Search in sources :

Example 1 with TimestampArgument

use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.

the class ManageCertificates method doGenerateOrSignCertificateOrCSR.

/**
 * Performs the necessary processing for the generate-self-signed-certificate,
 * generate-certificate-signing-request, and sign-certificate-signing-request
 * subcommands.
 *
 * @return  A result code that indicates whether the processing completed
 *          successfully.
 */
@NotNull()
private ResultCode doGenerateOrSignCertificateOrCSR() {
    // Figure out which subcommand we're processing.
    final boolean isGenerateCertificate;
    final boolean isGenerateCSR;
    final boolean isSignCSR;
    final SubCommand selectedSubCommand = globalParser.getSelectedSubCommand();
    if (selectedSubCommand.hasName("generate-self-signed-certificate")) {
        isGenerateCertificate = true;
        isGenerateCSR = false;
        isSignCSR = false;
    } else if (selectedSubCommand.hasName("generate-certificate-signing-request")) {
        isGenerateCertificate = false;
        isGenerateCSR = true;
        isSignCSR = false;
    } else {
        Validator.ensureTrue(selectedSubCommand.hasName("sign-certificate-signing-request"));
        isGenerateCertificate = false;
        isGenerateCSR = false;
        isSignCSR = true;
    }
    // Get the values of a number of configured arguments.
    final StringArgument aliasArgument = subCommandParser.getStringArgument("alias");
    final String alias = aliasArgument.getValue();
    final File keystorePath = getKeystorePath();
    final boolean isNewKeystore = (!keystorePath.exists());
    DN subjectDN = null;
    final DNArgument subjectDNArgument = subCommandParser.getDNArgument("subject-dn");
    if ((subjectDNArgument != null) && subjectDNArgument.isPresent()) {
        subjectDN = subjectDNArgument.getValue();
    }
    File inputFile = null;
    final FileArgument inputFileArgument = subCommandParser.getFileArgument("input-file");
    if ((inputFileArgument != null) && inputFileArgument.isPresent()) {
        inputFile = inputFileArgument.getValue();
    }
    File outputFile = null;
    final FileArgument outputFileArgument = subCommandParser.getFileArgument("output-file");
    if ((outputFileArgument != null) && outputFileArgument.isPresent()) {
        outputFile = outputFileArgument.getValue();
    }
    boolean outputPEM = true;
    final StringArgument outputFormatArgument = subCommandParser.getStringArgument("output-format");
    if ((outputFormatArgument != null) && outputFormatArgument.isPresent()) {
        final String format = outputFormatArgument.getValue().toLowerCase();
        if (format.equals("der") || format.equals("binary") || format.equals("bin")) {
            outputPEM = false;
        }
    }
    if ((!outputPEM) && (outputFile == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_FILE_WITH_DER.get());
        return ResultCode.PARAM_ERROR;
    }
    final BooleanArgument replaceExistingCertificateArgument = subCommandParser.getBooleanArgument("replace-existing-certificate");
    final boolean replaceExistingCertificate = ((replaceExistingCertificateArgument != null) && replaceExistingCertificateArgument.isPresent());
    if (replaceExistingCertificate && (!keystorePath.exists())) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_WITHOUT_KS.get());
        return ResultCode.PARAM_ERROR;
    }
    final BooleanArgument inheritExtensionsArgument = subCommandParser.getBooleanArgument("inherit-extensions");
    final boolean inheritExtensions = ((inheritExtensionsArgument != null) && inheritExtensionsArgument.isPresent());
    final BooleanArgument includeRequestedExtensionsArgument = subCommandParser.getBooleanArgument("include-requested-extensions");
    final boolean includeRequestedExtensions = ((includeRequestedExtensionsArgument != null) && includeRequestedExtensionsArgument.isPresent());
    final BooleanArgument noPromptArgument = subCommandParser.getBooleanArgument("no-prompt");
    final boolean noPrompt = ((noPromptArgument != null) && noPromptArgument.isPresent());
    final BooleanArgument displayKeytoolCommandArgument = subCommandParser.getBooleanArgument("display-keytool-command");
    final boolean displayKeytoolCommand = ((displayKeytoolCommandArgument != null) && displayKeytoolCommandArgument.isPresent());
    int daysValid = 365;
    final IntegerArgument daysValidArgument = subCommandParser.getIntegerArgument("days-valid");
    if ((daysValidArgument != null) && daysValidArgument.isPresent()) {
        daysValid = daysValidArgument.getValue();
    }
    Date validityStartTime = null;
    final TimestampArgument validityStartTimeArgument = subCommandParser.getTimestampArgument("validity-start-time");
    if ((validityStartTimeArgument != null) && validityStartTimeArgument.isPresent()) {
        validityStartTime = validityStartTimeArgument.getValue();
    }
    PublicKeyAlgorithmIdentifier keyAlgorithmIdentifier = null;
    String keyAlgorithmName = null;
    final StringArgument keyAlgorithmArgument = subCommandParser.getStringArgument("key-algorithm");
    if ((keyAlgorithmArgument != null) && keyAlgorithmArgument.isPresent()) {
        final String name = keyAlgorithmArgument.getValue();
        keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.forName(name);
        if (keyAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_KEY_ALG.get(name));
            return ResultCode.PARAM_ERROR;
        } else {
            keyAlgorithmName = keyAlgorithmIdentifier.getName();
        }
    }
    Integer keySizeBits = null;
    final IntegerArgument keySizeBitsArgument = subCommandParser.getIntegerArgument("key-size-bits");
    if ((keySizeBitsArgument != null) && keySizeBitsArgument.isPresent()) {
        keySizeBits = keySizeBitsArgument.getValue();
    }
    if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (keySizeBits == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_KEY_SIZE_FOR_NON_RSA_KEY.get());
        return ResultCode.PARAM_ERROR;
    }
    String signatureAlgorithmName = null;
    SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = null;
    final StringArgument signatureAlgorithmArgument = subCommandParser.getStringArgument("signature-algorithm");
    if ((signatureAlgorithmArgument != null) && signatureAlgorithmArgument.isPresent()) {
        final String name = signatureAlgorithmArgument.getValue();
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forName(name);
        if (signatureAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG.get(name));
            return ResultCode.PARAM_ERROR;
        } else {
            signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
        }
    }
    if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (signatureAlgorithmIdentifier == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SIG_ALG_FOR_NON_RSA_KEY.get());
        return ResultCode.PARAM_ERROR;
    }
    // Build a subject alternative name extension, if appropriate.
    final ArrayList<X509CertificateExtension> extensionList = new ArrayList<>(10);
    final GeneralNamesBuilder sanBuilder = new GeneralNamesBuilder();
    final LinkedHashSet<String> sanValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
    final StringArgument sanDNSArgument = subCommandParser.getStringArgument("subject-alternative-name-dns");
    if ((sanDNSArgument != null) && sanDNSArgument.isPresent()) {
        for (final String value : sanDNSArgument.getValues()) {
            sanBuilder.addDNSName(value);
            sanValues.add("DNS:" + value);
        }
    }
    final StringArgument sanIPArgument = subCommandParser.getStringArgument("subject-alternative-name-ip-address");
    if ((sanIPArgument != null) && sanIPArgument.isPresent()) {
        for (final String value : sanIPArgument.getValues()) {
            try {
                sanBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
                sanValues.add("IP:" + value);
            } catch (final Exception e) {
                // This should never happen.
                Debug.debugException(e);
                throw new RuntimeException(e);
            }
        }
    }
    final StringArgument sanEmailArgument = subCommandParser.getStringArgument("subject-alternative-name-email-address");
    if ((sanEmailArgument != null) && sanEmailArgument.isPresent()) {
        for (final String value : sanEmailArgument.getValues()) {
            sanBuilder.addRFC822Name(value);
            sanValues.add("EMAIL:" + value);
        }
    }
    final StringArgument sanURIArgument = subCommandParser.getStringArgument("subject-alternative-name-uri");
    if ((sanURIArgument != null) && sanURIArgument.isPresent()) {
        for (final String value : sanURIArgument.getValues()) {
            sanBuilder.addUniformResourceIdentifier(value);
            sanValues.add("URI:" + value);
        }
    }
    final StringArgument sanOIDArgument = subCommandParser.getStringArgument("subject-alternative-name-oid");
    if ((sanOIDArgument != null) && sanOIDArgument.isPresent()) {
        for (final String value : sanOIDArgument.getValues()) {
            sanBuilder.addRegisteredID(new OID(value));
            sanValues.add("OID:" + value);
        }
    }
    if (!sanValues.isEmpty()) {
        try {
            extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            throw new RuntimeException(e);
        }
    }
    // Build a set of issuer alternative name extension values.
    final GeneralNamesBuilder ianBuilder = new GeneralNamesBuilder();
    final LinkedHashSet<String> ianValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
    final StringArgument ianDNSArgument = subCommandParser.getStringArgument("issuer-alternative-name-dns");
    if ((ianDNSArgument != null) && ianDNSArgument.isPresent()) {
        for (final String value : ianDNSArgument.getValues()) {
            ianBuilder.addDNSName(value);
            ianValues.add("DNS:" + value);
        }
    }
    final StringArgument ianIPArgument = subCommandParser.getStringArgument("issuer-alternative-name-ip-address");
    if ((ianIPArgument != null) && ianIPArgument.isPresent()) {
        for (final String value : ianIPArgument.getValues()) {
            try {
                ianBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
                ianValues.add("IP:" + value);
            } catch (final Exception e) {
                // This should never happen.
                Debug.debugException(e);
                throw new RuntimeException(e);
            }
        }
    }
    final StringArgument ianEmailArgument = subCommandParser.getStringArgument("issuer-alternative-name-email-address");
    if ((ianEmailArgument != null) && ianEmailArgument.isPresent()) {
        for (final String value : ianEmailArgument.getValues()) {
            ianBuilder.addRFC822Name(value);
            ianValues.add("EMAIL:" + value);
        }
    }
    final StringArgument ianURIArgument = subCommandParser.getStringArgument("issuer-alternative-name-uri");
    if ((ianURIArgument != null) && ianURIArgument.isPresent()) {
        for (final String value : ianURIArgument.getValues()) {
            ianBuilder.addUniformResourceIdentifier(value);
            ianValues.add("URI:" + value);
        }
    }
    final StringArgument ianOIDArgument = subCommandParser.getStringArgument("issuer-alternative-name-oid");
    if ((ianOIDArgument != null) && ianOIDArgument.isPresent()) {
        for (final String value : ianOIDArgument.getValues()) {
            ianBuilder.addRegisteredID(new OID(value));
            ianValues.add("OID:" + value);
        }
    }
    if (!ianValues.isEmpty()) {
        try {
            extensionList.add(new IssuerAlternativeNameExtension(false, ianBuilder.build()));
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            throw new RuntimeException(e);
        }
    }
    // Build a basic constraints extension, if appropriate.
    BasicConstraintsExtension basicConstraints = null;
    final BooleanValueArgument basicConstraintsIsCAArgument = subCommandParser.getBooleanValueArgument("basic-constraints-is-ca");
    if ((basicConstraintsIsCAArgument != null) && basicConstraintsIsCAArgument.isPresent()) {
        final boolean isCA = basicConstraintsIsCAArgument.getValue();
        Integer pathLength = null;
        final IntegerArgument pathLengthArgument = subCommandParser.getIntegerArgument("basic-constraints-maximum-path-length");
        if ((pathLengthArgument != null) && pathLengthArgument.isPresent()) {
            if (isCA) {
                pathLength = pathLengthArgument.getValue();
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_BC_PATH_LENGTH_WITHOUT_CA.get());
                return ResultCode.PARAM_ERROR;
            }
        }
        basicConstraints = new BasicConstraintsExtension(false, isCA, pathLength);
        extensionList.add(basicConstraints);
    }
    // Build a key usage extension, if appropriate.
    KeyUsageExtension keyUsage = null;
    final StringArgument keyUsageArgument = subCommandParser.getStringArgument("key-usage");
    if ((keyUsageArgument != null) && keyUsageArgument.isPresent()) {
        boolean digitalSignature = false;
        boolean nonRepudiation = false;
        boolean keyEncipherment = false;
        boolean dataEncipherment = false;
        boolean keyAgreement = false;
        boolean keyCertSign = false;
        boolean crlSign = false;
        boolean encipherOnly = false;
        boolean decipherOnly = false;
        for (final String value : keyUsageArgument.getValues()) {
            if (value.equalsIgnoreCase("digital-signature") || value.equalsIgnoreCase("digitalSignature")) {
                digitalSignature = true;
            } else if (value.equalsIgnoreCase("non-repudiation") || value.equalsIgnoreCase("nonRepudiation") || value.equalsIgnoreCase("content-commitment") || value.equalsIgnoreCase("contentCommitment")) {
                nonRepudiation = true;
            } else if (value.equalsIgnoreCase("key-encipherment") || value.equalsIgnoreCase("keyEncipherment")) {
                keyEncipherment = true;
            } else if (value.equalsIgnoreCase("data-encipherment") || value.equalsIgnoreCase("dataEncipherment")) {
                dataEncipherment = true;
            } else if (value.equalsIgnoreCase("key-agreement") || value.equalsIgnoreCase("keyAgreement")) {
                keyAgreement = true;
            } else if (value.equalsIgnoreCase("key-cert-sign") || value.equalsIgnoreCase("keyCertSign")) {
                keyCertSign = true;
            } else if (value.equalsIgnoreCase("crl-sign") || value.equalsIgnoreCase("crlSign")) {
                crlSign = true;
            } else if (value.equalsIgnoreCase("encipher-only") || value.equalsIgnoreCase("encipherOnly")) {
                encipherOnly = true;
            } else if (value.equalsIgnoreCase("decipher-only") || value.equalsIgnoreCase("decipherOnly")) {
                decipherOnly = true;
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_KEY_USAGE.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
        keyUsage = new KeyUsageExtension(false, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, crlSign, encipherOnly, decipherOnly);
        extensionList.add(keyUsage);
    }
    // Build an extended key usage extension, if appropriate.
    ExtendedKeyUsageExtension extendedKeyUsage = null;
    final StringArgument extendedKeyUsageArgument = subCommandParser.getStringArgument("extended-key-usage");
    if ((extendedKeyUsageArgument != null) && extendedKeyUsageArgument.isPresent()) {
        final List<String> values = extendedKeyUsageArgument.getValues();
        final ArrayList<OID> keyPurposeIDs = new ArrayList<>(values.size());
        for (final String value : values) {
            if (value.equalsIgnoreCase("server-auth") || value.equalsIgnoreCase("serverAuth") || value.equalsIgnoreCase("server-authentication") || value.equalsIgnoreCase("serverAuthentication") || value.equalsIgnoreCase("tls-server-authentication") || value.equalsIgnoreCase("tlsServerAuthentication")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID());
            } else if (value.equalsIgnoreCase("client-auth") || value.equalsIgnoreCase("clientAuth") || value.equalsIgnoreCase("client-authentication") || value.equalsIgnoreCase("clientAuthentication") || value.equalsIgnoreCase("tls-client-authentication") || value.equalsIgnoreCase("tlsClientAuthentication")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID());
            } else if (value.equalsIgnoreCase("code-signing") || value.equalsIgnoreCase("codeSigning")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.CODE_SIGNING.getOID());
            } else if (value.equalsIgnoreCase("email-protection") || value.equalsIgnoreCase("emailProtection")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.EMAIL_PROTECTION.getOID());
            } else if (value.equalsIgnoreCase("time-stamping") || value.equalsIgnoreCase("timeStamping")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TIME_STAMPING.getOID());
            } else if (value.equalsIgnoreCase("ocsp-signing") || value.equalsIgnoreCase("ocspSigning")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.OCSP_SIGNING.getOID());
            } else if (OID.isStrictlyValidNumericOID(value)) {
                keyPurposeIDs.add(new OID(value));
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_EXTENDED_KEY_USAGE.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
        try {
            extendedKeyUsage = new ExtendedKeyUsageExtension(false, keyPurposeIDs);
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXTENDED_KEY_USAGE_ERROR.get());
            e.printStackTrace(getErr());
            return ResultCode.PARAM_ERROR;
        }
        extensionList.add(extendedKeyUsage);
    }
    // Build a list of generic extensions.
    final ArrayList<X509CertificateExtension> genericExtensions = new ArrayList<>(5);
    final StringArgument extensionArgument = subCommandParser.getStringArgument("extension");
    if ((extensionArgument != null) && extensionArgument.isPresent()) {
        for (final String value : extensionArgument.getValues()) {
            try {
                final int firstColonPos = value.indexOf(':');
                final int secondColonPos = value.indexOf(':', firstColonPos + 1);
                final OID oid = new OID(value.substring(0, firstColonPos));
                if (!oid.isStrictlyValidNumericOID()) {
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED_OID.get(value, oid.toString()));
                    return ResultCode.PARAM_ERROR;
                }
                final boolean criticality;
                final String criticalityString = value.substring(firstColonPos + 1, secondColonPos);
                if (criticalityString.equalsIgnoreCase("true") || criticalityString.equalsIgnoreCase("t") || criticalityString.equalsIgnoreCase("yes") || criticalityString.equalsIgnoreCase("y") || criticalityString.equalsIgnoreCase("on") || criticalityString.equalsIgnoreCase("1")) {
                    criticality = true;
                } else if (criticalityString.equalsIgnoreCase("false") || criticalityString.equalsIgnoreCase("f") || criticalityString.equalsIgnoreCase("no") || criticalityString.equalsIgnoreCase("n") || criticalityString.equalsIgnoreCase("off") || criticalityString.equalsIgnoreCase("0")) {
                    criticality = false;
                } else {
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_CRITICALITY.get(value, criticalityString));
                    return ResultCode.PARAM_ERROR;
                }
                final byte[] valueBytes;
                try {
                    valueBytes = StaticUtils.fromHex(value.substring(secondColonPos + 1));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_VALUE.get(value));
                    return ResultCode.PARAM_ERROR;
                }
                final X509CertificateExtension extension = new X509CertificateExtension(oid, criticality, valueBytes);
                genericExtensions.add(extension);
                extensionList.add(extension);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
    }
    final String keystoreType;
    try {
        keystoreType = inferKeystoreType(keystorePath);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    final char[] keystorePassword;
    try {
        keystorePassword = getKeystorePassword(keystorePath);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // Get the keystore.
    final KeyStore keystore;
    try {
        keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // If there is a private key, then see if we need to use a private key
    // password that is different from the keystore password.
    final char[] privateKeyPassword;
    try {
        privateKeyPassword = getPrivateKeyPassword(keystore, alias, keystorePassword);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // perform the appropriate processing for that.
    if (replaceExistingCertificate) {
        // specified alias.
        if (!hasKeyAlias(keystore, alias)) {
            if (hasCertificateAlias(keystore, alias)) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
                return ResultCode.PARAM_ERROR;
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
                return ResultCode.PARAM_ERROR;
            }
        }
        // Get the certificate to replace, along with its key pair.
        final X509Certificate certToReplace;
        final KeyPair keyPair;
        try {
            final Certificate[] chain = keystore.getCertificateChain(alias);
            certToReplace = new X509Certificate(chain[0].getEncoded());
            final PublicKey publicKey = chain[0].getPublicKey();
            final PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
            keyPair = new KeyPair(publicKey, privateKey);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_COULD_NOT_GET_CERT.get(alias));
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // Assign the remaining values using information in the existing
        // certificate.
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(certToReplace.getSignatureAlgorithmOID());
        if (signatureAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CERT.get(certToReplace.getSignatureAlgorithmOID()));
            return ResultCode.PARAM_ERROR;
        } else {
            signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
        }
        if (subjectDN == null) {
            subjectDN = certToReplace.getSubjectDN();
        }
        if (inheritExtensions) {
            for (final X509CertificateExtension extension : certToReplace.getExtensions()) {
                if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
                // This extension applies to the issuer.  We won't include this in
                // the set of inherited extensions.
                } else if (extension instanceof SubjectKeyIdentifierExtension) {
                // The generated certificate will automatically include a subject
                // key identifier extension, so we don't need to include it.
                } else if (extension instanceof BasicConstraintsExtension) {
                    // Don't override a value already provided on the command line.
                    if (basicConstraints == null) {
                        basicConstraints = (BasicConstraintsExtension) extension;
                        extensionList.add(basicConstraints);
                    }
                } else if (extension instanceof ExtendedKeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (extendedKeyUsage == null) {
                        extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
                        extensionList.add(extendedKeyUsage);
                    }
                } else if (extension instanceof KeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (keyUsage == null) {
                        keyUsage = (KeyUsageExtension) extension;
                        extensionList.add(keyUsage);
                    }
                } else if (extension instanceof SubjectAlternativeNameExtension) {
                    // line.
                    if (sanValues.isEmpty()) {
                        final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
                        for (final String dnsName : e.getDNSNames()) {
                            sanValues.add("DNS:" + dnsName);
                        }
                        for (final InetAddress ipAddress : e.getIPAddresses()) {
                            sanValues.add("IP:" + ipAddress.getHostAddress());
                        }
                        for (final String emailAddress : e.getRFC822Names()) {
                            sanValues.add("EMAIL:" + emailAddress);
                        }
                        for (final String uri : e.getUniformResourceIdentifiers()) {
                            sanValues.add("URI:" + uri);
                        }
                        for (final OID oid : e.getRegisteredIDs()) {
                            sanValues.add("OID:" + oid.toString());
                        }
                        extensionList.add(extension);
                    }
                } else {
                    genericExtensions.add(extension);
                    extensionList.add(extension);
                }
            }
        }
        // Create an array with the final set of extensions to include in the
        // certificate or certificate signing request.
        final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
        extensionList.toArray(extensions);
        // a keytool command that we could use to accomplish it.
        if (isGenerateCertificate) {
            if (displayKeytoolCommand) {
                final ArrayList<String> keytoolArguments = new ArrayList<>(30);
                keytoolArguments.add("-selfcert");
                keytoolArguments.add("-keystore");
                keytoolArguments.add(keystorePath.getAbsolutePath());
                keytoolArguments.add("-storetype");
                keytoolArguments.add(keystoreType);
                keytoolArguments.add("-storepass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-keypass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-alias");
                keytoolArguments.add(alias);
                keytoolArguments.add("-dname");
                keytoolArguments.add(subjectDN.toString());
                keytoolArguments.add("-sigalg");
                keytoolArguments.add(signatureAlgorithmName);
                keytoolArguments.add("-validity");
                keytoolArguments.add(String.valueOf(daysValid));
                if (validityStartTime != null) {
                    keytoolArguments.add("-startdate");
                    keytoolArguments.add(formatValidityStartTime(validityStartTime));
                }
                addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
                displayKeytoolCommand(keytoolArguments);
            }
            // Generate the self-signed certificate.
            final long notBefore;
            if (validityStartTime == null) {
                notBefore = System.currentTimeMillis();
            } else {
                notBefore = validityStartTime.getTime();
            }
            final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
            final X509Certificate certificate;
            final Certificate[] chain;
            try {
                certificate = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyPair, subjectDN, notBefore, notAfter, extensions);
                chain = new Certificate[] { certificate.toCertificate() };
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // Update the keystore with the new certificate.
            try {
                keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
                writeKeystore(keystore, keystorePath, keystorePassword);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // Display the certificate we just generated to the end user.
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
            printCertificate(certificate, "", false);
            // If we should write an output file, then do that now.
            if (outputFile != null) {
                try (PrintStream ps = new PrintStream(outputFile)) {
                    final byte[] certBytes = certificate.getX509CertificateBytes();
                    if (outputPEM) {
                        writePEMCertificate(ps, certBytes);
                    } else {
                        ps.write(certBytes);
                    }
                    out();
                    wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    err();
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
                    e.printStackTrace(getErr());
                    return ResultCode.LOCAL_ERROR;
                }
            }
            return ResultCode.SUCCESS;
        } else {
            // Build the keytool command used to generate the certificate signing
            // request.
            Validator.ensureTrue(isGenerateCSR);
            if (displayKeytoolCommand) {
                final ArrayList<String> keytoolArguments = new ArrayList<>(30);
                keytoolArguments.add("-certreq");
                keytoolArguments.add("-keystore");
                keytoolArguments.add(keystorePath.getAbsolutePath());
                keytoolArguments.add("-storetype");
                keytoolArguments.add(keystoreType);
                keytoolArguments.add("-storepass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-keypass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-alias");
                keytoolArguments.add(alias);
                keytoolArguments.add("-dname");
                keytoolArguments.add(subjectDN.toString());
                keytoolArguments.add("-sigalg");
                keytoolArguments.add(signatureAlgorithmName);
                addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
                if (outputFile != null) {
                    keytoolArguments.add("-file");
                    keytoolArguments.add(outputFile.getAbsolutePath());
                }
                displayKeytoolCommand(keytoolArguments);
            }
            // Generate the certificate signing request.
            final PKCS10CertificateSigningRequest certificateSigningRequest;
            try {
                certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // location.
            try {
                final PrintStream ps;
                if (outputFile == null) {
                    ps = getOut();
                } else {
                    ps = new PrintStream(outputFile);
                }
                if (outputPEM) {
                    writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
                } else {
                    ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
                }
                if (outputFile != null) {
                    ps.close();
                }
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // able to see it.
            if (outputFile != null) {
                out();
                wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
            }
            return ResultCode.SUCCESS;
        }
    }
    // certificate.  Perform any remaining argument assignment and validation.
    if ((subjectDN == null) && (!isSignCSR)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SUBJECT_DN_WITHOUT_REPLACE.get());
        return ResultCode.PARAM_ERROR;
    }
    if (keyAlgorithmIdentifier == null) {
        keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.RSA;
        keyAlgorithmName = keyAlgorithmIdentifier.getName();
    }
    if (keySizeBits == null) {
        keySizeBits = 2048;
    }
    if ((signatureAlgorithmIdentifier == null) && (!isSignCSR)) {
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.SHA_256_WITH_RSA;
        signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
    }
    // certificate.
    if (isGenerateCertificate || isGenerateCSR) {
        // keystore.
        if (hasKeyAlias(keystore, alias) || hasCertificateAlias(keystore, alias)) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ALIAS_EXISTS_WITHOUT_REPLACE.get(alias));
            return ResultCode.PARAM_ERROR;
        }
        if (displayKeytoolCommand) {
            final ArrayList<String> keytoolArguments = new ArrayList<>(30);
            keytoolArguments.add("-genkeypair");
            keytoolArguments.add("-keystore");
            keytoolArguments.add(keystorePath.getAbsolutePath());
            keytoolArguments.add("-storetype");
            keytoolArguments.add(keystoreType);
            keytoolArguments.add("-storepass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-keypass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-alias");
            keytoolArguments.add(alias);
            keytoolArguments.add("-dname");
            keytoolArguments.add(subjectDN.toString());
            keytoolArguments.add("-keyalg");
            keytoolArguments.add(keyAlgorithmName);
            keytoolArguments.add("-keysize");
            keytoolArguments.add(String.valueOf(keySizeBits));
            keytoolArguments.add("-sigalg");
            keytoolArguments.add(signatureAlgorithmName);
            keytoolArguments.add("-validity");
            keytoolArguments.add(String.valueOf(daysValid));
            if (validityStartTime != null) {
                keytoolArguments.add("-startdate");
                keytoolArguments.add(formatValidityStartTime(validityStartTime));
            }
            addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
            displayKeytoolCommand(keytoolArguments);
        }
        // Generate the self-signed certificate.
        final long notBefore;
        if (validityStartTime == null) {
            notBefore = System.currentTimeMillis();
        } else {
            notBefore = validityStartTime.getTime();
        }
        final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
        final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
        extensionList.toArray(extensions);
        final Certificate[] chain;
        final KeyPair keyPair;
        final X509Certificate certificate;
        try {
            final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyAlgorithmIdentifier, keySizeBits, subjectDN, notBefore, notAfter, extensions);
            certificate = p.getFirst();
            chain = new Certificate[] { certificate.toCertificate() };
            keyPair = p.getSecond();
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // Update the keystore with the new certificate.
        try {
            keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
            writeKeystore(keystore, keystorePath, keystorePassword);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        if (isNewKeystore) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_CERT_CREATED_KEYSTORE.get(getUserFriendlyKeystoreType(keystoreType)));
        }
        // file.
        if (isGenerateCertificate) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
            printCertificate(certificate, "", false);
            // If we should write an output file, then do that now.
            if (outputFile != null) {
                try (PrintStream ps = new PrintStream(outputFile)) {
                    final byte[] certBytes = certificate.getX509CertificateBytes();
                    if (outputPEM) {
                        writePEMCertificate(ps, certBytes);
                    } else {
                        ps.write(certBytes);
                    }
                    out();
                    wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    err();
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
                    e.printStackTrace(getErr());
                    return ResultCode.LOCAL_ERROR;
                }
            }
            return ResultCode.SUCCESS;
        }
        // If we're generating a certificate signing request, then put together
        // the appropriate set of arguments for that.
        Validator.ensureTrue(isGenerateCSR);
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_KEYPAIR.get());
        if (displayKeytoolCommand) {
            final ArrayList<String> keytoolArguments = new ArrayList<>(30);
            keytoolArguments.add("-certreq");
            keytoolArguments.add("-keystore");
            keytoolArguments.add(keystorePath.getAbsolutePath());
            keytoolArguments.add("-storetype");
            keytoolArguments.add(keystoreType);
            keytoolArguments.add("-storepass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-keypass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-alias");
            keytoolArguments.add(alias);
            keytoolArguments.add("-dname");
            keytoolArguments.add(subjectDN.toString());
            keytoolArguments.add("-sigalg");
            keytoolArguments.add(signatureAlgorithmName);
            addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
            if (outputFile != null) {
                keytoolArguments.add("-file");
                keytoolArguments.add(outputFile.getAbsolutePath());
            }
            displayKeytoolCommand(keytoolArguments);
        }
        // Generate the certificate signing request.
        final PKCS10CertificateSigningRequest certificateSigningRequest;
        try {
            certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // location.
        try {
            final PrintStream ps;
            if (outputFile == null) {
                ps = getOut();
            } else {
                ps = new PrintStream(outputFile);
            }
            if (outputPEM) {
                writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
            } else {
                ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
            }
            if (outputFile != null) {
                ps.close();
            }
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // able to see it.
        if (outputFile != null) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
        }
        return ResultCode.SUCCESS;
    }
    // If we've gotten here, then we should be signing a certificate signing
    // request.  Make sure that the keystore already has a private key entry
    // with the specified alias.
    Validator.ensureTrue(isSignCSR);
    if (!hasKeyAlias(keystore, alias)) {
        if (hasCertificateAlias(keystore, alias)) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
            return ResultCode.PARAM_ERROR;
        } else {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
            return ResultCode.PARAM_ERROR;
        }
    }
    // Get the signing certificate and its key pair.
    final PrivateKey issuerPrivateKey;
    final X509Certificate issuerCertificate;
    try {
        final Certificate[] chain = keystore.getCertificateChain(alias);
        issuerCertificate = new X509Certificate(chain[0].getEncoded());
        issuerPrivateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANNOT_GET_SIGNING_CERT.get(alias));
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // Make sure that we can decode the certificate signing request.
    final PKCS10CertificateSigningRequest csr;
    try {
        csr = readCertificateSigningRequestFromFile(inputFile);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // Make sure that we can verify the certificate signing request's signature.
    try {
        csr.verifySignature();
    } catch (final CertException ce) {
        Debug.debugException(ce);
        wrapErr(0, WRAP_COLUMN, ce.getMessage());
        return ResultCode.PARAM_ERROR;
    }
    // Prompt about whether to sign the request, if appropriate.
    if (!noPrompt) {
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SIGN_CONFIRM.get());
        out();
        printCertificateSigningRequest(csr, false, "");
        out();
        try {
            if (!promptForYesNo(INFO_MANAGE_CERTS_GEN_CERT_PROMPT_SIGN.get())) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANCELED.get());
                return ResultCode.USER_CANCELED;
            }
        } catch (final LDAPException le) {
            Debug.debugException(le);
            err();
            wrapErr(0, WRAP_COLUMN, le.getMessage());
            return le.getResultCode();
        }
    }
    // from it.
    if ((subjectDN == null) || (signatureAlgorithmIdentifier == null) || includeRequestedExtensions) {
        if (subjectDN == null) {
            subjectDN = csr.getSubjectDN();
        }
        if (signatureAlgorithmIdentifier == null) {
            signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(csr.getSignatureAlgorithmOID());
            if (signatureAlgorithmIdentifier == null) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CSR.get(csr.getSignatureAlgorithmOID()));
                return ResultCode.PARAM_ERROR;
            } else {
                signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
            }
        }
        if (includeRequestedExtensions) {
            for (final X509CertificateExtension extension : csr.getExtensions()) {
                if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
                // This extension applies to the issuer.  We won't include this in
                // the set of inherited extensions.
                } else if (extension instanceof SubjectKeyIdentifierExtension) {
                // The generated certificate will automatically include a subject
                // key identifier extension, so we don't need to include it.
                } else if (extension instanceof BasicConstraintsExtension) {
                    // Don't override a value already provided on the command line.
                    if (basicConstraints == null) {
                        basicConstraints = (BasicConstraintsExtension) extension;
                        extensionList.add(basicConstraints);
                    }
                } else if (extension instanceof ExtendedKeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (extendedKeyUsage == null) {
                        extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
                        extensionList.add(extendedKeyUsage);
                    }
                } else if (extension instanceof KeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (keyUsage == null) {
                        keyUsage = (KeyUsageExtension) extension;
                        extensionList.add(keyUsage);
                    }
                } else if (extension instanceof SubjectAlternativeNameExtension) {
                    // line.
                    if (sanValues.isEmpty()) {
                        final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
                        for (final String dnsName : e.getDNSNames()) {
                            sanBuilder.addDNSName(dnsName);
                            sanValues.add("DNS:" + dnsName);
                        }
                        for (final InetAddress ipAddress : e.getIPAddresses()) {
                            sanBuilder.addIPAddress(ipAddress);
                            sanValues.add("IP:" + ipAddress.getHostAddress());
                        }
                        for (final String emailAddress : e.getRFC822Names()) {
                            sanBuilder.addRFC822Name(emailAddress);
                            sanValues.add("EMAIL:" + emailAddress);
                        }
                        for (final String uri : e.getUniformResourceIdentifiers()) {
                            sanBuilder.addUniformResourceIdentifier(uri);
                            sanValues.add("URI:" + uri);
                        }
                        for (final OID oid : e.getRegisteredIDs()) {
                            sanBuilder.addRegisteredID(oid);
                            sanValues.add("OID:" + oid.toString());
                        }
                        try {
                            extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
                        } catch (final Exception ex) {
                            // This should never happen.
                            Debug.debugException(ex);
                            throw new RuntimeException(ex);
                        }
                    }
                } else {
                    genericExtensions.add(extension);
                    extensionList.add(extension);
                }
            }
        }
    }
    // Generate the keytool arguments to use to sign the requested certificate.
    final ArrayList<String> keytoolArguments = new ArrayList<>(30);
    keytoolArguments.add("-gencert");
    keytoolArguments.add("-keystore");
    keytoolArguments.add(keystorePath.getAbsolutePath());
    keytoolArguments.add("-storetype");
    keytoolArguments.add(keystoreType);
    keytoolArguments.add("-storepass");
    keytoolArguments.add("*****REDACTED*****");
    keytoolArguments.add("-keypass");
    keytoolArguments.add("*****REDACTED*****");
    keytoolArguments.add("-alias");
    keytoolArguments.add(alias);
    keytoolArguments.add("-dname");
    keytoolArguments.add(subjectDN.toString());
    keytoolArguments.add("-sigalg");
    keytoolArguments.add(signatureAlgorithmName);
    keytoolArguments.add("-validity");
    keytoolArguments.add(String.valueOf(daysValid));
    if (validityStartTime != null) {
        keytoolArguments.add("-startdate");
        keytoolArguments.add(formatValidityStartTime(validityStartTime));
    }
    addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
    keytoolArguments.add("-infile");
    keytoolArguments.add(inputFile.getAbsolutePath());
    if (outputFile != null) {
        keytoolArguments.add("-outfile");
        keytoolArguments.add(outputFile.getAbsolutePath());
    }
    if (outputPEM) {
        keytoolArguments.add("-rfc");
    }
    if (displayKeytoolCommand) {
        displayKeytoolCommand(keytoolArguments);
    }
    // Generate the signed certificate.
    final long notBefore;
    if (validityStartTime == null) {
        notBefore = System.currentTimeMillis();
    } else {
        notBefore = validityStartTime.getTime();
    }
    final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
    final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
    extensionList.toArray(extensions);
    final X509Certificate signedCertificate;
    try {
        signedCertificate = X509Certificate.generateIssuerSignedCertificate(signatureAlgorithmIdentifier, issuerCertificate, issuerPrivateKey, csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), subjectDN, notBefore, notAfter, extensions);
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_SIGNING_CERT.get());
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // Write the signed certificate signing request to the appropriate location.
    try {
        final PrintStream ps;
        if (outputFile == null) {
            ps = getOut();
        } else {
            ps = new PrintStream(outputFile);
        }
        if (outputPEM) {
            writePEMCertificate(ps, signedCertificate.getX509CertificateBytes());
        } else {
            ps.write(signedCertificate.getX509CertificateBytes());
        }
        if (outputFile != null) {
            ps.close();
        }
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_SIGNED_CERT.get());
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // able to see it.
    if (outputFile != null) {
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_SIGNED_CERT.get(outputFile.getAbsolutePath()));
    }
    return ResultCode.SUCCESS;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) PrivateKey(java.security.PrivateKey) ArrayList(java.util.ArrayList) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) FileArgument(com.unboundid.util.args.FileArgument) DNArgument(com.unboundid.util.args.DNArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) KeyPair(java.security.KeyPair) SubCommand(com.unboundid.util.args.SubCommand) PublicKey(java.security.PublicKey) OID(com.unboundid.util.OID) LDAPException(com.unboundid.ldap.sdk.LDAPException) File(java.io.File) InetAddress(java.net.InetAddress) Certificate(java.security.cert.Certificate) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) PrintStream(java.io.PrintStream) BooleanArgument(com.unboundid.util.args.BooleanArgument) KeyStore(java.security.KeyStore) Date(java.util.Date) ArgumentException(com.unboundid.util.args.ArgumentException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) LDAPException(com.unboundid.ldap.sdk.LDAPException) IOException(java.io.IOException) StringArgument(com.unboundid.util.args.StringArgument) NotNull(com.unboundid.util.NotNull)

