; +} + +/* Long options. */ +static const struct option long_options[] = +{ + { "debug", required_argument, 0, 'd' }, + { "verbose", no_argument, 0, 'V' }, + { "infile", required_argument, 0, CHAR_MAX + 1 }, + { "outfile", required_argument, 0, CHAR_MAX + 2 }, + { "certificate-info", no_argument, 0, 'i' }, + { "pubkey-info", no_argument, 0, CHAR_MAX + 3 }, + { "generate-self-signed", no_argument, 0, 's' }, + { "generate-certificate", no_argument, 0, 'c' }, + { "generate-proxy", no_argument, 0, CHAR_MAX + 4 }, + { "update-certificate", no_argument, 0, 'u' }, + { "fingerprint", no_argument, 0, CHAR_MAX + 5 }, + { "key-id", no_argument, 0, CHAR_MAX + 6 }, + { "certificate-pubkey", no_argument, 0, CHAR_MAX + 7 }, + { "v1", no_argument, 0, CHAR_MAX + 8 }, + { "sign-params", required_argument, 0, CHAR_MAX + 9 }, + { "crq-info", no_argument, 0, CHAR_MAX + 10 }, + { "generate-request", no_argument, 0, 'q' }, + { "no-crq-extensions", no_argument, 0, CHAR_MAX + 11 }, + { "p12-info", no_argument, 0, CHAR_MAX + 12 }, + { "p12-name", required_argument, 0, CHAR_MAX + 13 }, + { "to-p12", no_argument, 0, CHAR_MAX + 14 }, + { "key-info", no_argument, 0, 'k' }, + { "p8-info", no_argument, 0, CHAR_MAX + 15 }, + { "to-rsa", no_argument, 0, CHAR_MAX + 16 }, + { "generate-privkey", no_argument, 0, 'p' }, + { "key-type", required_argument, 0, CHAR_MAX + 17 }, + { "bits", required_argument, 0, CHAR_MAX + 18 }, + { "curve", required_argument, 0, CHAR_MAX + 19 }, + { "sec-param", required_argument, 0, CHAR_MAX + 20 }, + { "to-p8", no_argument, 0, CHAR_MAX + 21 }, + { "pkcs8", no_argument, 0, '8' }, + { "provable", no_argument, 0, CHAR_MAX + 22 }, + { "verify-provable-privkey", no_argument, 0, CHAR_MAX + 23 }, + { "seed", required_argument, 0, CHAR_MAX + 24 }, + { "crl-info", no_argument, 0, 'l' }, + { "generate-crl", no_argument, 0, CHAR_MAX + 25 }, + { "verify-crl", no_argument, 0, CHAR_MAX + 26 }, + { "verify-chain", no_argument, 0, 'e' }, + { "verify", no_argument, 0, CHAR_MAX + 27 }, + { "verify-hostname", required_argument, 0, CHAR_MAX + 28 }, + { "verify-email", required_argument, 0, CHAR_MAX + 29 }, + { "verify-purpose", required_argument, 0, CHAR_MAX + 30 }, + { "verify-allow-broken", no_argument, 0, CHAR_MAX + 31 }, + { "verify-profile", required_argument, 0, CHAR_MAX + 32 }, + { "p7-generate", no_argument, 0, CHAR_MAX + 33 }, + { "p7-sign", no_argument, 0, CHAR_MAX + 34 }, + { "p7-detached-sign", no_argument, 0, CHAR_MAX + 35 }, + { "p7-include-cert", no_argument, 0, CHAR_MAX + 36 }, + { "no-p7-include-cert", no_argument, 0, CHAR_MAX + 37 }, + { "p7-time", no_argument, 0, CHAR_MAX + 38 }, + { "no-p7-time", no_argument, 0, CHAR_MAX + 39 }, + { "p7-show-data", no_argument, 0, CHAR_MAX + 40 }, + { "no-p7-show-data", no_argument, 0, CHAR_MAX + 41 }, + { "p7-info", no_argument, 0, CHAR_MAX + 42 }, + { "p7-verify", no_argument, 0, CHAR_MAX + 43 }, + { "smime-to-p7", no_argument, 0, CHAR_MAX + 44 }, + { "generate-dh-params", no_argument, 0, CHAR_MAX + 45 }, + { "get-dh-params", no_argument, 0, CHAR_MAX + 46 }, + { "dh-info", no_argument, 0, CHAR_MAX + 47 }, + { "load-privkey", required_argument, 0, CHAR_MAX + 48 }, + { "load-pubkey", required_argument, 0, CHAR_MAX + 49 }, + { "load-request", required_argument, 0, CHAR_MAX + 50 }, + { "load-certificate", required_argument, 0, CHAR_MAX + 51 }, + { "load-ca-privkey", required_argument, 0, CHAR_MAX + 52 }, + { "load-ca-certificate", required_argument, 0, CHAR_MAX + 53 }, + { "load-crl", required_argument, 