Example 1 with TimestampArgument
use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.
the class ManageCertificates method doGenerateOrSignCertificateOrCSR.
/**
* Performs the necessary processing for the generate-self-signed-certificate,
* generate-certificate-signing-request, and sign-certificate-signing-request
* subcommands.
*
* @return A result code that indicates whether the processing completed
* successfully.
*/
@NotNull()
private ResultCode doGenerateOrSignCertificateOrCSR() {
// Figure out which subcommand we're processing.
final boolean isGenerateCertificate;
final boolean isGenerateCSR;
final boolean isSignCSR;
final SubCommand selectedSubCommand = globalParser.getSelectedSubCommand();
if (selectedSubCommand.hasName("generate-self-signed-certificate")) {
isGenerateCertificate = true;
isGenerateCSR = false;
isSignCSR = false;
} else if (selectedSubCommand.hasName("generate-certificate-signing-request")) {
isGenerateCertificate = false;
isGenerateCSR = true;
isSignCSR = false;
} else {
Validator.ensureTrue(selectedSubCommand.hasName("sign-certificate-signing-request"));
isGenerateCertificate = false;
isGenerateCSR = false;
isSignCSR = true;
}
// Get the values of a number of configured arguments.
final StringArgument aliasArgument = subCommandParser.getStringArgument("alias");
final String alias = aliasArgument.getValue();
final File keystorePath = getKeystorePath();
final boolean isNewKeystore = (!keystorePath.exists());
DN subjectDN = null;
final DNArgument subjectDNArgument = subCommandParser.getDNArgument("subject-dn");
if ((subjectDNArgument != null) && subjectDNArgument.isPresent()) {
subjectDN = subjectDNArgument.getValue();
}
File inputFile = null;
final FileArgument inputFileArgument = subCommandParser.getFileArgument("input-file");
if ((inputFileArgument != null) && inputFileArgument.isPresent()) {
inputFile = inputFileArgument.getValue();
}
File outputFile = null;
final FileArgument outputFileArgument = subCommandParser.getFileArgument("output-file");
if ((outputFileArgument != null) && outputFileArgument.isPresent()) {
outputFile = outputFileArgument.getValue();
}
boolean outputPEM = true;
final StringArgument outputFormatArgument = subCommandParser.getStringArgument("output-format");
if ((outputFormatArgument != null) && outputFormatArgument.isPresent()) {
final String format = outputFormatArgument.getValue().toLowerCase();
if (format.equals("der") || format.equals("binary") || format.equals("bin")) {
outputPEM = false;
}
}
if ((!outputPEM) && (outputFile == null)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_FILE_WITH_DER.get());
return ResultCode.PARAM_ERROR;
}
final BooleanArgument replaceExistingCertificateArgument = subCommandParser.getBooleanArgument("replace-existing-certificate");
final boolean replaceExistingCertificate = ((replaceExistingCertificateArgument != null) && replaceExistingCertificateArgument.isPresent());
if (replaceExistingCertificate && (!keystorePath.exists())) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_WITHOUT_KS.get());
return ResultCode.PARAM_ERROR;
}
final BooleanArgument inheritExtensionsArgument = subCommandParser.getBooleanArgument("inherit-extensions");
final boolean inheritExtensions = ((inheritExtensionsArgument != null) && inheritExtensionsArgument.isPresent());
final BooleanArgument includeRequestedExtensionsArgument = subCommandParser.getBooleanArgument("include-requested-extensions");
final boolean includeRequestedExtensions = ((includeRequestedExtensionsArgument != null) && includeRequestedExtensionsArgument.isPresent());
final BooleanArgument noPromptArgument = subCommandParser.getBooleanArgument("no-prompt");
final boolean noPrompt = ((noPromptArgument != null) && noPromptArgument.isPresent());
final BooleanArgument displayKeytoolCommandArgument = subCommandParser.getBooleanArgument("display-keytool-command");
final boolean displayKeytoolCommand = ((displayKeytoolCommandArgument != null) && displayKeytoolCommandArgument.isPresent());
int daysValid = 365;
final IntegerArgument daysValidArgument = subCommandParser.getIntegerArgument("days-valid");
if ((daysValidArgument != null) && daysValidArgument.isPresent()) {
daysValid = daysValidArgument.getValue();
}
Date validityStartTime = null;
