aboutsummaryrefslogtreecommitdiff
path: root/zsh/.zsh/completion
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--zsh/.zsh/completion/_ag217
-rw-r--r--zsh/.zsh/completion/_berks34
-rw-r--r--zsh/.zsh/completion/_knife174
-rw-r--r--zsh/.zsh/completion/_openssl1695
-rw-r--r--zsh/.zsh/completion/_pass134
5 files changed, 2254 insertions, 0 deletions
diff --git a/zsh/.zsh/completion/_ag b/zsh/.zsh/completion/_ag
new file mode 100644
index 0000000..6a41710
--- /dev/null
+++ b/zsh/.zsh/completion/_ag
@@ -0,0 +1,217 @@
+#compdef ag
+# ------------------------------------------------------------------------------
+# Copyright (c) 2015 Github zsh-users - http://github.com/zsh-users
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# * Neither the name of the zsh-users nor the
+# names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# ------------------------------------------------------------------------------
+# Description
+# -----------
+#
+# Completion script for ag (https://github.com/ggreer/the_silver_searcher)
+#
+# ------------------------------------------------------------------------------
+# Authors
+# -------
+#
+# * Akira Maeda <https://github.com/glidenote>
+#
+# ------------------------------------------------------------------------------
+# -*- mode: zsh; sh-indentation: 2; indent-tabs-mode: nil; sh-basic-offset: 2; -*-
+# vim: ft=zsh sw=2 ts=2 et
+# ------------------------------------------------------------------------------
+_ag_version() {
+ local version
+ version=( $($words[1] --version) )
+ version=${version[@]:2:1}
+ version=( "${(@s/./)version}" )
+ echo "${version[2]}"
+}
+
+# Dynamically build the file type completion
+# Modifies the global $AG_OPTS array
+_ag_add_file_types() {
+ local typ exts
+ for i in $($words[1] --list-file-types); do
+ if [[ "${i:0:2}" = '--' ]]; then
+ if [[ "${typ}x" != "x" ]]; then
+ AG_OPTS+="${typ}[${exts}]"
+ fi
+ typ=$i
+ exts=
+ else
+ exts+=$i
+ fi
+ done
+ AG_OPTS+="${typ}[${exts}]"
+}
+
+# Add version appropriate options above base
+# Modifies the global $AG_OPTS array
+_ag_add_version_opts() {
+ local minor=$(_ag_version)
+
+ if [[ $minor -gt 21 ]];then
+ _ag_add_file_types
+ AG_OPTS+=(
+ '(- 1 *)--list-file-types[list supported filetypes to search]'
+ '--silent[suppress all log messages, including errors]'
+ )
+ fi
+
+ if [[ $minor -gt 22 ]];then
+ AG_OPTS+=(
+ '(-z --search-zip)'{-z,--search-zip}'[search contents of compressed files]'
+ )
+ fi
+
+ if [[ $minor -le 24 ]];then
+ AG_OPTS+=(
+ '(-s --case-sensitive)'{-s,--case-sensitive}'[match case sensitively]'
+ '(--noheading --heading)'{--noheading,--heading}'[print file names above matching contents]'
+ )
+ fi
+ if [[ $minor -gt 24 ]];then
+ AG_OPTS+=(
+ '(-s --case-sensitive)'{-s,--case-sensitive}'[Match case sensitively. Default on.]'
+ '(-H --noheading --heading)'{-H,--noheading,--heading}'[print file names above matching contents]'
+ '--vimgrep[output results like vim''s, :vimgrep /pattern/g would (report every match on the line)]'
+ )
+ fi
+
+ if [[ $minor -gt 26 ]];then
+ AG_OPTS+=(
+ '(-0 --null --print0)'{-0,--null,--print0}'[separate the filenames with \\0, rather than \\n]'
+ )
+ fi
+
+ if [[ $minor -le 27 ]];then
+ AG_OPTS+=(
+ '--depth[Search up to NUM directories deep. Default is 25.]:number'
+ )
+ fi
+ if [[ $minor -gt 27 ]];then
+ AG_OPTS+=(
+ '(-c --count)'{-c,--count}'[only print the number of matches in each file]'
+ '--depth[Search up to NUM directories deep, -1 for unlimited. Default is 25.]:number'
+ '(-F --fixed-strings)'{-F,--fixed-strings}'[alias for --literal for compatibility with grep]'
+ )
+ fi
+
+ if [[ $minor -le 28 ]];then
+ AG_OPTS+=(
+ '(--no-numbers)--no-numbers[donĀ“t show line numbers]'
+ )
+ fi
+ if [[ $minor -gt 28 ]];then
+ AG_OPTS+=(
+ '(--nofilename --filename)'{--nofilename,--filename}'[Print file names. Default on, except when searching a single file.]'
+ '(--nonumbers --numbers)'{--nonumbers,--numbers}'[Print line numbers. Default is to omit line numbers when searching streams]'
+ '(-o --only-matching)'{-o,--only-matching}'[print only the matching part of the lines]'
+ )
+ fi
+}
+
+_ag() {
+ local curcontext="$curcontext" state line cmds update_policy ret=1
+
+ zstyle -s ":completion:${curcontext}:" cache-policy update_policy
+ [[ -z "$update_policy" ]] && zstyle ":completion:${curcontext}:" cache-policy _ag_types_caching_policy
+
+ # Don't complete if command doesn't exist
+ [[ ${+commands[${words[1]}]} -eq 0 ]] && return 0
+
+ if ( [[ ${+AG_OPTS} -eq 0 ]] || _cache_invalid "_AG_OPTS" ) && ! _retrieve_cache "_AG_OPTS"; then
+ # Base opts starts at ag version 0.20
+ AG_OPTS=(
+ '(- 1 *)--help[print a short help statement]'
+ '(- 1 *)--man[print the manual page]'
+ '(- 1 *)--version[display version and copyright information]'
+ '--ackmate[output results in a format parseable by AckMate]'
+ '(-A --after)'{-A,--after}'[Print NUM lines before match. Default is 2]:number'
+ '(-t --all-text -a --all-types -u --unrestricted)'{-t,--all-text}"[search all text files, excluding hidden ones]"
+ '(-a --all-types -t --all-text -u --unrestricted)'{-a,--all-types}"[search all text files, excluding hidden ones and not obeying ignore files (.agignore, .gitignore...)]"
+ '(-B --before)'{-B,--before}'[Print NUM lines after match. Defaults is 2]:number'
+ '(--nobreak --break)'{--nobreak,--break}'[Print a newline between matches in different files. Default on.]'
+ '(--color --nocolor)--color[Print color codes in results. Default on.]'
+ '(--nocolor --color --color-line-number --color-match --color-path)--nocolor[Do not print color codes in results. Default on.]'
+ '(--nocolor)--color-line-number[Color codes for line numbers. Default is 1;33.]'
+ '(--nocolor)--color-match[Color codes for result match numbers. Default is 30;43.]'
+ '(--nocolor)--color-path[Color codes for path names. Default is 1;32.]'
+ '--column[print column numbers in results]'
+ '(-C --context)'{-C,--context}'[Print NUM lines before and after matches. Default is 2.]:number'
+ '(-D --debug)'{-D,--debug}'[enable debug logging]'
+ '(-G --file-search-regex)'{-G,--file-search-regex}'[only search file names matching PATTERN]:pattern'
+ '(-l --files-with-matches)'{-l,--files-with-matches}'[only print filenames containing matches, not matching lines]'
+ '(-L --files-without-matches)'{-L,--files-without-matches}"[only print filenames that don't contain matches]"
+ '(-f --follow)'{-f,--follow}'[follow symlinks]'
+ '(-g)-g[print filenames that match PATTERN]:pattern'
+ '(--nogroup --group)'{--nogroup,--group}'[same as --\[no\]break --\[no\]heading]'
+ '--hidden[search hidden files, still obeys ignore files.]'
+ '*--ignore[Ignore files/directories matching this pattern. Literal file and directory names are also allowed.]:files:_files'
+ '(-i --ignore-case)'{-i,--ignore-case}'[match case insensitively]:pattern'
+ '*--ignore-dir[alias for --ignore for compatibility with ack]:files:_files'
+ '(-v --invert-match)'{-v,--invert-match}'[invert match]'
+ '(-Q --literal)'{-Q,--literal}'[match PATTERN literally, no regular expression]'
+ '(-m --max-count)'{-m,--max-count}'[Skip the rest of a file after NUM matches. Default is 10,000.]:number'
+ '(--pager --nopager)'{--pager,--nopager}'[Display results with PAGER. Disabled by default.]:pager program:_command_names'
+ '(--passthrough)--passthrough[when searching a stream, print all lines even if they don''t match]'
+ '(-p --path-to-agignore)'{-p,--path-to-agignore}'[provide a path to a specific .agignore file]:files:_files'
+ '--print-long-lines[print matches on very long lines, > 2k characters by default]'
+ '--search-binary[search binary files]'
+ '(-U --skip-vcs-ignores)'{-U,--skip-vcs-ignores}'[ignore VCS ignore files (.gitigore, .hgignore, svn:ignore), but still use .agignore]'
+ '(-S --smart-case)'{-S,--smart-case}'[match case sensitively if PATTERN contains any uppercase letters, else match case insensitively]'
+ '--stats[print stats (files scanned, time taken, etc)]'
+ '(-u --unrestricted -t --all-text -a --all-types)'{-u,--unrestricted}'[search ALL files, includes: hidden, binary & ignored files (.agignore, .gitignore...)]'
+ '(-w --word-regexp)'{-w,--word-regexp}'[only match whole words]'
+ )
+ _ag_add_version_opts
+ AG_OPTS+=(
+ '*: :_files'
+ )
+ [[ $#AG_OPTS -gt 0 ]] && _store_cache '_AG_OPTS' AG_OPTS
+ fi
+
+ _arguments -C -s -S ${AG_OPTS} && ret=0
+ unset AG_OPTS
+
+ case $state in
+ # placeholder
+ esac
+
+ return ret
+}
+
+_ag_types_caching_policy() {
+ # Rebuild if .agignore more recent than cache.
+ [[ -f $HOME/.agignore && $$HOME/.agignore -nt "$1" ]] && return 0
+
+ # Rebuild if cache is older than one week.