Example 2 with TimestampArgument

use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.

the class ManageCertificates method addToolArguments.

/**
 * Adds the command-line arguments supported for use with this tool to the
 * provided argument parser.  The tool may need to retain references to the
 * arguments (and/or the argument parser, if trailing arguments are allowed)
 * to it in order to obtain their values for use in later processing.
 *
 * @param  parser  The argument parser to which the arguments are to be added.
 *
 * @throws  ArgumentException  If a problem occurs while adding any of the
 *                             tool-specific arguments to the provided
 *                             argument parser.
 */
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
    globalParser = parser;
    // Define the "list-certificates" subcommand and all of its arguments.
    final ArgumentParser listCertsParser = new ArgumentParser("list-certificates", INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get());
    final FileArgument listCertsKeystore = new FileArgument(null, "keystore", (JVM_DEFAULT_CACERTS_FILE == null), 1, null, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_DESC.get(), true, true, true, false);
    listCertsKeystore.addLongIdentifier("keystore-path", true);
    listCertsKeystore.addLongIdentifier("keystorePath", true);
    listCertsKeystore.addLongIdentifier("keystore-file", true);
    listCertsKeystore.addLongIdentifier("keystoreFile", true);
    listCertsParser.addArgument(listCertsKeystore);
    if (JVM_DEFAULT_CACERTS_FILE != null) {
        final BooleanArgument listCertsUseJVMDefault = new BooleanArgument(null, "use-jvm-default-trust-store", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_JVM_DEFAULT_DESC.get(JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
        listCertsUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore", true);
        listCertsUseJVMDefault.addLongIdentifier("jvm-default", true);
        listCertsUseJVMDefault.addLongIdentifier("jvmDefault", true);
        listCertsParser.addArgument(listCertsUseJVMDefault);
        listCertsParser.addRequiredArgumentSet(listCertsUseJVMDefault, listCertsKeystore);
        listCertsParser.addExclusiveArgumentSet(listCertsUseJVMDefault, listCertsKeystore);
    }
    final StringArgument listCertsKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_DESC.get());
    listCertsKeystorePassword.addLongIdentifier("keystorePassword", true);
    listCertsKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    listCertsKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    listCertsKeystorePassword.addLongIdentifier("keystore-pin", true);
    listCertsKeystorePassword.addLongIdentifier("keystorePIN", true);
    listCertsKeystorePassword.addLongIdentifier("storepass", true);
    listCertsKeystorePassword.setSensitive(true);
    listCertsParser.addArgument(listCertsKeystorePassword);
    final FileArgument listCertsKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    listCertsKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    listCertsKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    listCertsKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    listCertsKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    listCertsKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    listCertsParser.addArgument(listCertsKeystorePasswordFile);
    final BooleanArgument listCertsPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_PROMPT_FOR_KS_PW_DESC.get());
    listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    listCertsPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    listCertsPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    listCertsParser.addArgument(listCertsPromptForKeystorePassword);
    final StringArgument listCertsKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    listCertsKeystoreType.addLongIdentifier("key-store-type", true);
    listCertsKeystoreType.addLongIdentifier("keystoreType", true);
    listCertsKeystoreType.addLongIdentifier("keystore-format", true);
    listCertsKeystoreType.addLongIdentifier("key-store-format", true);
    listCertsKeystoreType.addLongIdentifier("keystoreFormat", true);
    listCertsKeystoreType.addLongIdentifier("storetype", true);
    listCertsParser.addArgument(listCertsKeystoreType);
    final StringArgument listCertsAlias = new StringArgument(null, "alias", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_ALIAS_DESC.get());
    listCertsAlias.addLongIdentifier("nickname", true);
    listCertsParser.addArgument(listCertsAlias);
    final BooleanArgument listCertsDisplayPEM = new BooleanArgument(null, "display-pem-certificate", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_PEM_DESC.get());
    listCertsDisplayPEM.addLongIdentifier("displayPEMCertificate", true);
    listCertsDisplayPEM.addLongIdentifier("display-pem", true);
    listCertsDisplayPEM.addLongIdentifier("displayPEM", true);
    listCertsDisplayPEM.addLongIdentifier("show-pem-certificate", true);
    listCertsDisplayPEM.addLongIdentifier("showPEMCertificate", true);
    listCertsDisplayPEM.addLongIdentifier("show-pem", true);
    listCertsDisplayPEM.addLongIdentifier("showPEM", true);
    listCertsDisplayPEM.addLongIdentifier("pem", true);
    listCertsDisplayPEM.addLongIdentifier("rfc", true);
    listCertsParser.addArgument(listCertsDisplayPEM);
    final BooleanArgument listCertsVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_VERBOSE_DESC.get());
    listCertsParser.addArgument(listCertsVerbose);
    final BooleanArgument listCertsDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_COMMAND_DESC.get());
    listCertsDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    listCertsDisplayCommand.addLongIdentifier("show-keytool-command", true);
    listCertsDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    listCertsParser.addArgument(listCertsDisplayCommand);
    listCertsParser.addExclusiveArgumentSet(listCertsKeystorePassword, listCertsKeystorePasswordFile, listCertsPromptForKeystorePassword);
    final LinkedHashMap<String[], String> listCertsExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
    listCertsExamples.put(new String[] { "list-certificates", "--keystore", getPlatformSpecificPath("config", "keystore") }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
    listCertsExamples.put(new String[] { "list-certificates", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--verbose", "--display-pem-certificate", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_2.get(getPlatformSpecificPath("config", "keystore.p12"), getPlatformSpecificPath("config", "keystore.pin")));
    if (JVM_DEFAULT_CACERTS_FILE != null) {
        listCertsExamples.put(new String[] { "list-certificates", "--use-jvm-default-trust-store" }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_3.get());
    }
    final SubCommand listCertsSubCommand = new SubCommand("list-certificates", INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get(), listCertsParser, listCertsExamples);
    listCertsSubCommand.addName("listCertificates", true);
    listCertsSubCommand.addName("list-certs", true);
    listCertsSubCommand.addName("listCerts", true);
    listCertsSubCommand.addName("list", true);
    parser.addSubCommand(listCertsSubCommand);
    // Define the "export-certificate" subcommand and all of its arguments.
    final ArgumentParser exportCertParser = new ArgumentParser("export-certificate", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get());
    final FileArgument exportCertKeystore = new FileArgument(null, "keystore", (JVM_DEFAULT_CACERTS_FILE == null), 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_DESC.get(), true, true, true, false);
    exportCertKeystore.addLongIdentifier("keystore-path", true);
    exportCertKeystore.addLongIdentifier("keystorePath", true);
    exportCertKeystore.addLongIdentifier("keystore-file", true);
    exportCertKeystore.addLongIdentifier("keystoreFile", true);
    exportCertParser.addArgument(exportCertKeystore);
    if (JVM_DEFAULT_CACERTS_FILE != null) {
        final BooleanArgument exportCertUseJVMDefault = new BooleanArgument(null, "use-jvm-default-trust-store", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERTS_ARG_JVM_DEFAULT_DESC.get(JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
        exportCertUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore", true);
        exportCertUseJVMDefault.addLongIdentifier("jvm-default", true);
        exportCertUseJVMDefault.addLongIdentifier("jvmDefault", true);
        exportCertParser.addArgument(exportCertUseJVMDefault);
        exportCertParser.addRequiredArgumentSet(exportCertUseJVMDefault, exportCertKeystore);
        exportCertParser.addExclusiveArgumentSet(exportCertUseJVMDefault, exportCertKeystore);
    }
    final StringArgument exportCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_DESC.get());
    exportCertKeystorePassword.addLongIdentifier("keystorePassword", true);
    exportCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    exportCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    exportCertKeystorePassword.addLongIdentifier("keystore-pin", true);
    exportCertKeystorePassword.addLongIdentifier("keystorePIN", true);
    exportCertKeystorePassword.addLongIdentifier("storepass", true);
    exportCertKeystorePassword.setSensitive(true);
    exportCertParser.addArgument(exportCertKeystorePassword);
    final FileArgument exportCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    exportCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    exportCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    exportCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    exportCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    exportCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    exportCertParser.addArgument(exportCertKeystorePasswordFile);
    final BooleanArgument exportCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
    exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    exportCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    exportCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    exportCertParser.addArgument(exportCertPromptForKeystorePassword);
    final StringArgument exportCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    exportCertKeystoreType.addLongIdentifier("key-store-type", true);
    exportCertKeystoreType.addLongIdentifier("keystoreType", true);
    exportCertKeystoreType.addLongIdentifier("keystore-format", true);
    exportCertKeystoreType.addLongIdentifier("key-store-format", true);
    exportCertKeystoreType.addLongIdentifier("keystoreFormat", true);
    exportCertKeystoreType.addLongIdentifier("storetype", true);
    exportCertParser.addArgument(exportCertKeystoreType);
    final StringArgument exportCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_ALIAS_DESC.get());
    exportCertAlias.addLongIdentifier("nickname", true);
    exportCertParser.addArgument(exportCertAlias);
    final BooleanArgument exportCertChain = new BooleanArgument(null, "export-certificate-chain", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_CHAIN_DESC.get());
    exportCertChain.addLongIdentifier("exportCertificateChain", true);
    exportCertChain.addLongIdentifier("export-chain", true);
    exportCertChain.addLongIdentifier("exportChain", true);
    exportCertChain.addLongIdentifier("certificate-chain", true);
    exportCertChain.addLongIdentifier("certificateChain", true);
    exportCertChain.addLongIdentifier("chain", true);
    exportCertParser.addArgument(exportCertChain);
    final Set<String> exportCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument exportCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FORMAT_DESC.get(), exportCertOutputFormatAllowedValues, "PEM");
    exportCertOutputFormat.addLongIdentifier("outputFormat", true);
    exportCertParser.addArgument(exportCertOutputFormat);
    final FileArgument exportCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FILE_DESC.get(), false, true, true, false);
    exportCertOutputFile.addLongIdentifier("outputFile", true);
    exportCertOutputFile.addLongIdentifier("export-file", true);
    exportCertOutputFile.addLongIdentifier("exportFile", true);
    exportCertOutputFile.addLongIdentifier("certificate-file", true);
    exportCertOutputFile.addLongIdentifier("certificateFile", true);
    exportCertOutputFile.addLongIdentifier("file", true);
    exportCertOutputFile.addLongIdentifier("filename", true);
    exportCertParser.addArgument(exportCertOutputFile);
    final BooleanArgument exportCertSeparateFile = new BooleanArgument(null, "separate-file-per-certificate", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_SEPARATE_FILE_DESC.get());
    exportCertSeparateFile.addLongIdentifier("separateFilePerCertificate", true);
    exportCertSeparateFile.addLongIdentifier("separate-files", true);
    exportCertSeparateFile.addLongIdentifier("separateFiles", true);
    exportCertParser.addArgument(exportCertSeparateFile);
    final BooleanArgument exportCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
    exportCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    exportCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
    exportCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    exportCertParser.addArgument(exportCertDisplayCommand);
    exportCertParser.addExclusiveArgumentSet(exportCertKeystorePassword, exportCertKeystorePasswordFile, exportCertPromptForKeystorePassword);
    exportCertParser.addDependentArgumentSet(exportCertSeparateFile, exportCertChain);
    exportCertParser.addDependentArgumentSet(exportCertSeparateFile, exportCertOutputFile);
    final LinkedHashMap<String[], String> exportCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    exportCertExamples.put(new String[] { "export-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_1.get());
    exportCertExamples.put(new String[] { "export-certificate", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--export-certificate-chain", "--output-format", "DER", "--output-file", "certificate-chain.der", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_2.get());
    final SubCommand exportCertSubCommand = new SubCommand("export-certificate", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportCertParser, exportCertExamples);
    exportCertSubCommand.addName("exportCertificate", true);
    exportCertSubCommand.addName("export-cert", true);
    exportCertSubCommand.addName("exportCert", true);
    exportCertSubCommand.addName("export", true);
    parser.addSubCommand(exportCertSubCommand);
    // Define the "export-private-key" subcommand and all of its arguments.
    final ArgumentParser exportKeyParser = new ArgumentParser("export-private-key", INFO_MANAGE_CERTS_SC_EXPORT_KEY_DESC.get());
    final FileArgument exportKeyKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_DESC.get(), true, true, true, false);
    exportKeyKeystore.addLongIdentifier("keystore-path", true);
    exportKeyKeystore.addLongIdentifier("keystorePath", true);
    exportKeyKeystore.addLongIdentifier("keystore-file", true);
    exportKeyKeystore.addLongIdentifier("keystoreFile", true);
    exportKeyParser.addArgument(exportKeyKeystore);
    final StringArgument exportKeyKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_DESC.get());
    exportKeyKeystorePassword.addLongIdentifier("keystorePassword", true);
    exportKeyKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    exportKeyKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    exportKeyKeystorePassword.addLongIdentifier("keystore-pin", true);
    exportKeyKeystorePassword.addLongIdentifier("keystorePIN", true);
    exportKeyKeystorePassword.addLongIdentifier("storepass", true);
    exportKeyKeystorePassword.setSensitive(true);
    exportKeyParser.addArgument(exportKeyKeystorePassword);
    final FileArgument exportKeyKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    exportKeyKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    exportKeyKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    exportKeyKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    exportKeyKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    exportKeyKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    exportKeyParser.addArgument(exportKeyKeystorePasswordFile);
    final BooleanArgument exportKeyPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_KS_PW_DESC.get());
    exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    exportKeyPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    exportKeyPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    exportKeyParser.addArgument(exportKeyPromptForKeystorePassword);
    final StringArgument exportKeyPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_DESC.get());
    exportKeyPKPassword.addLongIdentifier("privateKeyPassword", true);
    exportKeyPKPassword.addLongIdentifier("private-key-passphrase", true);
    exportKeyPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    exportKeyPKPassword.addLongIdentifier("private-key-pin", true);
    exportKeyPKPassword.addLongIdentifier("privateKeyPIN", true);
    exportKeyPKPassword.addLongIdentifier("key-password", true);
    exportKeyPKPassword.addLongIdentifier("keyPassword", true);
    exportKeyPKPassword.addLongIdentifier("key-passphrase", true);
    exportKeyPKPassword.addLongIdentifier("keyPassphrase", true);
    exportKeyPKPassword.addLongIdentifier("key-pin", true);
    exportKeyPKPassword.addLongIdentifier("keyPIN", true);
    exportKeyPKPassword.addLongIdentifier("keypass", true);
    exportKeyPKPassword.setSensitive(true);
    exportKeyParser.addArgument(exportKeyPKPassword);
    final FileArgument exportKeyPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    exportKeyPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    exportKeyPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    exportKeyPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    exportKeyPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    exportKeyPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    exportKeyPKPasswordFile.addLongIdentifier("key-password-file", true);
    exportKeyPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    exportKeyPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    exportKeyPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    exportKeyPKPasswordFile.addLongIdentifier("key-pin-file", true);
    exportKeyPKPasswordFile.addLongIdentifier("keyPINFile", true);
    exportKeyParser.addArgument(exportKeyPKPasswordFile);
    final BooleanArgument exportKeyPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_PK_PW_DESC.get());
    exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    exportKeyParser.addArgument(exportKeyPromptForPKPassword);
    final StringArgument exportKeyKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    exportKeyKeystoreType.addLongIdentifier("key-store-type", true);
    exportKeyKeystoreType.addLongIdentifier("keystoreType", true);
    exportKeyKeystoreType.addLongIdentifier("keystore-format", true);
    exportKeyKeystoreType.addLongIdentifier("key-store-format", true);
    exportKeyKeystoreType.addLongIdentifier("keystoreFormat", true);
    exportKeyKeystoreType.addLongIdentifier("storetype", true);
    exportKeyParser.addArgument(exportKeyKeystoreType);
    final StringArgument exportKeyAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ALIAS_DESC.get());
    exportKeyAlias.addLongIdentifier("nickname", true);
    exportKeyParser.addArgument(exportKeyAlias);
    final Set<String> exportKeyOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument exportKeyOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FORMAT_DESC.get(), exportKeyOutputFormatAllowedValues, "PEM");
    exportKeyOutputFormat.addLongIdentifier("outputFormat", true);
    exportKeyParser.addArgument(exportKeyOutputFormat);
    final FileArgument exportKeyOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FILE_DESC.get(), false, true, true, false);
    exportKeyOutputFile.addLongIdentifier("outputFile", true);
    exportKeyOutputFile.addLongIdentifier("export-file", true);
    exportKeyOutputFile.addLongIdentifier("exportFile", true);
    exportKeyOutputFile.addLongIdentifier("private-key-file", true);
    exportKeyOutputFile.addLongIdentifier("privateKeyFile", true);
    exportKeyOutputFile.addLongIdentifier("key-file", true);
    exportKeyOutputFile.addLongIdentifier("keyFile", true);
    exportKeyOutputFile.addLongIdentifier("file", true);
    exportKeyOutputFile.addLongIdentifier("filename", true);
    exportKeyParser.addArgument(exportKeyOutputFile);
    exportKeyParser.addRequiredArgumentSet(exportKeyKeystorePassword, exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
    exportKeyParser.addExclusiveArgumentSet(exportKeyKeystorePassword, exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
    exportKeyParser.addExclusiveArgumentSet(exportKeyPKPassword, exportKeyPKPasswordFile, exportKeyPromptForPKPassword);
    final LinkedHashMap<String[], String> exportKeyExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    exportKeyExamples.put(new String[] { "export-private-key", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_1.get());
    exportKeyExamples.put(new String[] { "export-private-key", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--private-key-password-file", getPlatformSpecificPath("config", "server-cert-key.pin"), "--alias", "server-cert", "--output-format", "DER", "--output-file", "server-cert-key.der" }, INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_2.get());
    final SubCommand exportKeySubCommand = new SubCommand("export-private-key", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportKeyParser, exportKeyExamples);
    exportKeySubCommand.addName("exportPrivateKey", true);
    exportKeySubCommand.addName("export-key", true);
    exportKeySubCommand.addName("exportKey", true);
    parser.addSubCommand(exportKeySubCommand);
    // Define the "import-certificate" subcommand and all of its arguments.
    final ArgumentParser importCertParser = new ArgumentParser("import-certificate", INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get());
    final FileArgument importCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_DESC.get(), false, true, true, false);
    importCertKeystore.addLongIdentifier("keystore-path", true);
    importCertKeystore.addLongIdentifier("keystorePath", true);
    importCertKeystore.addLongIdentifier("keystore-file", true);
    importCertKeystore.addLongIdentifier("keystoreFile", true);
    importCertParser.addArgument(importCertKeystore);
    final StringArgument importCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_DESC.get());
    importCertKeystorePassword.addLongIdentifier("keystorePassword", true);
    importCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    importCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    importCertKeystorePassword.addLongIdentifier("keystore-pin", true);
    importCertKeystorePassword.addLongIdentifier("keystorePIN", true);
    importCertKeystorePassword.addLongIdentifier("storepass", true);
    importCertKeystorePassword.setSensitive(true);
    importCertParser.addArgument(importCertKeystorePassword);
    final FileArgument importCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    importCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    importCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    importCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    importCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    importCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    importCertParser.addArgument(importCertKeystorePasswordFile);
    final BooleanArgument importCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
    importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    importCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    importCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    importCertParser.addArgument(importCertPromptForKeystorePassword);
    final StringArgument importCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    importCertKeystoreType.addLongIdentifier("key-store-type", true);
    importCertKeystoreType.addLongIdentifier("keystoreType", true);
    importCertKeystoreType.addLongIdentifier("keystore-format", true);
    importCertKeystoreType.addLongIdentifier("key-store-format", true);
    importCertKeystoreType.addLongIdentifier("keystoreFormat", true);
    importCertKeystoreType.addLongIdentifier("storetype", true);
    importCertParser.addArgument(importCertKeystoreType);
    final StringArgument importCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ALIAS_DESC.get());
    importCertAlias.addLongIdentifier("nickname", true);
    importCertParser.addArgument(importCertAlias);
    final FileArgument importCertCertificateFile = new FileArgument(null, "certificate-file", true, 0, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_CERT_FILE_DESC.get(), true, true, true, false);
    importCertCertificateFile.addLongIdentifier("certificateFile", true);
    importCertCertificateFile.addLongIdentifier("certificate-chain-file", true);
    importCertCertificateFile.addLongIdentifier("certificateChainFile", true);
    importCertCertificateFile.addLongIdentifier("input-file", true);
    importCertCertificateFile.addLongIdentifier("inputFile", true);
    importCertCertificateFile.addLongIdentifier("import-file", true);
    importCertCertificateFile.addLongIdentifier("importFile", true);
    importCertCertificateFile.addLongIdentifier("file", true);
    importCertCertificateFile.addLongIdentifier("filename", true);
    importCertParser.addArgument(importCertCertificateFile);
    final FileArgument importCertPKFile = new FileArgument(null, "private-key-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KEY_FILE_DESC.get(), true, true, true, false);
    importCertPKFile.addLongIdentifier("privateKeyFile", true);
    importCertPKFile.addLongIdentifier("key-file", true);
    importCertPKFile.addLongIdentifier("keyFile", true);
    importCertParser.addArgument(importCertPKFile);
    final StringArgument importCertPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_DESC.get());
    importCertPKPassword.addLongIdentifier("privateKeyPassword", true);
    importCertPKPassword.addLongIdentifier("private-key-passphrase", true);
    importCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    importCertPKPassword.addLongIdentifier("private-key-pin", true);
    importCertPKPassword.addLongIdentifier("privateKeyPIN", true);
    importCertPKPassword.addLongIdentifier("key-password", true);
    importCertPKPassword.addLongIdentifier("keyPassword", true);
    importCertPKPassword.addLongIdentifier("key-passphrase", true);
    importCertPKPassword.addLongIdentifier("keyPassphrase", true);
    importCertPKPassword.addLongIdentifier("key-pin", true);
    importCertPKPassword.addLongIdentifier("keyPIN", true);
    importCertPKPassword.addLongIdentifier("keypass", true);
    importCertPKPassword.setSensitive(true);
    importCertParser.addArgument(importCertPKPassword);
    final FileArgument importCertPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    importCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    importCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    importCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    importCertPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    importCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    importCertPKPasswordFile.addLongIdentifier("key-password-file", true);
    importCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    importCertPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    importCertPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    importCertPKPasswordFile.addLongIdentifier("key-pin-file", true);
    importCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
    importCertParser.addArgument(importCertPKPasswordFile);
    final BooleanArgument importCertPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
    importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    importCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    importCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    importCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    importCertPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    importCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    importCertParser.addArgument(importCertPromptForPKPassword);
    final BooleanArgument importCertNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_NO_PROMPT_DESC.get());
    importCertNoPrompt.addLongIdentifier("noPrompt", true);
    importCertParser.addArgument(importCertNoPrompt);
    final BooleanArgument importCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
    importCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    importCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
    importCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    importCertParser.addArgument(importCertDisplayCommand);
    importCertParser.addRequiredArgumentSet(importCertKeystorePassword, importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
    importCertParser.addExclusiveArgumentSet(importCertKeystorePassword, importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
    importCertParser.addExclusiveArgumentSet(importCertPKPassword, importCertPKPasswordFile, importCertPromptForPKPassword);
    final LinkedHashMap<String[], String> importCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    importCertExamples.put(new String[] { "import-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--certificate-file", "server-cert.crt" }, INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_1.get("server-cert.crt"));
    importCertExamples.put(new String[] { "import-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--certificate-file", "server-cert.crt", "--certificate-file", "server-cert-issuer.crt", "--private-key-file", "server-cert.key", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_2.get());
    final SubCommand importCertSubCommand = new SubCommand("import-certificate", INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get(), importCertParser, importCertExamples);
    importCertSubCommand.addName("importCertificate", true);
    importCertSubCommand.addName("import-certificates", true);
    importCertSubCommand.addName("importCertificates", true);
    importCertSubCommand.addName("import-cert", true);
    importCertSubCommand.addName("importCert", true);
    importCertSubCommand.addName("import-certs", true);
    importCertSubCommand.addName("importCerts", true);
    importCertSubCommand.addName("import-certificate-chain", true);
    importCertSubCommand.addName("importCertificateChain", true);
    importCertSubCommand.addName("import-chain", true);
    importCertSubCommand.addName("importChain", true);
    importCertSubCommand.addName("import", true);
    parser.addSubCommand(importCertSubCommand);
    // Define the "delete-certificate" subcommand and all of its arguments.
    final ArgumentParser deleteCertParser = new ArgumentParser("delete-certificate", INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get());
    final FileArgument deleteCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_DESC.get(), true, true, true, false);
    deleteCertKeystore.addLongIdentifier("keystore-path", true);
    deleteCertKeystore.addLongIdentifier("keystorePath", true);
    deleteCertKeystore.addLongIdentifier("keystore-file", true);
    deleteCertKeystore.addLongIdentifier("keystoreFile", true);
    deleteCertParser.addArgument(deleteCertKeystore);
    final StringArgument deleteCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_DESC.get());