final TimestampArgument validityStartTimeArgument = subCommandParser.getTimestampArgument("validity-start-time");
if ((validityStartTimeArgument != null) && validityStartTimeArgument.isPresent()) {
validityStartTime = validityStartTimeArgument.getValue();
}
PublicKeyAlgorithmIdentifier keyAlgorithmIdentifier = null;
String keyAlgorithmName = null;
final StringArgument keyAlgorithmArgument = subCommandParser.getStringArgument("key-algorithm");
if ((keyAlgorithmArgument != null) && keyAlgorithmArgument.isPresent()) {
final String name = keyAlgorithmArgument.getValue();
keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.forName(name);
if (keyAlgorithmIdentifier == null) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_KEY_ALG.get(name));
return ResultCode.PARAM_ERROR;
} else {
keyAlgorithmName = keyAlgorithmIdentifier.getName();
}
}
Integer keySizeBits = null;
final IntegerArgument keySizeBitsArgument = subCommandParser.getIntegerArgument("key-size-bits");
if ((keySizeBitsArgument != null) && keySizeBitsArgument.isPresent()) {
keySizeBits = keySizeBitsArgument.getValue();
}
if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (keySizeBits == null)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_KEY_SIZE_FOR_NON_RSA_KEY.get());
return ResultCode.PARAM_ERROR;
}
String signatureAlgorithmName = null;
SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = null;
final StringArgument signatureAlgorithmArgument = subCommandParser.getStringArgument("signature-algorithm");
if ((signatureAlgorithmArgument != null) && signatureAlgorithmArgument.isPresent()) {
final String name = signatureAlgorithmArgument.getValue();
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forName(name);
if (signatureAlgorithmIdentifier == null) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG.get(name));
return ResultCode.PARAM_ERROR;
} else {
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
}
if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (signatureAlgorithmIdentifier == null)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SIG_ALG_FOR_NON_RSA_KEY.get());
return ResultCode.PARAM_ERROR;
}
// Build a subject alternative name extension, if appropriate.
final ArrayList<X509CertificateExtension> extensionList = new ArrayList<>(10);
final GeneralNamesBuilder sanBuilder = new GeneralNamesBuilder();
final LinkedHashSet<String> sanValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
final StringArgument sanDNSArgument = subCommandParser.getStringArgument("subject-alternative-name-dns");
if ((sanDNSArgument != null) && sanDNSArgument.isPresent()) {
for (final String value : sanDNSArgument.getValues()) {
sanBuilder.addDNSName(value);
sanValues.add("DNS:" + value);
}
}
final StringArgument sanIPArgument = subCommandParser.getStringArgument("subject-alternative-name-ip-address");
if ((sanIPArgument != null) && sanIPArgument.isPresent()) {
for (final String value : sanIPArgument.getValues()) {
try {
sanBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
sanValues.add("IP:" + value);
} catch (final Exception e) {
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
}
final StringArgument sanEmailArgument = subCommandParser.getStringArgument("subject-alternative-name-email-address");
if ((sanEmailArgument != null) && sanEmailArgument.isPresent()) {
for (final String value : sanEmailArgument.getValues()) {
sanBuilder.addRFC822Name(value);
sanValues.add("EMAIL:" + value);
}
}
final StringArgument sanURIArgument = subCommandParser.getStringArgument("subject-alternative-name-uri");
if ((sanURIArgument != null) && sanURIArgument.isPresent()) {
for (final String value : sanURIArgument.getValues()) {
sanBuilder.addUniformResourceIdentifier(value);
sanValues.add("URI:" + value);
}
}
final StringArgument sanOIDArgument = subCommandParser.getStringArgument("subject-alternative-name-oid");
if ((sanOIDArgument != null) && sanOIDArgument.isPresent()) {
for (final String value : sanOIDArgument.getValues()) {
sanBuilder.addRegisteredID(new OID(value));
sanValues.add("OID:" + value);
}
}
if (!sanValues.isEmpty()) {
try {
extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
} catch (final Exception e) {
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
// Build a set of issuer alternative name extension values.