+ local -a oldp
+ oldp=( "$1"(Nmw+1) )
+ (( $#oldp )) && return 0
+
+ return 1
+}
+
+_ag "$@"
diff --git a/zsh/.zsh/completion/_berks b/zsh/.zsh/completion/_berks
new file mode 100644
index 0000000..3c79cfb
--- /dev/null
+++ b/zsh/.zsh/completion/_berks
@@ -0,0 +1,34 @@
+#compdef berks
+
+local -a _1st_arguments
+_1st_arguments=(
+ 'apply: Apply version locks from Berksfile.lock to a Chef environment'
+ 'contingent: List all cookbooks that depend on the given cookbook in your Berksfile'
+ 'cookbook: Create a skeleton for a new cookbook'
+ 'help: Describe available commands or one specific command'
+ 'info: Display name, author, copyright, and dependency information about a cookbook'
+ 'init: Initialize Berkshelf in the given directory'
+ 'install: Install the cookbooks specified in the Berksfile'
+ 'list: List cookbooks and their dependencies specified by your Berksfile'
+ 'outdated: List dependencies that have new versions available that satisfy their constraints'
+ 'package: Vendor and archive the dependencies of a Berksfile'
+ 'search: Search the remote source for cookbooks matching the partial name'
+ 'shelf: Interact with the cookbook store'
+ 'show: Display the path to a cookbook on disk'
+ 'update: Update the cookbooks (and dependencies) specified in the Berksfile'
+ 'upload: Upload the cookbook specified in the Berksfile to the Chef Server'
+ 'vendor: Vendor the cookbooks specified by the Berksfile into a directory'
+ 'verify: Perform a quick validation on the contents of your resolved cookbooks'
+ 'version: Display version'
+ 'viz: Visualize the dependency graph'
+)
+
+_arguments \
+ '(-v)'{-v,--version}'[version]' \
+ '(-h)'{-h,--help}'[help]' \
+ '*:: :->subcmds' && return 0
+
+if (( CURRENT == 1 )); then
+ _describe -t commands "berks subcommand" _1st_arguments
+ return
+fi
diff --git a/zsh/.zsh/completion/_knife b/zsh/.zsh/completion/_knife
new file mode 100644
index 0000000..7f8c95e
--- /dev/null
+++ b/zsh/.zsh/completion/_knife
@@ -0,0 +1,174 @@
+#compdef knife
+
+# These flags should be available everywhere according to man knife
+knife_general_flags=( --help --server-url --key --config --editor --format --log_level --logfile --no-editor --user --print-after --version --yes )
+
+# knife has a very special syntax, some example calls are:
+# knife status
+# knife cookbook list
+# knife role show ROLENAME
+# knife data bag show DATABAGNAME
+# knife role show ROLENAME --attribute ATTRIBUTENAME
+# knife cookbook show COOKBOOKNAME COOKBOOKVERSION recipes
+
+# The -Q switch in compadd allow for completions of things like "data bag" without having to go through two rounds of completion and avoids zsh inserting a \ for escaping spaces
+_knife() {
+ local curcontext="$curcontext" state line
+ typeset -A opt_args
+ cloudproviders=(bluebox ec2 rackspace slicehost terremark)
+ _arguments \
+ '1: :->knifecmd'\
+ '2: :->knifesubcmd'\
+ '3: :->knifesubcmd2' \
+ '4: :->knifesubcmd3' \
+ '5: :->knifesubcmd4' \
+ '6: :->knifesubcmd5'
+
+ case $state in
+ knifecmd)
+ compadd -Q "$@" bootstrap client configure cookbook "cookbook site" "data bag" exec index node recipe role search ssh status windows $cloudproviders
+ ;;
+ knifesubcmd)
+ case $words[2] in
+ (bluebox|ec2|rackspace|slicehost|terremark)
+ compadd "$@" server images
+ ;;
+ client)
+ compadd -Q "$@" "bulk delete" list create show delete edit reregister
+ ;;
+ configure)
+ compadd "$@" client
+ ;;
+ cookbook)
+ compadd -Q "$@" test list create download delete "metadata from" show "bulk delete" metadata upload
+ ;;
+ node)
+ compadd -Q "$@" "from file" create show edit delete list run_list "bulk delete"
+ ;;
+ recipe)
+ compadd "$@" list
+ ;;
+ role)
+ compadd -Q "$@" "bulk delete" create delete edit "from file" list show
+ ;;
+ windows)
+ compadd "$@" bootstrap
+ ;;
+ *)
+ _arguments '2:Subsubcommands:($(_knife_options1))'
+ esac
+ ;;
+ knifesubcmd2)
+ case $words[3] in
+ server)
+ compadd "$@" list create delete
+ ;;
+ images)
+ compadd "$@" list
+ ;;
+ site)
+ compadd "$@" vendor show share search download list unshare
+ ;;
+ (show|delete|edit)
+ _arguments '3:Subsubcommands:($(_chef_$words[2]s_remote))'
+ ;;
+ (upload|test)
+ _arguments '3:Subsubcommands:($(_chef_$words[2]s_local) --all)'
+ ;;
+ list)
+ compadd -a "$@" knife_general_flags
+ ;;
+ bag)
+ compadd -Q "$@" show edit list "from file" create delete
+ ;;
+ *)
+ _arguments '3:Subsubcommands:($(_knife_options2))'
+ esac
+ ;;
+ knifesubcmd3)
+ case $words[3] in
+ show)
+ case $words[2] in
+ cookbook)
+ versioncomp=1
+ _arguments '4:Cookbookversions:($(_cookbook_versions) latest)'
+ ;;
+ (node|client|role)
+ compadd "$@" --attribute
+ esac
+ esac
+ case $words[4] in
+ (show|edit)
+ _arguments '4:Subsubsubcommands:($(_chef_$words[2]_$words[3]s_remote))'
+ ;;
+ file)
+ _arguments '*:file or directory:_files -g "*.(rb|json)"'
+ ;;
+ list)
+ compadd -a "$@" knife_general_flags
+ ;;
+ *)
+ _arguments '*:Subsubcommands:($(_knife_options3))'
+ esac
+ ;;
+ knifesubcmd4)
+ if (( versioncomp > 0 )); then
+ compadd "$@" attributes definitions files libraries providers recipes resources templates
+ else
+ _arguments '*:Subsubcommands:($(_knife_options2))'
+ fi
+ ;;
+ knifesubcmd5)
+ _arguments '*:Subsubcommands:($(_knife_options3))'
+ esac
+}
+
+# Helper functions to provide the argument completion for several depths of commands
+_knife_options1() {
+ ( for line in $( knife $words[2] --help | grep -v "^knife" ); do echo $line | grep "\-\-"; done )
+}
+
+_knife_options2() {
+ ( for line in $( knife $words[2] $words[3] --help | grep -v "^knife" ); do echo $line | grep "\-\-"; done )
+}
+
+_knife_options3() {
+ ( for line in $( knife $words[2] $words[3] $words[4] --help | grep -v "^knife" ); do echo $line | grep "\-\-"; done )
+}
+
+# The chef_x_remote functions use knife to get a list of objects of type x on the server
+_chef_roles_remote() {
+ (knife role list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+_chef_clients_remote() {
+ (knife client list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+_chef_nodes_remote() {
+ (knife node list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+_chef_cookbooks_remote() {
+ (knife cookbook list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+_chef_sitecookbooks_remote() {
+ (knife cookbook site list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+_chef_data_bags_remote() {
+ (knife data bag list | grep \" | awk '{print $1}' | awk -F"," '{print $1}' | awk -F"\"" '{print $2}')
+}
+
+# The chef_x_local functions use the knife config to find the paths of relevant objects x to be uploaded to the server
+_chef_cookbooks_local() {
+ (for i in $( grep cookbook_path $HOME/.chef/knife.rb | awk 'BEGIN {FS = "[" }; {print $2}' | sed 's/\,//g' | sed "s/'//g" | sed 's/\(.*\)]/\1/' ); do ls $i; done)
+}
+
+# This function extracts the available cookbook versions on the chef server
+_cookbook_versions() {
+ (knife cookbook show $words[4] | grep -v $words[4] | grep -v -E '\]|\[|\{|\}' | sed 's/ //g' | sed 's/"//g')
+}
+
+_knife "$@"
diff --git a/zsh/.zsh/completion/_openssl b/zsh/.zsh/completion/_openssl
new file mode 100644
index 0000000..1c48650
--- /dev/null
+++ b/zsh/.zsh/completion/_openssl
@@ -0,0 +1,1695 @@
+#compdef openssl
+# ------------------------------------------------------------------------------
+# Copyright (c) 2011 Github zsh-users - http://github.com/zsh-users
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# * Neither the name of the zsh-users nor the
+# names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# ------------------------------------------------------------------------------
+
+# openssl command [ command_opts ] [ command_args ]
+# pseudo commands:
+# openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands | list-cipher-algorithms | list-message-digest-algorithms | list-public-key-algorithms]
+
+_openssl() {
+ local openssl_commands cmd cmds
+ if [[ "$CURRENT" -lt 2 ]]; then
+ # I do not think this can happen...
+ return
+ elif [[ "$CURRENT" -eq 2 ]]; then
+ # first parameter, the command
+ openssl_commands=(${(f)"$(openssl list-standard-commands; \
+ openssl list-message-digest-commands; \
+ openssl list-cipher-commands)"} \
+ list-standard-commands \
+ list-message-digest-commands \
+ list-cipher-commands \
+ list-cipher-algorithms \
+ list-message-digest-algorithms \
+ list-public-key-algorithms)
+ _describe 'openssl commands' openssl_commands
+ else
+ # $CURRENT -gt 2
+ cmd="${words[2]}"
+ # Note: we could use ${(k)functions} to get a list of all functions and
+ # filter those that start with _openssl_
+ # but that would mean defining a new function *somewhere* might mess with
+ # the completion...
+ cmds=(asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam \
+ ec ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp \
+ passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa \
+ rsautl s_client s_server s_time sess_id smime speed spkac srp ts \
+ verify version x509)
+ # check if $cmd is in $cmds, the list of supported commands
+ if [[ "${cmds[(r)$cmd]}" == "${cmd}" ]]; then
+ # we should be able to complete $cmd
+ # run _openssl_$cmd with the remaining words from the command line
+ shift words
+ (( CURRENT-- ))
+ _openssl_${cmd}
+ elif [[ "${${(@f)"$(openssl list-cipher-commands)"}[(r)$cmd]}" == "${cmd}" ]]; then
+ # $cmd is a cipher command, which is practically an alias to enc
+ shift words
+ (( CURRENT-- ))
+ _openssl_enc
+ elif [[ "${${(@f)"$(openssl list-message-digest-commands)"}[(r)$cmd]}" == "${cmd}" ]]; then
+ # $cmd is a message digest command, which is practically an alias to dgst
+ shift words
+ (( CURRENT-- ))
+ _openssl_dgst
+ fi
+ fi
+}
+
+
+_openssl_asn1parse() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format - one of DER PEM]:format:(DER PEM)' \
+ '-in[input file]:file:_files' \
+ '-out[output file (output format is always DER]:file:_files' \
+ "-noout[don't produce any output]" \
+ '-offset[offset into file]:number: ' \
+ '-length[length of section in file]:number: ' \
+ '-i[indent entries]' \
+ '-dump[dump unknown data in hex form]' \
+ '-dlimit[dump the first arg bytes of unknown data in hex form]:number: ' \
+ '-oid[file of extra oid definitions]:file:_files' \
+ "-strparse[a series of these can be used to 'dig' into multiple ASN1 blob wrappings]:offset:" \
+ '-genstr[string to generate ASN1 structure from]:str:' \
+ '-genconf[file to generate ASN1 structure from]:file:_files'
+}
+
+
+_openssl_ca() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-verbose[talk alot while doing things]' \
+ '-config[a config file]:file:_files' \
+ '-name[the particular CA definition to use]:section: ' \
+ '-gencrl[generate a new CRL]' \
+ '-crldays[days is when the next CRL is due]:days: ' \
+ '-crlhours[hours is when the next CRL is due]:hours: ' \
+ '-startdate[certificate validity notBefore]:date: ' \
+ '-enddate[certificate validity notAfter (overrides -days)]:date: ' \
+ '-days[number of days to certify the certificate for]:days: ' \
+ '-md[md to use, one of md2, md5, sha or sha1]:alg:(md2 md5 sha sha1)' \
+ "-policy[the CA 'policy' to support]:policy: " \
+ '-keyfile[private key file]:file:_files' \
+ '-keyform[private key file format (PEM or ENGINE)]:format:(PEM ENGINE)' \
+ '-key[key to decode the private key if it is encrypted]:password: ' \
+ '-cert[the CA certificate]:file:_files' \
+ '-selfsign[sign a certificate with the key associated with it]' \
+ '-in[the input PEM encoded certificate request(s)]:file:_files' \
+ '-out[where to put the output file(s)]:file:_files' \
+ '-outdir[where to put output certificates]:dir:_files -/' \
+ '-infiles[the last argument, requests to process]:*:files:_files' \
+ '-spkac[file contains DN and signed public key and challenge]:file:_files' \
