]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Tool/SecurityCommands.h
Security-57740.31.2.tar.gz
[apple/security.git] / OSX / sec / Security / Tool / SecurityCommands.h
1 // This is a preprocessed file to define commands that we provide in Security part of the Sec module.
2
3 #include <SecurityTool/security_tool_commands.h>
4
5 SECURITY_COMMAND("add-internet-password", keychain_add_internet_password,
6 "[-a accountName] [-d securityDomain] [-p path] [-P port] [-r protocol] [-s serverName] [-t authenticationType] [-w passwordData] [keychain]\n"
7 " -a Use \"accountName\".\n"
8 " -d Use \"securityDomain\".\n"
9 " -p Use \"path\".\n"
10 " -P Use \"port\".\n"
11 " -r Use \"protocol\".\n"
12 " -s Use \"serverName\".\n"
13 " -t Use \"authenticationType\".\n"
14 " -w Use passwordData.\n"
15 "If no keychains is specified the password is added to the default keychain.",
16 "Add an internet password item.")
17
18 SECURITY_COMMAND("item", keychain_item,
19 "[-v][-a|-D|-u attr=value,...|[-q][-g] attr=value,...] [-d password | -f datafile] [attr=value,...]\n"
20 "-q Query for item matching (default). Note: as default query skips items with ACL, you have to define 'u_AuthUI=u_AuthUIA' if you want to query items with ACL\n"
21 "-g Get password data\n"
22 "-a Add item to keychain\n"
23 "-u Update item in keychain (require query to match)\n"
24 "-D Delete item from keychain\n"
25 "Add, query, update or delete items from the keychain. Extra attr=value pairs after options always apply to the query\n"
26 "class=[genp|inet|cert|keys] is required for the query\n"
27 "Security Access Control object can be passed as attribute accc with following syntax:\n"
28 "accc=\"<access class>[;operation[:constraint type(constraint parameters)]...]\""
29 "\nExample:\naccc=\"ak;od(cpo(DeviceOwnerAuthentication));odel(true);oe(true)\""
30 "\naccc=\"ak;od(cpo(DeviceOwnerAuthentication));odel(true);oe(true);prp(true)\""
31 "\naccc=\"ak;od(cup(true)pkofn(1)cbio(pbioc(<>)pbioh(<>)));odel(true);oe(true)\"",
32 "SAC object for deleting item added by default\n"
33 "Manipulate keychain items.")
34
35 SECURITY_COMMAND_IOS("add-certificates", keychain_add_certificates,
36 "[-k keychain] file...\n"
37 "If no keychains is specified the certificates are added to the default keychain.\n"
38 "\tadd-certificates -t file...\n"
39 "Add the specified certificates to the users TrustSettings.sqlite3 database.",
40 "Add certificates to the keychain.")
41
42 SECURITY_COMMAND_IOS("show-certificates", keychain_show_certificates,
43 "[-p][-s][-t] file...\n"
44 "[-k][-p][-s][-v][-t][-f][-q attr=value,...] [attr=value,...]\n"
45 " -k Show all certificates in keychain.\n"
46 " -q Query for certificates matching (implies -k)\n"
47 " -p Output cert in PEM format.\n"
48 " -f Show fingerprint (SHA1 digest of octects inside the public key bit string.)\n"
49 " -s Show subject.\n"
50 " -v Show entire certificate in text form.\n"
51 " -t Evaluate trust.",
52 "Display certificates in human readable form.")
53
54 SECURITY_COMMAND("find-internet-password", keychain_find_internet_password,
55 "[-a accountName] [-d securityDomain] [-g] [-p path] [-P port] [-r protocol] [-s serverName] [-t authenticationType] [keychain...]\n"
56 " -a Match on \"accountName\" when searching.\n"
57 " -d Match on \"securityDomain\" when searching.\n"
58 " -g Display the password for the item found.\n"
59 " -p Match on \"path\" when searching.\n"
60 " -P Match on \"port\" when searching.\n"
61 " -r Match on \"protocol\" when searching.\n"
62 " -s Match on \"serverName\" when searching.\n"
63 " -t Match on \"authenticationType\" when searching.\n"
64 "If no keychains are specified the default search list is used.",
65 "Find an internet password item.")
66
67 SECURITY_COMMAND("find-generic-password", keychain_find_generic_password,
68 "[-a accountName] [-s serviceName] [keychain...]\n"
69 " -a Match on \"accountName\" when searching.\n"
70 " -g Display the password for the item found.\n"
71 " -s Match on \"serviceName\" when searching.\n"
72 "If no keychains are specified the default search list is used.",
73 "Find a generic password item.")