0, CHAR_MAX + 54 }, + { "load-data", required_argument, 0, CHAR_MAX + 55 }, + { "password", required_argument, 0, CHAR_MAX + 56 }, + { "null-password", no_argument, 0, CHAR_MAX + 57 }, + { "empty-password", no_argument, 0, CHAR_MAX + 58 }, + { "hex-numbers", no_argument, 0, CHAR_MAX + 59 }, + { "cprint", no_argument, 0, CHAR_MAX + 60 }, + { "rsa", no_argument, 0, CHAR_MAX + 61 }, + { "dsa", no_argument, 0, CHAR_MAX + 62 }, + { "ecc", no_argument, 0, CHAR_MAX + 63 }, + { "ecdsa", no_argument, 0, CHAR_MAX + 64 }, + { "hash", required_argument, 0, CHAR_MAX + 65 }, + { "salt-size", required_argument, 0, CHAR_MAX + 66 }, + { "inder", no_argument, 0, CHAR_MAX + 67 }, + { "inraw", no_argument, 0, CHAR_MAX + 69 }, + { "no-inder", no_argument, 0, CHAR_MAX + 68 }, + { "outder", no_argument, 0, CHAR_MAX + 70 }, + { "outraw", no_argument, 0, CHAR_MAX + 72 }, + { "no-outder", no_argument, 0, CHAR_MAX + 71 }, + { "disable-quick-random", no_argument, 0, CHAR_MAX + 73 }, + { "template", required_argument, 0, CHAR_MAX + 74 }, + { "stdout-info", no_argument, 0, CHAR_MAX + 75 }, + { "ask-pass", no_argument, 0, CHAR_MAX + 76 }, + { "pkcs-cipher", required_argument, 0, CHAR_MAX + 77 }, + { "provider", required_argument, 0, CHAR_MAX + 78 }, + { "text", no_argument, 0, CHAR_MAX + 79 }, + { "no-text", no_argument, 0, CHAR_MAX + 80 }, + { "version", optional_argument, 0, 'v' }, + { "help", no_argument, 0, 'h' }, + { "more-help", no_argument, 0, '!' }, + { 0, 0, 0, 0 } + +}; + +int +process_options (int argc, char **argv) +{ + struct certtool_options *opts = &certtool_options; + int opt; + + opts->enabled.p7_include_cert = true; + opts->enabled.text = true; + while ((opt = getopt_long (argc, argv, "!8Vcd:ehiklpqsuv:", + long_options, NULL)) != EOF) + switch (opt) + { + case '\0': /* Long option. */ + break; + case 'd': + opts->present.debug = true; + opts->arg.debug = optarg; + opts->value.debug = parse_number(optarg); + opts->enabled.debug = true; + break; + case 'V': + opts->present.verbose = true; + opts->enabled.verbose = true; + break; + case CHAR_MAX + 1: /* --infile */ + opts->present.infile = true; + opts->arg.infile = optarg; + opts->enabled.infile = true; + break; + case CHAR_MAX + 2: /* --outfile */ + opts->present.outfile = true; + opts->arg.outfile = optarg; + opts->enabled.outfile = true; + break; + case 'i': + opts->present.certificate_info = true; + opts->enabled.certificate_info = true; + break; + case CHAR_MAX + 3: /* --pubkey-info */ + opts->present.pubkey_info = true; + opts->enabled.pubkey_info = true; + break; + case 's': + opts->present.generate_self_signed = true; + opts->enabled.generate_self_signed = true; + break; + case 'c': + opts->present.generate_certificate = true; + opts->enabled.generate_certificate = true; + break; + case CHAR_MAX + 4: /* --generate-proxy */ + opts->present.generate_proxy = true; + opts->enabled.generate_proxy = true; + break; + case 'u': + opts->present.update_certificate = true; + opts->enabled.update_certificate = true; + break; + case CHAR_MAX + 5: /* --fingerprint */ + opts->present.fingerprint = true; + opts->enabled.fingerprint = true; + break; + case CHAR_MAX + 6: /* --key-id */ + opts->present.key_id = true; + opts->enabled.key_id = true; + break; + case CHAR_MAX + 7: /* --certificate-pubkey */ + opts->present.certificate_pubkey = true; + opts->enabled.certificate_pubkey = true; + break; + case CHAR_MAX + 8: /* --v1 */ + opts->present.v1 = true; + opts->enabled.v1 = true; + break; + case CHAR_MAX + 9: /* --sign-params */ + opts->present.sign_params = true; + opts->arg.sign_params = optarg; + opts->enabled.sign_params = true; + break; + case CHAR_MAX + 10: /* --crq-info */ + opts->present.crq_info = true; + opts->enabled.crq_info = true; + break; + case 'q': + opts->present.generate_request = true; + opts->enabled.generate_request = true; + break; + case CHAR_MAX + 11: /* --no-crq-extensions */ + opts->present.no_crq_extensions = true; + opts->enabled.no_crq_extensions = true; + break; + case CHAR_MAX + 12: /* --p12-info */ + opts->present.p12_info = true; + opts->enabled.p12_info = true; + break; + case CHAR_MAX + 13: /* --p12-name */ + opts->present.p12_name = true; + opts->arg.p12_name = optarg; + opts->enabled.p12_name = true; + break; + case CHAR_MAX + 14: /* --to-p12 */ + opts->present.to_p12 = true; + opts->enabled.to_p12 = true; + break; + case 'k': + opts->present.key_info = true; + opts->enabled.key_info = true; + break; + case CHAR_MAX + 15: /* --p8-info */ + opts->present.p8_info = true; + opts->enabled.p8_info = true; + break; + case CHAR_MAX + 16: /* --to-rsa */ + opts->present.to_rsa = true; + opts->enabled.to_rsa = true; + break; + case 'p': + opts->present.generate_privkey = true; + opts->enabled.generate_privkey = true; + break; + case CHAR_MAX + 17: /* --key-type */ + opts->present.key_type = true; + opts->arg.key_type = optarg; + opts->enabled.key_type = true; + break; + case CHAR_MAX + 18: /* --bits */ + opts->present.bits = true; + opts->arg.bits = optarg; + opts->value.bits = parse_number(optarg); + opts->enabled.bits = true; + break; + case CHAR_MAX + 19: /* --curve */ + opts->present.curve = true; + opts->arg.curve = optarg; + opts->enabled.curve = true; + break; + case CHAR_MAX + 20: /* --sec-param */ + opts->present.sec_param = true; + opts->arg.sec_param = optarg; + opts->enabled.sec_param = true; + break; + case CHAR_MAX + 21: /* --to-p8 */ + opts->present.to_p8 = true; + opts->enabled.to_p8 = true; + break; + case '8': + opts->present.pkcs8 = true; + opts->enabled.pkcs8 = true; + break; + case CHAR_MAX + 22: /* --provable */ + opts->present.provable = true; + opts->enabled.provable = true; + break; + case CHAR_MAX + 23: /* --verify-provable-privkey */ + opts->present.verify_provable_privkey = true; + opts->enabled.verify_provable_privkey = true; + break; + case CHAR_MAX + 24: /* --seed */ + opts->present.seed = true; + opts->arg.seed = optarg; + opts->enabled.seed = true; + break; + case 'l': + opts->present.crl_info = true; + opts->enabled.crl_info = true; + break; + case CHAR_MAX + 25: /* --generate-crl */ + opts->present.generate_crl = true; + opts->enabled.generate_crl = true; + break; + case CHAR_MAX + 26: /* --verify-crl */ + opts->present.verify_crl = true; + opts->enabled.verify_crl = true; + break; + case 'e': + opts->present.verify_chain = true; + opts->enabled.verify_chain = true; + break; + case CHAR_MAX + 27: /* --verify */ + opts->present.verify = true; + opts->enabled.verify = true; + break; + case CHAR_MAX + 28: /* --verify-hostname */ + opts->present.verify_hostname = true; + opts->arg.verify_hostname = optarg; + opts->enabled.verify_hostname = true; + break; + case CHAR_MAX + 29: /* --verify-email */ + opts->present.verify_email = true; + opts->arg.verify_email = optarg; + opts->enabled.verify_email = true; + break; + case CHAR_MAX + 30: /* --verify-purpose */ + opts->present.verify_purpose = true; + opts->arg.verify_purpose = optarg; + opts->enabled.verify_purpose = true; + break; + case CHAR_MAX + 31: /* --verify-allow-broken */ + opts->present.verify_allow_broken = true; + opts->enabled.verify_allow_broken = true; + break; + case CHAR_MAX + 32: /* --verify-profile */ + opts->present.verify_profile = true; + opts->arg.verify_profile = optarg; + opts->enabled.verify_profile = true; + break; + case CHAR_MAX + 33: /* --p7-generate */ + opts->present.p7_generate = true; + opts->enabled.p7_generate = true; + break; + case CHAR_MAX + 34: /* --p7-sign */ + opts->present.p7_sign = true; + opts->enabled.p7_sign = true; + break; + case CHAR_MAX + 35: /* --p7-detached-sign */ + opts->present.p7_detached_sign = true; + opts->enabled.p7_detached_sign = true; + break; + case CHAR_MAX + 36: /* --p7-include-cert */ + opts->present.p7_include_cert = true; + opts->enabled.p7_include_cert = true; + break; + case CHAR_MAX + 37: /* --no-p7-include-cert */ + opts->present.p7_include_cert = true; + opts->enabled.p7_include_cert = false; + break; + case CHAR_MAX + 38: /* --p7-time */ + opts->present.p7_time = true; + opts->enabled.p7_time = true; + break; + case CHAR_MAX + 39: /* --no-p7-time */ + opts->present.p7_time = true; + opts->enabled.p7_time = false; + break; + case CHAR_MAX + 40: /* --p7-show-data */ + opts->present.p7_show_data = true; + opts->enabled.p7_show_data = true; + break; + case CHAR_MAX + 41: /* --no-p7-show-data */ + opts->present.p7_show_data = true; + opts->enabled.p7_show_data = false; + break; + case CHAR_MAX + 42: /* --p7-info */ + opts->present.p7_info = true; + opts->enabled.p7_info = true; + break; + case CHAR_MAX + 43: /* --p7-verify */ + opts->present.p7_verify = true; + opts->enabled.p7_verify = true; + break; + case CHAR_MAX + 44: /* --smime-to-p7 */ + opts->present.smime_to_p7 = true; + opts->enabled.smime_to_p7 = true; + break; + case CHAR_MAX + 45: /* --generate-dh-params */ + opts->present.generate_dh_params = true; + opts->enabled.generate_dh_params = true; + break; + case CHAR_MAX + 46: /* --get-dh-params */ + opts->present.get_dh_params = true; + opts->enabled.get_dh_params = true; + break; + case CHAR_MAX + 47: /* --dh-info */ + opts->present.dh_info = true; + opts->enabled.dh_info = true; + break; + case CHAR_MAX + 48: /* --load-privkey */ + opts->present.load_privkey = true; + opts->arg.load_privkey = optarg; + opts->enabled.load_privkey = true; + break; + case CHAR_MAX + 49: /* --load-pubkey */ + opts->present.load_pubkey = true; + opts->arg.load_pubkey = optarg; + opts->enabled.load_pubkey = true; + break; + case CHAR_MAX + 50: /* --load-request */ + opts->present.load_request = true; + opts->arg.load_request = optarg; + opts->enabled.load_request = true; + break; + case CHAR_MAX + 51: /* --load-certificate */ + opts->present.load_certificate = true; + opts->arg.load_certificate = optarg; + opts->enabled.load_certificate = true; + break; + case CHAR_MAX + 52: /* --load-ca-privkey */ + opts->present.load_ca_privkey = true; + opts->arg.load_ca_privkey = optarg; + opts->enabled.load_ca_privkey = true; + break; + case CHAR_MAX + 53: /* --load-ca-certificate */ + opts->present.load_ca_certificate = true; + opts->arg.load_ca_certificate = optarg; + opts->enabled.load_ca_certificate = true; + break; + case CHAR_MAX + 54: /* --load-crl */ + opts->present.load_crl = true; + opts->arg.load_crl = optarg; + opts->enabled.load_crl = true; + break; + case CHAR_MAX + 55: /* --load-data */ + opts->present.load_data = true; + opts->arg.load_data = optarg; + opts->enabled.load_data = true; + break; + case CHAR_MAX + 56: /* --password */ + opts->present.password = true; + opts->arg.password = optarg; + opts->enabled.password = true; + break; + case CHAR_MAX + 57: /* --null-password */ + opts->present.null_password = true; + opts->enabled.null_password = true; + break; + case CHAR_MAX + 58: /* --empty-password */ + opts->present.empty_password = true; + opts->enabled.empty_password = true; + break; + case CHAR_MAX + 59: /* --hex-numbers */ + opts->present.hex_numbers = true; + opts->enabled.hex_numbers = true; + break; + case CHAR_MAX + 60: /* --cprint */ + opts->present.cprint = true; + opts->enabled.cprint = true; + break; + case CHAR_MAX + 61: /* --rsa */ + opts->present.rsa = true; + opts->enabled.rsa = true; + break; + case CHAR_MAX + 62: /* --dsa */ + opts->present.dsa = true; + opts->enabled.dsa = true; + break; + case CHAR_MAX + 63: /* --ecc */ + case CHAR_MAX + 64: /* --ecdsa */ + opts->present.ecc = true; + opts->enabled.ecc = true; + break; + case CHAR_MAX + 65: /* --hash */ + opts->present.hash = true; + opts->arg.hash = optarg; + opts->enabled.hash = true; + break; + case CHAR_MAX + 66: /* --salt-size */ + opts->present.salt_size = true; + opts->arg.salt_size = optarg; + opts->value.salt_size = parse_number(optarg); + opts->enabled.salt_size = true; + break; + case CHAR_MAX + 67: /* --inder */ + case CHAR_MAX + 69: /* --inraw */ + opts->present.inder = true; + opts->enabled.inder = true; + break; + case CHAR_MAX + 68: /* --no-inder */ + opts->present.inder = true; + opts->enabled.inder = false; + break; + case CHAR_MAX + 70: /* --outder */ + case CHAR_MAX + 72: /* --outraw */ + opts->present.outder = true; + opts->enabled.outder = true; + break; + case CHAR_MAX + 71: /* --no-outder */ + opts->present.outder = true; + opts->enabled.outder = false; + break; + case CHAR_MAX + 73: /* --disable-quick-random */ + opts->present.disable_quick_random = true; + opts->enabled.disable_quick_random = true; + break; + case CHAR_MAX + 74: /* --template */ + opts->present.template = true; + opts->arg.template = optarg; + opts->enabled.template = true; + break; + case CHAR_MAX + 75: /* --stdout-info */ + opts->present.stdout_info = true; + opts->enabled.stdout_info = true; + break; + case CHAR_MAX + 76: /* --ask-pass */ + opts->present.ask_pass = true; + opts->enabled.ask_pass = true; + break; + case CHAR_MAX + 77: /* --pkcs-cipher */ + opts->present.pkcs_cipher = true; + opts->arg.pkcs_cipher = optarg; + opts->enabled.pkcs_cipher = true; + break; + case CHAR_MAX + 78: /* --provider */ + opts->present.provider = true; + opts->arg.provider = optarg; + opts->enabled.provider = true; + break; + case CHAR_MAX + 79: /* --text */ + opts->present.text = true; + opts->enabled.text = true; + break; + case CHAR_MAX + 80: /* --no-text */ + opts->present.text = true; + opts->enabled.text = false; + break; + case 'v': + opts->present.version = true; + opts->arg.version = optarg; + opts->enabled.version = true; + break; + case 'h': + opts->present.help = true; + opts->enabled.help = true; + break; + case '!': + opts->present.more_help = true; + opts->enabled.more_help = true; + break; + default: + usage (stderr, EXIT_FAILURE); + break; + } + + if (HAVE_OPT(DEBUG) && OPT_VALUE_DEBUG < 0) + { + error (EXIT_FAILURE, 0, "%s option value %d is out of range.", + "debug", opts->value.debug); + } + if (HAVE_OPT(DEBUG) && OPT_VALUE_DEBUG > 9999) + { + error (EXIT_FAILURE, 0, "%s option value %d