+ '-ss_cert[file contains a self signed cert to sign]:file:_files' \
+ "-preserveDN[don't re-order the DN]" \
+ "-noemailDN[don't add the EMAIL field into certificate' subject]" \
+ "-batch[don't ask questions]" \
+ '-msie_hack[msie modifications to handle all those universal strings]' \
+ '-revoke[revoke a certificate (given in file)]:file:_files' \
+ "-subj[use arg instead of request's subject]:subject: " \
+ '-utf8[input characters are UTF8 (default ASCII)]' \
+ '-multivalue-rdn[enable support for multivalued RDNs]' \
+ '-extensions[extension section (override value in config file)]:section: ' \
+ '-extfile[configuration file with X509v3 extentions to add]:file:_files' \
+ '-crlexts[CRL extension section (override value in config file)]:section: ' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-status[shows certificate status given the serial number]:serial: ' \
+ '-updatedb[updates db for expired certificates]'
+}
+
+
+_openssl_ciphers() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-v[verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL]' \
+ '-V[even more verbose]' \
+ '-ssl2[SSL2 mode]' \
+ '-ssl3[SSL3 mode]' \
+ '-tls1[TLS1 mode]' \
+ ':cipher suite:_list_ciphers'
+}
+
+
+_openssl_cms() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-encrypt[encrypt message]' \
+ '-decrypt[decrypt encrypted message]' \
+ '-sign[sign message]' \
+ '-verify[verify signed message]' \
+ '-cmsout[output CMS structure]' \
+ '-des3[encrypt with triple DES]' \
+ '-des[encrypt with DES]' \
+ '-seed[encrypt with SEED]' \
+ '-rc2-40[encrypt with RC2-40 (default)]' \
+ '-rc2-64[encrypt with RC2-64]' \
+ '-rc2-128[encrypt with RC2-128]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ "-nointern[don't search certificates in message for signer]" \
+ "-nosigs[don't verify message signature]" \
+ "-noverify[don't verify signers certificate]" \
+ "-nocerts[don't include signers certificate when signing]" \
+ '-nodetach[use opaque signing]' \
+ "-noattr[don't include any signed attributes]" \
+ "-binary[don't translate message to text]" \
+ '-certfile[other certificates file]:file:_files' \
+ '-certsout[certificate output file]:file:_files' \
+ '-signer[signer certificate file]:file:_files' \
+ '-recip[recipient certificate file for decryption]:file:_files' \
+ '-keyid[use subject key identifier]' \
+ '-in[input file]:file:_files' \
+ '-inform[input format SMIME (default), PEM or DER]:format:(SMIME PEM DER)' \
+ '-inkey[input private key (if not signer or recipient)]:file:_files' \
+ '-keyform[input private key format (PEM or ENGINE)]:format:(PEM ENGINE)' \
+ '-out[output file]:file:_files' \
+ '-outform[output format SMIME (default), PEM or DER]:format:(SMIME PEM DER)' \
+ '-content[supply or override content for detached signature]:file:_files' \
+ '-to[to address mail head]:address: ' \
+ '-from[from address mail head]:address: ' \
+ '-subject[subject mail head]:subject: ' \
+ '-text[include or delete text MIME headers]' \
+ '-CApath[trusted certificates directory]:dir:_files -/' \
+ '-CAfile[trusted certificates file]:file:_files' \
+ "-crl_check[check revocation status of signer's certificate using CRLs]" \
+ "-crl_check_all[check revocation status of signer's certificate chain using CRLs]" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '*:certificate:_files'
+}
+
+
+_openssl_crl() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format - default PEM (DER or PEM)]:format:(PEM DER)' \
+ '-outform[output format - default PEM]:format:(PEM DER)' \
+ '-text[print out a text format version]' \
+ '-in[input file - default stdin]:file:_files' \
+ '-out[output file - default stdout]:file:_files' \
+ '-hash[print hash value]' \
+ '-hash_old[print old-style (MD5) hash value]' \
+ '-fingerprint[print the crl fingerprint]' \
+ '-issuer[print issuer DN]' \
+ '-lastupdate[print lastUpdate field]' \
+ '-nextupdate[print nextUpdate field]' \
+ '-crlnumber[print CRL number]' \
+ '-noout[no CRL output]' \
+ '-CAfile[verify CRL using certificates in the specified file]:file:_files' \
+ '-CApath[verify CRL using certificates in the specified directory]:dir:_files -/' \
+ '*-nameopt[various certificate name options]:options:_nameopts'
+}
+
+
+_openssl_crl2pkcs7() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format - DER or PEM]:format:(PEM DER)' \
+ '-outform[output format - DER or PEM]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-certfile[certificates file of chain to a trusted CA (can be used more than once)]:file:_files' \
+ "-nocrl[no crl to load, just certs from '-certfile']"
+}
+
+
+_openssl_dgst() {
+ # written for openssl 1.0.1k
+ local digests
+ digests=(-dss1 -md4 -md5 -mdc2 -ripemd160 -sha -sha1 -sha224 -sha256 -sha384 -sha512 -whirlpool)
+ # -hmac is listed twice because it's documented twice by openssl
+ _arguments -C -A '-*' \
+ '(-r -hex -binary)-c[to output the digest with separating colons]' \
+ '(-c -hex -binary)-r[to output the digest in coreutils format]' \
+ '-d[to output debug info]' \
+ '(-c -r -binary)-hex[output as hex dump]' \
+ '(-c -r -hex)-binary[output in binary form]' \
+ '-hmac[set the HMAC key to arg]:key: ' \
+ '-non-fips-allow[allow use of non FIPS digest]' \
+ '-sign[sign digest using private key in the specified file]:file:_files' \
+ '-verify[verify a signature using public key in the specified file]:file:_files' \
+ '-prverify[verify a signature using private key in the specified file]:file:_files' \
+ '-keyform[key file format (PEM or ENGINE)]:format:(PEM ENGINE)' \
+ '-out[output to filename rather than stdout]:file:_files' \
+ '-signature[signature to verify]:file:_files' \
+ '-sigopt[signature parameter]:nm\:v: ' \
+ '-hmac[create hashed MAC with key]:key: ' \
+ '-mac[create MAC (not neccessarily HMAC)]:algorithm: ' \
+ '-macopt[MAC algorithm parameters or key]:nm\:v: ' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ "($digests)-dss1[use the dss1 message digest algorithm]" \
+ "($digests)-md4[to use the md4 message digest algorithm]" \
+ "($digests)-md5[to use the md5 message digest algorithm]" \
+ "($digests)-mdc2[to use the mdc2 message digest algorithm]" \
+ "($digests)-ripemd160[to use the ripemd160 message digest algorithm]" \
+ "($digests)-sha[to use the sha message digest algorithm]" \
+ "($digests)-sha1[to use the sha1 message digest algorithm]" \
+ "($digests)-sha224[to use the sha224 message digest algorithm]" \
+ "($digests)-sha256[to use the sha256 message digest algorithm]" \
+ "($digests)-sha384[to use the sha384 message digest algorithm]" \
+ "($digests)-sha512[to use the sha512 message digest algorithm]" \
+ "($digests)-whirlpool[to use the whirlpool message digest algorithm]" \
+ '*:file:_files'
+}
+
+
+_openssl_dh() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-check[check the DH parameters]' \
+ '-text[print a text form of the DH parameters]' \
+ '-C[output C code]' \
+ '-noout[no output]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_dhparam() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-dsaparam[read or generate DSA parameters, convert to DH]' \
+ '-check[check the DH parameters]' \
+ '-text[print a text form of the DH parameters]' \
+ '-C[output C code]' \
+ '-2[generate parameters using 2 as the generator value]' \
+ '-5[generate parameters using 5 as the generator value]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-noout[no output]' \
+ ':numbits: '
+}
+
+
+_openssl_dsa() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-passin[input file pass phrase source]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-passout[output file pass phrase source]:file:_files' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-des[encrypt PEM output with cbc des]' \
+ '-des3[encrypt PEM output with ede cbc des using 168 bit key]' \
+ '-idea[encrypt PEM output with cbc idea]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ '-seed[encrypt PEM output with cbc seed]' \
+ '-text[print the key in text]' \
+ "-noout[don't print key out]" \
+ '-modulus[print the DSA public value]'
+}
+
+
+_openssl_dsaparam() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-text[print as text]' \
+ '-C[output C code]' \
+ '-noout[no output]' \
+ '-genkey[generate a DSA key]' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ ':numbits: '
+}
+
+
+_openssl_ec() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-passin[input file pass phrase source]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-passout[output file pass phrase source]:file:_files' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ "-des[encrypt PEM output, instead of 'des' every other cipher supported by OpenSSL can be used]" \
+ '-text[print the key]' \
+ "-noout[don't print key out]" \
+ '-param_out[print the elliptic curve parameters]' \
+ '-conv_form[specifies the point conversion form]:form:(compressed uncompressed hybrid)' \
+ '-param_enc[specifies the way the ec parameters are encoded in the asn1 der encoding]:encoding:(named_curve explicit)'
+}
+
+
+_openssl_ecparam() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file - default stdin]:file:_files' \
+ '-out[output file - default stdout]:file:_files' \
+ '-noout[do not print the ec parameter]' \
+ '-text[print the ec parameters in text form]' \
+ '-check[validate the ec parameters]' \
+ "-C[print a 'C' function creating the parameters]" \
+ "-name[use the ec parameters with 'short name' name]:name: " \
+ "-list_curves[prints a list of all currently available curve 'short names']" \
+ '-conv_form[specifies the point conversion form]:form:(compressed uncompressed hybrid)' \
+ '-param_enc[specifies the way the ec parameters are encoded in the asn1 der encoding]:encoding:(named_curve explicit)' \
+ "-no_seed[if 'explicit' parameters are chosen do not use the seed]" \
+ '-genkey[generate ec key]' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_enc() {
+ # written for openssl 1.0.1k
+ local ciphers
+ ciphers=(-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-cfb -aes-128-cfb1 \
+ -aes-128-cfb8 -aes-128-ctr -aes-128-ecb -aes-128-gcm -aes-128-ofb \
+ -aes-128-xts -aes-192-cbc -aes-192-cfb -aes-192-cfb1 -aes-192-cfb8 \
+ -aes-192-ctr -aes-192-ecb -aes-192-gcm -aes-192-ofb -aes-256-cbc \
+ -aes-256-cbc-hmac-sha1 -aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 \
+ -aes-256-ctr -aes-256-ecb -aes-256-gcm -aes-256-ofb -aes-256-xts \
+ -aes128 -aes192 -aes256 -bf -bf-cbc -bf-cfb -bf-ecb -bf-ofb \
+ -blowfish -camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1 \
+ -camellia-128-cfb8 -camellia-128-ecb -camellia-128-ofb \
+ -camellia-192-cbc -camellia-192-cfb -camellia-192-cfb1 \
+ -camellia-192-cfb8 -camellia-192-ecb -camellia-192-ofb \
+ -camellia-256-cbc -camellia-256-cfb -camellia-256-cfb1 \
+ -camellia-256-cfb8 -camellia-256-ecb -camellia-256-ofb \
+ -camellia128 -camellia192 -camellia256 -cast -cast-cbc -cast5-cbc \
+ -cast5-cfb -cast5-ecb -cast5-ofb -des -des-cbc -des-cfb -des-cfb1 \
+ -des-cfb8 -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ofb \
+ -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1 \
+ -des-ede3-cfb8 -des-ede3-ofb -des-ofb -des3 -desx -desx-cbc \
+ -id-aes128-GCM -id-aes192-GCM -id-aes256-GCM -idea -idea-cbc \
+ -idea-cfb -idea-ecb -idea-ofb -rc2 -rc2-40-cbc -rc2-64-cbc \
+ -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -rc4-hmac-md5 \
+ -rc5 -rc5-cbc -rc5-cfb -rc5-ecb -rc5-ofb -seed -seed-cbc -seed-cfb \
+ -seed-ecb -seed-ofb)
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-pass[pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-e[encrypt]' \
+ '-d[decrypt]' \
+ '(-a -base64)'{-a,-base64}'[base64 encode/decode, depending on encryption flag]' \
+ '-k[the password to derive the key from]:password: ' \
