298 lines
7.8 KiB
Bash
298 lines
7.8 KiB
Bash
# -*- mode: shell-script; sh-basic-offset: 8; indent-tabs-mode: t -*-
|
|
# ex: ts=8 sw=8 noet filetype=sh
|
|
#
|
|
# bash completion for openssl
|
|
|
|
have openssl && {
|
|
_openssl_sections()
|
|
{
|
|
local config f
|
|
|
|
# check if a specific configuration file is used
|
|
for (( i=2; i < COMP_CWORD; i++ )); do
|
|
if [[ "${COMP_WORDS[i]}" == -config ]]; then
|
|
config=${COMP_WORDS[i+1]}
|
|
break
|
|
fi
|
|
done
|
|
|
|
# if no config given, check some usual default locations
|
|
if [ -z "$config" ]; then
|
|
for f in /etc/ssl/openssl.cnf /etc/pki/tls/openssl.cnf \
|
|
/usr/share/ssl/openssl.cnf; do
|
|
[ -f $f ] && config=$f && break
|
|
done
|
|
fi
|
|
|
|
[ ! -f "$config" ] && return 0
|
|
|
|
COMPREPLY=( $( compgen -W "$( awk '/\[.*\]/ {print $2}' $config )" \
|
|
-- $cur ) )
|
|
}
|
|
|
|
_openssl()
|
|
{
|
|
local cur prev commands command options formats
|
|
|
|
COMPREPLY=()
|
|
cur=`_get_cword`
|
|
|
|
commands='asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa \
|
|
dsaparam ec ecparam enc engine errstr gendh gendsa genrsa \
|
|
nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa \
|
|
rsautl s_client s_server s_time sess_id smime speed spkac \
|
|
verify version x509 md2 md4 md5 rmd160 sha sha1 aes-128-cbc \
|
|
aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb \
|
|
base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc \
|
|
camellia-128-ecb camellia-192-cbc camellia-192-ecb \
|
|
camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc \
|
|
cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb \
|
|
des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 \
|
|
des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 \
|
|
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 \
|
|
rc4-40'
|
|
|
|
if [ $COMP_CWORD -eq 1 ]; then
|
|
COMPREPLY=( $( compgen -W "$commands" -- $cur ) )
|
|
else
|
|
command=${COMP_WORDS[1]}
|
|
prev=${COMP_WORDS[COMP_CWORD-1]}
|
|
case $prev in
|
|
-@(CA|CAfile|CAkey|CAserial|cert|certfile|config|content|dcert|dkey|dhparam|extfile|in|inkey|kfile|key|keyout|out|oid|prvrify|rand|recip|revoke|sess_in|sess_out|spkac|sign|signkey|signer|signature|ss_cert|untrusted|verify))
|
|
_filedir
|
|
return 0
|
|
;;
|
|
-@(outdir|CApath))
|
|
_filedir -d
|
|
return 0
|
|
;;
|
|
-@(name|crlexts|extensions))
|
|
_openssl_sections
|
|
return 0
|
|
;;
|
|
-@(in|out|key|cert|CA|CAkey|dkey|dcert)form)
|
|
formats='DER PEM'
|
|
case $command in
|
|
x509)
|
|
formats="$formats NET"
|
|
;;
|
|
smime)
|
|
formats="$formats SMIME"
|
|
;;
|
|
esac
|
|
COMPREPLY=( $( compgen -W "$formats" -- $cur ) )
|
|
return 0
|
|
;;
|
|
-connect)