final GeneralNamesBuilder ianBuilder = new GeneralNamesBuilder();
final LinkedHashSet<String> ianValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
final StringArgument ianDNSArgument = subCommandParser.getStringArgument("issuer-alternative-name-dns");
if ((ianDNSArgument != null) && ianDNSArgument.isPresent()) {
for (final String value : ianDNSArgument.getValues()) {
ianBuilder.addDNSName(value);
ianValues.add("DNS:" + value);
}
}
final StringArgument ianIPArgument = subCommandParser.getStringArgument("issuer-alternative-name-ip-address");
if ((ianIPArgument != null) && ianIPArgument.isPresent()) {
for (final String value : ianIPArgument.getValues()) {
try {
ianBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
ianValues.add("IP:" + value);
} catch (final Exception e) {
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
}
final StringArgument ianEmailArgument = subCommandParser.getStringArgument("issuer-alternative-name-email-address");
if ((ianEmailArgument != null) && ianEmailArgument.isPresent()) {
for (final String value : ianEmailArgument.getValues()) {
ianBuilder.addRFC822Name(value);
ianValues.add("EMAIL:" + value);
}
}
final StringArgument ianURIArgument = subCommandParser.getStringArgument("issuer-alternative-name-uri");
if ((ianURIArgument != null) && ianURIArgument.isPresent()) {
for (final String value : ianURIArgument.getValues()) {
ianBuilder.addUniformResourceIdentifier(value);
ianValues.add("URI:" + value);
}
}
final StringArgument ianOIDArgument = subCommandParser.getStringArgument("issuer-alternative-name-oid");
if ((ianOIDArgument != null) && ianOIDArgument.isPresent()) {
for (final String value : ianOIDArgument.getValues()) {
ianBuilder.addRegisteredID(new OID(value));
ianValues.add("OID:" + value);
}
}
if (!ianValues.isEmpty()) {
try {
extensionList.add(new IssuerAlternativeNameExtension(false, ianBuilder.build()));
} catch (final Exception e) {
// This should never happen.
Debug.debugException(e);
throw new RuntimeException(e);
}
}
// Build a basic constraints extension, if appropriate.
BasicConstraintsExtension basicConstraints = null;
final BooleanValueArgument basicConstraintsIsCAArgument = subCommandParser.getBooleanValueArgument("basic-constraints-is-ca");
if ((basicConstraintsIsCAArgument != null) && basicConstraintsIsCAArgument.isPresent()) {
final boolean isCA = basicConstraintsIsCAArgument.getValue();
Integer pathLength = null;
final IntegerArgument pathLengthArgument = subCommandParser.getIntegerArgument("basic-constraints-maximum-path-length");
if ((pathLengthArgument != null) && pathLengthArgument.isPresent()) {
if (isCA) {
pathLength = pathLengthArgument.getValue();
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_BC_PATH_LENGTH_WITHOUT_CA.get());
return ResultCode.PARAM_ERROR;
}
}
basicConstraints = new BasicConstraintsExtension(false, isCA, pathLength);
extensionList.add(basicConstraints);
}
// Build a key usage extension, if appropriate.
KeyUsageExtension keyUsage = null;
final StringArgument keyUsageArgument = subCommandParser.getStringArgument("key-usage");
if ((keyUsageArgument != null) && keyUsageArgument.isPresent()) {
boolean digitalSignature = false;
boolean nonRepudiation = false;
boolean keyEncipherment = false;
boolean dataEncipherment = false;
boolean keyAgreement = false;
boolean keyCertSign = false;
boolean crlSign = false;
boolean encipherOnly = false;
boolean decipherOnly = false;
for (final String value : keyUsageArgument.getValues()) {
if (value.equalsIgnoreCase("digital-signature") || value.equalsIgnoreCase("digitalSignature")) {
digitalSignature = true;
} else if (value.equalsIgnoreCase("non-repudiation") || value.equalsIgnoreCase("nonRepudiation") || value.equalsIgnoreCase("content-commitment") || value.equalsIgnoreCase("contentCommitment")) {
nonRepudiation = true;
} else if (value.equalsIgnoreCase("key-encipherment") || value.equalsIgnoreCase("keyEncipherment")) {
keyEncipherment = true;
} else if (value.equalsIgnoreCase("data-encipherment") || value.equalsIgnoreCase("dataEncipherment")) {
dataEncipherment = true;
} else if (value.equalsIgnoreCase("key-agreement") || value.equalsIgnoreCase("keyAgreement")) {
keyAgreement = true;
} else if (value.equalsIgnoreCase("key-cert-sign") || value.equalsIgnoreCase("keyCertSign")) {
keyCertSign = true;
} else if (value.equalsIgnoreCase("crl-sign") || value.equalsIgnoreCase("crlSign")) {
crlSign = true;
} else if (value.equalsIgnoreCase("encipher-only") || value.equalsIgnoreCase("encipherOnly")) {
encipherOnly = true;
} else if (value.equalsIgnoreCase("decipher-only") || value.equalsIgnoreCase("decipherOnly")) {
decipherOnly = true;
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_KEY_USAGE.get(value));
return ResultCode.PARAM_ERROR;
}
}
keyUsage = new KeyUsageExtension(false, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, crlSign, encipherOnly, decipherOnly);
extensionList.add(keyUsage);
}
// Build an extended key usage extension, if appropriate.