+ '-kfile[read the password to derive the key from the first line of the file]:file:_files' \
+ '-md[the md to use to create a key from a passphrase]:alg:(md2 md5 sha sha1)' \
+ '-S[the actual salt to use]:salt: ' \
+ '-K[the actual key to use]:key: ' \
+ '-iv[the actual IV to use]:IV: ' \
+ '-p[print out the key and IV used]' \
+ '-P[print out the key and IV used the exit]' \
+ '-bufsize[set the buffer size for I/O]:size: ' \
+ '-nopad[disable standard block padding]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ "(${ciphers})-aes-128-cbc[cipher types]" \
+ "(${ciphers})-aes-128-cbc-hmac-sha1[cipher types]" \
+ "(${ciphers})-aes-128-cfb[cipher types]" \
+ "(${ciphers})-aes-128-cfb1[cipher types]" \
+ "(${ciphers})-aes-128-cfb8[cipher types]" \
+ "(${ciphers})-aes-128-ctr[cipher types]" \
+ "(${ciphers})-aes-128-ecb[cipher types]" \
+ "(${ciphers})-aes-128-gcm[cipher types]" \
+ "(${ciphers})-aes-128-ofb[cipher types]" \
+ "(${ciphers})-aes-128-xts[cipher types]" \
+ "(${ciphers})-aes-192-cbc[cipher types]" \
+ "(${ciphers})-aes-192-cfb[cipher types]" \
+ "(${ciphers})-aes-192-cfb1[cipher types]" \
+ "(${ciphers})-aes-192-cfb8[cipher types]" \
+ "(${ciphers})-aes-192-ctr[cipher types]" \
+ "(${ciphers})-aes-192-ecb[cipher types]" \
+ "(${ciphers})-aes-192-gcm[cipher types]" \
+ "(${ciphers})-aes-192-ofb[cipher types]" \
+ "(${ciphers})-aes-256-cbc[cipher types]" \
+ "(${ciphers})-aes-256-cbc-hmac-sha1[cipher types]" \
+ "(${ciphers})-aes-256-cfb[cipher types]" \
+ "(${ciphers})-aes-256-cfb1[cipher types]" \
+ "(${ciphers})-aes-256-cfb8[cipher types]" \
+ "(${ciphers})-aes-256-ctr[cipher types]" \
+ "(${ciphers})-aes-256-ecb[cipher types]" \
+ "(${ciphers})-aes-256-gcm[cipher types]" \
+ "(${ciphers})-aes-256-ofb[cipher types]" \
+ "(${ciphers})-aes-256-xts[cipher types]" \
+ "(${ciphers})-aes128[cipher types]" \
+ "(${ciphers})-aes192[cipher types]" \
+ "(${ciphers})-aes256[cipher types]" \
+ "(${ciphers})-bf[cipher types]" \
+ "(${ciphers})-bf-cbc[cipher types]" \
+ "(${ciphers})-bf-cfb[cipher types]" \
+ "(${ciphers})-bf-ecb[cipher types]" \
+ "(${ciphers})-bf-ofb[cipher types]" \
+ "(${ciphers})-blowfish[cipher types]" \
+ "(${ciphers})-camellia-128-cbc[cipher types]" \
+ "(${ciphers})-camellia-128-cfb[cipher types]" \
+ "(${ciphers})-camellia-128-cfb1[cipher types]" \
+ "(${ciphers})-camellia-128-cfb8[cipher types]" \
+ "(${ciphers})-camellia-128-ecb[cipher types]" \
+ "(${ciphers})-camellia-128-ofb[cipher types]" \
+ "(${ciphers})-camellia-192-cbc[cipher types]" \
+ "(${ciphers})-camellia-192-cfb[cipher types]" \
+ "(${ciphers})-camellia-192-cfb1[cipher types]" \
+ "(${ciphers})-camellia-192-cfb8[cipher types]" \
+ "(${ciphers})-camellia-192-ecb[cipher types]" \
+ "(${ciphers})-camellia-192-ofb[cipher types]" \
+ "(${ciphers})-camellia-256-cbc[cipher types]" \
+ "(${ciphers})-camellia-256-cfb[cipher types]" \
+ "(${ciphers})-camellia-256-cfb1[cipher types]" \
+ "(${ciphers})-camellia-256-cfb8[cipher types]" \
+ "(${ciphers})-camellia-256-ecb[cipher types]" \
+ "(${ciphers})-camellia-256-ofb[cipher types]" \
+ "(${ciphers})-camellia128[cipher types]" \
+ "(${ciphers})-camellia192[cipher types]" \
+ "(${ciphers})-camellia256[cipher types]" \
+ "(${ciphers})-cast[cipher types]" \
+ "(${ciphers})-cast-cbc[cipher types]" \
+ "(${ciphers})-cast5-cbc[cipher types]" \
+ "(${ciphers})-cast5-cfb[cipher types]" \
+ "(${ciphers})-cast5-ecb[cipher types]" \
+ "(${ciphers})-cast5-ofb[cipher types]" \
+ "(${ciphers})-des[cipher types]" \
+ "(${ciphers})-des-cbc[cipher types]" \
+ "(${ciphers})-des-cfb[cipher types]" \
+ "(${ciphers})-des-cfb1[cipher types]" \
+ "(${ciphers})-des-cfb8[cipher types]" \
+ "(${ciphers})-des-ecb[cipher types]" \
+ "(${ciphers})-des-ede[cipher types]" \
+ "(${ciphers})-des-ede-cbc[cipher types]" \
+ "(${ciphers})-des-ede-cfb[cipher types]" \
+ "(${ciphers})-des-ede-ofb[cipher types]" \
+ "(${ciphers})-des-ede3[cipher types]" \
+ "(${ciphers})-des-ede3-cbc[cipher types]" \
+ "(${ciphers})-des-ede3-cfb[cipher types]" \
+ "(${ciphers})-des-ede3-cfb1[cipher types]" \
+ "(${ciphers})-des-ede3-cfb8[cipher types]" \
+ "(${ciphers})-des-ede3-ofb[cipher types]" \
+ "(${ciphers})-des-ofb[cipher types]" \
+ "(${ciphers})-des3[cipher types]" \
+ "(${ciphers})-desx[cipher types]" \
+ "(${ciphers})-desx-cbc[cipher types]" \
+ "(${ciphers})-id-aes128-GCM[cipher types]" \
+ "(${ciphers})-id-aes192-GCM[cipher types]" \
+ "(${ciphers})-id-aes256-GCM[cipher types]" \
+ "(${ciphers})-idea[cipher types]" \
+ "(${ciphers})-idea-cbc[cipher types]" \
+ "(${ciphers})-idea-cfb[cipher types]" \
+ "(${ciphers})-idea-ecb[cipher types]" \
+ "(${ciphers})-idea-ofb[cipher types]" \
+ "(${ciphers})-rc2[cipher types]" \
+ "(${ciphers})-rc2-40-cbc[cipher types]" \
+ "(${ciphers})-rc2-64-cbc[cipher types]" \
+ "(${ciphers})-rc2-cbc[cipher types]" \
+ "(${ciphers})-rc2-cfb[cipher types]" \
+ "(${ciphers})-rc2-ecb[cipher types]" \
+ "(${ciphers})-rc2-ofb[cipher types]" \
+ "(${ciphers})-rc4[cipher types]" \
+ "(${ciphers})-rc4-40[cipher types]" \
+ "(${ciphers})-rc4-hmac-md5[cipher types]" \
+ "(${ciphers})-rc5[cipher types]" \
+ "(${ciphers})-rc5-cbc[cipher types]" \
+ "(${ciphers})-rc5-cfb[cipher types]" \
+ "(${ciphers})-rc5-ecb[cipher types]" \
+ "(${ciphers})-rc5-ofb[cipher types]" \
+ "(${ciphers})-seed[cipher types]" \
+ "(${ciphers})-seed-cbc[cipher types]" \
+ "(${ciphers})-seed-cfb[cipher types]" \
+ "(${ciphers})-seed-ecb[cipher types]" \
+ "(${ciphers})-seed-ofb[cipher types]"
+}
+
+
+_openssl_engine() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '(-vv -vvv -vvvv)-v[verbose mode, for each engine, list its "control commands"]' \
+ "(-v -vvv -vvvv)-vv[like -v, but additionally display each command's description]" \
+ '(-v -vv -vvvv)-vvv[like -vv, but also add the input flags for each command]' \
+ '(-v -vv -vvv)-vvvv[like -vvv, but also show internal input flags]' \
+ '-c[for each engine, also list the capabilities]' \
+ '(-tt)-t[for each engine, check that they are really available]' \
+ '(-t)-tt[display error trace for unavailable engines]' \
+ "-pre[runs command 'cmd' against the ENGINE before any attempts to load it (if -t is used)]:cmd: " \
+ "-post[runs command 'cmd' against the ENGINE after loading it (only used if -t is also provided)]:cmd: " \
+ '*:engine:_engines'
+ # TODO: can cmd (for -pre and -post) be completed?
+}
+
+
+_openssl_errstr() {
+ # written for openssl 1.0.1k
+ # written for openssl 1.0.2a
+ _arguments -C \
+ '-stats' \
+ ':errno: '
+}
+
+
+_openssl_gendh() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ "-out[output the key to 'file']:file:_files" \
+ '-2[use 2 as the generator value]' \
+ '-5[use 5 as the generator value]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ ':numbits: '
+}
+
+
+_openssl_gendsa() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ "-out[output the key to 'file']:file:_files" \
+ '-des[encrypt the generated key with DES in cbc mode]' \
+ '-des3[encrypt the generated key with DES in ede cbc mode (168 bit key)]' \
+ '-idea[encrypt the generated key with IDEA in cbc mode]' \
+ '-seed[encrypt PEM output with cbc seed]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ ':dsaparam-file:_files'
+}
+
+
+_openssl_genpkey() {
+ # written for openssl 1.0.1k
+ local ciphers cipher_opts
+ ciphers=( ${$(openssl list-cipher-algorithms | cut -d' ' -f1)} )
+ cipher_opts=()
+ for alg in ${ciphers}; do
+ cipher_opts=(${cipher_opts} "(${${(l:32:: ::-:)ciphers[@]}// / })-${alg}[use this cipher to encrypt the key]")
+ done
+ _arguments -C \
+ '-out[output file]:file:_files' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-pass[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ $cipher_opts \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '(-algorithm)-paramfile[parameters file]:file:_files' \
+ '(-paramfile)-algorithm[the public key algorithm]:algorithm:(EC RSA DSA DH)' \
+ '-pkeyopt[public key options]:option\:value: ' \
+ '-genparam[generate parameters, not key]' \
+ '-text[print the in text]'
+ # NB: options order may be important! See the manual page.
+ # TODO: complete pkeyopts
+ # However: "The precise set of options supported depends on the public key
+ # algorithm used and its implementation."
+}
+
+
+_openssl_genrsa() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-des[encrypt the generated key with DES in cbc mode]' \
+ '-des3[encrypt the generated key with DES in ede cbc mode (168 bit key)]' \
+ '-idea[encrypt the generated key with IDEA in cbc mode]' \
+ '-seed[encrypt PEM output with cbc seed]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ '-out[output the key to file]:file:_files' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-f4[use F4 (0x10001) for the E value]' \
+ '-3[use 3 for the E value]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ ':numbits: '
+}
+
+
+_openssl_nseq() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-toseq[output NS Sequence file]'
+}
+
+
+_openssl_ocsp() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-out[output filename]:file:_files' \
+ '-issuer[issuer certificate]:file:_files' \
+ '-cert[certificate to check]:file:_files' \
+ '-serial[serial number to check]:serial: ' \
+ '-signer[certificate to sign OCSP request with]:file:_files' \
+ '-signkey[private key to sign OCSP request with]:file:_files' \
+ '-sign_other[additional certificates to include in signed request]:file:_files' \
+ "-no_certs[don't include any certificates in signed request]" \
+ '-req_text[print text form of request]' \
+ '-resp_text[print text form of response]' \
+ '-text[print text form of request and response]' \
+ '-reqout[write DER encoded OCSP request to "file"]:file:_files' \
+ '-respout[write DER encoded OCSP reponse to "file"]:file:_files' \
+ '-reqin[read DER encoded OCSP request from "file"]:file:_files' \
+ '-respin[read DER encoded OCSP reponse from "file"]:file:_files' \
+ '-nonce[add OCSP nonce to request]' \
+ "-no_nonce[don't add OCSP nonce to request]" \
+ '-url[OCSP responder URL]:URL: ' \
+ '-host[send OCSP request to given host on given port]:host\:port: ' \
+ '-path[path to use in OCSP request]' \
+ '-CApath[trusted certificates directory]:directory:_files -/' \
+ '-CAfile[trusted certificates file]:file:_files' \
+ '-VAfile[validator certificates file]:file:_files' \
+ '-validity_period[maximum validity discrepancy in seconds]:seconds: ' \
+ '-status_age[maximum status age in seconds]:seconds: ' \
+ "-noverify[don't verify response at all]" \
+ '-verify_other[additional certificates to search for signer]:file:_files' \
+ "-trust_other[don't verify additional certificates]" \
+ "-no_intern[don't search certificates contained in response for signer]" \
+ "-no_signature_verify[don't check signature on response]" \
+ "-no_cert_verify[don't check signing certificate]" \
+ "-no_chain[don't chain verify response]" \
+ "-no_cert_checks[don't do additional checks on signing certificate]" \
+ '-port[port to run responder on]:port: ' \
+ '-index[certificate status index file]:file:_files' \
+ '-CA[CA certificate]:file:_files' \
+ '-rsigner[responder certificate to sign responses with]:file:_files' \
+ '-rkey[responder key to sign responses with]:file:_files' \
+ '-rother[other certificates to include in response]:file:_files' \
+ "-resp_no_certs[don't include any certificates in response]" \
+ '-nmin[number of minutes before next update]:minutes: ' \
+ '-ndays[number of days before next update]:days: ' \
+ '-resp_key_id[identify reponse by signing certificate key ID]' \
+ '-nrequest[number of requests to accept (default unlimited)]:limit: ' \
+ '-dss1[use specified digest in the request]' \
+ '-md4[use specified digest in the request]' \
+ '-md5[use specified digest in the request]' \