    deleteCertKeystorePassword.addLongIdentifier("keystorePassword", true);
    deleteCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    deleteCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    deleteCertKeystorePassword.addLongIdentifier("keystore-pin", true);
    deleteCertKeystorePassword.addLongIdentifier("keystorePIN", true);
    deleteCertKeystorePassword.addLongIdentifier("storepass", true);
    deleteCertKeystorePassword.setSensitive(true);
    deleteCertParser.addArgument(deleteCertKeystorePassword);
    final FileArgument deleteCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    deleteCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    deleteCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    deleteCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    deleteCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    deleteCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    deleteCertParser.addArgument(deleteCertKeystorePasswordFile);
    final BooleanArgument deleteCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
    deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    deleteCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    deleteCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    deleteCertParser.addArgument(deleteCertPromptForKeystorePassword);
    final StringArgument deleteCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    deleteCertKeystoreType.addLongIdentifier("key-store-type", true);
    deleteCertKeystoreType.addLongIdentifier("keystoreType", true);
    deleteCertKeystoreType.addLongIdentifier("keystore-format", true);
    deleteCertKeystoreType.addLongIdentifier("key-store-format", true);
    deleteCertKeystoreType.addLongIdentifier("keystoreFormat", true);
    deleteCertKeystoreType.addLongIdentifier("storetype", true);
    deleteCertParser.addArgument(deleteCertKeystoreType);
    final StringArgument deleteCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_ALIAS_DESC.get());
    deleteCertAlias.addLongIdentifier("nickname", true);
    deleteCertParser.addArgument(deleteCertAlias);
    final BooleanArgument deleteCertNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_NO_PROMPT_DESC.get());
    deleteCertNoPrompt.addLongIdentifier("noPrompt", true);
    deleteCertParser.addArgument(deleteCertNoPrompt);
    final BooleanArgument deleteCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_DISPLAY_COMMAND_DESC.get());
    deleteCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    deleteCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
    deleteCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    deleteCertParser.addArgument(deleteCertDisplayCommand);
    deleteCertParser.addExclusiveArgumentSet(deleteCertKeystorePassword, deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
    deleteCertParser.addRequiredArgumentSet(deleteCertKeystorePassword, deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
    final LinkedHashMap<String[], String> deleteCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    deleteCertExamples.put(new String[] { "delete-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_DELETE_CERT_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
    final SubCommand deleteCertSubCommand = new SubCommand("delete-certificate", INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get(), deleteCertParser, deleteCertExamples);
    deleteCertSubCommand.addName("deleteCertificate", true);
    deleteCertSubCommand.addName("remove-certificate", true);
    deleteCertSubCommand.addName("removeCertificate", true);
    deleteCertSubCommand.addName("delete", true);
    deleteCertSubCommand.addName("remove", true);
    parser.addSubCommand(deleteCertSubCommand);
    // Define the "generate-self-signed-certificate" subcommand and all of its
    // arguments.
    final ArgumentParser genCertParser = new ArgumentParser("generate-self-signed-certificate", INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get());
    final FileArgument genCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_DESC.get(), false, true, true, false);
    genCertKeystore.addLongIdentifier("keystore-path", true);
    genCertKeystore.addLongIdentifier("keystorePath", true);
    genCertKeystore.addLongIdentifier("keystore-file", true);
    genCertKeystore.addLongIdentifier("keystoreFile", true);
    genCertParser.addArgument(genCertKeystore);
    final StringArgument genCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_DESC.get());
    genCertKeystorePassword.addLongIdentifier("keystorePassword", true);
    genCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    genCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    genCertKeystorePassword.addLongIdentifier("keystore-pin", true);
    genCertKeystorePassword.addLongIdentifier("keystorePIN", true);
    genCertKeystorePassword.addLongIdentifier("storepass", true);
    genCertKeystorePassword.setSensitive(true);
    genCertParser.addArgument(genCertKeystorePassword);
    final FileArgument genCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    genCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    genCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    genCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    genCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    genCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    genCertParser.addArgument(genCertKeystorePasswordFile);
    final BooleanArgument genCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
    genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    genCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    genCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    genCertParser.addArgument(genCertPromptForKeystorePassword);
    final StringArgument genCertPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_DESC.get());
    genCertPKPassword.addLongIdentifier("privateKeyPassword", true);
    genCertPKPassword.addLongIdentifier("private-key-passphrase", true);
    genCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    genCertPKPassword.addLongIdentifier("private-key-pin", true);
    genCertPKPassword.addLongIdentifier("privateKeyPIN", true);
    genCertPKPassword.addLongIdentifier("key-password", true);
    genCertPKPassword.addLongIdentifier("keyPassword", true);
    genCertPKPassword.addLongIdentifier("key-passphrase", true);
    genCertPKPassword.addLongIdentifier("keyPassphrase", true);
    genCertPKPassword.addLongIdentifier("key-pin", true);
    genCertPKPassword.addLongIdentifier("keyPIN", true);
    genCertPKPassword.addLongIdentifier("keypass", true);
    genCertPKPassword.setSensitive(true);
    genCertParser.addArgument(genCertPKPassword);
    final FileArgument genCertPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    genCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    genCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    genCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    genCertPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    genCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    genCertPKPasswordFile.addLongIdentifier("key-password-file", true);
    genCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    genCertPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    genCertPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    genCertPKPasswordFile.addLongIdentifier("key-pin-file", true);
    genCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
    genCertParser.addArgument(genCertPKPasswordFile);
    final BooleanArgument genCertPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
    genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    genCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    genCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    genCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    genCertPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    genCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    genCertParser.addArgument(genCertPromptForPKPassword);
    final StringArgument genCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    genCertKeystoreType.addLongIdentifier("key-store-type", true);
    genCertKeystoreType.addLongIdentifier("keystoreType", true);
    genCertKeystoreType.addLongIdentifier("keystore-format", true);
    genCertKeystoreType.addLongIdentifier("key-store-format", true);
    genCertKeystoreType.addLongIdentifier("keystoreFormat", true);
    genCertKeystoreType.addLongIdentifier("storetype", true);
    genCertParser.addArgument(genCertKeystoreType);
    final StringArgument genCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_ALIAS_DESC.get());
    genCertAlias.addLongIdentifier("nickname", true);
    genCertParser.addArgument(genCertAlias);
    final BooleanArgument genCertReplace = new BooleanArgument(null, "replace-existing-certificate", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_REPLACE_DESC.get());
    genCertReplace.addLongIdentifier("replaceExistingCertificate", true);
    genCertReplace.addLongIdentifier("replace-certificate", true);
    genCertReplace.addLongIdentifier("replaceCertificate", true);
    genCertReplace.addLongIdentifier("replace-existing", true);
    genCertReplace.addLongIdentifier("replaceExisting", true);
    genCertReplace.addLongIdentifier("replace", true);
    genCertReplace.addLongIdentifier("use-existing-key-pair", true);
    genCertReplace.addLongIdentifier("use-existing-keypair", true);
    genCertReplace.addLongIdentifier("useExistingKeypair", true);
    genCertParser.addArgument(genCertReplace);
    final DNArgument genCertSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SUBJECT_DN_DESC.get());
    genCertSubjectDN.addLongIdentifier("subjectDN", true);
    genCertSubjectDN.addLongIdentifier("subject", true);
    genCertSubjectDN.addLongIdentifier("dname", true);
    genCertParser.addArgument(genCertSubjectDN);
    final IntegerArgument genCertDaysValid = new IntegerArgument(null, "days-valid", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DAYS_VALID_DESC.get(), 1, Integer.MAX_VALUE);
    genCertDaysValid.addLongIdentifier("daysValid", true);
    genCertDaysValid.addLongIdentifier("validity", true);
    genCertParser.addArgument(genCertDaysValid);
    final TimestampArgument genCertNotBefore = new TimestampArgument(null, "validity-start-time", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_VALIDITY_START_TIME_DESC.get("20180102123456"));
    genCertNotBefore.addLongIdentifier("validityStartTime", true);
    genCertNotBefore.addLongIdentifier("not-before", true);
    genCertNotBefore.addLongIdentifier("notBefore", true);
    genCertParser.addArgument(genCertNotBefore);
    final StringArgument genCertKeyAlgorithm = new StringArgument(null, "key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_ALGORITHM_DESC.get());
    genCertKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
    genCertKeyAlgorithm.addLongIdentifier("key-alg", true);
    genCertKeyAlgorithm.addLongIdentifier("keyAlg", true);
    genCertParser.addArgument(genCertKeyAlgorithm);
    final IntegerArgument genCertKeySizeBits = new IntegerArgument(null, "key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_SIZE_BITS_DESC.get(), 1, Integer.MAX_VALUE);
    genCertKeySizeBits.addLongIdentifier("keySizeBits", true);
    genCertKeySizeBits.addLongIdentifier("key-length-bits", true);
    genCertKeySizeBits.addLongIdentifier("keyLengthBits", true);
    genCertKeySizeBits.addLongIdentifier("key-size", true);
    genCertKeySizeBits.addLongIdentifier("keySize", true);
    genCertKeySizeBits.addLongIdentifier("key-length", true);
    genCertKeySizeBits.addLongIdentifier("keyLength", true);
    genCertParser.addArgument(genCertKeySizeBits);
    final StringArgument genCertSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SIG_ALG_DESC.get());
    genCertSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
    genCertSignatureAlgorithm.addLongIdentifier("signature-alg", true);
    genCertSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
    genCertSignatureAlgorithm.addLongIdentifier("sig-alg", true);
    genCertSignatureAlgorithm.addLongIdentifier("sigAlg", true);
    genCertParser.addArgument(genCertSignatureAlgorithm);
    final BooleanArgument genCertInheritExtensions = new BooleanArgument(null, "inherit-extensions", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_INHERIT_EXT_DESC.get());
    genCertInheritExtensions.addLongIdentifier("inheritExtensions", true);
    genCertParser.addArgument(genCertInheritExtensions);
    final StringArgument genCertSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_DNS_DESC.get());
    genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
    genCertSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
    genCertSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
    genCertSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
    genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
    genCertSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
    genCertSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
    genCertSubjectAltDNS.addLongIdentifier("san-dns", true);
    genCertSubjectAltDNS.addLongIdentifier("sanDNS", true);
    genCertSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
    genCertParser.addArgument(genCertSubjectAltDNS);
    final StringArgument genCertSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_IP_DESC.get());
    genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
    genCertSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
    genCertSubjectAltIP.addLongIdentifier("subjectAltIP", true);
    genCertSubjectAltIP.addLongIdentifier("san-ip-address", true);
    genCertSubjectAltIP.addLongIdentifier("sanIPAddress", true);
    genCertSubjectAltIP.addLongIdentifier("san-ip", true);
    genCertSubjectAltIP.addLongIdentifier("sanIP", true);
    genCertSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
    genCertParser.addArgument(genCertSubjectAltIP);
    final StringArgument genCertSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_EMAIL_DESC.get());
    genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
    genCertSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
    genCertSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
    genCertSubjectAltEmail.addLongIdentifier("san-email-address", true);
    genCertSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
    genCertSubjectAltEmail.addLongIdentifier("san-email", true);
    genCertSubjectAltEmail.addLongIdentifier("sanEmail", true);
    genCertSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
    genCertParser.addArgument(genCertSubjectAltEmail);
    final StringArgument genCertSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_URI_DESC.get());
    genCertSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
    genCertSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
    genCertSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
    genCertSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
    genCertSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
    genCertSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
    genCertSubjectAltURI.addLongIdentifier("subjectAltURI", true);
    genCertSubjectAltURI.addLongIdentifier("san-uri", true);
    genCertSubjectAltURI.addLongIdentifier("sanURI", true);
    genCertParser.addArgument(genCertSubjectAltURI);
    final StringArgument genCertSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_OID_DESC.get());
    genCertSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
    genCertSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
    genCertSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
    genCertSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
    genCertSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
    genCertSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
    genCertSubjectAltOID.addLongIdentifier("subjectAltOID", true);
    genCertSubjectAltOID.addLongIdentifier("san-oid", true);
    genCertSubjectAltOID.addLongIdentifier("sanOID", true);
    genCertSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
    genCertParser.addArgument(genCertSubjectAltOID);
    final BooleanValueArgument genCertBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_IS_CA_DESC.get());
    genCertBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
    genCertBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
    genCertBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
    genCertParser.addArgument(genCertBasicConstraintsIsCA);
    final IntegerArgument genCertBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
    genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
    genCertBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
    genCertParser.addArgument(genCertBasicConstraintsPathLength);
    final StringArgument genCertKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KU_DESC.get());
    genCertKeyUsage.addLongIdentifier("keyUsage", true);
    genCertParser.addArgument(genCertKeyUsage);
    final StringArgument genCertExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EKU_DESC.get());
    genCertExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
    genCertParser.addArgument(genCertExtendedKeyUsage);
    final StringArgument genCertExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EXT_DESC.get());
    genCertExtension.addLongIdentifier("ext", true);
    genCertParser.addArgument(genCertExtension);
    final FileArgument genCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
    genCertOutputFile.addLongIdentifier("outputFile", true);
    genCertOutputFile.addLongIdentifier("filename", true);
    genCertOutputFile.addLongIdentifier("file", true);
    genCertParser.addArgument(genCertOutputFile);
    final Set<String> genCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument genCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_FORMAT_DESC.get(), genCertOutputFormatAllowedValues, "PEM");
    genCertOutputFormat.addLongIdentifier("outputFormat", true);
    genCertParser.addArgument(genCertOutputFormat);
    final BooleanArgument genCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DISPLAY_COMMAND_DESC.get());
    genCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    genCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
    genCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    genCertParser.addArgument(genCertDisplayCommand);
    genCertParser.addRequiredArgumentSet(genCertKeystorePassword, genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
    genCertParser.addExclusiveArgumentSet(genCertKeystorePassword, genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
    genCertParser.addExclusiveArgumentSet(genCertPKPassword, genCertPKPasswordFile, genCertPromptForPKPassword);
    genCertParser.addExclusiveArgumentSet(genCertReplace, genCertKeyAlgorithm);
    genCertParser.addExclusiveArgumentSet(genCertReplace, genCertKeySizeBits);
    genCertParser.addExclusiveArgumentSet(genCertReplace, genCertSignatureAlgorithm);
    genCertParser.addDependentArgumentSet(genCertBasicConstraintsPathLength, genCertBasicConstraintsIsCA);
    genCertParser.addDependentArgumentSet(genCertOutputFormat, genCertOutputFile);
    final LinkedHashMap<String[], String> genCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(4));
    genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_1.get());
    genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--replace-existing-certificate", "--inherit-extensions" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_2.get());
    genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US", "--days-valid", "3650", "--validity-start-time", "20170101000000", "--key-algorithm", "RSA", "--key-size-bits", "4096", "--signature-algorithm", "SHA256withRSA", "--subject-alternative-name-dns", "ldap1.example.com", "--subject-alternative-name-dns", "ldap2.example.com", "--subject-alternative-name-ip-address", "1.2.3.4", "--subject-alternative-name-ip-address", "1.2.3.5", "--extended-key-usage", "server-auth", "--extended-key-usage", "client-auth", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_3.get());
    genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "ca-cert", "--subject-dn", "CN=Example Certification Authority,O=Example Corp,C=US", "--days-valid", "7300", "--validity-start-time", "20170101000000", "--key-algorithm", "EC", "--key-size-bits", "256", "--signature-algorithm", "SHA256withECDSA", "--basic-constraints-is-ca", "true", "--key-usage", "key-cert-sign", "--key-usage", "crl-sign", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_4.get());
    final SubCommand genCertSubCommand = new SubCommand("generate-self-signed-certificate", INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get(), genCertParser, genCertExamples);
    genCertSubCommand.addName("generateSelfSignedCertificate", true);
    genCertSubCommand.addName("generate-certificate", true);
    genCertSubCommand.addName("generateCertificate", true);
    genCertSubCommand.addName("self-signed-certificate", true);
    genCertSubCommand.addName("selfSignedCertificate", true);
    genCertSubCommand.addName("selfcert", true);
    parser.addSubCommand(genCertSubCommand);
    // Define the "generate-certificate-signing-request" subcommand and all of
    // its arguments.
    final ArgumentParser genCSRParser = new ArgumentParser("generate-certificate-signing-request", INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get());
    final Set<String> genCSROutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument genCSROutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_FORMAT_DESC.get(), genCSROutputFormatAllowedValues, "PEM");
    genCSROutputFormat.addLongIdentifier("outputFormat", true);
    genCSRParser.addArgument(genCSROutputFormat);
    final FileArgument genCSROutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
    genCSROutputFile.addLongIdentifier("outputFile", true);
    genCSROutputFile.addLongIdentifier("filename", true);
    genCSROutputFile.addLongIdentifier("file", true);
    genCSRParser.addArgument(genCSROutputFile);
    final FileArgument genCSRKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_DESC.get(), false, true, true, false);
    genCSRKeystore.addLongIdentifier("keystore-path", true);
    genCSRKeystore.addLongIdentifier("keystorePath", true);
    genCSRKeystore.addLongIdentifier("keystore-file", true);
    genCSRKeystore.addLongIdentifier("keystoreFile", true);
    genCSRParser.addArgument(genCSRKeystore);
    final StringArgument genCSRKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_DESC.get());
    genCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
    genCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    genCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    genCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
    genCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
    genCSRKeystorePassword.addLongIdentifier("storepass", true);
    genCSRKeystorePassword.setSensitive(true);
    genCSRParser.addArgument(genCSRKeystorePassword);
    final FileArgument genCSRKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    genCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    genCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    genCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    genCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    genCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    genCSRParser.addArgument(genCSRKeystorePasswordFile);
    final BooleanArgument genCSRPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
    genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    genCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    genCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    genCSRParser.addArgument(genCSRPromptForKeystorePassword);
    final StringArgument genCSRPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_DESC.get());
    genCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
    genCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
    genCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    genCSRPKPassword.addLongIdentifier("private-key-pin", true);
    genCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
    genCSRPKPassword.addLongIdentifier("key-password", true);
    genCSRPKPassword.addLongIdentifier("keyPassword", true);
    genCSRPKPassword.addLongIdentifier("key-passphrase", true);
    genCSRPKPassword.addLongIdentifier("keyPassphrase", true);
    genCSRPKPassword.addLongIdentifier("key-pin", true);
    genCSRPKPassword.addLongIdentifier("keyPIN", true);
    genCSRPKPassword.addLongIdentifier("keypass", true);
    genCSRPKPassword.setSensitive(true);
    genCSRParser.addArgument(genCSRPKPassword);
    final FileArgument genCSRPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    genCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    genCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    genCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    genCSRPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    genCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    genCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
    genCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    genCSRPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    genCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    genCSRPKPasswordFile.addLongIdentifier("key-pin-file", true);
    genCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
    genCSRParser.addArgument(genCSRPKPasswordFile);
    final BooleanArgument genCSRPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
    genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    genCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    genCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    genCSRParser.addArgument(genCSRPromptForPKPassword);
    final StringArgument genCSRKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    genCSRKeystoreType.addLongIdentifier("key-store-type", true);
    genCSRKeystoreType.addLongIdentifier("keystoreType", true);
    genCSRKeystoreType.addLongIdentifier("keystore-format", true);
    genCSRKeystoreType.addLongIdentifier("key-store-format", true);
    genCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
    genCSRKeystoreType.addLongIdentifier("storetype", true);
    genCSRParser.addArgument(genCSRKeystoreType);
    final StringArgument genCSRAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_ALIAS_DESC.get());
    genCSRAlias.addLongIdentifier("nickname", true);
    genCSRParser.addArgument(genCSRAlias);
    final BooleanArgument genCSRReplace = new BooleanArgument(null, "use-existing-key-pair", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_REPLACE_DESC.get());
    genCSRReplace.addLongIdentifier("use-existing-keypair", true);
    genCSRReplace.addLongIdentifier("useExistingKeyPair", true);
    genCSRReplace.addLongIdentifier("replace-existing-certificate", true);
    genCSRReplace.addLongIdentifier("replaceExistingCertificate", true);
    genCSRReplace.addLongIdentifier("replace-certificate", true);
    genCSRReplace.addLongIdentifier("replaceCertificate", true);
    genCSRReplace.addLongIdentifier("replace-existing", true);
    genCSRReplace.addLongIdentifier("replaceExisting", true);
    genCSRReplace.addLongIdentifier("replace", true);
    genCSRParser.addArgument(genCSRReplace);
    final DNArgument genCSRSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SUBJECT_DN_DESC.get());
    genCSRSubjectDN.addLongIdentifier("subjectDN", true);
    genCSRSubjectDN.addLongIdentifier("subject", true);
    genCSRSubjectDN.addLongIdentifier("dname", true);
    genCSRParser.addArgument(genCSRSubjectDN);
    final StringArgument genCSRKeyAlgorithm = new StringArgument(null, "key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_ALGORITHM_DESC.get());
    genCSRKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
    genCSRKeyAlgorithm.addLongIdentifier("key-alg", true);
    genCSRKeyAlgorithm.addLongIdentifier("keyAlg", true);
    genCSRParser.addArgument(genCSRKeyAlgorithm);
    final IntegerArgument genCSRKeySizeBits = new IntegerArgument(null, "key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_SIZE_BITS_DESC.get(), 1, Integer.MAX_VALUE);
    genCSRKeySizeBits.addLongIdentifier("keySizeBits", true);
    genCSRKeySizeBits.addLongIdentifier("key-length-bits", true);
    genCSRKeySizeBits.addLongIdentifier("keyLengthBits", true);
    genCSRKeySizeBits.addLongIdentifier("key-size", true);
    genCSRKeySizeBits.addLongIdentifier("keySize", true);
    genCSRKeySizeBits.addLongIdentifier("key-length", true);
    genCSRKeySizeBits.addLongIdentifier("keyLength", true);
    genCSRParser.addArgument(genCSRKeySizeBits);
    final StringArgument genCSRSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SIG_ALG_DESC.get());
    genCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
    genCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
    genCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
    genCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
    genCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
    genCSRParser.addArgument(genCSRSignatureAlgorithm);
    final BooleanArgument genCSRInheritExtensions = new BooleanArgument(null, "inherit-extensions", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_INHERIT_EXT_DESC.get());
    genCSRInheritExtensions.addLongIdentifier("inheritExtensions", true);
    genCSRParser.addArgument(genCSRInheritExtensions);
    final StringArgument genCSRSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_DNS_DESC.get());
    genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
    genCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
    genCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
    genCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
    genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
    genCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
    genCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
    genCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
    genCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
    genCSRSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
    genCSRParser.addArgument(genCSRSubjectAltDNS);
    final StringArgument genCSRSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_IP_DESC.get());
    genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
    genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
    genCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
    genCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
    genCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
    genCSRSubjectAltIP.addLongIdentifier("san-ip", true);
    genCSRSubjectAltIP.addLongIdentifier("sanIP", true);
    genCSRSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
    genCSRParser.addArgument(genCSRSubjectAltIP);
    final StringArgument genCSRSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_EMAIL_DESC.get());
    genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
    genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
    genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
    genCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
    genCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
    genCSRSubjectAltEmail.addLongIdentifier("san-email", true);
    genCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
    genCSRSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
    genCSRParser.addArgument(genCSRSubjectAltEmail);
    final StringArgument genCSRSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_URI_DESC.get());
    genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
    genCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
    genCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
    genCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
    genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
    genCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
    genCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
    genCSRSubjectAltURI.addLongIdentifier("san-uri", true);
    genCSRSubjectAltURI.addLongIdentifier("sanURI", true);
    genCSRParser.addArgument(genCSRSubjectAltURI);
    final StringArgument genCSRSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_OID_DESC.get());
    genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
    genCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
    genCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
    genCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
    genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
    genCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
    genCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
    genCSRSubjectAltOID.addLongIdentifier("san-oid", true);
    genCSRSubjectAltOID.addLongIdentifier("sanOID", true);
    genCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
    genCSRParser.addArgument(genCSRSubjectAltOID);
    final BooleanValueArgument genCSRBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_BC_IS_CA_DESC.get());
    genCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
    genCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
    genCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
    genCSRParser.addArgument(genCSRBasicConstraintsIsCA);
    final IntegerArgument genCSRBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
    genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
    genCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
    genCSRParser.addArgument(genCSRBasicConstraintsPathLength);
    final StringArgument genCSRKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KU_DESC.get());
    genCSRKeyUsage.addLongIdentifier("keyUsage", true);
    genCSRParser.addArgument(genCSRKeyUsage);
    final StringArgument genCSRExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EKU_DESC.get());
    genCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
    genCSRParser.addArgument(genCSRExtendedKeyUsage);
    final StringArgument genCSRExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EXT_DESC.get());
    genCSRExtension.addLongIdentifier("ext", true);
    genCSRParser.addArgument(genCSRExtension);
    final BooleanArgument genCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
    genCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    genCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
    genCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    genCSRParser.addArgument(genCSRDisplayCommand);
    genCSRParser.addRequiredArgumentSet(genCSRKeystorePassword, genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
    genCSRParser.addExclusiveArgumentSet(genCSRKeystorePassword, genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
    genCSRParser.addExclusiveArgumentSet(genCSRPKPassword, genCSRPKPasswordFile, genCSRPromptForPKPassword);
    genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRKeyAlgorithm);
    genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRKeySizeBits);
    genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRSignatureAlgorithm);
    genCSRParser.addDependentArgumentSet(genCSRBasicConstraintsPathLength, genCSRBasicConstraintsIsCA);
    final LinkedHashMap<String[], String> genCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
    genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_1.get());
    genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--use-existing-key-pair", "--inherit-extensions", "--output-file", "server-cert.csr" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_2.get());
    genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US", "--key-algorithm", "EC", "--key-size-bits", "256", "--signature-algorithm", "SHA256withECDSA", "--subject-alternative-name-dns", "ldap1.example.com", "--subject-alternative-name-dns", "ldap2.example.com", "--subject-alternative-name-ip-address", "1.2.3.4", "--subject-alternative-name-ip-address", "1.2.3.5", "--extended-key-usage", "server-auth", "--extended-key-usage", "client-auth", "--output-file", "server-cert.csr", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_3.get());
    final SubCommand genCSRSubCommand = new SubCommand("generate-certificate-signing-request", INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get(), genCSRParser, genCSRExamples);
    genCSRSubCommand.addName("generateCertificateSigningRequest", true);
    genCSRSubCommand.addName("generate-certificate-request", true);
    genCSRSubCommand.addName("generateCertificateRequest", true);
    genCSRSubCommand.addName("generate-csr", true);
    genCSRSubCommand.addName("generateCSR", true);
    genCSRSubCommand.addName("certificate-signing-request", true);
    genCSRSubCommand.addName("certificateSigningRequest", true);
    genCSRSubCommand.addName("csr", true);
    genCSRSubCommand.addName("certreq", true);
    parser.addSubCommand(genCSRSubCommand);
    // Define the "sign-certificate-signing-request" subcommand and all of its
    // arguments.
    final ArgumentParser signCSRParser = new ArgumentParser("sign-certificate-signing-request", INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get());
    final FileArgument signCSRInputFile = new FileArgument(null, "request-input-file", true, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INPUT_FILE_DESC.get(), true, true, true, false);
    signCSRInputFile.addLongIdentifier("requestInputFile", true);
    signCSRInputFile.addLongIdentifier("certificate-signing-request", true);
    signCSRInputFile.addLongIdentifier("certificateSigningRequest", true);
    signCSRInputFile.addLongIdentifier("input-file", false);
    signCSRInputFile.addLongIdentifier("inputFile", true);
    signCSRInputFile.addLongIdentifier("csr", true);
    signCSRParser.addArgument(signCSRInputFile);
    final FileArgument signCSROutputFile = new FileArgument(null, "certificate-output-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
    signCSROutputFile.addLongIdentifier("certificateOutputFile", true);
    signCSROutputFile.addLongIdentifier("output-file", false);
    signCSROutputFile.addLongIdentifier("outputFile", true);
    signCSROutputFile.addLongIdentifier("certificate-file", true);
    signCSROutputFile.addLongIdentifier("certificateFile", true);
    signCSRParser.addArgument(signCSROutputFile);
    final Set<String> signCSROutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument signCSROutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_FORMAT_DESC.get(), signCSROutputFormatAllowedValues, "PEM");
    signCSROutputFormat.addLongIdentifier("outputFormat", true);
    signCSRParser.addArgument(signCSROutputFormat);
    final FileArgument signCSRKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_DESC.get(), true, true, true, false);
    signCSRKeystore.addLongIdentifier("keystore-path", true);
    signCSRKeystore.addLongIdentifier("keystorePath", true);
    signCSRKeystore.addLongIdentifier("keystore-file", true);
    signCSRKeystore.addLongIdentifier("keystoreFile", true);
    signCSRParser.addArgument(signCSRKeystore);
    final StringArgument signCSRKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_DESC.get());
    signCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
    signCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    signCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    signCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
    signCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
    signCSRKeystorePassword.addLongIdentifier("storepass", true);
    signCSRKeystorePassword.setSensitive(true);
    signCSRParser.addArgument(signCSRKeystorePassword);
    final FileArgument signCSRKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    signCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    signCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    signCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    signCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    signCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    signCSRParser.addArgument(signCSRKeystorePasswordFile);
    final BooleanArgument signCSRPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
    signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    signCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    signCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    signCSRParser.addArgument(signCSRPromptForKeystorePassword);
    final StringArgument signCSRPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_DESC.get());
    signCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
    signCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
    signCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    signCSRPKPassword.addLongIdentifier("private-key-pin", true);
    signCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
    signCSRPKPassword.addLongIdentifier("key-password", true);
    signCSRPKPassword.addLongIdentifier("keyPassword", true);
    signCSRPKPassword.addLongIdentifier("key-passphrase", true);
    signCSRPKPassword.addLongIdentifier("keyPassphrase", true);
    signCSRPKPassword.addLongIdentifier("key-pin", true);
    signCSRPKPassword.addLongIdentifier("keyPIN", true);
    signCSRPKPassword.addLongIdentifier("keypass", true);
    signCSRPKPassword.setSensitive(true);
    signCSRParser.addArgument(signCSRPKPassword);
    final FileArgument signCSRPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    signCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    signCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    signCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    signCSRPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    signCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    signCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
    signCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    signCSRPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    signCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    signCSRPKPasswordFile.addLongIdentifier("key-pin-file", true);
    signCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
    signCSRParser.addArgument(signCSRPKPasswordFile);
    final BooleanArgument signCSRPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
    signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    signCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    signCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    signCSRParser.addArgument(signCSRPromptForPKPassword);
    final StringArgument signCSRKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    signCSRKeystoreType.addLongIdentifier("key-store-type", true);
    signCSRKeystoreType.addLongIdentifier("keystoreType", true);
    signCSRKeystoreType.addLongIdentifier("keystore-format", true);
    signCSRKeystoreType.addLongIdentifier("key-store-format", true);
    signCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
    signCSRKeystoreType.addLongIdentifier("storetype", true);
    signCSRParser.addArgument(signCSRKeystoreType);
    final StringArgument signCSRAlias = new StringArgument(null, "signing-certificate-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_ALIAS_DESC.get());
    signCSRAlias.addLongIdentifier("signingCertificateAlias", true);
    signCSRAlias.addLongIdentifier("signing-certificate-nickname", true);
    signCSRAlias.addLongIdentifier("signingCertificateNickname", true);
    signCSRAlias.addLongIdentifier("alias", true);
    signCSRAlias.addLongIdentifier("nickname", true);
    signCSRParser.addArgument(signCSRAlias);
    final DNArgument signCSRSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SUBJECT_DN_DESC.get());
    signCSRSubjectDN.addLongIdentifier("subjectDN", true);
    signCSRSubjectDN.addLongIdentifier("subject", true);
    signCSRSubjectDN.addLongIdentifier("dname", true);
    signCSRParser.addArgument(signCSRSubjectDN);
    final IntegerArgument signCSRDaysValid = new IntegerArgument(null, "days-valid", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DAYS_VALID_DESC.get(), 1, Integer.MAX_VALUE);
    signCSRDaysValid.addLongIdentifier("daysValid", true);
    signCSRDaysValid.addLongIdentifier("validity", true);
    signCSRParser.addArgument(signCSRDaysValid);
    final TimestampArgument signCSRNotBefore = new TimestampArgument(null, "validity-start-time", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_VALIDITY_START_TIME_DESC.get("20180102123456"));
    signCSRNotBefore.addLongIdentifier("validityStartTime", true);
    signCSRNotBefore.addLongIdentifier("not-before", true);
    signCSRNotBefore.addLongIdentifier("notBefore", true);
    signCSRParser.addArgument(signCSRNotBefore);
    final StringArgument signCSRSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SIG_ALG_DESC.get());
    signCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
    signCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
    signCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
    signCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
    signCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
    signCSRParser.addArgument(signCSRSignatureAlgorithm);
    final BooleanArgument signCSRIncludeExtensions = new BooleanArgument(null, "include-requested-extensions", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INCLUDE_EXT_DESC.get());
    signCSRIncludeExtensions.addLongIdentifier("includeRequestedExtensions", true);
    signCSRParser.addArgument(signCSRIncludeExtensions);
    final StringArgument signCSRSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_DNS_DESC.get());
    signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
    signCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
    signCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
    signCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
    signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
    signCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
    signCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
    signCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
    signCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
    signCSRSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
    signCSRParser.addArgument(signCSRSubjectAltDNS);
    final StringArgument signCSRSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_IP_DESC.get());
    signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
    signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
    signCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
    signCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
    signCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
    signCSRSubjectAltIP.addLongIdentifier("san-ip", true);
    signCSRSubjectAltIP.addLongIdentifier("sanIP", true);
    signCSRSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
    signCSRParser.addArgument(signCSRSubjectAltIP);
    final StringArgument signCSRSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_EMAIL_DESC.get());
    signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
    signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
    signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
    signCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
    signCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
    signCSRSubjectAltEmail.addLongIdentifier("san-email", true);
    signCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
    signCSRSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
    signCSRParser.addArgument(signCSRSubjectAltEmail);
    final StringArgument signCSRSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_URI_DESC.get());
    signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
    signCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
    signCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
    signCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
    signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
    signCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
    signCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
    signCSRSubjectAltURI.addLongIdentifier("san-uri", true);
    signCSRSubjectAltURI.addLongIdentifier("sanURI", true);
    signCSRParser.addArgument(signCSRSubjectAltURI);
    final StringArgument signCSRSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_OID_DESC.get());
    signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
    signCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
    signCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
    signCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
    signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
    signCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
    signCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
    signCSRSubjectAltOID.addLongIdentifier("san-oid", true);
    signCSRSubjectAltOID.addLongIdentifier("sanOID", true);
    signCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
    signCSRParser.addArgument(signCSRSubjectAltOID);
    final StringArgument signCSRIssuerAltDNS = new StringArgument(null, "issuer-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_DNS_DESC.get());
    signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeNameDNS", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-name-dns", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuerAltNameDNS", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuer-alternative-dns", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeDNS", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-dns", true);
    signCSRIssuerAltDNS.addLongIdentifier("issuerAltDNS", true);
    signCSRIssuerAltDNS.addLongIdentifier("ian-dns", true);
    signCSRIssuerAltDNS.addLongIdentifier("ianDNS", true);
    signCSRIssuerAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
    signCSRParser.addArgument(signCSRIssuerAltDNS);
    final StringArgument signCSRIssuerAltIP = new StringArgument(null, "issuer-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_IP_DESC.get());
    signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIPAddress", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-name-ip", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIP", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip-address", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIPAddress", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIP", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip-address", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIPAddress", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIP", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip-address", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAltIPAddress", true);
    signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip", true);
    signCSRIssuerAltIP.addLongIdentifier("issuerAltIP", true);
    signCSRIssuerAltIP.addLongIdentifier("ian-ip-address", true);
    signCSRIssuerAltIP.addLongIdentifier("ianIPAddress", true);
    signCSRIssuerAltIP.addLongIdentifier("ian-ip", true);
    signCSRIssuerAltIP.addLongIdentifier("ianIP", true);
    signCSRIssuerAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
    signCSRParser.addArgument(signCSRIssuerAltIP);
    final StringArgument signCSRIssuerAltEmail = new StringArgument(null, "issuer-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_EMAIL_DESC.get());
    signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeNameEmailAddress", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-name-email", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeNameEmail", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email-address", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmailAddress", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmail", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-email-address", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmailAddress", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-email", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmail", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email-address", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmailAddress", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email", true);
    signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmail", true);
    signCSRIssuerAltEmail.addLongIdentifier("ian-email-address", true);
    signCSRIssuerAltEmail.addLongIdentifier("ianEmailAddress", true);
    signCSRIssuerAltEmail.addLongIdentifier("ian-email", true);
    signCSRIssuerAltEmail.addLongIdentifier("ianEmail", true);
    signCSRIssuerAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
    signCSRParser.addArgument(signCSRIssuerAltEmail);
    final StringArgument signCSRIssuerAltURI = new StringArgument(null, "issuer-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_URI_DESC.get());
    signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeNameURI", true);
    signCSRIssuerAltURI.addLongIdentifier("issuer-alt-name-uri", true);
    signCSRIssuerAltURI.addLongIdentifier("issuerAltNameURI", true);
    signCSRIssuerAltURI.addLongIdentifier("issuer-alternative-uri", true);
    signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeURI", true);
    signCSRIssuerAltURI.addLongIdentifier("issuer-alt-uri", true);
    signCSRIssuerAltURI.addLongIdentifier("issuerAltURI", true);
    signCSRIssuerAltURI.addLongIdentifier("ian-uri", true);
    signCSRIssuerAltURI.addLongIdentifier("ianURI", true);
    signCSRParser.addArgument(signCSRIssuerAltURI);
    final StringArgument signCSRIssuerAltOID = new StringArgument(null, "issuer-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_OID_DESC.get());
    signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeNameOID", true);
    signCSRIssuerAltOID.addLongIdentifier("issuer-alt-name-oid", true);
    signCSRIssuerAltOID.addLongIdentifier("issuerAltNameOID", true);
    signCSRIssuerAltOID.addLongIdentifier("issuer-alternative-oid", true);
    signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeOID", true);
    signCSRIssuerAltOID.addLongIdentifier("issuer-alt-oid", true);
    signCSRIssuerAltOID.addLongIdentifier("issuerAltOID", true);
    signCSRIssuerAltOID.addLongIdentifier("ian-oid", true);
    signCSRIssuerAltOID.addLongIdentifier("ianOID", true);
    signCSRIssuerAltOID.addValueValidator(new OIDArgumentValueValidator(true));
    signCSRParser.addArgument(signCSRIssuerAltOID);
    final BooleanValueArgument signCSRBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_BC_IS_CA_DESC.get());
    signCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
    signCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
    signCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
    signCSRParser.addArgument(signCSRBasicConstraintsIsCA);
    final IntegerArgument signCSRBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
    signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
    signCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
    signCSRParser.addArgument(signCSRBasicConstraintsPathLength);
    final StringArgument signCSRKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KU_DESC.get());
    signCSRKeyUsage.addLongIdentifier("keyUsage", true);
    signCSRParser.addArgument(signCSRKeyUsage);
    final StringArgument signCSRExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EKU_DESC.get());
    signCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
    signCSRParser.addArgument(signCSRExtendedKeyUsage);
    final StringArgument signCSRExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EXT_DESC.get());
    signCSRExtension.addLongIdentifier("ext", true);
    signCSRParser.addArgument(signCSRExtension);
    final BooleanArgument signCSRNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_NO_PROMPT_DESC.get());
    signCSRNoPrompt.addLongIdentifier("noPrompt", true);
    signCSRParser.addArgument(signCSRNoPrompt);
    final BooleanArgument signCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
    signCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    signCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
    signCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    signCSRParser.addArgument(signCSRDisplayCommand);
    signCSRParser.addRequiredArgumentSet(signCSRKeystorePassword, signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
    signCSRParser.addExclusiveArgumentSet(signCSRKeystorePassword, signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
    signCSRParser.addExclusiveArgumentSet(signCSRPKPassword, signCSRPKPasswordFile, signCSRPromptForPKPassword);
    signCSRParser.addDependentArgumentSet(signCSRBasicConstraintsPathLength, signCSRBasicConstraintsIsCA);
    final LinkedHashMap<String[], String> signCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    signCSRExamples.put(new String[] { "sign-certificate-signing-request", "--request-input-file", "server-cert.csr", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--signing-certificate-alias", "ca-cert", "--include-requested-extensions" }, INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
    signCSRExamples.put(new String[] { "sign-certificate-signing-request", "--request-input-file", "server-cert.csr", "--certificate-output-file", "server-cert.der", "--output-format", "DER", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--signing-certificate-alias", "ca-cert", "--days-valid", "730", "--validity-start-time", "20170101000000", "--include-requested-extensions", "--issuer-alternative-name-email-address", "ca@example.com" }, INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_2.get(getPlatformSpecificPath("config", "keystore")));
    final SubCommand signCSRSubCommand = new SubCommand("sign-certificate-signing-request", INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get(), signCSRParser, signCSRExamples);
    signCSRSubCommand.addName("signCertificateSigningRequest", true);
    signCSRSubCommand.addName("sign-certificate-request", true);
    signCSRSubCommand.addName("signCertificateRequest", true);
    signCSRSubCommand.addName("sign-certificate", true);
    signCSRSubCommand.addName("signCertificate", true);
    signCSRSubCommand.addName("sign-csr", true);
    signCSRSubCommand.addName("signCSR", true);
    signCSRSubCommand.addName("sign", true);
    signCSRSubCommand.addName("gencert", true);
    parser.addSubCommand(signCSRSubCommand);
    // Define the "change-certificate-alias" subcommand and all of its
    // arguments.
    final ArgumentParser changeAliasParser = new ArgumentParser("change-certificate-alias", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get());
    final FileArgument changeAliasKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_DESC.get(), true, true, true, false);
    changeAliasKeystore.addLongIdentifier("keystore-path", true);
    changeAliasKeystore.addLongIdentifier("keystorePath", true);
    changeAliasKeystore.addLongIdentifier("keystore-file", true);
    changeAliasKeystore.addLongIdentifier("keystoreFile", true);
    changeAliasParser.addArgument(changeAliasKeystore);
    final StringArgument changeAliasKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_DESC.get());
    changeAliasKeystorePassword.addLongIdentifier("keystorePassword", true);
    changeAliasKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    changeAliasKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    changeAliasKeystorePassword.addLongIdentifier("keystore-pin", true);
    changeAliasKeystorePassword.addLongIdentifier("keystorePIN", true);
    changeAliasKeystorePassword.addLongIdentifier("storepass", true);
    changeAliasKeystorePassword.setSensitive(true);
    changeAliasParser.addArgument(changeAliasKeystorePassword);
    final FileArgument changeAliasKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    changeAliasKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    changeAliasKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    changeAliasKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    changeAliasKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    changeAliasKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    changeAliasParser.addArgument(changeAliasKeystorePasswordFile);
    final BooleanArgument changeAliasPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_KS_PW_DESC.get());
    changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    changeAliasPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    changeAliasPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    changeAliasParser.addArgument(changeAliasPromptForKeystorePassword);
    final StringArgument changeAliasPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_DESC.get());
    changeAliasPKPassword.addLongIdentifier("privateKeyPassword", true);
    changeAliasPKPassword.addLongIdentifier("private-key-passphrase", true);
    changeAliasPKPassword.addLongIdentifier("privateKeyPassphrase", true);
    changeAliasPKPassword.addLongIdentifier("private-key-pin", true);
    changeAliasPKPassword.addLongIdentifier("privateKeyPIN", true);
    changeAliasPKPassword.addLongIdentifier("key-password", true);
    changeAliasPKPassword.addLongIdentifier("keyPassword", true);
    changeAliasPKPassword.addLongIdentifier("key-passphrase", true);
    changeAliasPKPassword.addLongIdentifier("keyPassphrase", true);
    changeAliasPKPassword.addLongIdentifier("key-pin", true);
    changeAliasPKPassword.addLongIdentifier("keyPIN", true);
    changeAliasPKPassword.addLongIdentifier("keypass", true);
    changeAliasPKPassword.setSensitive(true);
    changeAliasParser.addArgument(changeAliasPKPassword);
    final FileArgument changeAliasPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
    changeAliasPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
    changeAliasPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
    changeAliasPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
    changeAliasPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
    changeAliasPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
    changeAliasPKPasswordFile.addLongIdentifier("key-password-file", true);
    changeAliasPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
    changeAliasPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
    changeAliasPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
    changeAliasPKPasswordFile.addLongIdentifier("key-pin-file", true);
    changeAliasPKPasswordFile.addLongIdentifier("keyPINFile", true);
    changeAliasParser.addArgument(changeAliasPKPasswordFile);
    final BooleanArgument changeAliasPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_PK_PW_DESC.get());
    changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
    changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
    changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
    changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
    changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
    changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
    changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
    changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
    changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
    changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
    changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
    changeAliasParser.addArgument(changeAliasPromptForPKPassword);
    final StringArgument changeAliasKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    changeAliasKeystoreType.addLongIdentifier("key-store-type", true);