is out of range", + "debug", opts->value.debug); + } + if (HAVE_OPT(GENERATE_REQUEST) && HAVE_OPT(INFILE)) + { + error (EXIT_FAILURE, 0, "the '%s' and '%s' options conflict", + "generate-request", "infile"); + } + if (HAVE_OPT(VERIFY_CRL) && !HAVE_OPT(LOAD_CA_CERTIFICATE)) + { + error (EXIT_FAILURE, 0, "%s option requires the %s options", + "verify-crl", "load_ca_certificate"); + } + if (HAVE_OPT(VERIFY_EMAIL) && HAVE_OPT(VERIFY_HOSTNAME)) + { + error (EXIT_FAILURE, 0, "the '%s' and '%s' options conflict", + "verify-email", "verify_hostname"); + } + if (optind < argc) + { + error (EXIT_FAILURE, 0, "Command line arguments are not allowed."); + } + + + if (HAVE_OPT(HELP)) + { + USAGE(0); + } + + if (HAVE_OPT(MORE_HELP)) +#ifdef _WIN32 + { + USAGE(0); + } +#else /* _WIN32 */ + { + pid_t pid; + int pfds[2]; + + if (pipe (pfds) < 0) + error (EXIT_FAILURE, errno, "pipe"); + + pid = fork (); + if (pid < 0) + error (EXIT_FAILURE, errno, "fork"); + + if (pid == 0) + { + close (pfds[0]); + dup2 (pfds[1], STDOUT_FILENO); + close (pfds[1]); + + usage (stdout, 0); + } + else + { + const char *args[2]; + const char *envvar; + + close (pfds[1]); + dup2 (pfds[0], STDIN_FILENO); + close (pfds[0]); + + envvar = secure_getenv ("PAGER"); + if (!envvar || *envvar == '\0') + args[0] = "more"; + else + args[0] = envvar; + + args[1] = NULL; + + execvp (args[0], (char * const *)args); + + exit (EXIT_FAILURE); + } + } +#endif /* !_WIN32 */ + + if (HAVE_OPT(VERSION)) + { + if (!OPT_ARG_VERSION || !strcmp (OPT_ARG_VERSION, "c")) + { + const char str[] = + "certtool 3.7.9\n" + "Copyright (C) 2000-2021 Free Software Foundation, and others\n" + "This is free software. It is licensed for use, modification and\n" + "redistribution under the terms of the GNU General Public License,\n" + "version 3 or later <http://gnu.org/licenses/gpl.html>\n" + "\n" + "Please send bug reports to: <bugs@gnutls.org> \n"; + fprintf (stdout, "%s", str); + exit(0); + } + else if (!strcmp (OPT_ARG_VERSION, "v")) + { + const char str[] = + "certtool 3.7.9\n"; + fprintf (stdout, "%s", str); + exit(0); + } + else if (!strcmp (OPT_ARG_VERSION, "n")) + { + const char str[] = + "certtool 3.7.9\n" + "Copyright (C) 2000-2021 Free Software Foundation, and others\n" + "This is free software. It is licensed for use, modification and\n" + "redistribution under the terms of the GNU General Public License,\n" + "version 3 or later <http://gnu.org/licenses/gpl.html>\n" + "\n" + "gnutls is free software: you can redistribute it and/or\n" + "modify it under the terms of the GNU General Public License\n" + "as published by the Free Software Foundation,\n" + "either version 3 of the License, or (at your option) any later version.\n" + "\n" + "gnutls is distributed in the hope that it will be useful,\n" + "but WITHOUT ANY WARRANTY; without even the implied warranty\n" + "of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n" + "See the GNU General Public License for more details.\n" + "\n" + "You should have received a copy of the GNU General Public License\n" + "along with this program. If not, see <http://www.gnu.org/licenses/>.