ExtendedKeyUsageExtension extendedKeyUsage = null;
final StringArgument extendedKeyUsageArgument = subCommandParser.getStringArgument("extended-key-usage");
if ((extendedKeyUsageArgument != null) && extendedKeyUsageArgument.isPresent()) {
final List<String> values = extendedKeyUsageArgument.getValues();
final ArrayList<OID> keyPurposeIDs = new ArrayList<>(values.size());
for (final String value : values) {
if (value.equalsIgnoreCase("server-auth") || value.equalsIgnoreCase("serverAuth") || value.equalsIgnoreCase("server-authentication") || value.equalsIgnoreCase("serverAuthentication") || value.equalsIgnoreCase("tls-server-authentication") || value.equalsIgnoreCase("tlsServerAuthentication")) {
keyPurposeIDs.add(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID());
} else if (value.equalsIgnoreCase("client-auth") || value.equalsIgnoreCase("clientAuth") || value.equalsIgnoreCase("client-authentication") || value.equalsIgnoreCase("clientAuthentication") || value.equalsIgnoreCase("tls-client-authentication") || value.equalsIgnoreCase("tlsClientAuthentication")) {
keyPurposeIDs.add(ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID());
} else if (value.equalsIgnoreCase("code-signing") || value.equalsIgnoreCase("codeSigning")) {
keyPurposeIDs.add(ExtendedKeyUsageID.CODE_SIGNING.getOID());
} else if (value.equalsIgnoreCase("email-protection") || value.equalsIgnoreCase("emailProtection")) {
keyPurposeIDs.add(ExtendedKeyUsageID.EMAIL_PROTECTION.getOID());
} else if (value.equalsIgnoreCase("time-stamping") || value.equalsIgnoreCase("timeStamping")) {
keyPurposeIDs.add(ExtendedKeyUsageID.TIME_STAMPING.getOID());
} else if (value.equalsIgnoreCase("ocsp-signing") || value.equalsIgnoreCase("ocspSigning")) {
keyPurposeIDs.add(ExtendedKeyUsageID.OCSP_SIGNING.getOID());
} else if (OID.isStrictlyValidNumericOID(value)) {
keyPurposeIDs.add(new OID(value));
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_EXTENDED_KEY_USAGE.get(value));
return ResultCode.PARAM_ERROR;
}
}
try {
extendedKeyUsage = new ExtendedKeyUsageExtension(false, keyPurposeIDs);
} catch (final Exception e) {
// This should never happen.
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXTENDED_KEY_USAGE_ERROR.get());
e.printStackTrace(getErr());
return ResultCode.PARAM_ERROR;
}
extensionList.add(extendedKeyUsage);
}
// Build a list of generic extensions.