    changeAliasKeystoreType.addLongIdentifier("keystoreType", true);
    changeAliasKeystoreType.addLongIdentifier("keystore-format", true);
    changeAliasKeystoreType.addLongIdentifier("key-store-format", true);
    changeAliasKeystoreType.addLongIdentifier("keystoreFormat", true);
    changeAliasKeystoreType.addLongIdentifier("storetype", true);
    changeAliasParser.addArgument(changeAliasKeystoreType);
    final StringArgument changeAliasCurrentAlias = new StringArgument(null, "current-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_CURRENT_ALIAS_DESC.get());
    changeAliasCurrentAlias.addLongIdentifier("currentAlias", true);
    changeAliasCurrentAlias.addLongIdentifier("old-alias", true);
    changeAliasCurrentAlias.addLongIdentifier("oldAlias", true);
    changeAliasCurrentAlias.addLongIdentifier("source-alias", true);
    changeAliasCurrentAlias.addLongIdentifier("sourceAlias", true);
    changeAliasCurrentAlias.addLongIdentifier("alias", true);
    changeAliasCurrentAlias.addLongIdentifier("current-nickname", true);
    changeAliasCurrentAlias.addLongIdentifier("currentNickname", true);
    changeAliasCurrentAlias.addLongIdentifier("old-nickname", true);
    changeAliasCurrentAlias.addLongIdentifier("oldNickname", true);
    changeAliasCurrentAlias.addLongIdentifier("source-nickname", true);
    changeAliasCurrentAlias.addLongIdentifier("sourceNickname", true);
    changeAliasCurrentAlias.addLongIdentifier("nickname", true);
    changeAliasCurrentAlias.addLongIdentifier("from", false);
    changeAliasParser.addArgument(changeAliasCurrentAlias);
    final StringArgument changeAliasNewAlias = new StringArgument(null, "new-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_NEW_ALIAS_DESC.get());
    changeAliasNewAlias.addLongIdentifier("newAlias", true);
    changeAliasNewAlias.addLongIdentifier("destination-alias", true);
    changeAliasNewAlias.addLongIdentifier("destinationAlias", true);
    changeAliasNewAlias.addLongIdentifier("new-nickname", true);
    changeAliasNewAlias.addLongIdentifier("newNickname", true);
    changeAliasNewAlias.addLongIdentifier("destination-nickname", true);
    changeAliasNewAlias.addLongIdentifier("destinationNickname", true);
    changeAliasNewAlias.addLongIdentifier("to", false);
    changeAliasParser.addArgument(changeAliasNewAlias);
    final BooleanArgument changeAliasDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_DISPLAY_COMMAND_DESC.get());
    changeAliasDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    changeAliasDisplayCommand.addLongIdentifier("show-keytool-command", true);
    changeAliasDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    changeAliasParser.addArgument(changeAliasDisplayCommand);
    changeAliasParser.addRequiredArgumentSet(changeAliasKeystorePassword, changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
    changeAliasParser.addExclusiveArgumentSet(changeAliasKeystorePassword, changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
    changeAliasParser.addExclusiveArgumentSet(changeAliasPKPassword, changeAliasPKPasswordFile, changeAliasPromptForPKPassword);
    final LinkedHashMap<String[], String> changeAliasExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    changeAliasExamples.put(new String[] { "change-certificate-alias", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--current-alias", "server-cert", "--new-alias", "server-certificate", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_EXAMPLE_1.get());
    final SubCommand changeAliasSubCommand = new SubCommand("change-certificate-alias", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get(), changeAliasParser, changeAliasExamples);
    changeAliasSubCommand.addName("changeCertificateAlias", true);
    changeAliasSubCommand.addName("change-alias", true);
    changeAliasSubCommand.addName("changeAlias", true);
    changeAliasSubCommand.addName("rename-certificate", true);
    changeAliasSubCommand.addName("renameCertificate", true);
    changeAliasSubCommand.addName("rename", true);
    parser.addSubCommand(changeAliasSubCommand);
    // Define the "change-keystore-password" subcommand and all of its
    // arguments.
    final ArgumentParser changeKSPWParser = new ArgumentParser("change-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get());
    final FileArgument changeKSPWKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_KS_DESC.get(), true, true, true, false);
    changeKSPWKeystore.addLongIdentifier("keystore-path", true);
    changeKSPWKeystore.addLongIdentifier("keystorePath", true);
    changeKSPWKeystore.addLongIdentifier("keystore-file", true);
    changeKSPWKeystore.addLongIdentifier("keystoreFile", true);
    changeKSPWParser.addArgument(changeKSPWKeystore);
    final StringArgument changeKSPWCurrentPassword = new StringArgument(null, "current-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_DESC.get());
    changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassword", true);
    changeKSPWCurrentPassword.addLongIdentifier("current-keystore-passphrase", true);
    changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassphrase", true);
    changeKSPWCurrentPassword.addLongIdentifier("current-keystore-pin", true);
    changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePIN", true);
    changeKSPWCurrentPassword.addLongIdentifier("storepass", true);
    changeKSPWCurrentPassword.setSensitive(true);
    changeKSPWParser.addArgument(changeKSPWCurrentPassword);
    final FileArgument changeKSPWCurrentPasswordFile = new FileArgument(null, "current-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_FILE_DESC.get(), true, true, true, false);
    changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePasswordFile", true);
    changeKSPWCurrentPasswordFile.addLongIdentifier("current-keystore-passphrase-file", true);
    changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePassphraseFile", true);
    changeKSPWCurrentPasswordFile.addLongIdentifier("current-keystore-pin-file", true);
    changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePINFile", true);
    changeKSPWParser.addArgument(changeKSPWCurrentPasswordFile);
    final BooleanArgument changeKSPWPromptForCurrentPassword = new BooleanArgument(null, "prompt-for-current-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
    changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePassword", true);
    changeKSPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-keystore-passphrase", true);
    changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePassphrase", true);
    changeKSPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-keystore-pin", true);
    changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePIN", true);
    changeKSPWParser.addArgument(changeKSPWPromptForCurrentPassword);
    final StringArgument changeKSPWNewPassword = new StringArgument(null, "new-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_DESC.get());
    changeKSPWNewPassword.addLongIdentifier("newKeystorePassword", true);
    changeKSPWNewPassword.addLongIdentifier("new-keystore-passphrase", true);
    changeKSPWNewPassword.addLongIdentifier("newKeystorePassphrase", true);
    changeKSPWNewPassword.addLongIdentifier("new-keystore-pin", true);
    changeKSPWNewPassword.addLongIdentifier("newKeystorePIN", true);
    changeKSPWNewPassword.addLongIdentifier("new", true);
    changeKSPWNewPassword.setSensitive(true);
    changeKSPWParser.addArgument(changeKSPWNewPassword);
    final FileArgument changeKSPWNewPasswordFile = new FileArgument(null, "new-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_FILE_DESC.get(), true, true, true, false);
    changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePasswordFile", true);
    changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-passphrase-file", true);
    changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePassphraseFile", true);
    changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-pin-file", true);
    changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePINFile", true);
    changeKSPWParser.addArgument(changeKSPWNewPasswordFile);
    final BooleanArgument changeKSPWPromptForNewPassword = new BooleanArgument(null, "prompt-for-new-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
    changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePassword", true);
    changeKSPWPromptForNewPassword.addLongIdentifier("prompt-for-new-keystore-passphrase", true);
    changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePassphrase", true);
    changeKSPWPromptForNewPassword.addLongIdentifier("prompt-for-new-keystore-pin", true);
    changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePIN", true);
    changeKSPWParser.addArgument(changeKSPWPromptForNewPassword);
    final BooleanArgument changeKSPWDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_DISPLAY_COMMAND_DESC.get());
    changeKSPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    changeKSPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
    changeKSPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    changeKSPWParser.addArgument(changeKSPWDisplayCommand);
    changeKSPWParser.addRequiredArgumentSet(changeKSPWCurrentPassword, changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
    changeKSPWParser.addExclusiveArgumentSet(changeKSPWCurrentPassword, changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
    changeKSPWParser.addRequiredArgumentSet(changeKSPWNewPassword, changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
    changeKSPWParser.addExclusiveArgumentSet(changeKSPWNewPassword, changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
    final LinkedHashMap<String[], String> changeKSPWExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    changeKSPWExamples.put(new String[] { "change-keystore-password", "--keystore", getPlatformSpecificPath("config", "keystore"), "--current-keystore-password-file", getPlatformSpecificPath("config", "current.pin"), "--new-keystore-password-file", getPlatformSpecificPath("config", "new.pin"), "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore"), getPlatformSpecificPath("config", "current.pin"), getPlatformSpecificPath("config", "new.pin")));
    final SubCommand changeKSPWSubCommand = new SubCommand("change-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get(), changeKSPWParser, changeKSPWExamples);
    changeKSPWSubCommand.addName("changeKeystorePassword", true);
    changeKSPWSubCommand.addName("change-keystore-passphrase", true);
    changeKSPWSubCommand.addName("changeKeystorePassphrase", true);
    changeKSPWSubCommand.addName("change-keystore-pin", true);
    changeKSPWSubCommand.addName("changeKeystorePIN", true);
    changeKSPWSubCommand.addName("storepasswd", true);
    parser.addSubCommand(changeKSPWSubCommand);
    // Define the "change-private-key-password" subcommand and all of its
    // arguments.
    final ArgumentParser changePKPWParser = new ArgumentParser("change-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get());
    final FileArgument changePKPWKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_DESC.get(), true, true, true, false);
    changePKPWKeystore.addLongIdentifier("keystore-path", true);
    changePKPWKeystore.addLongIdentifier("keystorePath", true);
    changePKPWKeystore.addLongIdentifier("keystore-file", true);
    changePKPWKeystore.addLongIdentifier("keystoreFile", true);
    changePKPWParser.addArgument(changePKPWKeystore);
    final StringArgument changePKPWKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_DESC.get());
    changePKPWKeystorePassword.addLongIdentifier("keystorePassword", true);
    changePKPWKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    changePKPWKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    changePKPWKeystorePassword.addLongIdentifier("keystore-pin", true);
    changePKPWKeystorePassword.addLongIdentifier("keystorePIN", true);
    changePKPWKeystorePassword.addLongIdentifier("storepass", true);
    changePKPWKeystorePassword.setSensitive(true);
    changePKPWParser.addArgument(changePKPWKeystorePassword);
    final FileArgument changePKPWKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    changePKPWKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    changePKPWKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    changePKPWKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    changePKPWKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    changePKPWKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    changePKPWParser.addArgument(changePKPWKeystorePasswordFile);
    final BooleanArgument changePKPWPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_KS_PW_DESC.get());
    changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    changePKPWPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    changePKPWPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    changePKPWParser.addArgument(changePKPWPromptForKeystorePassword);
    final StringArgument changePKPWKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    changePKPWKeystoreType.addLongIdentifier("key-store-type", true);
    changePKPWKeystoreType.addLongIdentifier("keystoreType", true);
    changePKPWKeystoreType.addLongIdentifier("keystore-format", true);
    changePKPWKeystoreType.addLongIdentifier("key-store-format", true);
    changePKPWKeystoreType.addLongIdentifier("keystoreFormat", true);
    changePKPWKeystoreType.addLongIdentifier("storetype", true);
    changePKPWParser.addArgument(changePKPWKeystoreType);
    final StringArgument changePKPWAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_ALIAS_DESC.get());
    changePKPWAlias.addLongIdentifier("nickname", true);
    changePKPWParser.addArgument(changePKPWAlias);
    final StringArgument changePKPWCurrentPassword = new StringArgument(null, "current-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_DESC.get());
    changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassword", true);
    changePKPWCurrentPassword.addLongIdentifier("current-private-key-passphrase", true);
    changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassphrase", true);
    changePKPWCurrentPassword.addLongIdentifier("current-private-key-pin", true);
    changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPIN", true);
    changePKPWCurrentPassword.addLongIdentifier("keypass", true);
    changePKPWCurrentPassword.setSensitive(true);
    changePKPWParser.addArgument(changePKPWCurrentPassword);
    final FileArgument changePKPWCurrentPasswordFile = new FileArgument(null, "current-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_FILE_DESC.get(), true, true, true, false);
    changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPasswordFile", true);
    changePKPWCurrentPasswordFile.addLongIdentifier("current-private-key-passphrase-file", true);
    changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPassphraseFile", true);
    changePKPWCurrentPasswordFile.addLongIdentifier("current-private-key-pin-file", true);
    changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPINFile", true);
    changePKPWParser.addArgument(changePKPWCurrentPasswordFile);
    final BooleanArgument changePKPWPromptForCurrentPassword = new BooleanArgument(null, "prompt-for-current-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
    changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPassword", true);
    changePKPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-private-key-passphrase", true);
    changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPassphrase", true);
    changePKPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-private-key-pin", true);
    changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPIN", true);
    changePKPWParser.addArgument(changePKPWPromptForCurrentPassword);
    final StringArgument changePKPWNewPassword = new StringArgument(null, "new-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_DESC.get());
    changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassword", true);
    changePKPWNewPassword.addLongIdentifier("new-private-key-passphrase", true);
    changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassphrase", true);
    changePKPWNewPassword.addLongIdentifier("new-private-key-pin", true);
    changePKPWNewPassword.addLongIdentifier("newPrivateKeyPIN", true);
    changePKPWNewPassword.addLongIdentifier("new", true);
    changePKPWNewPassword.setSensitive(true);
    changePKPWParser.addArgument(changePKPWNewPassword);
    final FileArgument changePKPWNewPasswordFile = new FileArgument(null, "new-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_FILE_DESC.get(), true, true, true, false);
    changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPasswordFile", true);
    changePKPWNewPasswordFile.addLongIdentifier("new-private-key-passphrase-file", true);
    changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPassphraseFile", true);
    changePKPWNewPasswordFile.addLongIdentifier("new-private-key-pin-file", true);
    changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPINFile", true);
    changePKPWParser.addArgument(changePKPWNewPasswordFile);
    final BooleanArgument changePKPWPromptForNewPassword = new BooleanArgument(null, "prompt-for-new-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
    changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPassword", true);
    changePKPWPromptForNewPassword.addLongIdentifier("prompt-for-new-private-key-passphrase", true);
    changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPassphrase", true);
    changePKPWPromptForNewPassword.addLongIdentifier("prompt-for-new-private-key-pin", true);
    changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPIN", true);
    changePKPWParser.addArgument(changePKPWPromptForNewPassword);
    final BooleanArgument changePKPWDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_DISPLAY_COMMAND_DESC.get());
    changePKPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    changePKPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
    changePKPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    changePKPWParser.addArgument(changePKPWDisplayCommand);
    changePKPWParser.addRequiredArgumentSet(changePKPWKeystorePassword, changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
    changePKPWParser.addExclusiveArgumentSet(changePKPWKeystorePassword, changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
    changePKPWParser.addRequiredArgumentSet(changePKPWCurrentPassword, changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
    changePKPWParser.addExclusiveArgumentSet(changePKPWCurrentPassword, changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
    changePKPWParser.addRequiredArgumentSet(changePKPWNewPassword, changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
    changePKPWParser.addExclusiveArgumentSet(changePKPWNewPassword, changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
    final LinkedHashMap<String[], String> changePKPWExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    changePKPWExamples.put(new String[] { "change-private-key-password", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--current-private-key-password-file", getPlatformSpecificPath("config", "current.pin"), "--new-private-key-password-file", getPlatformSpecificPath("config", "new.pin"), "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore"), getPlatformSpecificPath("config", "current.pin"), getPlatformSpecificPath("config", "new.pin")));
    final SubCommand changePKPWSubCommand = new SubCommand("change-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get(), changePKPWParser, changePKPWExamples);
    changePKPWSubCommand.addName("changePrivateKeyPassword", true);
    changePKPWSubCommand.addName("change-private-key-passphrase", true);
    changePKPWSubCommand.addName("changePrivateKeyPassphrase", true);
    changePKPWSubCommand.addName("change-private-key-pin", true);
    changePKPWSubCommand.addName("changePrivateKeyPIN", true);
    changePKPWSubCommand.addName("change-key-password", true);
    changePKPWSubCommand.addName("changeKeyPassword", true);
    changePKPWSubCommand.addName("change-key-passphrase", true);
    changePKPWSubCommand.addName("changeKeyPassphrase", true);
    changePKPWSubCommand.addName("change-key-pin", true);
    changePKPWSubCommand.addName("changeKeyPIN", true);
    changePKPWSubCommand.addName("keypasswd", true);
    parser.addSubCommand(changePKPWSubCommand);
    // Define the "copy-keystore" subcommand and all of its arguments.
    final ArgumentParser copyKSParser = new ArgumentParser("copy-keystore", INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get());
    final FileArgument copyKSSourceKeystore = new FileArgument(null, "source-keystore", true, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_DESC.get(), true, true, true, false);
    copyKSSourceKeystore.addLongIdentifier("sourceKeystore", true);
    copyKSSourceKeystore.addLongIdentifier("source-keystore-path", true);
    copyKSSourceKeystore.addLongIdentifier("sourceKeystorePath", true);
    copyKSSourceKeystore.addLongIdentifier("source-keystore-file", true);
    copyKSSourceKeystore.addLongIdentifier("sourceKeystoreFile", true);
    copyKSParser.addArgument(copyKSSourceKeystore);
    final StringArgument copyKSSourceKeystorePassword = new StringArgument(null, "source-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_DESC.get());
    copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassword", true);
    copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-passphrase", true);
    copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassphrase", true);
    copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-pin", true);
    copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePIN", true);
    copyKSParser.addArgument(copyKSSourceKeystorePassword);
    final FileArgument copyKSSourceKeystorePasswordFile = new FileArgument(null, "source-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_FILE_DESC.get(), true, true, true, false);
    copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePasswordFile", true);
    copyKSSourceKeystorePasswordFile.addLongIdentifier("source-keystore-passphrase-file", true);
    copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePassphraseFile", true);
    copyKSSourceKeystorePasswordFile.addLongIdentifier("source-keystore-pin-file", true);
    copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePINFile", true);
    copyKSParser.addArgument(copyKSSourceKeystorePasswordFile);
    final BooleanArgument copyKSPromptForSourceKeystorePassword = new BooleanArgument(null, "prompt-for-source-keystore-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_KS_PW.get());
    copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePassword", true);
    copyKSPromptForSourceKeystorePassword.addLongIdentifier("prompt-for-source-keystore-passphrase", true);
    copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePassphrase", true);
    copyKSPromptForSourceKeystorePassword.addLongIdentifier("prompt-for-source-keystore-pin", true);
    copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePIN", true);
    copyKSParser.addArgument(copyKSPromptForSourceKeystorePassword);
    final StringArgument copyKSSourcePKPassword = new StringArgument(null, "source-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_DESC.get());
    copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassword", true);
    copyKSSourcePKPassword.addLongIdentifier("source-private-key-passphrase", true);
    copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassphrase", true);
    copyKSSourcePKPassword.addLongIdentifier("source-private-key-pin", true);
    copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPIN", true);
    copyKSParser.addArgument(copyKSSourcePKPassword);
    final FileArgument copyKSSourcePKPasswordFile = new FileArgument(null, "source-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_FILE_DESC.get(), true, true, true, false);
    copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPasswordFile", true);
    copyKSSourcePKPasswordFile.addLongIdentifier("source-private-key-passphrase-file", true);
    copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPassphraseFile", true);
    copyKSSourcePKPasswordFile.addLongIdentifier("source-private-key-pin-file", true);
    copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPINFile", true);
    copyKSParser.addArgument(copyKSSourcePKPasswordFile);
    final BooleanArgument copyKSPromptForSourcePKPassword = new BooleanArgument(null, "prompt-for-source-private-key-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_PK_PW.get());
    copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPassword", true);
    copyKSPromptForSourcePKPassword.addLongIdentifier("prompt-for-source-private-key-passphrase", true);
    copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPassphrase", true);
    copyKSPromptForSourcePKPassword.addLongIdentifier("prompt-for-source-private-key-pin", true);
    copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPIN", true);
    copyKSParser.addArgument(copyKSPromptForSourcePKPassword);
    final StringArgument copyKSSourceKeystoreType = new StringArgument(null, "source-keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_TYPE.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    copyKSSourceKeystoreType.addLongIdentifier("source-key-store-type", true);
    copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreType", true);
    copyKSSourceKeystoreType.addLongIdentifier("source-keystore-format", true);
    copyKSSourceKeystoreType.addLongIdentifier("source-key-store-format", true);
    copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreFormat", true);
    copyKSParser.addArgument(copyKSSourceKeystoreType);
    final FileArgument copyKSDestKeystore = new FileArgument(null, "destination-keystore", true, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_DESC.get(), false, true, true, false);
    copyKSDestKeystore.addLongIdentifier("destinationKeystore", true);
    copyKSDestKeystore.addLongIdentifier("destination-keystore-path", true);
    copyKSDestKeystore.addLongIdentifier("destinationKeystorePath", true);
    copyKSDestKeystore.addLongIdentifier("destination-keystore-file", true);
    copyKSDestKeystore.addLongIdentifier("destinationKeystoreFile", true);
    copyKSDestKeystore.addLongIdentifier("target-keystore", true);
    copyKSDestKeystore.addLongIdentifier("targetKeystore", true);
    copyKSDestKeystore.addLongIdentifier("target-keystore-path", true);
    copyKSDestKeystore.addLongIdentifier("targetKeystorePath", true);
    copyKSDestKeystore.addLongIdentifier("target-keystore-file", true);
    copyKSDestKeystore.addLongIdentifier("targetKeystoreFile", true);
    copyKSParser.addArgument(copyKSDestKeystore);
    final StringArgument copyKSDestKeystorePassword = new StringArgument(null, "destination-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_DESC.get());
    copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePassword", true);
    copyKSDestKeystorePassword.addLongIdentifier("destination-keystore-passphrase", true);
    copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePassphrase", true);
    copyKSDestKeystorePassword.addLongIdentifier("destination-keystore-pin", true);
    copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePIN", true);
    copyKSDestKeystorePassword.addLongIdentifier("target-keystore-password", true);
    copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassword", true);
    copyKSDestKeystorePassword.addLongIdentifier("target-keystore-passphrase", true);
    copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassphrase", true);
    copyKSDestKeystorePassword.addLongIdentifier("target-keystore-pin", true);
    copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePIN", true);
    copyKSParser.addArgument(copyKSDestKeystorePassword);
    final FileArgument copyKSDestKeystorePasswordFile = new FileArgument(null, "destination-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_FILE_DESC.get(), true, true, true, false);
    copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePasswordFile", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("destination-keystore-passphrase-file", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePassphraseFile", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("destination-keystore-pin-file", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePINFile", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-password-file", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePasswordFile", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-passphrase-file", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePassphraseFile", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-pin-file", true);
    copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePINFile", true);
    copyKSParser.addArgument(copyKSDestKeystorePasswordFile);
    final BooleanArgument copyKSPromptForDestKeystorePassword = new BooleanArgument(null, "prompt-for-destination-keystore-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_KS_PW.get());
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePassword", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Destination-keystore-passphrase", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePassphrase", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Destination-keystore-pin", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePIN", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-target-keystore-password", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePassword", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Target-keystore-passphrase", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePassphrase", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Target-keystore-pin", true);
    copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePIN", true);
    copyKSParser.addArgument(copyKSPromptForDestKeystorePassword);
    final StringArgument copyKSDestPKPassword = new StringArgument(null, "destination-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_DESC.get());
    copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassword", true);
    copyKSDestPKPassword.addLongIdentifier("destination-private-key-passphrase", true);
    copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassphrase", true);
    copyKSDestPKPassword.addLongIdentifier("destination-private-key-pin", true);
    copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPIN", true);
    copyKSDestPKPassword.addLongIdentifier("target-private-key-password", true);
    copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassword", true);
    copyKSDestPKPassword.addLongIdentifier("target-private-key-passphrase", true);
    copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassphrase", true);
    copyKSDestPKPassword.addLongIdentifier("target-private-key-pin", true);
    copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPIN", true);
    copyKSParser.addArgument(copyKSDestPKPassword);
    final FileArgument copyKSDestPKPasswordFile = new FileArgument(null, "destination-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_FILE_DESC.get(), true, true, true, false);
    copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPasswordFile", true);
    copyKSDestPKPasswordFile.addLongIdentifier("destination-private-key-passphrase-file", true);
    copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPassphraseFile", true);
    copyKSDestPKPasswordFile.addLongIdentifier("destination-private-key-pin-file", true);
    copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPINFile", true);
    copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-password-file", true);
    copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPasswordFile", true);
    copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-passphrase-file", true);
    copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPassphraseFile", true);
    copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-pin-file", true);
    copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPINFile", true);
    copyKSParser.addArgument(copyKSDestPKPasswordFile);
    final BooleanArgument copyKSPromptForDestPKPassword = new BooleanArgument(null, "prompt-for-destination-private-key-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_PK_PW.get());
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPassword", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Destination-private-key-passphrase", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPassphrase", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Destination-private-key-pin", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPIN", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-target-private-key-password", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPassword", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Target-private-key-passphrase", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPassphrase", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Target-private-key-pin", true);
    copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPIN", true);
    copyKSParser.addArgument(copyKSPromptForDestPKPassword);
    final StringArgument copyKSDestKeystoreType = new StringArgument(null, "destination-keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_TYPE.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    copyKSDestKeystoreType.addLongIdentifier("destination-key-store-type", true);
    copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreType", true);
    copyKSDestKeystoreType.addLongIdentifier("destination-keystore-format", true);
    copyKSDestKeystoreType.addLongIdentifier("destination-key-store-format", true);
    copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreFormat", true);
    copyKSDestKeystoreType.addLongIdentifier("target-key-store-type", true);
    copyKSDestKeystoreType.addLongIdentifier("targetKeystoreType", true);
    copyKSDestKeystoreType.addLongIdentifier("target-keystore-format", true);
    copyKSDestKeystoreType.addLongIdentifier("target-key-store-format", true);
    copyKSDestKeystoreType.addLongIdentifier("targetKeystoreFormat", true);
    copyKSParser.addArgument(copyKSDestKeystoreType);
    final StringArgument copyKSAlias = new StringArgument(null, "alias", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_ALIAS.get());
    copyKSAlias.addLongIdentifier("nickname", true);
    copyKSParser.addArgument(copyKSAlias);
    copyKSParser.addRequiredArgumentSet(copyKSSourceKeystorePassword, copyKSSourceKeystorePasswordFile, copyKSPromptForSourceKeystorePassword);
    copyKSParser.addExclusiveArgumentSet(copyKSSourceKeystorePassword, copyKSSourceKeystorePasswordFile, copyKSPromptForSourceKeystorePassword);
    copyKSParser.addExclusiveArgumentSet(copyKSSourcePKPassword, copyKSSourcePKPasswordFile, copyKSPromptForDestPKPassword);
    copyKSParser.addExclusiveArgumentSet(copyKSDestKeystorePassword, copyKSDestKeystorePasswordFile, copyKSPromptForDestKeystorePassword);
    copyKSParser.addExclusiveArgumentSet(copyKSDestPKPassword, copyKSDestPKPasswordFile, copyKSPromptForDestPKPassword);
    final LinkedHashMap<String[], String> copyKeyStoreExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    copyKeyStoreExamples.put(new String[] { "copy-keystore", "--source-keystore", getPlatformSpecificPath("config", "keystore.jks"), "--source-keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--source-keystore-type", "JKS", "--destination-keystore", getPlatformSpecificPath("config", "keystore.p12"), "--destination-keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--destination-keystore-type", "PKCS12" }, INFO_MANAGE_CERTS_SC_COPY_KS_EXAMPLE_1.get("keystore.jks", "keystore.p12"));
    final SubCommand copyKeyStoreSubCommand = new SubCommand("copy-keystore", INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get(), copyKSParser, copyKeyStoreExamples);
    copyKeyStoreSubCommand.addName("copy-key-store", true);
    copyKeyStoreSubCommand.addName("copyKeyStore", true);
    copyKeyStoreSubCommand.addName("import-keystore", true);
    copyKeyStoreSubCommand.addName("import-key-store", true);
    copyKeyStoreSubCommand.addName("importKeyStore", true);
    copyKeyStoreSubCommand.addName("convert-keystore", true);
    copyKeyStoreSubCommand.addName("convert-key-store", true);
    copyKeyStoreSubCommand.addName("convertKeyStore", true);
    parser.addSubCommand(copyKeyStoreSubCommand);
    // Define the "retrieve-server-certificate" subcommand and all of its
    // arguments.
    final ArgumentParser retrieveCertParser = new ArgumentParser("retrieve-server-certificate", INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get());
    final StringArgument retrieveCertHostname = new StringArgument('h', "hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_HOSTNAME_DESC.get());
    retrieveCertHostname.addLongIdentifier("server-address", true);
    retrieveCertHostname.addLongIdentifier("serverAddress", true);
    retrieveCertHostname.addLongIdentifier("address", true);
    retrieveCertParser.addArgument(retrieveCertHostname);
    final IntegerArgument retrieveCertPort = new IntegerArgument('p', "port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_PORT_DESC.get(), 1, 65_535);
    retrieveCertPort.addLongIdentifier("server-port", true);
    retrieveCertPort.addLongIdentifier("serverPort", true);
    retrieveCertParser.addArgument(retrieveCertPort);
    final BooleanArgument retrieveCertUseStartTLS = new BooleanArgument('q', "use-ldap-start-tls", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_USE_START_TLS_DESC.get());
    retrieveCertUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
    retrieveCertUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
    retrieveCertUseStartTLS.addLongIdentifier("use-start-tls", true);
    retrieveCertUseStartTLS.addLongIdentifier("use-starttls", true);
    retrieveCertUseStartTLS.addLongIdentifier("useStartTLS", true);
    retrieveCertParser.addArgument(retrieveCertUseStartTLS);
    final FileArgument retrieveCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FILE_DESC.get(), false, true, true, false);
    retrieveCertOutputFile.addLongIdentifier("outputFile", true);
    retrieveCertOutputFile.addLongIdentifier("export-file", true);
    retrieveCertOutputFile.addLongIdentifier("exportFile", true);
    retrieveCertOutputFile.addLongIdentifier("certificate-file", true);
    retrieveCertOutputFile.addLongIdentifier("certificateFile", true);
    retrieveCertOutputFile.addLongIdentifier("file", true);
    retrieveCertOutputFile.addLongIdentifier("filename", true);
    retrieveCertParser.addArgument(retrieveCertOutputFile);
    final Set<String> retrieveCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
    final StringArgument retrieveCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FORMAT_DESC.get(), retrieveCertOutputFormatAllowedValues, "PEM");
    retrieveCertOutputFormat.addLongIdentifier("outputFormat", true);
    retrieveCertParser.addArgument(retrieveCertOutputFormat);
    final BooleanArgument retrieveCertOnlyPeer = new BooleanArgument(null, "only-peer-certificate", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ONLY_PEER_DESC.get());
    retrieveCertOnlyPeer.addLongIdentifier("onlyPeerCertificate", true);
    retrieveCertOnlyPeer.addLongIdentifier("only-peer", true);
    retrieveCertOnlyPeer.addLongIdentifier("onlyPeer", true);
    retrieveCertOnlyPeer.addLongIdentifier("peer-certificate-only", true);
    retrieveCertOnlyPeer.addLongIdentifier("peerCertificateOnly", true);
    retrieveCertOnlyPeer.addLongIdentifier("peer-only", true);
    retrieveCertOnlyPeer.addLongIdentifier("peerOnly", true);
    retrieveCertParser.addArgument(retrieveCertOnlyPeer);
    final BooleanArgument retrieveCertEnableSSLDebugging = new BooleanArgument(null, "enableSSLDebugging", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ENABLE_SSL_DEBUGGING_DESC.get());
    retrieveCertEnableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
    retrieveCertEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging", true);
    retrieveCertEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging", true);
    retrieveCertEnableSSLDebugging.addLongIdentifier("enable-tls-debugging", true);
    retrieveCertEnableSSLDebugging.addLongIdentifier("enable-starttls-debugging", true);
    retrieveCertEnableSSLDebugging.addLongIdentifier("enable-start-tls-debugging", true);
    retrieveCertParser.addArgument(retrieveCertEnableSSLDebugging);
    addEnableSSLDebuggingArgument(retrieveCertEnableSSLDebugging);
    final BooleanArgument retrieveCertVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_VERBOSE_DESC.get());
    retrieveCertParser.addArgument(retrieveCertVerbose);
    retrieveCertParser.addDependentArgumentSet(retrieveCertOutputFormat, retrieveCertOutputFile);
    final LinkedHashMap<String[], String> retrieveCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    retrieveCertExamples.put(new String[] { "retrieve-server-certificate", "--hostname", "ds.example.com", "--port", "636" }, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_1.get(getPlatformSpecificPath("config", "truststore")));
    retrieveCertExamples.put(new String[] { "retrieve-server-certificate", "--hostname", "ds.example.com", "--port", "389", "--use-ldap-start-tls", "--only-peer-certificate", "--output-file", "ds-cert.pem", "--output-format", "PEM", "--verbose" }, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_2.get(getPlatformSpecificPath("config", "truststore")));
    final SubCommand retrieveCertSubCommand = new SubCommand("retrieve-server-certificate", INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get(), retrieveCertParser, retrieveCertExamples);
    retrieveCertSubCommand.addName("retrieveServerCertificate", true);
    retrieveCertSubCommand.addName("retrieve-certificate", true);
    retrieveCertSubCommand.addName("retrieveCertificate", true);
    retrieveCertSubCommand.addName("get-server-certificate", true);
    retrieveCertSubCommand.addName("getServerCertificate", true);
    retrieveCertSubCommand.addName("get-certificate", true);
    retrieveCertSubCommand.addName("getCertificate", true);
    retrieveCertSubCommand.addName("display-server-certificate", true);
    retrieveCertSubCommand.addName("displayServerCertificate", true);
    parser.addSubCommand(retrieveCertSubCommand);
    // Define the "trust-server-certificate" subcommand and all of its
    // arguments.
    final ArgumentParser trustServerParser = new ArgumentParser("trust-server-certificate", INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get());
    final StringArgument trustServerHostname = new StringArgument('h', "hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_HOSTNAME_DESC.get());
    trustServerHostname.addLongIdentifier("server-address", true);
    trustServerHostname.addLongIdentifier("serverAddress", true);
    trustServerHostname.addLongIdentifier("address", true);
    trustServerParser.addArgument(trustServerHostname);
    final IntegerArgument trustServerPort = new IntegerArgument('p', "port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PORT_DESC.get(), 1, 65_535);
    trustServerPort.addLongIdentifier("server-port", true);
    trustServerPort.addLongIdentifier("serverPort", true);
    trustServerParser.addArgument(trustServerPort);
    final BooleanArgument trustServerUseStartTLS = new BooleanArgument('q', "use-ldap-start-tls", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_USE_START_TLS_DESC.get());
    trustServerUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
    trustServerUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
    trustServerUseStartTLS.addLongIdentifier("use-start-tls", true);
    trustServerUseStartTLS.addLongIdentifier("use-starttls", true);
    trustServerUseStartTLS.addLongIdentifier("useStartTLS", true);
    trustServerParser.addArgument(trustServerUseStartTLS);
    final FileArgument trustServerKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_DESC.get(), false, true, true, false);
    trustServerKeystore.addLongIdentifier("keystore-path", true);
    trustServerKeystore.addLongIdentifier("keystorePath", true);
    trustServerKeystore.addLongIdentifier("keystore-file", true);
    trustServerKeystore.addLongIdentifier("keystoreFile", true);
    trustServerParser.addArgument(trustServerKeystore);
    final StringArgument trustServerKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_DESC.get());
    trustServerKeystorePassword.addLongIdentifier("keystorePassword", true);
    trustServerKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    trustServerKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    trustServerKeystorePassword.addLongIdentifier("keystore-pin", true);
    trustServerKeystorePassword.addLongIdentifier("keystorePIN", true);
    trustServerKeystorePassword.addLongIdentifier("storepass", true);
    trustServerKeystorePassword.setSensitive(true);
    trustServerParser.addArgument(trustServerKeystorePassword);
    final FileArgument trustServerKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    trustServerKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    trustServerKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    trustServerKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    trustServerKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    trustServerKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    trustServerParser.addArgument(trustServerKeystorePasswordFile);
    final BooleanArgument trustServerPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PROMPT_FOR_KS_PW_DESC.get());
    trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    trustServerPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    trustServerPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    trustServerParser.addArgument(trustServerPromptForKeystorePassword);
    final StringArgument trustServerKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    trustServerKeystoreType.addLongIdentifier("key-store-type", true);
    trustServerKeystoreType.addLongIdentifier("keystoreType", true);
    trustServerKeystoreType.addLongIdentifier("keystore-format", true);
    trustServerKeystoreType.addLongIdentifier("key-store-format", true);
    trustServerKeystoreType.addLongIdentifier("keystoreFormat", true);
    trustServerKeystoreType.addLongIdentifier("storetype", true);
    trustServerParser.addArgument(trustServerKeystoreType);
    final StringArgument trustServerAlias = new StringArgument(null, "alias", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ALIAS_DESC.get());
    trustServerAlias.addLongIdentifier("nickname", true);
    trustServerParser.addArgument(trustServerAlias);
    final BooleanArgument trustServerIssuersOnly = new BooleanArgument(null, "issuers-only", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ISSUERS_ONLY_DESC.get());
    trustServerIssuersOnly.addLongIdentifier("issuersOnly", true);
    trustServerIssuersOnly.addLongIdentifier("issuer-certificates-only", true);
    trustServerIssuersOnly.addLongIdentifier("issuerCertificatesOnly", true);
    trustServerIssuersOnly.addLongIdentifier("only-issuers", true);
    trustServerIssuersOnly.addLongIdentifier("onlyIssuers", true);
    trustServerIssuersOnly.addLongIdentifier("only-issuer-certificates", true);
    trustServerIssuersOnly.addLongIdentifier("onlyIssuerCertificates", true);
    trustServerParser.addArgument(trustServerIssuersOnly);
    final BooleanArgument trustServerEnableSSLDebugging = new BooleanArgument(null, "enableSSLDebugging", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ENABLE_SSL_DEBUGGING_DESC.get());
    trustServerEnableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
    trustServerEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging", true);
    trustServerEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging", true);
    trustServerEnableSSLDebugging.addLongIdentifier("enable-tls-debugging", true);
    trustServerEnableSSLDebugging.addLongIdentifier("enable-starttls-debugging", true);
    trustServerEnableSSLDebugging.addLongIdentifier("enable-start-tls-debugging", true);
    trustServerParser.addArgument(trustServerEnableSSLDebugging);
    addEnableSSLDebuggingArgument(trustServerEnableSSLDebugging);
    final BooleanArgument trustServerVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_VERBOSE_DESC.get());
    trustServerParser.addArgument(trustServerVerbose);
    final BooleanArgument trustServerNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_NO_PROMPT_DESC.get());
    trustServerNoPrompt.addLongIdentifier("noPrompt", true);
    trustServerParser.addArgument(trustServerNoPrompt);
    trustServerParser.addRequiredArgumentSet(trustServerKeystorePassword, trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
    trustServerParser.addExclusiveArgumentSet(trustServerKeystorePassword, trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
    final LinkedHashMap<String[], String> trustServerExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    trustServerExamples.put(new String[] { "trust-server-certificate", "--hostname", "ds.example.com", "--port", "636", "--keystore", getPlatformSpecificPath("config", "truststore"), "--keystore-password-file", getPlatformSpecificPath("config", "truststore.pin"), "--verbose" }, INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_1.get(getPlatformSpecificPath("config", "truststore")));
    trustServerExamples.put(new String[] { "trust-server-certificate", "--hostname", "ds.example.com", "--port", "389", "--use-ldap-start-tls", "--keystore", getPlatformSpecificPath("config", "truststore"), "--keystore-password-file", getPlatformSpecificPath("config", "truststore.pin"), "--issuers-only", "--alias", "ds-start-tls-cert", "--no-prompt" }, INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_2.get(getPlatformSpecificPath("config", "truststore")));
    final SubCommand trustServerSubCommand = new SubCommand("trust-server-certificate", INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get(), trustServerParser, trustServerExamples);
    trustServerSubCommand.addName("trustServerCertificate", true);
    trustServerSubCommand.addName("trust-server", true);
    trustServerSubCommand.addName("trustServer", true);
    parser.addSubCommand(trustServerSubCommand);
    // Define the "check-certificate-usability" subcommand and all of its
    // arguments.
    final ArgumentParser checkUsabilityParser = new ArgumentParser("check-certificate-usability", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get());
    final FileArgument checkUsabilityKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_DESC.get(), true, true, true, false);
    checkUsabilityKeystore.addLongIdentifier("keystore-path", true);
    checkUsabilityKeystore.addLongIdentifier("keystorePath", true);
    checkUsabilityKeystore.addLongIdentifier("keystore-file", true);
    checkUsabilityKeystore.addLongIdentifier("keystoreFile", true);
    checkUsabilityParser.addArgument(checkUsabilityKeystore);
    final StringArgument checkUsabilityKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_DESC.get());
    checkUsabilityKeystorePassword.addLongIdentifier("keystorePassword", true);
    checkUsabilityKeystorePassword.addLongIdentifier("keystore-passphrase", true);
    checkUsabilityKeystorePassword.addLongIdentifier("keystorePassphrase", true);
    checkUsabilityKeystorePassword.addLongIdentifier("keystore-pin", true);
    checkUsabilityKeystorePassword.addLongIdentifier("keystorePIN", true);
    checkUsabilityKeystorePassword.addLongIdentifier("storepass", true);
    checkUsabilityKeystorePassword.setSensitive(true);
    checkUsabilityParser.addArgument(checkUsabilityKeystorePassword);
    final FileArgument checkUsabilityKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
    checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
    checkUsabilityKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
    checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
    checkUsabilityKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
    checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
    checkUsabilityParser.addArgument(checkUsabilityKeystorePasswordFile);
    final BooleanArgument checkUsabilityPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_PROMPT_FOR_KS_PW_DESC.get());
    checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
    checkUsabilityPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
    checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
    checkUsabilityPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
    checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
    checkUsabilityParser.addArgument(checkUsabilityPromptForKeystorePassword);
    final StringArgument checkUsabilityKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
    checkUsabilityKeystoreType.addLongIdentifier("key-store-type", true);
    checkUsabilityKeystoreType.addLongIdentifier("keystoreType", true);
    checkUsabilityKeystoreType.addLongIdentifier("keystore-format", true);
    checkUsabilityKeystoreType.addLongIdentifier("key-store-format", true);
    checkUsabilityKeystoreType.addLongIdentifier("keystoreFormat", true);
    checkUsabilityKeystoreType.addLongIdentifier("storetype", true);
    checkUsabilityParser.addArgument(checkUsabilityKeystoreType);
    final StringArgument checkUsabilityAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_ALIAS_DESC.get());
    checkUsabilityAlias.addLongIdentifier("nickname", true);
    checkUsabilityParser.addArgument(checkUsabilityAlias);
    final BooleanArgument checkUsabilityIgnoreSHA1Signature = new BooleanArgument(null, "allow-sha-1-signature-for-issuer-certificates", 1, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_IGNORE_SHA1_WARNING_DESC.get());
    checkUsabilityIgnoreSHA1Signature.addLongIdentifier("allow-sha1-signature-for-issuer-certificates", true);
    checkUsabilityIgnoreSHA1Signature.addLongIdentifier("allowSHA1SignatureForIssuerCertificates", true);
    checkUsabilityParser.addArgument(checkUsabilityIgnoreSHA1Signature);
    checkUsabilityParser.addRequiredArgumentSet(checkUsabilityKeystorePassword, checkUsabilityKeystorePasswordFile, checkUsabilityPromptForKeystorePassword);
    checkUsabilityParser.addExclusiveArgumentSet(checkUsabilityKeystorePassword, checkUsabilityKeystorePasswordFile, checkUsabilityPromptForKeystorePassword);
    final LinkedHashMap<String[], String> checkUsabilityExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    checkUsabilityExamples.put(new String[] { "check-certificate-usability", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
    final SubCommand checkUsabilitySubCommand = new SubCommand("check-certificate-usability", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get(), checkUsabilityParser, checkUsabilityExamples);
    checkUsabilitySubCommand.addName("checkCertificateUsability", true);
    checkUsabilitySubCommand.addName("check-usability", true);
    checkUsabilitySubCommand.addName("checkUsability", true);
    parser.addSubCommand(checkUsabilitySubCommand);
    // Define the "display-certificate-file" subcommand and all of its
    // arguments.
    final ArgumentParser displayCertParser = new ArgumentParser("display-certificate-file", INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get());
    final FileArgument displayCertFile = new FileArgument(null, "certificate-file", true, 1, null, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_FILE_DESC.get(), true, true, true, false);
    displayCertFile.addLongIdentifier("certificateFile", true);
    displayCertFile.addLongIdentifier("input-file", true);
    displayCertFile.addLongIdentifier("inputFile", true);
    displayCertFile.addLongIdentifier("file", true);
    displayCertFile.addLongIdentifier("filename", true);
    displayCertParser.addArgument(displayCertFile);
    final BooleanArgument displayCertVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_VERBOSE_DESC.get());
    displayCertParser.addArgument(displayCertVerbose);
    final BooleanArgument displayCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_DISPLAY_COMMAND_DESC.get());
    displayCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    displayCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
    displayCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    displayCertParser.addArgument(displayCertDisplayCommand);
    final LinkedHashMap<String[], String> displayCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
    displayCertExamples.put(new String[] { "display-certificate-file", "--certificate-file", "certificate.pem" }, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_1.get("certificate.pem"));
    displayCertExamples.put(new String[] { "display-certificate-file", "--certificate-file", "certificate.pem", "--verbose", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_2.get("certificate.pem"));
    final SubCommand displayCertSubCommand = new SubCommand("display-certificate-file", INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get(), displayCertParser, displayCertExamples);
    displayCertSubCommand.addName("displayCertificateFile", true);
    displayCertSubCommand.addName("display-certificate", true);
    displayCertSubCommand.addName("displayCertificate", true);
    displayCertSubCommand.addName("display-certificates", true);
    displayCertSubCommand.addName("displayCertificates", true);
    displayCertSubCommand.addName("show-certificate", true);
    displayCertSubCommand.addName("showCertificate", true);
    displayCertSubCommand.addName("show-certificate-file", true);
    displayCertSubCommand.addName("showCertificateFile", true);
    displayCertSubCommand.addName("show-certificates", true);
    displayCertSubCommand.addName("showCertificates", true);
    displayCertSubCommand.addName("print-certificate-file", true);
    displayCertSubCommand.addName("printCertificateFile", true);
    displayCertSubCommand.addName("print-certificate", true);
    displayCertSubCommand.addName("printCertificate", true);
    displayCertSubCommand.addName("print-certificates", true);
    displayCertSubCommand.addName("printCertificates", true);
    displayCertSubCommand.addName("printcert", true);
    parser.addSubCommand(displayCertSubCommand);
    // Define the "display-certificate-signing-request-file" subcommand and all
    // of its arguments.
    final ArgumentParser displayCSRParser = new ArgumentParser("display-certificate-signing-request-file", INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get());
    final FileArgument displayCSRFile = new FileArgument(null, "certificate-signing-request-file", true, 1, null, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_FILE_DESC.get(), true, true, true, false);
    displayCSRFile.addLongIdentifier("certificateSigningRequestFile", true);
    displayCSRFile.addLongIdentifier("request-file", true);
    displayCSRFile.addLongIdentifier("requestFile", true);
    displayCSRFile.addLongIdentifier("input-file", true);
    displayCSRFile.addLongIdentifier("inputFile", true);
    displayCSRFile.addLongIdentifier("file", true);
    displayCSRFile.addLongIdentifier("filename", true);
    displayCSRParser.addArgument(displayCSRFile);
    final BooleanArgument displayCSRVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_VERBOSE_DESC.get());
    displayCSRParser.addArgument(displayCSRVerbose);
    final BooleanArgument displayCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_DISPLAY_COMMAND_DESC.get());
    displayCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
    displayCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
    displayCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
    displayCSRParser.addArgument(displayCSRDisplayCommand);
    final LinkedHashMap<String[], String> displayCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
    displayCSRExamples.put(new String[] { "display-certificate-signing-request-file", "--certificate-signing-request-file", "server-cert.csr", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_EXAMPLE_1.get("server-cert.csr"));
    final SubCommand displayCSRSubCommand = new SubCommand("display-certificate-signing-request-file", INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get(), displayCSRParser, displayCSRExamples);
    displayCSRSubCommand.addName("displayCertificateSigningRequestFile", true);
    displayCSRSubCommand.addName("display-certificate-signing-request", true);
    displayCSRSubCommand.addName("displayCertificateSigningRequest", true);
    displayCSRSubCommand.addName("display-certificate-request-file", true);
    displayCSRSubCommand.addName("displayCertificateRequestFile", true);
    displayCSRSubCommand.addName("display-certificate-request", true);
    displayCSRSubCommand.addName("displayCertificateRequest", true);
    displayCSRSubCommand.addName("display-csr-file", true);
    displayCSRSubCommand.addName("displayCSRFile", true);
    displayCSRSubCommand.addName("display-csr", true);
    displayCSRSubCommand.addName("displayCSR", true);
    displayCSRSubCommand.addName("show-certificate-signing-request-file", true);
    displayCSRSubCommand.addName("showCertificateSigningRequestFile", true);
    displayCSRSubCommand.addName("show-certificate-signing-request", true);
    displayCSRSubCommand.addName("showCertificateSigningRequest", true);
    displayCSRSubCommand.addName("show-certificate-request-file", true);
    displayCSRSubCommand.addName("showCertificateRequestFile", true);
    displayCSRSubCommand.addName("show-certificate-request", true);
    displayCSRSubCommand.addName("showCertificateRequest", true);
    displayCSRSubCommand.addName("show-csr-file", true);
    displayCSRSubCommand.addName("showCSRFile", true);
    displayCSRSubCommand.addName("show-csr", true);
    displayCSRSubCommand.addName("showCSR", true);
    displayCSRSubCommand.addName("print-certificate-signing-request-file", true);
    displayCSRSubCommand.addName("printCertificateSigningRequestFile", true);
    displayCSRSubCommand.addName("print-certificate-signing-request", true);
    displayCSRSubCommand.addName("printCertificateSigningRequest", true);
    displayCSRSubCommand.addName("print-certificate-request-file", true);
    displayCSRSubCommand.addName("printCertificateRequestFile", true);
    displayCSRSubCommand.addName("print-certificate-request", true);
    displayCSRSubCommand.addName("printCertificateRequest", true);
    displayCSRSubCommand.addName("print-csr-file", true);
    displayCSRSubCommand.addName("printCSRFile", true);
    displayCSRSubCommand.addName("print-csr", true);
    displayCSRSubCommand.addName("printCSR", true);
    displayCSRSubCommand.addName("printcertreq", true);
    parser.addSubCommand(displayCSRSubCommand);
}
Also used : SubCommand(com.unboundid.util.args.SubCommand) IA5StringArgumentValueValidator(com.unboundid.util.args.IA5StringArgumentValueValidator) IPAddressArgumentValueValidator(com.unboundid.util.args.IPAddressArgumentValueValidator) BooleanArgument(com.unboundid.util.args.BooleanArgument) ASN1BitString(com.unboundid.asn1.ASN1BitString) FileArgument(com.unboundid.util.args.FileArgument) ArgumentParser(com.unboundid.util.args.ArgumentParser) StringArgument(com.unboundid.util.args.StringArgument) LinkedHashMap(java.util.LinkedHashMap) DNArgument(com.unboundid.util.args.DNArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) OIDArgumentValueValidator(com.unboundid.util.args.OIDArgumentValueValidator) TimestampArgument(com.unboundid.util.args.TimestampArgument) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)