+ '-mdc2[use specified digest in the request]' \
+ '-ripemd160[use specified digest in the request]' \
+ '-ripemd[use specified digest in the request]' \
+ '-rmd160[use specified digest in the request]' \
+ '-sha1[use specified digest in the request]' \
+ '-sha224[use specified digest in the request]' \
+ '-sha256[use specified digest in the request]' \
+ '-sha384[use specified digest in the request]' \
+ '-sha512[use specified digest in the request]' \
+ '-sha[use specified digest in the request]' \
+ '-ssl2-md5[use specified digest in the request]' \
+ '-ssl3-md5[use specified digest in the request]' \
+ '-ssl3-sha1[use specified digest in the request]' \
+ '-whirlpool[use specified digest in the request]' \
+ '-timeout[timeout connection to OCSP responder after n seconds]:seconds: '
+}
+
+
+_openssl_passwd() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-crypt[standard Unix password algorithm (default)]' \
+ '-1[MD5-based password algorithm]' \
+ '-apr1[MD5-based password algorithm, Apache variant]' \
+ '-salt[use provided salt]:salt: ' \
+ '-in[read passwords from file]:file:_files' \
+ '-stdin[read passwords from stdin]' \
+ '-noverify[never verify when reading password from terminal]' \
+ '-quiet[no warnings]' \
+ '-table[format output as table]' \
+ '-reverse[switch table columns]' \
+ '*:password:'
+}
+
+
+_openssl_pkcs12() {
+ # written for openssl 1.0.2d
+ local algorithms
+ algorithms=(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc \
+ aes-256-ecb bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc \
+ camellia-128-ecb camellia-192-cbc camellia-192-ecb \
+ camellia-256-cbc camellia-256-ecb cast-cbc cast5-cbc cast5-cfb \
+ cast5-ecb cast5-ofb des-cbc des-cfb des-ecb des-ede des-ede-cbc \
+ des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb \
+ des-ede3-ofb des-ofb idea-cbc idea-cfb idea-ecb idea-ofb \
+ rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 \
+ rc4-40 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed-cbc seed-cfb \
+ seed-ecb seed-ofb PBE-MD2-DES PBE-MD5-DES PBE-SHA1-RC2-64 \
+ PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES PBE-SHA1-RC4-128 \
+ PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 \
+ PBE-SHA1-RC2-40)
+ _arguments -C \
+ '-export[output PKCS12 file]' \
+ '-chain[add certificate chain]' \
+ '-inkey[private key if not infile]:file:_files' \
+ '-certfile[add all certs in the specified file]:file:_files' \
+ "-CApath[PEM format directory of CA's]:file:_files" \
+ "-CAfile[PEM format file of CA's]:file:_files" \
+ '-name[use specified friendly name]:name: ' \
+ '*-caname[use specified CA friendly name]:name: ' \
+ '-in[input filename]:file:_files' \
+ '-out[output filename]:file:_files' \
+ "-noout[don't output anything, just verify]" \
+ "-nomacver[don't verify MAC]" \
+ "-nocerts[don't output certificates]" \
+ '-clcerts[only output client certificates]' \
+ '-cacerts[only output CA certificates]' \
+ "-nokeys[don't output private keys]" \
+ '-info[give info about PKCS#12 structure]' \
+ '-des[encrypt private keys with DES]' \
+ '-des3[encrypt private keys with triple DES (default)]' \
+ '-idea[encrypt private keys with idea]' \
+ '-seed[encrypt private keys with seed]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ "-nodes[don't encrypt private keys]" \
+ "-noiter[don't use encryption iteration]" \
+ "-nomaciter[don't use MAC iteration]" \
+ '-maciter[use MAC iteration]' \
+ "-nomac[don't generate MAC]" \
+ '-twopass[separate MAC, encryption passwords]' \
+ '-descert[encrypt PKCS#12 certificates with triple DES (default RC2-40)]' \
+ "-certpbe[specify certificate PBE algorithm (default RC2-40)]:alg:(${algorithms})" \
+ '-keypbe[specify private key PBE algorithm (default 3DES)]:alg:(${algorithms})' \
+ '-macalg[digest algorithm used in MAC (default SHA1)]:alg:_list_message_digest_algorithms' \
+ '-keyex[set MS key exchange type]' \
+ '-keysig[set MS key signature type]' \
+ '-password[set import/export password source]:pass phrase source:_pass_phrase_source' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-CSP[Microsoft CSP name]:name: ' \
+ '-LMK[add local machine keyset attribute to private key]'
+}
+
+
+_openssl_pkcs7() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-print_certs[print any certs or crl in the input]' \
+ '-text[print full details of certificates]' \
+ "-noout[don't output encoded data]" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_pkcs8() {
+ # written for openssl 1.0.2d
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-inform[input format]:format:(PEM DER)' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-out[output file]:file:_files' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-topk8[output PKCS8 file]' \
+ '-nooct[use (nonstandard) no octet format]' \
+ '-embed[use (nonstandard) embedded DSA parameters format]' \
+ '-nsdb[use (nonstandard) DSA Netscape DB format]' \
+ '-noiter[use 1 as iteration count]' \
+ '-nocrypt[use or expect unencrypted private key]' \
+ '-v2[use PKCS#5 v2.0 and given cipher]:alg:(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed seed-cbc seed-cfb seed-ecb seed-ofb)' \
+ '-v2prf[set the PRF algorithm to use with PKCS#5 v2.0]:alg:(hmacWithMD5 hmacWithRMD160 hmacWithSHA1 hmacWithSHA224 hmacWithSHA256 hmacWithSHA384 hmacWithSHA512)' \
+ '-v1[use PKCS#5 v1.5 and given cipher]:obj:(PBE-MD2-DES PBE-MD5-DES PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40)' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_pkey() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-inform[input format]:format:(PEM DER)' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-out[output file]:file:_files' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_pkeyparam() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[the input filename to read parameters from]:file:_files' \
+ '-out[the output filename to write parameters]:file:_files' \
+ '-text[prints out the parameters in plain text in addition to the encoded version]' \
+ '-noout[do not output the encoded version of the parameters]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_pkeyutl() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-sigfile[signature file (verify operation only)]:file:_files' \
+ '-inkey[input key]:file:_files' \
+ '-keyform[private key format]:format:(PEM DER)' \
+ '-pubin[input is a public key]' \
+ '-certin[input is a certificate carrying a public key]' \
+ '-pkeyopt[public key options]:option\:value:_pkeyopts' \
+ '-sign[sign with private key]' \
+ '-verify[verify with public key]' \
+ '-verifyrecover[verify with public key, recover original data]' \
+ '-encrypt[encrypt with public key]' \
+ '-decrypt[decrypt with private key]' \
+ '-derive[derive shared secret]' \
+ '-hexdump[hex dump output]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-passin[pass phrase source]:pass phrase source:_pass_phrase_source'
+}
+
+
+_openssl_prime() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-hex[hex]' \
+ '-checks[number of checks]:checks: ' \
+ ':number:'
+}
+
+
+_openssl_rand() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-out[write to file]:file:_files' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-base64[base64 encode output]' \
+ '-hex[hex encode output]' \
+ ':num:'
+}
+
+
+_openssl_req() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-text[text form of request]' \
+ '-pubkey[output public key]' \
+ '-noout[do not output REQ]' \
+ '-verify[verify signature on REQ]' \
+ '-modulus[RSA modulus]' \
+ "-nodes[don't encrypt the output key]" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ "-subject[output the request's subject]" \
+ '-passin[private key pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-key[use the private key contained in the specified file]:file:_files' \
+ '-keyform[key file format]:format:(PEM DER)' \
+ '-keyout[file to send the key to]:file:_files' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ "-newkey rsa\:-[generate a new RSA key of the specified number of bits in size]:bits: " \
+ "-newkey dsa\:[generate a new DSA key, parameters taken from CA in the specified file]:file:_files" \
+ "-newkey ec\:[generate a new EC key, parameters taken from CA in the specified file]:file:_files" \
+ '-md2[digest to sign with]' \
+ '-md4[digest to sign with]' \
+ '-md5[digest to sign with]' \
+ '-mdc2[digest to sign with]' \
+ '-sha1[digest to sign with]' \
+ '-config[request template file]:file:_files' \
+ '-subj[set or modify request subject]:subject: ' \
+ '-multivalue-rdn[enable support for multivalued RDNs]' \
+ '-new[new request]' \
+ '-batch[do not ask anything during request generation]' \
+ '-x509[output a x509 structure instead of a certificate request]' \
+ '-days[number of days a certificate generated by -x509 is valid for]:days: ' \
+ '-set_serial[serial number to use for a certificate generated by -x509]:serial: ' \
+ '-newhdr[output "NEW" in the header lines]' \
+ "-asn1-kludge[output the 'request' in a format that is wrong but some CA's have been reported as requiring]" \
+ '-extensions[specify certificate extension section (override value in config file)]:section: ' \
+ '-reqexts[specify request extension section (override value in config file)]:section: ' \
+ '-utf8[input characters are UTF8 (default ASCII)]' \
+ '*-nameopt[various certificate name options]:options:_nameopts' \
+ '*-reqopt[- various request text options]:options:_certopts'
+ # TODO: complete -extensions and -reqexts
+}
+
+
+_openssl_rsa() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER NET)' \
+ '-outform[output format]:format:(PEM DER NET)' \
+ '-in[input file]:file:_files' \
+ '-sgckey[use IIS SGC key format]' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-out[output file]:file:_files' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-des[encrypt PEM output with cbc des]' \
+ '-des3[encrypt PEM output with ede cbc des using 168 bit key]' \
+ '-idea[encrypt PEM output with cbc idea]' \
+ '-seed[encrypt PEM output with cbc seed]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ '-text[print the key in text]' \
+ "-noout[don't print key out]" \
+ '-modulus[print the RSA key modulus]' \
+ '-check[verify key consistency]' \
+ '-pubin[expect a public key in input file]' \
+ '-pubout[output a public key]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_rsautl() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-inkey[input key]:file:_files' \
+ '-keyform[private key format]:format:(PEM DER)' \
+ '-pubin[input is an RSA public]' \
+ '-certin[input is a certificate carrying an RSA public key]' \
+ '-ssl[use SSL v2 padding]' \
+ '-raw[use no padding]' \
+ '-pkcs[use PKCS#1 v1.5 padding (default)]' \
+ '-oaep[use PKCS#1 OAEP]' \
+ '-sign[sign with private key]' \
+ '-verify[verify with public key]' \
+ '-encrypt[encrypt with public key]' \
+ '-decrypt[decrypt with private key]' \
+ '-hexdump[hex dump output]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-passin[pass phrase source]:pass phrase source:_pass_phrase_source'
+}
+
+
+_openssl_s_client() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '(-6)-4[use IPv4 only]' \
+ '(-4)-6[use IPv6 only]' \
+ '(-connect)-host[use -connect instead]:host: ' \
+ '(-connect)-port[use -connect instead]:port: ' \
+ '(-host -port)-connect[who to connect to (default is localhost:4433)]:host\:port: ' \
+ '-verify[turn on peer certificate verification]:depth: ' \
+ '-verify_return_error[return verification errors]' \
+ '-cert[certificate file to use, PEM format assumed]:file:_files' \
+ '-certform[certificate format (PEM or DER) PEM default]:format:(PEM DER)' \
+ '-key[private key file to use, in cert file if not specified but cert file is]:file:_files' \