final ArrayList<X509CertificateExtension> genericExtensions = new ArrayList<>(5);
final StringArgument extensionArgument = subCommandParser.getStringArgument("extension");
if ((extensionArgument != null) && extensionArgument.isPresent()) {
for (final String value : extensionArgument.getValues()) {
try {
final int firstColonPos = value.indexOf(':');
final int secondColonPos = value.indexOf(':', firstColonPos + 1);
final OID oid = new OID(value.substring(0, firstColonPos));
if (!oid.isStrictlyValidNumericOID()) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED_OID.get(value, oid.toString()));
return ResultCode.PARAM_ERROR;
}
final boolean criticality;
final String criticalityString = value.substring(firstColonPos + 1, secondColonPos);
if (criticalityString.equalsIgnoreCase("true") || criticalityString.equalsIgnoreCase("t") || criticalityString.equalsIgnoreCase("yes") || criticalityString.equalsIgnoreCase("y") || criticalityString.equalsIgnoreCase("on") || criticalityString.equalsIgnoreCase("1")) {
criticality = true;
} else if (criticalityString.equalsIgnoreCase("false") || criticalityString.equalsIgnoreCase("f") || criticalityString.equalsIgnoreCase("no") || criticalityString.equalsIgnoreCase("n") || criticalityString.equalsIgnoreCase("off") || criticalityString.equalsIgnoreCase("0")) {
criticality = false;
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_CRITICALITY.get(value, criticalityString));
return ResultCode.PARAM_ERROR;
}
final byte[] valueBytes;
try {
valueBytes = StaticUtils.fromHex(value.substring(secondColonPos + 1));
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_VALUE.get(value));
return ResultCode.PARAM_ERROR;
}
final X509CertificateExtension extension = new X509CertificateExtension(oid, criticality, valueBytes);
genericExtensions.add(extension);
extensionList.add(extension);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED.get(value));
return ResultCode.PARAM_ERROR;
}
}
}
final String keystoreType;
try {
keystoreType = inferKeystoreType(keystorePath);
} catch (final LDAPException le) {
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
final char[] keystorePassword;
try {
keystorePassword = getKeystorePassword(keystorePath);
} catch (final LDAPException le) {
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Get the keystore.
final KeyStore keystore;
try {
keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
} catch (final LDAPException le) {
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// If there is a private key, then see if we need to use a private key
// password that is different from the keystore password.
final char[] privateKeyPassword;
try {
privateKeyPassword = getPrivateKeyPassword(keystore, alias, keystorePassword);
} catch (final LDAPException le) {
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// perform the appropriate processing for that.
if (replaceExistingCertificate) {
// specified alias.
if (!hasKeyAlias(keystore, alias)) {
if (hasCertificateAlias(keystore, alias)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
}
// Get the certificate to replace, along with its key pair.
final X509Certificate certToReplace;
final KeyPair keyPair;
try {
final Certificate[] chain = keystore.getCertificateChain(alias);
certToReplace = new X509Certificate(chain[0].getEncoded());
final PublicKey publicKey = chain[0].getPublicKey();
final PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
keyPair = new KeyPair(publicKey, privateKey);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_COULD_NOT_GET_CERT.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Assign the remaining values using information in the existing
// certificate.
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(certToReplace.getSignatureAlgorithmOID());
if (signatureAlgorithmIdentifier == null) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CERT.get(certToReplace.getSignatureAlgorithmOID()));
return ResultCode.PARAM_ERROR;
} else {
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
if (subjectDN == null) {
subjectDN = certToReplace.getSubjectDN();
}
if (inheritExtensions) {
for (final X509CertificateExtension extension : certToReplace.getExtensions()) {
if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
// This extension applies to the issuer. We won't include this in
// the set of inherited extensions.
} else if (extension instanceof SubjectKeyIdentifierExtension) {
// The generated certificate will automatically include a subject
// key identifier extension, so we don't need to include it.
} else if (extension instanceof BasicConstraintsExtension) {
// Don't override a value already provided on the command line.
if (basicConstraints == null) {
basicConstraints = (BasicConstraintsExtension) extension;
extensionList.add(basicConstraints);
}
} else if (extension instanceof ExtendedKeyUsageExtension) {
// Don't override a value already provided on the command line.
if (extendedKeyUsage == null) {
extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
extensionList.add(extendedKeyUsage);
}
} else if (extension instanceof KeyUsageExtension) {
// Don't override a value already provided on the command line.
if (keyUsage == null) {
keyUsage = (KeyUsageExtension) extension;
extensionList.add(keyUsage);
}
} else if (extension instanceof SubjectAlternativeNameExtension) {
// line.