74
75 SECURITY_COMMAND("delete-internet-password", keychain_delete_internet_password,
76 "[-a accountName] [-d securityDomain] [-g] [-p path] [-P port] [-r protocol] [-s serverName] [-t authenticationType] [keychain...]\n"
77 " -a Match on \"accountName\" when searching.\n"
78 " -d Match on \"securityDomain\" when searching.\n"
79 " -g Display the password for the item found.\n"
80 " -p Match on \"path\" when searching.\n"
81 " -P Match on \"port\" when searching.\n"
82 " -r Match on \"protocol\" when searching.\n"
83 " -s Match on \"serverName\" when searching.\n"
84 " -t Match on \"authenticationType\" when searching.\n"
85 "If no keychains are specified the default search list is used.",
86 "Delete one or more internet password items.")
87
88 SECURITY_COMMAND("delete-generic-password", keychain_delete_generic_password,
89 "[-a accountName] [-s serviceName] [keychain...]\n"
90 " -a Match on \"accountName\" when searching.\n"
91 " -g Display the password for the item found.\n"
92 " -s Match on \"serviceName\" when searching.\n"
93 "If no keychains are specified the default search list is used.",
94 "Delete one or more generic password items.")
95
96 SECURITY_COMMAND_IOS("keychain-export", keychain_export,
97 "-k <keybag> [-p password ] <plist>\n"
98 " <keybag> keybag file name. (Can be created with keystorectl)\n"
99 " <password> backup password (optional)\n"
100 " <plist> backup plist file\n",
101 "Export keychain to a plist file.")
102
103 SECURITY_COMMAND_IOS("keychain-import", keychain_import,
104 "-k <keybag> [-p <password> ] <plist>\n"
105 " <keybag> keybag file name. (Can be created with keystorectl)\n"
106 " <password> backup password (optional)\n"
107 " <plist> backup plist file\n",
108 "Import keychain from a plist file.")
109
110 SECURITY_COMMAND_IOS("pkcs12", pkcs12_util,
111 "[options] -p <password> file\n"
112 " -d delete identity\n",
113 "Manipulate pkcs12 blobs.")
114
115 SECURITY_COMMAND_IOS("scep", command_scep,
116 "[options] <url>\n"
117 " -b keysize Keysize in bits.\n"
118 " -u usage Key usage bitmask in decimal (Digital Signature = 1, Key Encipherment = 4).\n"
119 " -c challenge Challenge password.\n"
120 " -n name Service instance name (required for MS SCEP).\n"
121 " -v Verbose.\n"
122 " -x Turn cert validation off.\n"
123 " -s subject Subject to request (O=Apple,CN=iPhone).\n"
124 " -h subjaltname SubjectAlternateName (foo.com).\n"
125 " -o capabilities Override capabilities GetCACaps returns (POSTPKIOperation,SHA-1,DES3)\n",
126 "Certify a public key using a SCEP server")
127
128 SECURITY_COMMAND_IOS("codesign", codesign_util,
129 "[options] <file>\n",
130 "Verify code signature blob in binary.")
131
132 SECURITY_COMMAND_IOS("enroll-secure-profile", command_spc,
133 "[options] <file>\n",
134 "Enroll in secure profile service.")
135
136 SECURITY_COMMAND_IOS("keys-need-update", keychain_roll_keys,
137 "[options]\n"
138 " -f attempt an update.\n",
139 "Rotate keys.")
140
141 SECURITY_COMMAND("log", log_control,
142 "[options] [scope_list]\n"
143 " -l list current settings.\n"
144 " -s scope_list set log scopes to scope_list.\n"
145 " -c scope_list set log scopes to scope_list for all devices in circle.\n",
146 "control logging settings")
147
148 SECURITY_COMMAND_IOS("verify-cert", verify_cert,
149 "[options]\n"
150 " -c certFile Certificate to verify. Can be specified multiple times.\n"
151 " -r rootCertFile Root Certificate. Can be specified multiple times.\n"
152 " -p policy Verify policy (basic, ssl, smime, eap, IPSec, appleID,\n"
153 " codeSign, timestamp, revocation).\n"
154 " -d date Set date and time to use when verifying certificate,\n"
155 " provided in the form of YYYY-MM-DD-hh:mm:ss (time optional) in GMT.\n"
156 " e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT\n"
157 " -L Local certs only.\n"
158 " -n Name of the host (ssl, IPSec, smime)\n"
159 " -q Quiet.\n"
160 " -C Set client to true. Otherwise, verify-cert defaults to server (ssl, IPSec, eap).\n",
161 "Verify certificate(s).")
162
163 SECURITY_COMMAND_IOS("trust-store", trust_store_show_certificates,
164 "[-p][-f][-s][-v][-t][-k]\n"
165 " -p Output cert in PEM format.\n"
166 " -f Show fingerprint (SHA1 digest certificate.)\n"
167 " -s Show subject.\n"
168 " -v Show entire certificate in text form.\n"
169 " -t Show trust settings for certificates.\n"
170 " -k Show keyid (SHA1 digest of public key)",
171 "Display user trust store certificates and trust settings.")