|
|
_known_hosts
|
|
return 0
|
|
;;
|
|
-starttls)
|
|
COMPREPLY=( $( compgen -W 'smtp pop3 imap ftp' \
|
|
-- $cur ) )
|
|
return 0
|
|
;;
|
|
-cipher)
|
|
COMPREPLY=( $( compgen -W "$(openssl ciphers | \
|
|
tr ':' '\n')" -- $cur ) )
|
|
return 0
|
|
;;
|
|
esac
|
|
|
|
if [[ "$cur" == -* ]]; then
|
|
# possible options for the command
|
|
case $command in
|
|
asn1parse)
|
|
options='-inform -in -out -noout \
|
|
-offset -length -i -oid \
|
|
-strparse'
|
|
;;
|
|
ca)
|
|
options='-verbose -config -name \
|
|
-gencrl -revoke -crl_reason \
|
|
-crl_hold -crl_compromise \
|
|
-crl_CA_compromise -crldays \
|
|
-crlhours -crlexts -startdate \
|
|
-enddate -days -md -policy \
|
|
-keyfile -key -passin -cert \
|
|
-selfsig -in -out -notext \
|
|
-outdir -infiles -spkac \
|
|
-ss_cert -preserveDN \
|
|
-noemailDN -batch -msie_hack \
|
|
-extensions -extfile -engine \
|
|
-subj -utf8 -multivalue-rdn'
|
|
;;
|
|
ciphers)
|
|
options='-v -ssl2 -ssl3 -tls1'
|
|
;;
|
|
crl)
|
|
options='-inform -outform -text -in \
|
|
-out -noout -hash -issuer \
|
|
-lastupdate -nextupdate \
|
|
-CAfile -CApath'
|
|
;;
|
|
crl2pkcs7)
|
|
options='-inform -outform -in -out \
|
|
-print_certs'
|
|
;;
|
|
dgst)
|
|
options='-md5 -md4 -md2 -sha1 -sha \
|
|
-mdc2 -ripemd160 -dss1 -c -d \
|
|
-hex -binary -out -sign \
|
|
-verify -prverify -signature'
|
|
;;
|
|
dsa)
|
|
options='-inform -outform -in -passin \
|
|
-out -passout -des -des3 -idea \
|
|
-text -noout -modulus -pubin \
|
|
-pubout'
|
|
;;
|
|
dsaparam)
|
|
options='-inform -outform -in -out \
|
|
-noout -text -C -rand -genkey'
|
|
;;
|
|
enc)
|
|
options='-ciphername -in -out -pass \
|
|
-e -d -a -A -k -kfile -S -K \
|
|
-iv -p -P -bufsize -debug'
|
|
;;
|
|
dhparam)
|
|
options='-inform -outform -in -out \
|
|
-dsaparam -noout -text -C -2 \
|
|
-5 -rand'
|
|
;;
|
|
gendsa)
|
|
options='-out -des -des3 -idea -rand'
|
|
;;
|
|
genrsa)
|
|
options='-out -passout -des -des3 \
|
|
-idea -f4 -3 -rand'
|
|
;;
|
|
pkcs7)
|
|
options='-inform -outform -in -out \
|
|
-print_certs -text -noout'
|
|
;;
|
|
rand)
|
|
options='-out -rand -base64'
|
|
;;
|
|
req)
|
|
options='-inform -outform -in -passin \
|
|
-out -passout -text -noout \
|
|
-verify -modulus -new -rand \
|
|
-newkey -newkey -nodes -key \
|
|
-keyform -keyout -md5 -sha1 \
|
|
-md2 -mdc2 -config -x509 \
|
|
-days -asn1-kludge -newhdr \
|
|
-extensions -reqexts section'
|
|
;;
|
|
rsa)
|
|
options='-inform -outform -in -passin \
|
|
-out -passout -sgckey -des \
|
|
-des3 -idea -text -noout \
|
|
-modulus -check -pubin -pubout \
|
|
-engine'
|
|
;;
|
|
rsautl)
|
|
options='-in -out -inkey -pubin \
|
|
-certin -sign -verify -encrypt \
|
|