if (sanValues.isEmpty()) {
final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
for (final String dnsName : e.getDNSNames()) {
sanValues.add("DNS:" + dnsName);
}
for (final InetAddress ipAddress : e.getIPAddresses()) {
sanValues.add("IP:" + ipAddress.getHostAddress());
}
for (final String emailAddress : e.getRFC822Names()) {
sanValues.add("EMAIL:" + emailAddress);
}
for (final String uri : e.getUniformResourceIdentifiers()) {
sanValues.add("URI:" + uri);
}
for (final OID oid : e.getRegisteredIDs()) {
sanValues.add("OID:" + oid.toString());
}
extensionList.add(extension);
}
} else {
genericExtensions.add(extension);
extensionList.add(extension);
}
}
}
// Create an array with the final set of extensions to include in the
// certificate or certificate signing request.
final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
// a keytool command that we could use to accomplish it.
if (isGenerateCertificate) {
if (displayKeytoolCommand) {
final ArrayList<String> keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-selfcert");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null) {
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
displayKeytoolCommand(keytoolArguments);
}
// Generate the self-signed certificate.
final long notBefore;
if (validityStartTime == null) {
notBefore = System.currentTimeMillis();
} else {
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509Certificate certificate;
final Certificate[] chain;
try {
certificate = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyPair, subjectDN, notBefore, notAfter, extensions);
chain = new Certificate[] { certificate.toCertificate() };
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Update the keystore with the new certificate.
try {
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
writeKeystore(keystore, keystorePath, keystorePassword);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Display the certificate we just generated to the end user.
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
printCertificate(certificate, "", false);
// If we should write an output file, then do that now.
if (outputFile != null) {
try (PrintStream ps = new PrintStream(outputFile)) {
final byte[] certBytes = certificate.getX509CertificateBytes();
if (outputPEM) {
writePEMCertificate(ps, certBytes);
} else {
ps.write(certBytes);
}
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
} catch (final Exception e) {
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
return ResultCode.SUCCESS;
} else {
// Build the keytool command used to generate the certificate signing
// request.
Validator.ensureTrue(isGenerateCSR);
if (displayKeytoolCommand) {
final ArrayList<String> keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-certreq");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
if (outputFile != null) {
keytoolArguments.add("-file");
keytoolArguments.add(outputFile.getAbsolutePath());
}
displayKeytoolCommand(keytoolArguments);
}
// Generate the certificate signing request.
final PKCS10CertificateSigningRequest certificateSigningRequest;
try {
certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// location.
try {
final PrintStream ps;
if (outputFile == null) {
ps = getOut();
} else {
ps = new PrintStream(outputFile);
}
if (outputPEM) {
writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
} else {
ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
}
if (outputFile != null) {
ps.close();
}
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// able to see it.
if (outputFile != null) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
}
// certificate. Perform any remaining argument assignment and validation.
if ((subjectDN == null) && (!isSignCSR)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SUBJECT_DN_WITHOUT_REPLACE.get());
return ResultCode.PARAM_ERROR;
}
if (keyAlgorithmIdentifier == null) {
keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.RSA;
keyAlgorithmName = keyAlgorithmIdentifier.getName();
}
if (keySizeBits == null) {
keySizeBits = 2048;
}
if ((signatureAlgorithmIdentifier == null) && (!isSignCSR)) {
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.SHA_256_WITH_RSA;
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
// certificate.
if (isGenerateCertificate || isGenerateCSR) {
// keystore.
if (hasKeyAlias(keystore, alias) || hasCertificateAlias(keystore, alias)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ALIAS_EXISTS_WITHOUT_REPLACE.get(alias));
return ResultCode.PARAM_ERROR;
}
if (displayKeytoolCommand) {
final ArrayList<String> keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-genkeypair");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-keyalg");
keytoolArguments.add(keyAlgorithmName);
keytoolArguments.add("-keysize");
keytoolArguments.add(String.valueOf(keySizeBits));
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null) {
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
displayKeytoolCommand(keytoolArguments);
}
// Generate the self-signed certificate.
final long notBefore;
if (validityStartTime == null) {
notBefore = System.currentTimeMillis();
} else {
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
final Certificate[] chain;
final KeyPair keyPair;
final X509Certificate certificate;
try {
final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyAlgorithmIdentifier, keySizeBits, subjectDN, notBefore, notAfter, extensions);
certificate = p.getFirst();
chain = new Certificate[] { certificate.toCertificate() };
keyPair = p.getSecond();
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Update the keystore with the new certificate.