+ '-keyform[key format (PEM or DER) PEM default]:format:(PEM DER)' \
+ '-pass[private key file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ "-CApath[PEM format directory of CA's]:directory:_files -/" \
+ "-CAfile[PEM format file of CA's]:file:_files" \
+ '-reconnect[drop and re-make the connection with the same Session-ID]' \
+ '-pause[sleep(1) after each read(2) and write(2) system call]' \
+ '-prexit[print session information even on connection failure]' \
+ '-showcerts[show all certificates in the chain]' \
+ '-debug[extra output]' \
+ '-msg[show protocol messages]' \
+ '-nbio_test[more ssl protocol testing]' \
+ "-state[print the 'ssl' states]" \
+ '-nbio[run with non-blocking IO]' \
+ '-crlf[convert LF from terminal into CRLF]' \
+ '-quiet[no s_client output]' \
+ '(-no_ign_eof)-ign_eof[ignore input eof (default when -quiet)]' \
+ "(-ign_eof)-no_ign_eof[don't ignore input eof]" \
+ '-psk_identity[PSK identity]:identity: ' \
+ '-psk[PSK in hex (without 0x)]:key: ' \
+ "-srpuser[SRP authentification for 'user']:user: " \
+ "-srppass[password for 'user']:password: " \
+ '-srp_lateuser[SRP username into second ClientHello message]' \
+ '-srp_moregroups[tolerate other than the known g N values]' \
+ '-srp_strength[minimal length in bits for N (default 1024)]:int: ' \
+ '(-no_ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls1)-ssl2[just use SSLv2]' \
+ '(-no_ssl3 -ssl2 -tls1 -tls1_1 -tls1_2 -dtls1)-ssl3[just use SSLv3]' \
+ '(-no_tls1_2 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1_2[just use TLSv1.2]' \
+ '(-no_tls1_1 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1_1[just use TLSv1.1]' \
+ '(-no_tls1 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1[just use TLSv1.0]' \
+ '(-no_dtls1 -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2)-dtls1[just use DTLSv1]' \
+ '-fallback_scsv[send TLS_FALLBACK_SCSV]' \
+ '-mtu[set the link layer MTU]' \
+ '(-tls1_2)-no_tls1_2[turn off TLSv1.2]' \
+ '(-tls1_1)-no_tls1_1[turn off TLSv1.1]' \
+ '(-tls1)-no_tls1[turn off TLSv1.0]' \
+ '(-ssl3)-no_ssl3[turn off SSLv3]' \
+ '(-ssl2)-no_ssl2[turn off SSLv2]' \
+ '-bugs[switch on all SSL implementation bug workarounds]' \
+ "-serverpref[use server's cipher preferences (only SSLv2)]" \
+ '-cipher[preferred cipher to use]:cipher suite:_list_ciphers' \
+ "-starttls[use the STARTTLS command before starting TLS for those protocols that support it]:protocol:(smtp pop3 imap ftp xmpp)" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-sess_out[file to write SSL session to]:file:_files' \
+ '-sess_in[file to read SSL session from]:file:_files' \
+ '-servername[set TLS extension servername in ClientHello]:host: ' \
+ '-tlsextdebug[hex dump of all TLS extensions received]' \
+ '-status[request certificate status from server]' \
+ '-no_ticket[disable use of RFC4507bis session tickets]' \
+ '-nextprotoneg[enable NPN extension, considering named protocols supported (comma-separated list)]:protocols: ' \
+ '-legacy_renegotiation[enable use of legacy renegotiation (dangerous)]' \
+ '-use_srtp[offer SRTP key management with a colon-separated profile list]:profiles: ' \
+ '-keymatexport[export keying material using label]:label: ' \
+ '-keymatexportlen[export len bytes of keying material (default 20)]:len: '
+}
+
+
+_openssl_s_server() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-accept[port to accept on (default is 4433)]:port: ' \
+ '-context[set session ID context]:id: ' \
+ '-verify[turn on peer certificate verification]:depth: ' \
+ '-Verify[turn on peer certificate verification, must have a cert]:depth: ' \
+ '-verify_return_error[return verification errors]' \
+ '-cert[certificate file to use (default is server.pem)]:file:_files' \
+ '-crl_check[check the peer certificate has not been revoked by its CA]' \
+ '-crl_check_all[check the peer certificate has not been revoked by its CA or any other CRL in the CA chain]' \
+ '-certform[certificate format]:format:(PEM DER)' \
+ '-key[Private Key file to use, in cert file if not specified (default is server.pem)]:file:_files' \
+ '-keyform[key format]:format:(PEM DER ENGINE)' \
+ '-pass[private key file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-dcert[second certificate file to use (usually for DSA)]:file:_files' \
+ '-dcertform[second certificate format]:format:(PEM DER)' \
+ '-dkey[second private key file to use (usually for DSA)]:file:_files' \
+ '-dkeyform[second key format]:format:(PEM DER ENGINE)' \
+ '-dpass[second private key file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-dhparam[DH parameter file to use, in cert file if not specified or a default set of parameters is used]:file:_files' \
+ '-named_curve[elliptic curve name to use for ephemeral ECDH keys. (default is nistp256)]:named curve:_list_curves' \
+ '-nbio[run with non-blocking IO]' \
+ '-nbio_test[test with the non-blocking test bio]' \
+ '-crlf[convert LF from terminal into CRLF]' \
+ '-debug[print more output]' \
+ '-msg[show protocol messages]' \
+ '-state[print the SSL states]' \
+ "-CApath[PEM format directory of CA's]:file:_files -/" \
+ "-CAfile[PEM format file of CA's]:file:_files" \
+ "-nocert[don't use any certificates (Anon-DH)]" \
+ '-cipher[preferred cipher to use]:cipher suite:_list_ciphers' \
+ "-serverpref[use server's cipher preferences]" \
+ '-quiet[no server output]' \
+ '-no_tmp_rsa[do not generate a tmp RSA key]' \
+ '-psk_hint[PSK identity hint to use]:hint: ' \
+ '-psk[PSK in hex (without 0x)]:PSK: ' \
+ '-srpvfile[the verifier file for SRP]:file:_files' \
+ '-srpuserseed[a seed string for a default user salt]:seed: ' \
+ '-ssl2[just talk SSLv2]' \
+ '-ssl3[just talk SSLv3]' \
+ '-tls1_2[just talk TLSv1.2]' \
+ '-tls1_1[just talk TLSv1.1]' \
+ '-tls1[just talk TLSv1]' \
+ '-dtls1[just talk DTLSv1]' \
+ '-timeout[enable timeouts]' \
+ '-mtu[set link layer MTU]' \
+ '-chain[read a certificate chain]' \
+ '-no_ssl2[just disable SSLv2]' \
+ '-no_ssl3[just disable SSLv3]' \
+ '-no_tls1[just disable TLSv1]' \
+ '-no_tls1_1[just disable TLSv1.1]' \
+ '-no_tls1_2[just disable TLSv1.2]' \
+ '-no_dhe[disable ephemeral DH]' \
+ '-no_ecdhe[disable ephemeral ECDH]' \
+ '-bugs[turn on SSL bug compatibility]' \
+ '-hack[workaround for early Netscape code]' \
+ "-www[respond to a 'GET /' with a status page]" \
+ "-WWW[respond to a 'GET /<path> HTTP/1.0' with file ./<path>]" \
+ "-HTTP[respond to a 'GET /<path> HTTP/1.0' with file ./<path> with the assumption it contains a complete HTTP response]" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-id_prefix[generate SSL/TLS session IDs prefixed by arg]:prefix: ' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-servername[servername for HostName TLS extension]:hostname: ' \
+ '-servername_fatal[on mismatch send fatal alert (default warning alert)]' \
+ '-cert2[certificate file to use for servername (default is server2.pem)]:file:_files' \
+ '-key2[Private Key file to use for servername, in cert file if not specified (default is server2.pem)]:file:_files' \
+ '-tlsextdebug[hex dump of all TLS extensions received]' \
+ '-no_ticket[disable use of RFC4507bis session tickets]' \
+ '-legacy_renegotiation[enable use of legacy renegotiation (dangerous)]' \
+ '-nextprotoneg[set the advertised protocols for the NPN extension (comma-separated list)]:protocol:(http/1.0 http/1.1)' \
+ '-use_srtp[offer SRTP key management with a colon-separated profile list]:profiles: ' \
+ '-4[use IPv4 only]' \
+ '-6[use IPv6 only]' \
+ '-keymatexport[export keying material using label]:label: ' \
+ '-keymatexportlen[export len bytes of keying material (default 20)]:length: ' \
+ '-status[respond to certificate status requests]' \
+ '-status_verbose[enable status request verbose printout]' \
+ '-status_timeout[status request responder timeout]:seconds: ' \
+ '-status_url[status request fallback URL]:URL: '
+ # TODO: srtp profiles
+}
+
+
+_openssl_s_time() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-connect[host:port to connect to (default is localhost:4433)]:host\:port: ' \
+ '-nbio[run with non-blocking IO]' \
+ '-ssl2[just use SSLv2]' \
+ '-ssl3[just use SSLv3]' \
+ '-bugs[turn on SSL bug compatibility]' \
+ '-new[just time new connections]' \
+ '-reuse[just time connection reuse]' \
+ "-www[retrieve the specified page from the site]:page: " \
+ '-time[max number of seconds to collect data, default 30]:seconds: ' \
+ '-verify[turn on peer certificate verification]:depth: ' \
+ '-cert[certificate file to use, PEM format assumed]:file:_files' \
+ '-key[RSA file to use, PEM format assumed, key is in cert file]:file:_files' \
+ "-CApath[PEM format directory of CA's]:file:_files -/" \
+ "-CAfile[PEM format file of CA's]:file:_files" \
+ '-cipher[preferred cipher to use]:cipher suite:_list_ciphers'
+}
+
+
+_openssl_sess_id() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format]:format:(PEM DER)' \
+ '-outform[output format]:format:(PEM DER)' \
+ '-in[input file (default stdin)]:file:_files' \
+ '-out[output file (default stdout)]:file:_files' \
+ '-text[print ssl session id details]' \
+ '-cert[output certificate ]' \
+ '-noout[no CRL output]' \
+ '-context[set the session ID context]:id: '
+}
+
+
+_openssl_smime() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-encrypt[encrypt message]' \
+ '-decrypt[decrypt encrypted message]' \
+ '-sign[sign message]' \
+ '-verify[verify signed message]' \
+ '-pk7out[output PKCS#7 structure]' \
+ '-des3[encrypt with triple DES]' \
+ '-des[encrypt with DES]' \
+ '-seed[encrypt with SEED]' \
+ '-rc2-40[encrypt with RC2-40 (default)]' \
+ '-rc2-64[encrypt with RC2-64]' \
+ '-rc2-128[encrypt with RC2-128]' \
+ '-aes128[encrypt PEM output with cbc aes]' \
+ '-aes192[encrypt PEM output with cbc aes]' \
+ '-aes256[encrypt PEM output with cbc aes]' \
+ '-camellia128[encrypt PEM output with cbc camellia]' \
+ '-camellia192[encrypt PEM output with cbc camellia]' \
+ '-camellia256[encrypt PEM output with cbc camellia]' \
+ "-nointern[don't search certificates in message for signer]" \
+ "-nosigs[don't verify message signature]" \
+ "-noverify[don't verify signers certificate]" \
+ "-nocerts[don't include signers certificate when signing]" \
+ '-nodetach[use opaque signing]' \
+ "-noattr[don't include any signed attributes]" \
+ "-binary[don't translate message to text]" \
+ '-certfile[other certificates file]:file:_files' \
+ '-signer[signer certificate file]:file:_files' \
+ '-recip[recipient certificate file for decryption]:file:_files' \
+ '-in[input file]:file:_files' \
+ '-inform[input format]:format:(SMIME PEM DER)' \
+ '-inkey[input private key (if not signer or recipient)]:file:_files' \
+ '-keyform[input private key format]:format:(PEM ENGINE)' \
+ '-out[output file]:file:_files' \
+ '-outform[output format]:format:(SMIME PEM DER)' \
+ '-content[supply or override content for detached signature]:file:_files' \
+ '-to[to address]:address: ' \
+ '-from[from address]:address: ' \
+ '-subject[subject]:subject: ' \
+ '-text[include or delete text MIME headers]' \
+ '-CApath[trusted certificates directory]:directory:_files -/' \
+ '-CAfile[trusted certificates file]:file:_files' \
+ "-crl_check[check revocation status of signer's certificate using CRLs]" \
+ "-crl_check_all[check revocation status of signer's certificate chain using CRLs]" \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ ':certificate:_files'
+}
+
+
+_openssl_speed() {
+ # written for openssl 1.0.1k
+ local algorithms
+ algorithms=(mdc2 md4 md5 hmac sha1 sha256 sha512 whirlpoolrmd160 idea-cbc \
+ seed-cbc rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 aes-128-cbc \
+ aes-192-cbc aes-256-cbc aes-128-ige aes-192-ige aes-256-ige \
+ camellia-128-cbc camellia-192-cbc camellia-256-cbc rc4 rsa512 \