\n" + "\n" + "Please send bug reports to: <bugs@gnutls.org> \n"; + fprintf (stdout, "%s", str); + exit(0); + } + else + { + error (EXIT_FAILURE, 0, + "version option argument 'a' invalid. Use:\n" + " 'v' - version only\n" + " 'c' - version and copyright\n" + " 'n' - version and full copyright notice"); + } + } + + return optind; +} + +void +usage (FILE *out, int status) +{ + const char str[] = + "certtool - GnuTLS certificate tool\n" + "Usage: certtool [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \n" + "\n" + "None:\n" + "\n" + " -d, --debug=num Enable debugging\n" + " - it must be in the range:\n" + " 0 to 9999\n" + " -V, --verbose More verbose output\n" + " --infile=file Input file\n" + " - file must pre-exist\n" + " --outfile=str Output file\n" + "\n" + "Certificate related options:\n" + "\n" + " -i, --certificate-info Print information on the given certificate\n" + " --pubkey-info Print information on a public key\n" + " -s, --generate-self-signed Generate a self-signed certificate\n" + " -c, --generate-certificate Generate a signed certificate\n" + " --generate-proxy Generates a proxy certificate\n" + " -u, --update-certificate Update a signed certificate\n" + " --fingerprint Print the fingerprint of the given certificate\n" + " --key-id Print the key ID of the given certificate\n" + " --v1 Generate an X.509 version 1 certificate (with no extensions)\n" + " --sign-params=str Sign a certificate with a specific signature algorithm\n" + "\n" + "Certificate request related options:\n" + "\n" + " --crq-info Print information on the given certificate request\n" + " -q, --generate-request Generate a PKCS #10 certificate request\n" + " - prohibits the option 'infile'\n" + " --no-crq-extensions Do not use extensions in certificate requests\n" + "\n" + "PKCS#12 file related options:\n" + "\n" + " --p12-info Print information on a PKCS #12 structure\n" + " --p12-name=str The PKCS #12 friendly name to use\n" + " --to-p12 Generate a PKCS #12 structure\n" + "\n" + "Private key related options:\n" + "\n" + " -k, --key-info Print information on a private key\n" + " --p8-info Print information on a PKCS #8 structure\n" + " --to-rsa Convert an RSA-PSS key to raw RSA format\n" + " -p, --generate-privkey Generate a private key\n" + " --key-type=str Specify the key type to use on key generation\n" + " --bits=num Specify the number of bits for key generation\n" + " --curve=str Specify the curve used for EC key generation\n" + " --sec-param=str Specify the security level [low, legacy, medium, high, ultra]\n" + " --to-p8 Convert a given key to a PKCS #8 structure\n" + " -8, --pkcs8 Use PKCS #8 format for private keys\n" + " --provable Generate a private key or parameters from a seed using a provable method\n" + " --verify-provable-privkey Verify a private key generated from a seed using a provable method\n" + " --seed=str When generating a private key use the given hex-encoded seed\n" + "\n" + "CRL related options:\n" + "\n" + " -l, --crl-info Print information on the given CRL structure\n" + " --generate-crl Generate a CRL\n" + " --verify-crl Verify a Certificate Revocation List using a trusted list\n" + " - requires the option 'load-ca-certificate'\n" + "\n" + "Certificate verification related options:\n" + "\n" + " -e, --verify-chain Verify a PEM encoded certificate chain\n" + " --verify Verify a PEM encoded certificate (chain) against a trusted set\n" + " --verify-hostname=str Specify a hostname to be used for certificate chain verification\n" + " --verify-email=str Specify a email to be used for certificate chain verification\n" + " - prohibits the option 'verify-hostname'\n" + " --verify-purpose=str Specify a purpose OID to be used for certificate chain verification\n" + " --verify-allow-broken Allow broken algorithms, such as MD5 for verification\n" + " --verify-profile=str Specify