Example 3 with TimestampArgument

use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.

the class ManageAccountTestCase method testAllSuccessResult.

/**
 * Tests the behavior when running the tool and expecting a success result.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAllSuccessResult() throws Exception {
    // Get an instance of the manage-account tool that we will run to generate a
    // sample variable rate data file.  Not only can we use this file to get
    // test coverage later, but we can also use the tool instance to get the
    // argument parser available so that we can introspect it to get information
    // about what arguments we can use.
    final String variableRateDataFile = createTempFile().getAbsolutePath();
    final ManageAccount tool = new ManageAccount(null, null);
    assertEquals(tool.runTool("--generateSampleRateFile", variableRateDataFile), ResultCode.SUCCESS);
    final ArgumentParser parser = tool.getArgumentParser();
    assertNotNull(parser);
    // Create some other files that will be used for testing.
    final String rejectFile = createTempFile().getAbsolutePath();
    final String dnFile = createTempFile("# Comment at the top", "uid=user.1,ou=People,dc=example,dc=com", "# Comment in the middle. Also, blank line follows.", "", "uid=user.2,ou=People,dc=example,dc=com", "dn:uid=user.3,ou=People,dc=example,dc=com", "dn: uid=user.4,ou=People,dc=example,dc=com", "dn::" + Base64.encode("uid=user.5,ou=People,dc=example,dc=com"), "dn:: " + Base64.encode("uid=user.6,ou=People,dc=example,dc=com"), "", "# Comment at the end").getAbsolutePath();
    // Create an in-memory directory server instance with fake support for the
    // password policy state extended operation.
    final InMemoryDirectoryServerConfig cfg = new InMemoryDirectoryServerConfig("dc=example,dc=com");
    final String[] referralURLs = { "ldap://ds1.example.com:389/dc=example,dc=com", "ldap://ds2.example.com:389/dc=example,dc=com" };
    final PasswordPolicyStateOperation[] resultOperations = { new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_DISABLED_STATE, new ASN1OctetString[] { new ASN1OctetString("false") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_FAILURE_LOCKOUT_TIME, null), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_IN_MINIMUM_PASSWORD_AGE, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_IN_MINIMUM_PASSWORD_AGE, "notice message").toString()), new ASN1OctetString("Notice 2") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_ACCOUNT_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_ACCOUNT_EXPIRING, "warning message").toString()), new ASN1OctetString("Warning 2") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_EXPIRED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_EXPIRED, "error message").toString()), new ASN1OctetString("Error 2") }) };
    cfg.addExtendedOperationHandler(new CannedResponsePWPStateInMemoryExtendedOperationHandler(new PasswordPolicyStateExtendedResult(-1, ResultCode.SUCCESS, "Success", "ou=Matched DN,dc=example,dc=com", referralURLs, "uid=test.user,ou=People,dc=example,dc=com", resultOperations, null)));
    final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(cfg);
    ds.startListening();
    try {
        final ArrayList<String> argList = new ArrayList<String>(20);
        final ByteArrayOutputStream out = new ByteArrayOutputStream();
        for (final ManageAccountSubCommandType t : ManageAccountSubCommandType.values()) {
            for (final String name : t.getAllNames()) {
                argList.clear();
                argList.add(name);
                argList.add("--hostname");
                argList.add("127.0.0.1");
                argList.add("--port");
                argList.add(String.valueOf(ds.getListenPort()));
                argList.add("--targetDN");
                argList.add("uid=test.user,ou=People,dc=example,dc=com");
                final SubCommand sc = parser.getSubCommand(name);
                assertNotNull(sc);
                final ArgumentParser subCommandParser = sc.getArgumentParser();
                final Argument a = subCommandParser.getNamedArgument('O');
                if (a == null) {
                    String[] args = argList.toArray(StaticUtils.NO_STRINGS);
                    assertEquals(ManageAccount.main(out, out, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    out.reset();
                    args = argList.toArray(StaticUtils.NO_STRINGS);
                    assertEquals(ManageAccount.main(out, out, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    continue;
                }
                if (!a.isRequired()) {
                    out.reset();
                    String[] args = argList.toArray(StaticUtils.NO_STRINGS);
                    assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    argList.add("--suppressEmptyResultOperations");
                    args = argList.toArray(StaticUtils.NO_STRINGS);
                    out.reset();
                    assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    argList.remove(argList.size() - 1);
                }
                final String value1;
                final String value2;
                if (a instanceof BooleanValueArgument) {
                    value1 = "true";
                    value2 = "false";
                } else if (a instanceof StringArgument) {
                    if (sc.hasName("set-last-login-ip-address")) {
                        value1 = "1.2.3.4";
                        value2 = "5.6.7.8";
                    } else {
                        value1 = "value 1";
                        value2 = "value 2";
                    }
                } else if (a instanceof TimestampArgument) {
                    final long now = System.currentTimeMillis();
                    value1 = StaticUtils.encodeGeneralizedTime(now - 1L);
                    value2 = StaticUtils.encodeGeneralizedTime(now);
                } else {
                    throw new AssertionError("Unexpected argument type for argument " + a.getIdentifierString() + " in subcommand " + name + ":  " + a.getClass().getName());
                }
                argList.add("--ratePerSecond");
                argList.add("100");
                argList.add("--variableRateData");
                argList.add(variableRateDataFile);
                argList.add("--rejectFile");
                argList.add(rejectFile);
                argList.add("--targetDNFile");
                argList.add(dnFile);
                argList.add("--numThreads");
                argList.add("10");
                argList.add("--numSearchThreads");
                argList.add("10");
                argList.add(a.getIdentifierString());
                argList.add(value1);
                out.reset();
                String[] args = argList.toArray(StaticUtils.NO_STRINGS);
                assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                out.reset();
                argList.add("--suppressEmptyResultOperations");
                args = argList.toArray(StaticUtils.NO_STRINGS);
                assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                argList.remove(argList.size() - 1);
                if (a.getMaxOccurrences() > 1) {
                    argList.add(a.getIdentifierString());
                    argList.add(value2);
                    out.reset();
                    args = argList.toArray(StaticUtils.NO_STRINGS);
                    assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    out.reset();
                    argList.add("--suppressEmptyResultOperations");
                    args = argList.toArray(StaticUtils.NO_STRINGS);
                    assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ":  " + StaticUtils.toUTF8String(out.toByteArray()));
                    argList.remove(argList.size() - 1);
                }
            }
        }
    } finally {
        ds.shutDown(true);
    }
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) PasswordPolicyStateAccountUsabilityError(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityError) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) Argument(com.unboundid.util.args.Argument) StringArgument(com.unboundid.util.args.StringArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) ArrayList(java.util.ArrayList) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) PasswordPolicyStateExtendedResult(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateExtendedResult) ArgumentParser(com.unboundid.util.args.ArgumentParser) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) SubCommand(com.unboundid.util.args.SubCommand) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) PasswordPolicyStateOperation(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateOperation) ByteArrayOutputStream(java.io.ByteArrayOutputStream) StringArgument(com.unboundid.util.args.StringArgument) PasswordPolicyStateAccountUsabilityNotice(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityNotice) PasswordPolicyStateAccountUsabilityWarning(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityWarning) Test(org.testng.annotations.Test)

Example 4 with TimestampArgument

use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.

the class TestLDAPCommandLineTool method addNonLDAPArguments.

/**
 * {@inheritDoc}
 */
@Override()
public void addNonLDAPArguments(final ArgumentParser parser) throws ArgumentException {
    final ArgumentParser argListParser1 = new ArgumentParser("argumentList1", "Argument List 1 Description");
    argListParser1.addArgument(new StringArgument(null, "foo", false, -1, "{foo}", "Foo Description"));
    final ArgumentParser argListParser2 = new ArgumentParser("argumentList2", "Argument List 2 Description");
    argListParser2.addArgument(new StringArgument(null, "bar", false, -1, "{bar}", "Bar Description"));
    singleValuedArgumentListArgument = new ArgumentListArgument(null, "singleValuedArgumentList", false, 1, "{argList}", "Argument List", argListParser1);
    parser.addArgument(singleValuedArgumentListArgument);
    multiValuedArgumentListArgument = new ArgumentListArgument(null, "multiValuedArgumentList", false, -1, "{argList}", "Argument List", argListParser2);
    parser.addArgument(multiValuedArgumentListArgument);
    booleanArgument = new BooleanArgument(null, "boolean", "Boolean Description");
    parser.addArgument(booleanArgument);
    booleanValueArgument = new BooleanValueArgument(null, "booleanValue", false, "{true|false}", "Boolean Value Description");
    parser.addArgument(booleanValueArgument);
    singleValuedControlArgument = new ControlArgument(null, "singleValuedControl", false, 1, null, "Control Description");
    parser.addArgument(singleValuedControlArgument);
    multiValuedControlArgument = new ControlArgument(null, "multiValuedControl", false, -1, null, "Control Description");
    parser.addArgument(multiValuedControlArgument);
    singleValuedDNArgument = new DNArgument(null, "singleValuedDN", false, 1, "{dn}", "DN Description");
    parser.addArgument(singleValuedDNArgument);
    multiValuedDNArgument = new DNArgument(null, "multiValuedDN", false, -1, "{dn}", "DN Description");
    parser.addArgument(multiValuedDNArgument);
    durationArgument = new DurationArgument(null, "duration", false, "{duration}", "Duration Description");
    parser.addArgument(durationArgument);
    singleValuedFileArgument = new FileArgument(null, "singleValuedFile", false, 1, "{path}", "File Description", false, true, true, false);
    parser.addArgument(singleValuedFileArgument);
    multiValuedFileArgument = new FileArgument(null, "multiValuedFile", false, -1, "{path}", "File Description", false, false, false, false);
    parser.addArgument(multiValuedFileArgument);
    singleValuedFilterArgument = new FilterArgument(null, "singleValuedFilter", false, 1, "{filter}", "Filter Description");
    parser.addArgument(singleValuedFilterArgument);
    multiValuedFilterArgument = new FilterArgument(null, "multiValuedFilter", false, -1, "{filter}", "Filter Description");
    parser.addArgument(multiValuedFilterArgument);
    singleValuedTimestampArgument = new TimestampArgument(null, "singleValuedGeneralizedTime", false, 1, "{timestamp}", "Generalized Time Description");
    parser.addArgument(singleValuedTimestampArgument);
    multiValuedTimestampArgument = new TimestampArgument(null, "multiValuedGeneralizedTime", false, -1, "{timestamp}", "Generalized Time Description");
    parser.addArgument(multiValuedTimestampArgument);
    singleValuedIntegerArgument = new IntegerArgument(null, "singleValuedInteger", false, 1, "{int}", "Integer Description");
    parser.addArgument(singleValuedIntegerArgument);
    multiValuedIntegerArgument = new IntegerArgument(null, "multiValuedInteger", false, -1, "{int}", "Integer Description");
    parser.addArgument(multiValuedIntegerArgument);
    scopeArgument = new ScopeArgument(null, "scope", false, "{scope}", "Scope Description");
    parser.addArgument(scopeArgument);
    singleValuedStringArgument = new StringArgument(null, "singleValuedString", false, 1, "{string}", "String Description");
    parser.addArgument(singleValuedStringArgument);
    multiValuedOpenOptionsStringArgument = new StringArgument(null, "multiValuedOpenOptionsString", false, -1, "{string}", "String Description");
    parser.addArgument(multiValuedOpenOptionsStringArgument);
    final LinkedHashSet<String> allowedValues = new LinkedHashSet<String>(5);
    allowedValues.add("first");
    allowedValues.add("second");
    allowedValues.add("third");
    allowedValues.add("fourth");
    allowedValues.add("fifth");
    multiValuedFixedOptionsStringArgument = new StringArgument(null, "multiValuedFixedOptionsString", false, -1, "{string}", "String Description", allowedValues);
    parser.addArgument(multiValuedFixedOptionsStringArgument);
    resultCodeArgument = new IntegerArgument(null, "resultCode", true, 1, "{intValue}", "The result code");
    parser.addArgument(resultCodeArgument);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) ScopeArgument(com.unboundid.util.args.ScopeArgument) DurationArgument(com.unboundid.util.args.DurationArgument) BooleanArgument(com.unboundid.util.args.BooleanArgument) FileArgument(com.unboundid.util.args.FileArgument) ArgumentParser(com.unboundid.util.args.ArgumentParser) StringArgument(com.unboundid.util.args.StringArgument) ControlArgument(com.unboundid.util.args.ControlArgument) DNArgument(com.unboundid.util.args.DNArgument) FilterArgument(com.unboundid.util.args.FilterArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) ArgumentListArgument(com.unboundid.util.args.ArgumentListArgument)

Example 5 with TimestampArgument

use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.

the class ManageAccount method addNonLDAPArguments.