+ rsa1024 rsa2048 rsa4096 dsa512 dsa1024 dsa2048 ecdsap160 \
+ ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521 ecdsak163 \
+ ecdsak233 ecdsak283 ecdsak409 ecdsak571 ecdsab163 ecdsab233 \
+ ecdsab283 ecdsab409 ecdsab571 ecdsa ecdhp160 ecdhp192 ecdhp224 \
+ ecdhp256 ecdhp384 ecdhp521 ecdhk163 ecdhk233 ecdhk283 ecdhk409 \
+ ecdhk571 ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571 ecdh idea \
+ seed rc2 des aes camellia rsa blowfish)
+ _arguments -C \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-evp[use the specified EVP]:EVP: ' \
+ '-decrypt[time decryption instead of encryption (only EVP)]' \
+ '-mr[produce machine readable output]' \
+ '-multi[run n benchmarks in parallel]:benchmarks: ' \
+ "*:algorithm:(${algorithms})"
+}
+
+
+_openssl_spkac() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-in[input file]:file:_files' \
+ '-out[output file]:file:_files' \
+ '-key[create SPKAC using private key]:file:_files' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-challenge[challenge string]:string: ' \
+ '-spkac[alternative SPKAC name]:spkacname: ' \
+ '-spksect[alternative section name]:section: ' \
+ "-noout[don't print SPKAC]" \
+ '-pubkey[output public key]' \
+ '-verify[verify SPKAC signature]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+}
+
+
+_openssl_srp() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-verbose[talk alot while doing things]' \
+ '-config[a config file]:file:_files' \
+ '-name[the particular srp definition to use]:definition: ' \
+ '-srpvfile[the srp verifier file name]:file:_files' \
+ '(-modify -delete -list)-add[add an user and srp verifier]' \
+ '(-add -delete -list)-modify[modify the srp verifier of an existing user]' \
+ '(-add -modify -list)-delete[delete user from verifier file]' \
+ '(-add -modify -delete)-list[list user]' \
+ '-gn[g and N values to be used for new verifier]:g and N: ' \
+ '-userinfo[additional info to be set for user]:userinfo: ' \
+ '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ ':user:'
+}
+
+
+_openssl_ts() {
+ # written for openssl 1.0.1k
+ # written for openssl 1.0.2e
+ local action digests
+ digests=(-dss1 -md4 -md5 -mdc2 -ripemd160 -sha -sha1 -sha224 -sha256 \
+ -sha384 -sha512 -whirlpool)
+ if [[ "${CURRENT}" -eq 2 ]]; then
+ # first parameter to ts
+ _values 'openssl time stamp action' '-query[time stamp request generation]' '-reply[time stamp response generation]' '-verify[time stamp response verification]'
+ else
+ action="${words[2]}"
+ case "${action}" in
+ -query)
+ _arguments -C \
+ '-rand[files to use for random number input]:file:_rand_files' \
+ '-config[config file to use]:file:_files' \
+ '(-digest)-data[data file for which the time stamp request needs to be created]:file:_files' \
+ '(-data)-digest[digest of the data file]:bytes: ' \
+ "($digests)-dss1[use the dss1 message digest algorithm]" \
+ "($digests)-md4[to use the md4 message digest algorithm]" \
+ "($digests)-md5[to use the md5 message digest algorithm]" \
+ "($digests)-mdc2[to use the mdc2 message digest algorithm]" \
+ "($digests)-ripemd160[to use the ripemd160 message digest algorithm]" \
+ "($digests)-sha[to use the sha message digest algorithm]" \
+ "($digests)-sha1[to use the sha1 message digest algorithm]" \
+ "($digests)-sha224[to use the sha224 message digest algorithm]" \
+ "($digests)-sha256[to use the sha256 message digest algorithm]" \
+ "($digests)-sha384[to use the sha384 message digest algorithm]" \
+ "($digests)-sha512[to use the sha512 message digest algorithm]" \
+ "($digests)-whirlpool[to use the whirlpool message digest algorithm]" \
+ '-policy[policy to use for creating the time stamp token]:policy ID: ' \
+ '-no_nonce[do not include a nonce in the request]' \
+ '-cert[request a signing certificate in the response]' \
+ '-in[use the previously created time stamp request]:file:_files' \
+ '-out[name of the output file to which the request will be written]:file:_files' \
+ '-text[output in human-readable format instead of DER]'
+ ;;
+ -reply)
+ _arguments -C \
+ '-config[config file to use]:file:_files' \
+ '-section[config file section for response generation]:section: ' \
+ '-queryfile[file containing a DER encoded time stamp request]:file:_files' \
+ '-passin[private key password source]:pass phrase source:_pass_phrase_source' \
+ '-signer[signer certificate of the TSA in PEM format]:file:_files' \
+ '-inkey[signer private key in PEM format]:file:_files' \
+ '-chain[signer certificate chain in PEM format]:file:_files' \
+ '-policy[default policy to use for response]:policy ID: ' \
+ '-in[use the previously created time stamp response in DER format]:file:_files' \
+ '-token_in[the paramter to -in is a time stamp token in DER format]' \
+ '-out[name of the output file to which the response will be written]:file:_files' \
+ '-token_out[output a time stamp token instead of a time stamp response]' \
+ '-text[output in human-readable format instead of DER]' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines'
+ ;;
+ -verify)
+ _arguments -C \
+ '(-digest -queryfile)-data[verify response against the specified file]:file:_files' \
+ '(-data -queryfile)-digest[verify the response against the specified message digest]:digest bytes: ' \
+ '(-data -digest)-queryfile[the original time stamp request in DER format]:file:_files' \
+ '-in[time stamp response that needs to be verified in DER format]:file:_files' \
+ '-token_in[the paramter to -in is a time stamp token in DER format]' \
+ '-CApath[directory containing the trused CA certificates of the client]:directory:_files -/' \
+ '-CAFile[file containing a set of trusted self-signed CA certificates in PEM format]:file:_files' \
+ '-untrusted[set of additional untrusted certificates in PEM format which may be needed when building the certificate chain]:file:_files'
+ ;;
+ esac
+ fi
+}
+
+
+_openssl_verify() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-CApath[a directory of trusted certificates]:directory:_files -/' \
+ '-CAfile[file A file of trusted certificates]:file:_files' \
+ '-purpose[the intended use for the certificate]:purpose:(sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper timestampsign)' \
+ '*-policy[enable policy processing and add arg to the user-initial-policy-set]:object name or OID: ' \
+ '-ignore_critical[ignore critical extensions]' \
+ '-attime[perform validation checks using the given time]:timestamp: ' \
+ '-check_ss_sig[verify the signature on the self-signed root CA]' \
+ "-crlfile[file containing one or more CRL's (in PEM format) to load]:file:_files" \
+ '-crl_check[check end entity certificate in CRL]' \
+ '-crl_check_all[check all certificates in CRL]' \
+ '-policy_check[enables certificate policy processing]' \
+ '-explicit_policy[set policy variable require-explicit-policy]' \
+ '-inhibit_any[set policy variable inhibit-any-policy]' \
+ '-inhibit_map[set policy variable inhibit-policy-mapping]' \
+ '-x509_strict[strict X.509-compliance]' \
+ '-extended_crl[enable extended CRL features]' \
+ '-use_deltas[enable support for delta CRLs]' \
+ '-policy_print[print out diagnostics related to policy processing]' \
+ '-untrusted[a file of untrusted certificates]:file:_files' \
+ '(-*)-help[print out a usage message]' \
+ '-issuer_checks[print out diagnostics relating to searches for the issuer certificate of the current certificate]' \
+ '-verbose[print extra information about the operations being performed]' \
+ '*:certificate:_files'
+ # TODO: - may be used to separate certificates from options
+ # TODO: Do not hardcode purposes
+}
+
+
+_openssl_version() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-a[all information, this is the same as setting all the other flags]' \
+ '-v[the current OpenSSL version]' \
+ '-b[the date the current version of OpenSSL was built]' \
+ '-o[option information: various options set when the library was built]' \
+ '-f[compilation flags]' \
+ '-p[platform setting]' \
+ '-d[OPENSSLDIR setting]'
+}
+
+
+_openssl_x509() {
+ # written for openssl 1.0.1k
+ _arguments -C \
+ '-inform[input format - default PEM (one of DER, NET or PEM)]:format:(DER NET PEM)' \
+ '-outform[output format - default PEM (one of DER, NET or PEM)]:arg:(DER NET PEM)' \
+ '-keyform[private key format - default PEM]:arg:(DER PEM)' \
+ '-CAform[CA format - default PEM]:arg:(DER PEM)' \
+ '-CAkeyform[CA key format - default PEM]:arg:(DER PEM)' \
+ '-in[input file - default stdin]:file:_files' \
+ '-out[output file - default stdout]:file:_files' \
+ '-passin[private key password source]:pass phrase source:_pass_phrase_source' \
+ '-serial[print serial number value]' \
+ '-subject_hash[print subject hash value]' \
+ '-subject_hash_old[print old-style (MD5) subject hash value]' \
+ '-issuer_hash[print issuer hash value]' \
+ '-issuer_hash_old[print old-style (MD5) issuer hash value]' \
+ '-hash[synonym for -subject_hash]' \
+ '-subject[print subject DN]' \
+ '-issuer[print issuer DN]' \
+ '-email[print email address(es)]' \
+ '-startdate[notBefore field]' \
+ '-enddate[notAfter field]' \
+ '-purpose[print out certificate purposes]' \
+ '-dates[both Before and After dates]' \
+ '-modulus[print the RSA key modulus]' \
+ '-pubkey[output the public key]' \
+ '-fingerprint[print the certificate fingerprint]' \
+ '-alias[output certificate alias]' \
+ '-noout[no certificate output]' \
+ '-ocspid[print OCSP hash values for the subject name and public key]' \
+ '-ocsp_uri[print OCSP Responder URL(s)]' \
+ '-trustout[output a "trusted" certificate]' \
+ '-clrtrust[clear all trusted purposes]' \
+ '-clrreject[clear all rejected purposes]' \
+ '-addtrust[trust certificate for a given purpose]:purpose:(clientAuth serverAuth emailProtection)' \
+ '-addreject[reject certificate for a given purpose]:purpose:(clientAuth serverAuth emailProtection)' \
+ '-setalias[set certificate alias]:alias: ' \
+ '-days[how long till expiry of a signed certificate (default 30 days)]:days: ' \
+ '-checkend[check whether the cert expires in the specified time]:seconds: ' \
+ '-signkey[self sign cert with arg]:file:_files' \
+ '-x509toreq[output a certification request object]' \
+ '-req[input is a certificate request, sign and output]' \
+ '-CA[set the CA certificate, must be PEM format]:file:_files' \
+ '-CAkey[set the CA key, must be PEM format]:file:_files' \
+ '-CAcreateserial[create serial number file if it does not exist]' \
+ '-CAserial[serial file]:file:_files' \
+ '-set_serial[serial number to use]' \
+ '-text[print the certificate in text form]' \
+ '-C[print out C code forms]' \
+ '(-md5 -sha1 -mdc2)-md2[digest to use]' \
+ '(-md2 -sha1 -mdc2)-md5[digest to use]' \
+ '(-md2 -md5 -mdc2)-sha1[digest to use]' \
+ '(-md2 -md5 -sha1)-mdc2[digest to use]' \
+ '-extfile[configuration file with X509V3 extensions to add]' \
+ '-extensions[section from config file with X509V3 extensions to add]' \
+ '-clrext[delete extensions before signing and input certificate]' \
+ '*-nameopt[various certificate name options]:options:_nameopts' \
+ '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \
+ '*-certopt[various certificate text options]:options:_certopts'
+}
+
+
+_pass_phrase_source() {
+ # pass:password
+ # env:var
+ # file:pathname
+ # fd:number
+ # stdin
+ _values -S : 'pass phrase source' \
+ 'pass[obtain the password from the command line]:password: ' \
+ 'env[obtain the password from the environment variable var]:var:_parameters -g "*export*"' \
+ 'file[obtain the password from a file]:file:_files' \
+ 'fd[read the password from the file descriptor number]:number: ' \
+ 'stdin[read the password from standard input]'
+}
+
+
+_rand_files() {
+ # FIXME: this does not allow using multiple files separated by :
+ # the following would probably work, but how to generate $files?