-decrypt -pkcs -ssl -raw \
|
|
-hexdump -asn1parse'
|
|
;;
|
|
s_client)
|
|
options='-connect -verify -cert \
|
|
-certform -key -keyform -pass \
|
|
-CApath -CAfile -reconnect \
|
|
-pause -showcerts -debug -msg \
|
|
-nbio_test -state -nbio -crlf \
|
|
-ign_eof -quiet -ssl2 -ssl3 \
|
|
-tls1 -no_ssl2 -no_ssl3 \
|
|
-no_tls1 -bugs -cipher \
|
|
-starttls -engine -tlsextdebug \
|
|
-no_ticket -sess_out -sess_in \
|
|
-rand'
|
|
;;
|
|
s_server)
|
|
options='-accept -context -verify \
|
|
-Verify -crl_check \
|
|
-crl_check_all -cert -certform \
|
|
-key -keyform -pass -dcert \
|
|
-dcertform -dkey -dkeyform \
|
|
-dpass -dhparam -nbio
|
|
-nbio_test -crlf -debug -msg \
|
|
-state -CApath -CAfile -nocert \
|
|
-cipher -quiet -no_tmp_rsa \
|
|
-ssl2 -ssl3 -tls1 -no_ssl2 \
|
|
-no_ssl3 -no_tls1 -no_dhe \
|
|
-bugs -hack -www -WWW -HTTP \
|
|
-engine -tlsextdebug \
|
|
-no_ticket -id_prefix -rand'
|
|
;;
|
|
s_time)
|
|
options='-connect -www -cert -key \
|
|
-CApath -CAfile -reuse -new \
|
|
-verify -nbio -time -ssl2 \
|
|
-ssl3 -bugs -cipher'
|
|
;;
|
|
sess_id)
|
|
options='-inform -outform -in -out \
|
|
-text -noout -context ID'
|
|
;;
|
|
smime)
|
|
options='-encrypt -decrypt -sign \
|
|
-verify -pk7out -des -des3 \
|
|
-rc2-40 -rc2-64 -rc2-128 \
|
|
-aes128 -aes192 -aes256 -in \
|
|
-certfile -signer -recip \
|
|
-inform -passin -inkey -out \
|
|
-outform -content -to -from \
|
|
-subject -text -rand'
|
|
;;
|
|
speed)
|
|
options='-engine'
|
|
;;
|
|
verify)
|
|
options='-CApath -CAfile -purpose \
|
|
-untrusted -help \
|
|
-issuer_checks -verbose \
|
|
-certificates'
|
|
;;
|
|
x509)
|
|
options='-inform -outform -keyform \
|
|
-CAform -CAkeyform -in -out \
|
|
-serial -hash -subject-hash \
|
|
-issuer_hash -subject -issuer \
|
|
-nameopt -email -startdate \
|
|
-enddate -purpose -dates \
|
|
-modulus -fingerprint -alias \
|
|
-noout -trustout -clrtrust \
|
|
-clrreject -addtrust \
|
|
-addreject -setalias -days \
|
|
-set_serial -signkey \
|
|
-x509toreq -req -CA -CAkey \
|
|
-CAcreateserial -CAserial \
|
|
-text -C -md2 -md5 -sha1 -mdc2 \
|
|
-clrext -extfile -extensions \
|
|
-engine'
|
|
;;
|
|
@(md5|md4|md2|sha1|sha|mdc2|ripemd160))
|
|
options='-c -d'
|
|
;;
|
|
esac
|
|
COMPREPLY=( $( compgen -W "$options" -- $cur ) )
|
|
else
|
|
if [[ "$command" == speed ]]; then
|
|
COMPREPLY=( $( compgen -W 'md2 mdc2 md5 hmac \
|
|
sha1 rmd160 idea-cbc rc2-cbc rc5-cbc \
|
|
bf-cbc des-cbc des-ede3 rc4 rsa512 \
|
|
rsa1024 rsa2048 rsa4096 dsa512 dsa1024 \
|
|
dsa2048 idea rc2 des rsa blowfish' -- \
|
|
$cur ) )
|
|
else
|
|
_filedir
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
complete -F _openssl $default openssl
|
|
}
|