a security level profile to be used for verification\n" + "\n" + "PKCS#7 structure options:\n" + "\n" + " --p7-generate Generate a PKCS #7 structure\n" + " --p7-sign Signs using a PKCS #7 structure\n" + " --p7-detached-sign Signs using a detached PKCS #7 structure\n" + " --p7-include-cert The signer's certificate will be included in the cert list\n" + " - enabled by default\n" + " - disabled as '--no-p7-include-cert'\n" + " --p7-time Will include a timestamp in the PKCS #7 structure\n" + " --p7-show-data Will show the embedded data in the PKCS #7 structure\n" + " --p7-info Print information on a PKCS #7 structure\n" + " --p7-verify Verify the provided PKCS #7 structure\n" + " --smime-to-p7 Convert S/MIME to PKCS #7 structure\n" + "\n" + "Other options:\n" + "\n" + " --get-dh-params List the included PKCS #3 encoded Diffie-Hellman parameters\n" + " --dh-info Print information PKCS #3 encoded Diffie-Hellman parameters\n" + " --load-privkey=str Loads a private key file\n" + " --load-pubkey=str Loads a public key file\n" + " --load-request=str Loads a certificate request file\n" + " --load-certificate=str Loads a certificate file\n" + " --load-ca-privkey=str Loads the certificate authority's private key file\n" + " --load-ca-certificate=str Loads the certificate authority's certificate file\n" + " --load-crl=str Loads the provided CRL\n" + " --load-data=str Loads auxiliary data\n" + " --password=str Password to use\n" + " --null-password Enforce a NULL password\n" + " --empty-password Enforce an empty password\n" + " --hex-numbers Print big number in an easier format to parse\n" + " --cprint In certain operations it prints the information in C-friendly format\n" + " --hash=str Hash algorithm to use for signing\n" + " --salt-size=num Specify the RSA-PSS key default salt size\n" + " --inder Use DER format for input certificates, private keys, and DH parameters \n" + " --inraw an alias for the 'inder' option\n" + " --outder Use DER format for output certificates, private keys, and DH parameters\n" + " --outraw an alias for the 'outder' option\n" + " --template=str Template file to use for non-interactive operation\n" + " --stdout-info Print information to stdout instead of stderr\n" + " --ask-pass Enable interaction for entering password when in batch mode\n" + " --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations\n" + " --provider=str Specify the PKCS #11 provider library\n" + " --text Output textual information before PEM-encoded certificates, private keys, etc\n" + " - enabled by default\n" + " - disabled as '--no-text'\n" + "\n" + "Version, usage and configuration options:\n" + "\n" + " -v, --version[=arg] output version information and exit\n" + " -h, --help display extended usage information and exit\n" + " -!, --more-help extended usage information passed thru pager\n" + "\n" + "Options are specified by doubled hyphens and their name or by a single\n" + "hyphen and the flag character.\n" + "\n" + "Tool to parse and generate X.509 certificates, requests and private keys.\n" + "It can be used interactively or non interactively by\n" + "specifying the template command line option.\n" + "\n" + "The tool accepts files or supported URIs via the --infile option. In case PIN\n" + "is required for URI access you can provide it using the environment variables GNUTLS_PIN \n" + "and GNUTLS_SO_PIN.\n" + "\n" + "\n" + "Please send bug reports to: <bugs@gnutls.org>\n" + "\n"; + fprintf (out, "%s", str); + exit (status); +} |