+ #_values -s : -S ' ' 'random source file or directory' ${files}
+ _files
+}
+
+
+_engines() {
+ # openssl engines
+ local engines
+ engines=(${${${(@f)"$(_call_program engines openssl engine)"}%)*}#\(})
+ _values 'engines' ${engines}
+}
+
+
+_list_ciphers() {
+ # openssl ciphers
+ local ciphers
+ # add cipher suites
+ ciphers=(${(@s/:/)"$(_call_program ciphers openssl ciphers)"})
+ # add static cipher strings
+ ciphers=(${ciphers} \
+ 'DEFAULT[the default cipher list]' \
+ 'COMPLEMENTOFDEFAULT[the ciphers included in ALL but not enabled by default]' \
+ 'ALL[all cipher suites except the eNULL ciphers]' \
+ 'COMPLEMENTOFALL[the cipher suites not enabled by ALL]' \
+ 'HIGH["high" encryption cipher suites]' \
+ 'MEDIUM["medium" encryption cipher suites]' \
+ 'LOW["low" encryption cipher suites]' \
+ {EXP,EXPORT}'[export encryption algorithms]' \
+ 'EXPORT40[40 bit export encryption algorithms]' \
+ 'EXPORT56[56 bit export encryption algorithms]' \
+ {eNULL,NULL}'[ciphers offering no encryption]' \
+ 'aNULL[ciphers offering no authentication]' \
+ {kRSA,RSA}'[cipher suites rusing RSA key exchange]' \
+ 'kDHr[cipher suites using DH key agreement signed by CAs with RSA keys]' \
+ 'kDHd[cipher suites using DH key agreement signed by CAs with DSS keys]' \
+ 'kDH[cipher suites using DH key agreement]' \
+ {kDHE,kEDH}'[cipher suites using ephemeral DH key agreement, including anonymous cipher suites]' \
+ {DHE,EDH}'[cipher suites using authenticated ephemeral DH key agreement]' \
+ 'ADH[anonymous DH cipher suites, not including anonymous ECDH ciphers]' \
+ 'DH[cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH]' \
+ 'kECDHr[cipher suites using fixed ECDH key agreement signed by CAs with RSA keys]' \
+ 'kECDHe[cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys]' \
+ 'kECDH[cipher suites using fixed ECDH key agreement]' \
+ {kECDHE,kEECDH}'[cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites]' \
+ {ECDHE,kEECDH}'[cipher suites using authenticated ephemeral ECDH key agreement]' \
+ 'AECDH[anonymous Elliptic Curve Diffie Hellman cipher suites]' \
+ 'ECDH[cipher suites using ECDH key exchange, including anonymous, ephemeral and fixed ECDH]' \
+ 'aRSA[cipher suites using RSA authentication]' \
+ {aDSS,DSS}'[cipher suites using DSS authentication]' \
+ 'aDH[cipher suites effectively using DH authentication]' \
+ 'aECDH[cipher suites effectively using ECDH authentication]' \
+ {aECDSA,ECDSA}'[cipher suites using ECDSA authentication]' \
+ 'TLSv1.2[TLSv1.2 cipher suites]' \
+ 'TLSv1[TLSv1.0 cipher suites]' \
+ 'SSLv3[SSLv3.0 cipher suites]' \
+ 'SSLv2[SSLv2.0 cipher suites]' \
+ 'AES128[cipher suites using 128 bit AES]' \
+ 'AES256[cipher suites using 256 bit AES]' \
+ 'AES[cipher suites using AES]' \
+ 'AESGCM[AES in Galois Counter Mode (GCM)]' \
+ 'CAMELLIA128[cipher suites using 128 bit CAMELLIA]' \
+ 'CAMELLIA256[cipher suites using 256 bit CAMELLIA]' \
+ 'CAMELLIA[cipher suites using CAMELLIA]' \
+ '3DES[cipher suites using triple DES]' \
+ 'DES[cipher suites using DES (not triple DES)]' \
+ 'RC4[cipher suites using RC4]' \
+ 'RC2[cipher suites using RC2]' \
+ 'IDEA[cipher suites using IDEA]' \
+ 'SEED[cipher suites using SEED]' \
+ 'MD5[cipher suites using MD5]' \
+ {SHA1,SHA}'[cipher suites using SHA1]' \
+ 'SHA256[cipher suites using SHA256]' \
+ 'SHA384[cipher suites using SHA284]' \
+ 'aGOST[cipher suites using GOST R 34.10 for authenticaction]' \
+ 'aGOST01[cipher suites using GOST R 34.10-2001 authentication]' \
+ 'aGOST94[cipher suites using GOST R 34.10-94 authentication]' \
+ 'kGOST[cipher suites, using VKO 34.10 key exchange]' \
+ 'GOST94[cipher suites, using HMAC based on GOST R 34.11-94]' \
+ 'GOST89MAC[cipher suites using GOST 28147-89 MAC instead of HMAC]' \
+ 'PSK[cipher suites using pre-shared keys (PSK)]' \
+ 'SUITEB128[suite B mode operation using 128 or 192 bit level of security]' \
+ 'SUITEB128ONLY[suite B mode operation using 128 bit level of security]' \
+ 'SUITEB192[suite B mode operation using 192 bit level of security]' \
+ )
+ # FIXME: support !, + and - before each cipher suite
+ _values -s : 'cipher suite' ${ciphers}
+}
+
+
+_list_curves() {
+ # openssl ecparam -list_curves
+ local curves not_curves
+ curves="$(_call_program list_curves openssl ecparam -list_curves)"
+ # identify lines that do not contain curve names but only descriptions
+ not_curves=(${${(f)curves[@]}:#*:*})
+ # remove non-curve lines, trailing descriptions and leading spaces
+ curves=(${${${${(f)curves[@]}:|not_curves}%:*}##* })
+ _values 'named curves' ${curves}
+}
+
+
+_list_message_digest_algorithms() {
+ # openssl list-message-digest-algorithms
+ local algorithms
+ algorithms=(${${(@f)"$(_call_program message_digest_algorithms openssl list-message-digest-algorithms)"}%% *})
+ _values 'message digest algorithms' ${algorithms}
+}
+
+
+_nameopts() {
+ _values -s ',' -w 'nameopts' \
+ '(-compat compat)'{-compat,compat}'[use the old format. This is equivalent to specifying no name options at all]' \
+ '(-RFC2253 RFC2253)'{-RFC2253,RFC2253}'[displays names compatible with RFC2253 equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev and sname]' \
+ '(-oneline oneline)'{-oneline,oneline}'[a oneline format which is more readable than RFC2253. Equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and sname options]' \
+ '(-multiline multiline)'{-multiline,multiline}'[a multiline format. Equivalent to esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align]' \
+ '(-esc_2253 esc_2253)'{-esc_2253,esc_2253}'[escape the "special" characters required by RFC2253 in a field]' \
+ '(-esc_ctrl esc_ctrl)'{-esc_ctrl,esc_ctrl}'[escape control characters]' \
+ '(-esc_msb esc_msb)'{-esc_msb,esc_msb}'[escape characters with the MSB set]' \
+ '(-use_quote use_quote)'{-use_quote,use_quote}'[escapes some characters by surrounding the whole string with " characters]' \
+ '(-utf8 utf8)'{-utf8,utf8}'[convert all strings to UTF8 format first]' \
+ '(-ignore_type ignore_type)'{-ignore_type,ignore_type}'[this option does not attempt to interpret multibyte characters in any way]' \
+ '(-show_type show_type)'{-show_type,show_type}'[show the type of the ASN1 character string]' \
+ '(-dump_der dump_der)'{-dump_der,dump_der}'[use DER encoding when hexdumping fields]' \
+ '(-dump_nostr dump_nostr)'{-dump_nostr,dump_nostr}'[dump non character string types]' \
+ '(-dump_all dump_all)'{-dump_all,dump_all}'[dump all fields]' \
+ '(-dump_unknown dump_unknown)'{-dump_unknown,dump_unknown}'[dump any field whose OID is not recognised by OpenSSL]' \
+ '(-sep_comma_plus sep_comma_plus)'{-sep_comma_plus,sep_comma_plus}'[these options determine the field separators]' \
+ '(-sep_comma_plus_space sep_comma_plus_space)'{-sep_comma_plus_space,sep_comma_plus_space}'[these options determine the field separators]' \
+ '(-sep_semi_plus_space sep_semi_plus_space)'{-sep_semi_plus_space,sep_semi_plus_space}'[these options determine the field separators]' \
+ '(-sep_multiline sep_multiline)'{-sep_multiline,sep_multiline}'[these options determine the field separators]' \
+ '(-dn_rev dn_rev)'{-dn_rev,dn_rev}'[reverse the fields of the DN]' \
+ '(-nofname nofname)'{-nofname,nofname}'[do not display field names]' \
+ '(-sname sname)'{-sname,sname}'[display field names in short form]' \
+ '(-lname lname)'{-lname,lname}'[display field names in long form]' \
+ '(-oid oid)'{-oid,oid}'[display field names in numerical form]' \
+ '(-align align)'{-align,align}'[align field values for a more readable output. Only usable with sep_multiline]' \
+ '(-space_eq space_eq)'{-space_eq,space_eq}'[places spaces around the = character which follows the field name]'
+}
+
+
+_certopts() {
+ _values -s ',' -w 'certopts' \
+ 'compatible[use the old format. This is equivalent to specifying no output options at all]' \
+ "no_header[don't print header information: that is the lines saying \"Certificate\" and \"Data\"]" \
+ "no_version[don't print out the version number]" \
+ "no_serial[don't print out the serial number]" \
+ "no_signame[don't print out the signature algorithm used]" \
+ "no_validity[don't print the validity, that is the notBefore and notAfter fields]" \
+ "no_subject[don't print out the subject name]" \
+ "no_issuer[don't print out the issuer name]" \
+ "no_pubkey[don't print out the public key]" \
+ "no_sigdump[don't give a hexadecimal dump of the certificate signature]" \
+ "no_aux[don't print out certificate trust information]" \
+ "no_extensions[don't print out any X509V3 extensions]" \
+ 'ext_default[retain default extension behaviour: attempt to print out unsupported certificate extensions]' \
+ 'ext_error[print an error message for unsupported certificate extensions]' \
+ 'ext_parse[ASN1 parse unsupported extensions]' \
+ 'ext_dump[hex dump unsupported extensions]' \
+ '(no_issuer no_pubkey no_header no_version no_sigdump no_signame)ca_default[the value used by the ca utility, equivalent to no_issuer, no_pubkey, no_header, no_version, no_sigdump and no_signame]'
+}
+
+
+_openssl "$@"
+
+# vim: ft=zsh sw=2 ts=2 et
diff --git a/zsh/.zsh/completion/_pass b/zsh/.zsh/completion/_pass
new file mode 100644
index 0000000..858f217
--- /dev/null
+++ b/zsh/.zsh/completion/_pass
@@ -0,0 +1,134 @@
+#compdef pass
+#autoload
+
+# Copyright (C) 2012 - 2014:
+# Johan Venant <jvenant@invicem.pro>
+# Brian Mattern <rephorm@rephorm.com>
+# Jason A. Donenfeld <Jason@zx2c4.com>.
+# All Rights Reserved.
+# This file is licensed under the GPLv2+. Please see COPYING for more information.
+
+
+_pass () {
+ local cmd
+ if (( CURRENT > 2)); then
+ cmd=${words[2]}
+ # Set the context for the subcommand.
+ curcontext="${curcontext%:*:*}:pass-$cmd"
+ # Narrow the range of words we are looking at to exclude `pass'
+ (( CURRENT-- ))
+ shift words
+ # Run the completion for the subcommand
+ case "${cmd}" in
+ init)
+ _arguments : \
+ "-p[gpg-id will only be applied to this subfolder]" \
+ "--path[gpg-id will only be applied to this subfolder]"
+ _pass_complete_keys
+ ;;
+ ls|list|edit)
+ _pass_complete_entries_with_subdirs
+ ;;
+ insert)
+ _arguments : \
+ "-e[echo password to console]" \
+ "--echo[echo password to console]" \
+ "-m[multiline]" \
+ "--multiline[multiline]"
+ _pass_complete_entries_with_subdirs
+ ;;
+ generate)
+ _arguments : \
+ "-n[don't include symbols in password]" \
+ "--no-symbols[don't include symbols in password]" \
+ "-c[copy password to the clipboard]" \
+ "--clip[copy password to the clipboard]" \
+ "-f[force overwrite]" \
+ "--force[force overwrite]" \
+ "-i[replace first line]" \
+ "--in-place[replace first line]"
+ _pass_complete_entries_with_subdirs
+ ;;
+ cp|copy|mv|rename)
+ _arguments : \
+ "-f[force rename]" \
+ "--force[force rename]"
+ _pass_complete_entries_with_subdirs
+ ;;
+ rm)
+ _arguments : \
+ "-f[force deletion]" \
+ "--force[force deletion]" \
+ "-r[recursively delete]" \
+ "--recursive[recursively delete]"
+ _pass_complete_entries_with_subdirs
+ ;;
+ git)
+ local -a subcommands
+ subcommands=(
+ "init:Initialize git repository"
+ "push:Push to remote repository"
+ "pull:Pull from remote repository"
+ "config:Show git config"
+ "log:Show git log"
+ "reflog:Show git reflog"
+ )
+ _describe -t commands 'pass git' subcommands
+ ;;
+ show|*)
+ _pass_cmd_show
+ ;;
+ esac
+ else
+ local -a subcommands
+ subcommands=(
+ "init:Initialize new password storage"
+ "ls:List passwords"
+ "find:Find password files or directories based on pattern"
+ "grep:Search inside decrypted password files for matching pattern"
+ "show:Decrypt and print a password"
+ "insert:Insert a new password"
+ "generate:Generate a new password using pwgen"
+ "edit:Edit a password with \$EDITOR"
+ "mv:Rename the password"
+ "cp:Copy the password"
+ "rm:Remove the password"
+ "git:Call git on the password store"
+ "version:Output version information"
+ "help:Output help message"
+ )
+ _describe -t commands 'pass' subcommands
+ _arguments : \
+ "--version[Output version information]" \
+ "--help[Output help message]"
+ _pass_cmd_show
+ fi
+}
+
+_pass_cmd_show () {
+ _arguments : \
+ "-c[put it on the clipboard]" \
+ "--clip[put it on the clipboard]"
+ _pass_complete_entries
+}
+_pass_complete_entries_helper () {
+ local IFS=$'\n'
+ local prefix="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
+ _values -C 'passwords' ${$(find -L "$prefix" \( -name .git -o -name .gpg-id \) -prune -o $@ -print 2>/dev/null | sed -e "s#${prefix}/\{0,1\}##" -e 's#\.gpg##' | sort):-""}
+}
+
+_pass_complete_entries_with_subdirs () {
+ _pass_complete_entries_helper
+}
+
+_pass_complete_entries () {
+ _pass_complete_entries_helper -type f
+}
+
+_pass_complete_keys () {
+ local IFS=$'\n'
+ # Extract names and email addresses from gpg --list-keys
+ _values 'gpg keys' $(gpg2 --list-secret-keys --with-colons | cut -d : -f 10 | sort -u | sed '/^$/d')
+}
+
+_pass