/**
 * {@inheritDoc}
 */
@Override()
public void addNonLDAPArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
    // Get a copy of the argument parser for later use.
    this.parser = parser;
    // Get the current time formatted as a generalized time.
    final String currentGeneralizedTime = StaticUtils.encodeGeneralizedTime(System.currentTimeMillis());
    final String olderGeneralizedTime = StaticUtils.encodeGeneralizedTime(System.currentTimeMillis() - 12_345L);
    // Define the global arguments used to indicate which users to target.
    final DNArgument targetDN = new DNArgument('b', ARG_TARGET_DN, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_DN.get());
    targetDN.addLongIdentifier("userDN", true);
    targetDN.addLongIdentifier("target-dn", true);
    targetDN.addLongIdentifier("user-dn", true);
    targetDN.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(targetDN);
    final FileArgument dnInputFile = new FileArgument(null, ARG_DN_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_DN_FILE.get(), true, true, true, false);
    dnInputFile.addLongIdentifier("targetDNFile", true);
    dnInputFile.addLongIdentifier("userDNFile", true);
    dnInputFile.addLongIdentifier("dn-input-file", true);
    dnInputFile.addLongIdentifier("target-dn-file", true);
    dnInputFile.addLongIdentifier("user-dn-file", true);
    dnInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(dnInputFile);
    final FilterArgument targetFilter = new FilterArgument(null, ARG_TARGET_FILTER, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_FILTER.get(ARG_BASE_DN));
    targetFilter.addLongIdentifier("target-filter", true);
    targetFilter.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(targetFilter);
    final FileArgument filterInputFile = new FileArgument(null, ARG_FILTER_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_FILTER_INPUT_FILE.get(ARG_BASE_DN), true, true, true, false);
    filterInputFile.addLongIdentifier("targetFilterFile", true);
    filterInputFile.addLongIdentifier("filter-input-file", true);
    filterInputFile.addLongIdentifier("target-filter-file", true);
    filterInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(filterInputFile);
    final StringArgument targetUserID = new StringArgument(null, ARG_TARGET_USER_ID, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_USER_ID.get(ARG_BASE_DN, ARG_USER_ID_ATTRIBUTE));
    targetUserID.addLongIdentifier("userID", true);
    targetUserID.addLongIdentifier("target-user-id", true);
    targetUserID.addLongIdentifier("user-id", true);
    targetUserID.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(targetUserID);
    final FileArgument userIDInputFile = new FileArgument(null, ARG_USER_ID_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_USER_ID_INPUT_FILE.get(ARG_BASE_DN, ARG_USER_ID_ATTRIBUTE), true, true, true, false);
    userIDInputFile.addLongIdentifier("targetUserIDFile", true);
    userIDInputFile.addLongIdentifier("user-id-input-file", true);
    userIDInputFile.addLongIdentifier("target-user-id-file", true);
    userIDInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(userIDInputFile);
    final StringArgument userIDAttribute = new StringArgument(null, ARG_USER_ID_ATTRIBUTE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_USER_ID_ATTR.get(ARG_TARGET_USER_ID, ARG_USER_ID_INPUT_FILE, DEFAULT_USER_ID_ATTRIBUTE), DEFAULT_USER_ID_ATTRIBUTE);
    userIDAttribute.addLongIdentifier("user-id-attribute", true);
    userIDAttribute.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(userIDAttribute);
    final DNArgument baseDN = new DNArgument(null, ARG_BASE_DN, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_BASE_DN.get(ARG_TARGET_FILTER, ARG_FILTER_INPUT_FILE, ARG_TARGET_USER_ID, ARG_USER_ID_INPUT_FILE), DEFAULT_BASE_DN);
    baseDN.addLongIdentifier("base-dn", true);
    baseDN.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
    parser.addArgument(baseDN);
    final IntegerArgument simplePageSize = new IntegerArgument('z', ARG_SIMPLE_PAGE_SIZE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_SIMPLE_PAGE_SIZE.get(getToolName()), 1, Integer.MAX_VALUE);
    simplePageSize.addLongIdentifier("simple-page-size", true);
    simplePageSize.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get(getToolName()));
    parser.addArgument(simplePageSize);
    // Ensure that the user will be required ot provide at least one of the
    // arguments to specify which users to target.
    parser.addRequiredArgumentSet(targetDN, dnInputFile, targetFilter, filterInputFile, targetUserID, userIDInputFile);
    // Define the global arguments used to control the amount of load the tool
    // should be permitted to generate.
    final IntegerArgument numThreads = new IntegerArgument('t', ARG_NUM_THREADS, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_NUM_THREADS.get(getToolName()), 1, Integer.MAX_VALUE, 1);
    numThreads.addLongIdentifier("num-threads", true);
    numThreads.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
    parser.addArgument(numThreads);
    final IntegerArgument numSearchThreads = new IntegerArgument(null, ARG_NUM_SEARCH_THREADS, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_NUM_SEARCH_THREADS.get(getToolName()), 1, Integer.MAX_VALUE, 1);
    numSearchThreads.addLongIdentifier("num-search-threads", true);
    numSearchThreads.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
    parser.addArgument(numSearchThreads);
    final IntegerArgument ratePerSecond = new IntegerArgument('r', ARG_RATE_PER_SECOND, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_RATE_PER_SECOND.get(ARG_VARIABLE_RATE_DATA), 1, Integer.MAX_VALUE);
    ratePerSecond.addLongIdentifier("rate-per-second", true);
    ratePerSecond.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
    parser.addArgument(ratePerSecond);
    final FileArgument variableRateData = new FileArgument(null, ARG_VARIABLE_RATE_DATA, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_VARIABLE_RATE_DATA.get(ARG_RATE_PER_SECOND), true, true, true, false);
    variableRateData.addLongIdentifier("variable-rate-data", true);
    variableRateData.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
    parser.addArgument(variableRateData);
    final FileArgument generateSampleRateFile = new FileArgument(null, ARG_GENERATE_SAMPLE_RATE_FILE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_GENERATE_SAMPLE_RATE_FILE.get(ARG_VARIABLE_RATE_DATA), false, true, true, false);
    generateSampleRateFile.addLongIdentifier("generate-sample-rate-file", true);
    generateSampleRateFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
    generateSampleRateFile.setUsageArgument(true);
    parser.addArgument(generateSampleRateFile);
    // Define the global arguments tht pertain to the reject file.
    final FileArgument rejectFile = new FileArgument('R', ARG_REJECT_FILE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_REJECT_FILE.get(), false, true, true, false);
    rejectFile.addLongIdentifier("reject-file", true);
    parser.addArgument(rejectFile);
    final BooleanArgument appendToRejectFile = new BooleanArgument(null, ARG_APPEND_TO_REJECT_FILE, 1, INFO_MANAGE_ACCT_ARG_DESC_APPEND_TO_REJECT_FILE.get(rejectFile.getIdentifierString()));
    appendToRejectFile.addLongIdentifier("append-to-reject-file", true);
    parser.addArgument(appendToRejectFile);
    parser.addDependentArgumentSet(appendToRejectFile, rejectFile);
    // Define the argument used to suppress result operations without values.
    final BooleanArgument suppressEmptyResultOperations = new BooleanArgument(null, ARG_SUPPRESS_EMPTY_RESULT_OPERATIONS, 1, INFO_MANAGE_ACCT_ARG_DESC_SUPPRESS_EMPTY_RESULT_OPERATIONS.get(getToolName()));
    parser.addArgument(suppressEmptyResultOperations);
    // Define the subcommand used to retrieve all state information for a user.
    createSubCommand(ManageAccountSubCommandType.GET_ALL, INFO_MANAGE_ACCT_SC_GET_ALL_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand used to retrieve the password policy DN for a user.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_POLICY_DN, INFO_MANAGE_ACCT_SC_GET_POLICY_DN_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether the account is usable.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_USABLE, INFO_MANAGE_ACCT_SC_GET_IS_USABLE_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the set of password policy state
    // account usability notice messages.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_NOTICES, INFO_MANAGE_ACCT_SC_GET_USABILITY_NOTICES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the set of password policy state
    // account usability warning messages.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_WARNINGS, INFO_MANAGE_ACCT_SC_GET_USABILITY_WARNINGS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the set of password policy state
    // account usability error messages.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_ERRORS, INFO_MANAGE_ACCT_SC_GET_USABILITY_ERRORS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the password changed time for a user.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the password changed time for a user.
    final ArgumentParser setPWChangedTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME);
    final TimestampArgument setPWChangedTimeValueArg = new TimestampArgument('O', "passwordChangedTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_TIME_ARG_VALUE.get());
    setPWChangedTimeValueArg.addLongIdentifier("operationValue", true);
    setPWChangedTimeValueArg.addLongIdentifier("password-changed-time", true);
    setPWChangedTimeValueArg.addLongIdentifier("operation-value", true);
    setPWChangedTimeParser.addArgument(setPWChangedTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME, setPWChangedTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--passwordChangedTime", currentGeneralizedTime));
    // Define the subcommand to clear the password changed time for a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user account is disabled.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_GET_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to specify whether a user's account is disabled.
    final ArgumentParser setAcctDisabledParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED);
    final BooleanValueArgument setAcctDisabledValueArg = new BooleanValueArgument('O', "accountIsDisabled", true, null, INFO_MANAGE_ACCT_SC_SET_IS_DISABLED_ARG_VALUE.get());
    setAcctDisabledValueArg.addLongIdentifier("operationValue", true);
    setAcctDisabledValueArg.addLongIdentifier("account-is-disabled", true);
    setAcctDisabledValueArg.addLongIdentifier("operation-value", true);
    setAcctDisabledParser.addArgument(setAcctDisabledValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED, setAcctDisabledParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_SET_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsDisabled", "true"));
    // Define the subcommand to clear the account disabled state.
    createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_CLEAR_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the account activation time for a user.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_GET_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the account activation time for a user.
    final ArgumentParser setAcctActivationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME);
    final TimestampArgument setAcctActivationTimeValueArg = new TimestampArgument('O', "accountActivationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_ACCT_ACT_TIME_ARG_VALUE.get());
    setAcctActivationTimeValueArg.addLongIdentifier("operationValue", true);
    setAcctActivationTimeValueArg.addLongIdentifier("account-activation-time", true);
    setAcctActivationTimeValueArg.addLongIdentifier("operation-value", true);
    setAcctActivationTimeParser.addArgument(setAcctActivationTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME, setAcctActivationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_SET_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--accountActivationTime", currentGeneralizedTime));
    // Define the subcommand to clear the account activation time for a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the length of time until a user's
    // account is activated.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_ACCT_ACT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user's account is not yet
    // active.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_NOT_YET_ACTIVE, INFO_MANAGE_ACCT_SC_GET_ACCT_NOT_YET_ACTIVE_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the account expiration time for a user.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the account expiration time for a user.
    final ArgumentParser setAcctExpirationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME);
    final TimestampArgument setAcctExpirationTimeValueArg = new TimestampArgument('O', "accountExpirationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_ACCT_EXP_TIME_ARG_VALUE.get());
    setAcctExpirationTimeValueArg.addLongIdentifier("operationValue", true);
    setAcctExpirationTimeValueArg.addLongIdentifier("account-expiration-time", true);
    setAcctExpirationTimeValueArg.addLongIdentifier("operation-value", true);
    setAcctExpirationTimeParser.addArgument(setAcctExpirationTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME, setAcctExpirationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_SET_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--accountExpirationTime", currentGeneralizedTime));
    // Define the subcommand to clear the account expiration time for a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the length of time until a user's
    // account is expired.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_ACCT_EXP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user's account is expired.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_EXPIRED, INFO_MANAGE_ACCT_SC_GET_ACCT_IS_EXPIRED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve a user's password expiration warned
    // time.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set a user's password expiration warned time.
    final ArgumentParser setPWExpWarnedTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME);
    final TimestampArgument setPWExpWarnedTimeValueArg = new TimestampArgument('O', "passwordExpirationWarnedTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_EXP_WARNED_TIME_ARG_VALUE.get());
    setPWExpWarnedTimeValueArg.addLongIdentifier("operationValue", true);
    setPWExpWarnedTimeValueArg.addLongIdentifier("password-expiration-warned-time", true);
    setPWExpWarnedTimeValueArg.addLongIdentifier("operation-value", true);
    setPWExpWarnedTimeParser.addArgument(setPWExpWarnedTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME, setPWExpWarnedTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--passwordExpirationWarnedTime", currentGeneralizedTime));
    // Define the subcommand to clear a user's password expiration warned time.
    createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the number of seconds until a user is
    // eligible to receive a password expiration warning.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_EXPIRATION_WARNING, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_PW_EXP_WARNING_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve a user's password expiration time.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_PW_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the number of seconds until a user's
    // password expires.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_EXPIRATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_PW_EXP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user's password is expired.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_IS_EXPIRED, INFO_MANAGE_ACCT_SC_GET_PW_IS_EXPIRED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether an account is failure locked.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_FAILURE_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_FAILURE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to specify whether an account is failure locked.
    final ArgumentParser setIsFailureLockedParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED);
    final BooleanValueArgument setIsFailureLockedValueArg = new BooleanValueArgument('O', "accountIsFailureLocked", true, null, INFO_MANAGE_ACCT_SC_SET_ACCT_FAILURE_LOCKED_ARG_VALUE.get());
    setIsFailureLockedValueArg.addLongIdentifier("operationValue", true);
    setIsFailureLockedValueArg.addLongIdentifier("account-is-failure-locked", true);
    setIsFailureLockedValueArg.addLongIdentifier("operation-value", true);
    setIsFailureLockedParser.addArgument(setIsFailureLockedValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED, setIsFailureLockedParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED, INFO_MANAGE_ACCT_SC_SET_ACCT_FAILURE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsFailureLocked", "true"));
    // Define the subcommand to get the time an account was failure locked.
    createSubCommand(ManageAccountSubCommandType.GET_FAILURE_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_FAILURE_LOCKED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the length of time until a failure-locked
    // account will be automatically unlocked.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_AUTHENTICATION_FAILURE_UNLOCK, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_FAILURE_UNLOCK_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine the authentication failure times.
    createSubCommand(ManageAccountSubCommandType.GET_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_GET_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to add values to the set of authentication failure
    // times.
    final ArgumentParser addAuthFailureTimeParser = createSubCommandParser(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME);
    final TimestampArgument addAuthFailureTimeValueArg = new TimestampArgument('O', "authenticationFailureTime", false, 0, null, INFO_MANAGE_ACCT_SC_ADD_AUTH_FAILURE_TIME_ARG_VALUE.get());
    addAuthFailureTimeValueArg.addLongIdentifier("operationValue", true);
    addAuthFailureTimeValueArg.addLongIdentifier("authentication-failure-time", true);
    addAuthFailureTimeValueArg.addLongIdentifier("operation-value", true);
    addAuthFailureTimeParser.addArgument(addAuthFailureTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME, addAuthFailureTimeParser, createSubCommandExample(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME, INFO_MANAGE_ACCT_SC_ADD_AUTH_FAILURE_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
    // Define the subcommand to replace the authentication failure times.
    final ArgumentParser setAuthFailureTimesParser = createSubCommandParser(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES);
    final TimestampArgument setAuthFailureTimesValueArg = new TimestampArgument('O', "authenticationFailureTime", false, 0, null, INFO_MANAGE_ACCT_SC_SET_AUTH_FAILURE_TIMES_ARG_VALUE.get());
    setAuthFailureTimesValueArg.addLongIdentifier("operationValue", true);
    setAuthFailureTimesValueArg.addLongIdentifier("authentication-failure-time", true);
    setAuthFailureTimesValueArg.addLongIdentifier("operation-value", true);
    setAuthFailureTimesParser.addArgument(setAuthFailureTimesValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES, setAuthFailureTimesParser, createSubCommandExample(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_SET_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, olderGeneralizedTime, currentGeneralizedTime), "--authenticationFailureTime", olderGeneralizedTime, "--authenticationFailureTime", currentGeneralizedTime));
    // Define the subcommand to clear the authentication failure times.
    createSubCommand(ManageAccountSubCommandType.CLEAR_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_CLEAR_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the remaining authentication failure count.
    createSubCommand(ManageAccountSubCommandType.GET_REMAINING_AUTHENTICATION_FAILURE_COUNT, INFO_MANAGE_ACCT_SC_GET_REMAINING_FAILURE_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether the account is idle locked.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_IDLE_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_IDLE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the length of time until the account is
    // idle locked.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_IDLE_LOCKOUT, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_IDLE_LOCKOUT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the idle lockout time for an account.
    createSubCommand(ManageAccountSubCommandType.GET_IDLE_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_IDLE_LOCKOUT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user's password has been
    // reset.
    createSubCommand(ManageAccountSubCommandType.GET_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_GET_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to specify whether a user's password has been
    // reset.
    final ArgumentParser setPWIsResetParser = createSubCommandParser(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD);
    final BooleanValueArgument setPWIsResetValueArg = new BooleanValueArgument('O', "mustChangePassword", true, null, INFO_MANAGE_ACCT_SC_SET_MUST_CHANGE_PW_ARG_VALUE.get());
    setPWIsResetValueArg.addLongIdentifier("passwordIsReset", true);
    setPWIsResetValueArg.addLongIdentifier("operationValue", true);
    setPWIsResetValueArg.addLongIdentifier("must-change-password", true);
    setPWIsResetValueArg.addLongIdentifier("password-is-reset", true);
    setPWIsResetValueArg.addLongIdentifier("operation-value", true);
    setPWIsResetParser.addArgument(setPWIsResetValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD, setPWIsResetParser, createSubCommandExample(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_SET_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--mustChangePassword", "true"));
    // Define the subcommand to clear the password reset state information.
    createSubCommand(ManageAccountSubCommandType.CLEAR_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_CLEAR_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether the account is reset locked.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_PASSWORD_RESET_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_IS_RESET_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the length of time until the password is
    // reset locked.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_RESET_LOCKOUT, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_RESET_LOCKOUT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the password reset lockout time.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_RESET_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_RESET_LOCKOUT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the last login time.
    createSubCommand(ManageAccountSubCommandType.GET_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_GET_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the last login time.
    final ArgumentParser setLastLoginTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME);
    final TimestampArgument setLastLoginTimeValueArg = new TimestampArgument('O', "lastLoginTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_TIME_ARG_VALUE.get());
    setLastLoginTimeValueArg.addLongIdentifier("operationValue", true);
    setLastLoginTimeValueArg.addLongIdentifier("last-login-time", true);
    setLastLoginTimeValueArg.addLongIdentifier("operation-value", true);
    setLastLoginTimeParser.addArgument(setLastLoginTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME, setLastLoginTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--lastLoginTime", currentGeneralizedTime));
    // Define the subcommand to clear the last login time.
    createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_CLEAR_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the last login IP address.
    createSubCommand(ManageAccountSubCommandType.GET_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_GET_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the last login IP address.
    final ArgumentParser setLastLoginIPParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS);
    final StringArgument setLastLoginIPValueArg = new StringArgument('O', "lastLoginIPAddress", true, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_IP_ARG_VALUE.get());
    setLastLoginIPValueArg.addLongIdentifier("operationValue", true);
    setLastLoginIPValueArg.addLongIdentifier("last-login-ip-address", true);
    setLastLoginIPValueArg.addLongIdentifier("operation-value", true);
    setLastLoginIPValueArg.addValueValidator(new IPAddressArgumentValueValidator());
    setLastLoginIPParser.addArgument(setLastLoginIPValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS, setLastLoginIPParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "1.2.3.4"), "--lastLoginIPAddress", "1.2.3.4"));
    // Define the subcommand to clear the last login IP address.
    createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_CLEAR_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the grace login use times.
    createSubCommand(ManageAccountSubCommandType.GET_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_GET_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to add values to the set of grace login use times.
    final ArgumentParser addGraceLoginTimeParser = createSubCommandParser(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME);
    final TimestampArgument addGraceLoginTimeValueArg = new TimestampArgument('O', "graceLoginUseTime", false, 0, null, INFO_MANAGE_ACCT_SC_ADD_GRACE_LOGIN_TIME_ARG_VALUE.get());
    addGraceLoginTimeValueArg.addLongIdentifier("operationValue", true);
    addGraceLoginTimeValueArg.addLongIdentifier("grace-login-use-time", true);
    addGraceLoginTimeValueArg.addLongIdentifier("operation-value", true);
    addGraceLoginTimeParser.addArgument(addGraceLoginTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME, addGraceLoginTimeParser, createSubCommandExample(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME, INFO_MANAGE_ACCT_SC_ADD_GRACE_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
    // Define the subcommand to replace the set of grace login use times.
    final ArgumentParser setGraceLoginTimesParser = createSubCommandParser(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES);
    final TimestampArgument setGraceLoginTimesValueArg = new TimestampArgument('O', "graceLoginUseTime", false, 0, null, INFO_MANAGE_ACCT_SC_SET_GRACE_LOGIN_TIMES_ARG_VALUE.get());
    setGraceLoginTimesValueArg.addLongIdentifier("operationValue", true);
    setGraceLoginTimesValueArg.addLongIdentifier("grace-login-use-time", true);
    setGraceLoginTimesValueArg.addLongIdentifier("operation-value", true);
    setGraceLoginTimesParser.addArgument(setGraceLoginTimesValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES, setGraceLoginTimesParser, createSubCommandExample(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_SET_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, olderGeneralizedTime, currentGeneralizedTime), "--graceLoginUseTime", olderGeneralizedTime, "--graceLoginUseTime", currentGeneralizedTime));
    // Define the subcommand to clear the grace login use times.
    createSubCommand(ManageAccountSubCommandType.CLEAR_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_CLEAR_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the remaining grace login count.
    createSubCommand(ManageAccountSubCommandType.GET_REMAINING_GRACE_LOGIN_COUNT, INFO_MANAGE_ACCT_SC_GET_REMAINING_GRACE_LOGIN_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the password changed by required time value.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the password changed by required time value.
    final ArgumentParser setPWChangedByReqTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME);
    final TimestampArgument setPWChangedByReqTimeValueArg = new TimestampArgument('O', "passwordChangedByRequiredTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_BY_REQ_TIME_ARG_VALUE.get());
    setPWChangedByReqTimeValueArg.addLongIdentifier("operationValue", true);
    setPWChangedByReqTimeValueArg.addLongIdentifier("password-changed-by-required-time", true);
    setPWChangedByReqTimeValueArg.addLongIdentifier("operation-value", true);
    setPWChangedByReqTimeParser.addArgument(setPWChangedByReqTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME, setPWChangedByReqTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
    // Define the subcommand to clear the password changed by required time
    // value.
    createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the length of time until the required change
    // time.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_REQUIRED_PASSWORD_CHANGE_TIME, INFO_MANAGE_ACCT_SC_GET_SECS_UNTIL_REQ_CHANGE_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the password history count.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_HISTORY_COUNT, INFO_MANAGE_ACCT_SC_GET_PW_HISTORY_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to clear a user's password history.
    createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_HISTORY, INFO_MANAGE_ACCT_SC_CLEAR_PW_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user has a retired password.
    createSubCommand(ManageAccountSubCommandType.GET_HAS_RETIRED_PASSWORD, INFO_MANAGE_ACCT_SC_GET_HAS_RETIRED_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the time that a user's former password
    // was retired.
    createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_RETIRED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_RETIRED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the retired password expiration time.
    createSubCommand(ManageAccountSubCommandType.GET_RETIRED_PASSWORD_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_RETIRED_PW_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to purge a retired password.
    createSubCommand(ManageAccountSubCommandType.CLEAR_RETIRED_PASSWORD, INFO_MANAGE_ACCT_SC_PURGE_RETIRED_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the available SASL mechanisms for a user.
    createSubCommand(ManageAccountSubCommandType.GET_AVAILABLE_SASL_MECHANISMS, INFO_MANAGE_ACCT_SC_GET_AVAILABLE_SASL_MECHS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the available OTP delivery mechanisms for a
    // user.
    createSubCommand(ManageAccountSubCommandType.GET_AVAILABLE_OTP_DELIVERY_MECHANISMS, INFO_MANAGE_ACCT_SC_GET_AVAILABLE_OTP_MECHS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user has at least one TOTP
    // shared secret.
    createSubCommand(ManageAccountSubCommandType.GET_HAS_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_GET_HAS_TOTP_SHARED_SECRET_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to add a value to the set of TOTP shared secrets
    // for a user.
    final ArgumentParser addTOTPSharedSecretParser = createSubCommandParser(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET);
    final StringArgument addTOTPSharedSecretValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_ARG_VALUE.get());
    addTOTPSharedSecretValueArg.addLongIdentifier("operationValue", true);
    addTOTPSharedSecretValueArg.addLongIdentifier("totp-shared-secret", true);
    addTOTPSharedSecretValueArg.addLongIdentifier("operation-value", true);
    addTOTPSharedSecretValueArg.setSensitive(true);
    addTOTPSharedSecretParser.addArgument(addTOTPSharedSecretValueArg);
    createSubCommand(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET, addTOTPSharedSecretParser, createSubCommandExample(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_ADD_TOTP_SHARED_SECRET_EXAMPLE.get("abcdefghijklmnop", EXAMPLE_TARGET_USER_DN), "--totpSharedSecret", "abcdefghijklmnop"));
    // Define the subcommand to remove a value from the set of TOTP shared
    // secrets for a user.
    final ArgumentParser removeTOTPSharedSecretParser = createSubCommandParser(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET);
    final StringArgument removeTOTPSharedSecretValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_ARG_VALUE.get());
    removeTOTPSharedSecretValueArg.addLongIdentifier("operationValue", true);
    removeTOTPSharedSecretValueArg.addLongIdentifier("totp-shared-secret", true);
    removeTOTPSharedSecretValueArg.addLongIdentifier("operation-value", true);
    removeTOTPSharedSecretValueArg.setSensitive(true);
    removeTOTPSharedSecretParser.addArgument(removeTOTPSharedSecretValueArg);
    createSubCommand(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET, removeTOTPSharedSecretParser, createSubCommandExample(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_REMOVE_TOTP_SHARED_SECRET_EXAMPLE.get("abcdefghijklmnop", EXAMPLE_TARGET_USER_DN), "--totpSharedSecret", "abcdefghijklmnop"));
    // Define the subcommand to replace set of TOTP shared secrets for a user.
    final ArgumentParser setTOTPSharedSecretsParser = createSubCommandParser(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS);
    final StringArgument setTOTPSharedSecretsValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_SET_TOTP_SHARED_SECRETS_ARG_VALUE.get());
    setTOTPSharedSecretsValueArg.addLongIdentifier("operationValue", true);
    setTOTPSharedSecretsValueArg.addLongIdentifier("totp-shared-secret", true);
    setTOTPSharedSecretsValueArg.addLongIdentifier("operation-value", true);
    setTOTPSharedSecretsValueArg.setSensitive(true);
    setTOTPSharedSecretsParser.addArgument(setTOTPSharedSecretsValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS, setTOTPSharedSecretsParser, createSubCommandExample(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS, INFO_MANAGE_ACCT_SC_SET_TOTP_SHARED_SECRETS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "abcdefghijklmnop"), "--totpSharedSecret", "abcdefghijklmnop"));
    // Define the subcommand to clear the set of TOTP shared secrets for a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_TOTP_SHARED_SECRETS, INFO_MANAGE_ACCT_SC_CLEAR_TOTP_SHARED_SECRETS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user has at least one
    // registered YubiKey OTP device public ID.
    createSubCommand(ManageAccountSubCommandType.GET_HAS_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_GET_HAS_YUBIKEY_ID_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to get the set of registered YubiKey OTP device
    // public IDs for a user.
    createSubCommand(ManageAccountSubCommandType.GET_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_GET_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to add a value to the set of registered YubiKey OTP
    // device public IDs for a user.
    final ArgumentParser addRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID);
    final StringArgument addRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_ARG_VALUE.get());
    addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
    addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
    addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
    addRegisteredYubiKeyPublicIDParser.addArgument(addRegisteredYubiKeyPublicIDValueArg);
    createSubCommand(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID, addRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_EXAMPLE.get("abcdefghijkl", EXAMPLE_TARGET_USER_DN), "--publicID", "abcdefghijkl"));
    // Define the subcommand to remove a value from the set of registered
    // YubiKey OTP device public IDs for a user.
    final ArgumentParser removeRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID);
    final StringArgument removeRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_ARG_VALUE.get());
    removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
    removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
    removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
    removeRegisteredYubiKeyPublicIDParser.addArgument(removeRegisteredYubiKeyPublicIDValueArg);
    createSubCommand(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, removeRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_EXAMPLE.get("abcdefghijkl", EXAMPLE_TARGET_USER_DN), "--publicID", "abcdefghijkl"));
    // Define the subcommand to replace set of registered YubiKey OTP device
    // public IDs for a user.
    final ArgumentParser setRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS);
    final StringArgument setRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_SET_YUBIKEY_IDS_ARG_VALUE.get());
    setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
    setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
    setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
    setRegisteredYubiKeyPublicIDParser.addArgument(setRegisteredYubiKeyPublicIDValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS, setRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_SET_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "abcdefghijkl"), "--publicID", "abcdefghijkl"));
    // Define the subcommand to clear the set of registered YubiKey OTP device
    // public IDs for a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_CLEAR_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether a user has at least one static
    // password.
    createSubCommand(ManageAccountSubCommandType.GET_HAS_STATIC_PASSWORD, INFO_MANAGE_ACCT_SC_GET_HAS_STATIC_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the last bind password validation time
    // for a user.
    createSubCommand(ManageAccountSubCommandType.GET_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_GET_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve the length of time since the last bind
    // password validation for a user.
    createSubCommand(ManageAccountSubCommandType.GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION, INFO_MANAGE_ACCT_SC_GET_SECS_SINCE_LAST_BIND_PW_VALIDATION_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to set the last bind password validation time for a
    // user.
    final ArgumentParser setLastBindPasswordValidationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME);
    final TimestampArgument setLastBindPasswordValidationTimeValueArg = new TimestampArgument('O', "validationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_BIND_PW_VALIDATION_TIME_ARG_VALUE.get());
    setLastBindPasswordValidationTimeValueArg.addLongIdentifier("operationValue", true);
    setLastBindPasswordValidationTimeValueArg.addLongIdentifier("validation-time", true);
    setLastBindPasswordValidationTimeValueArg.addLongIdentifier("operation-value", true);
    setLastBindPasswordValidationTimeParser.addArgument(setLastBindPasswordValidationTimeValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME, setLastBindPasswordValidationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_SET_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--validationTime", currentGeneralizedTime));
    // Define the subcommand to clear the last bind password validation time for
    // a user.
    createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to determine whether an account is locked because
    // it contains a password that does not satisfy all of the configured
    // password validators.
    createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_VALIDATION_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_VALIDATION_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to specify whether an account is locked because it
    // contains a password that does not satisfy all of the configured password
    // validators.
    final ArgumentParser setIsValidationLockedParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED);
    final BooleanValueArgument setIsValidationLockedValueArg = new BooleanValueArgument('O', "accountIsValidationLocked", true, null, INFO_MANAGE_ACCT_SC_SET_ACCT_VALIDATION_LOCKED_ARG_VALUE.get());
    setIsValidationLockedValueArg.addLongIdentifier("operationValue", true);
    setIsValidationLockedValueArg.addLongIdentifier("account-is-validation-locked", true);
    setIsValidationLockedValueArg.addLongIdentifier("operation-value", true);
    setIsValidationLockedParser.addArgument(setIsValidationLockedValueArg);
    createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED, setIsValidationLockedParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED, INFO_MANAGE_ACCT_SC_SET_ACCT_VALIDATION_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsValidationLocked", "true"));
    // Define the subcommand to retrieve a user's recent login history.
    createSubCommand(ManageAccountSubCommandType.GET_RECENT_LOGIN_HISTORY, INFO_MANAGE_ACCT_SC_GET_RECENT_LOGIN_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
    // Define the subcommand to retrieve a user's recent login history.
    createSubCommand(ManageAccountSubCommandType.CLEAR_RECENT_LOGIN_HISTORY, INFO_MANAGE_ACCT_SC_CLEAR_RECENT_LOGIN_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
}
Also used : DNArgument(com.unboundid.util.args.DNArgument) IPAddressArgumentValueValidator(com.unboundid.util.args.IPAddressArgumentValueValidator) FilterArgument(com.unboundid.util.args.FilterArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) BooleanArgument(com.unboundid.util.args.BooleanArgument) FileArgument(com.unboundid.util.args.FileArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) ArgumentParser(com.unboundid.util.args.ArgumentParser) StringArgument(com.unboundid.util.args.StringArgument)

Aggregations

TimestampArgument (com.unboundid.util.args.TimestampArgument)7 ArgumentParser (com.unboundid.util.args.ArgumentParser)6 BooleanValueArgument (com.unboundid.util.args.BooleanValueArgument)5 StringArgument (com.unboundid.util.args.StringArgument)5 BooleanArgument (com.unboundid.util.args.BooleanArgument)4 DNArgument (com.unboundid.util.args.DNArgument)4 FileArgument (com.unboundid.util.args.FileArgument)4 IntegerArgument (com.unboundid.util.args.IntegerArgument)4 NotNull (com.unboundid.util.NotNull)3 SubCommand (com.unboundid.util.args.SubCommand)3 Date (java.util.Date)3 ASN1BitString (com.unboundid.asn1.ASN1BitString)2 FilterArgument (com.unboundid.util.args.FilterArgument)2 IPAddressArgumentValueValidator (com.unboundid.util.args.IPAddressArgumentValueValidator)2 ArrayList (java.util.ArrayList)2 LinkedHashSet (java.util.LinkedHashSet)2 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1 InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)1 InMemoryDirectoryServerConfig (com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)1 DN (com.unboundid.ldap.sdk.DN)1