try {
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
writeKeystore(keystore, keystorePath, keystorePassword);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
if (isNewKeystore) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_CERT_CREATED_KEYSTORE.get(getUserFriendlyKeystoreType(keystoreType)));
}
// file.
if (isGenerateCertificate) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
printCertificate(certificate, "", false);
// If we should write an output file, then do that now.
if (outputFile != null) {
try (PrintStream ps = new PrintStream(outputFile)) {
final byte[] certBytes = certificate.getX509CertificateBytes();
if (outputPEM) {
writePEMCertificate(ps, certBytes);
} else {
ps.write(certBytes);
}
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
} catch (final Exception e) {
Debug.debugException(e);
err();
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
}
return ResultCode.SUCCESS;
}
// If we're generating a certificate signing request, then put together
// the appropriate set of arguments for that.
Validator.ensureTrue(isGenerateCSR);
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_KEYPAIR.get());
if (displayKeytoolCommand) {
final ArrayList<String> keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-certreq");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
if (outputFile != null) {
keytoolArguments.add("-file");
keytoolArguments.add(outputFile.getAbsolutePath());
}
displayKeytoolCommand(keytoolArguments);
}
// Generate the certificate signing request.
final PKCS10CertificateSigningRequest certificateSigningRequest;
try {
certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// location.
try {
final PrintStream ps;
if (outputFile == null) {
ps = getOut();
} else {
ps = new PrintStream(outputFile);
}
if (outputPEM) {
writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
} else {
ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
}
if (outputFile != null) {
ps.close();
}
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// able to see it.
if (outputFile != null) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
// If we've gotten here, then we should be signing a certificate signing
// request. Make sure that the keystore already has a private key entry
// with the specified alias.
Validator.ensureTrue(isSignCSR);
if (!hasKeyAlias(keystore, alias)) {
if (hasCertificateAlias(keystore, alias)) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
} else {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
return ResultCode.PARAM_ERROR;
}
}
// Get the signing certificate and its key pair.
final PrivateKey issuerPrivateKey;
final X509Certificate issuerCertificate;
try {
final Certificate[] chain = keystore.getCertificateChain(alias);
issuerCertificate = new X509Certificate(chain[0].getEncoded());
issuerPrivateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANNOT_GET_SIGNING_CERT.get(alias));
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Make sure that we can decode the certificate signing request.
final PKCS10CertificateSigningRequest csr;
try {
csr = readCertificateSigningRequestFromFile(inputFile);
} catch (final LDAPException le) {
Debug.debugException(le);
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
// Make sure that we can verify the certificate signing request's signature.
try {
csr.verifySignature();
} catch (final CertException ce) {
Debug.debugException(ce);
wrapErr(0, WRAP_COLUMN, ce.getMessage());
return ResultCode.PARAM_ERROR;
}
// Prompt about whether to sign the request, if appropriate.
if (!noPrompt) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SIGN_CONFIRM.get());
out();
printCertificateSigningRequest(csr, false, "");
out();
try {
if (!promptForYesNo(INFO_MANAGE_CERTS_GEN_CERT_PROMPT_SIGN.get())) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANCELED.get());
return ResultCode.USER_CANCELED;
}
} catch (final LDAPException le) {
Debug.debugException(le);
err();
wrapErr(0, WRAP_COLUMN, le.getMessage());
return le.getResultCode();
}
}
// from it.
if ((subjectDN == null) || (signatureAlgorithmIdentifier == null) || includeRequestedExtensions) {
if (subjectDN == null) {
subjectDN = csr.getSubjectDN();
}
if (signatureAlgorithmIdentifier == null) {
signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(csr.getSignatureAlgorithmOID());
if (signatureAlgorithmIdentifier == null) {
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CSR.get(csr.getSignatureAlgorithmOID()));
return ResultCode.PARAM_ERROR;
} else {
signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
}
}
if (includeRequestedExtensions) {
for (final X509CertificateExtension extension : csr.getExtensions()) {
if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
// This extension applies to the issuer. We won't include this in
// the set of inherited extensions.
} else if (extension instanceof SubjectKeyIdentifierExtension) {
// The generated certificate will automatically include a subject
// key identifier extension, so we don't need to include it.
} else if (extension instanceof BasicConstraintsExtension) {
// Don't override a value already provided on the command line.
if (basicConstraints == null) {
basicConstraints = (BasicConstraintsExtension) extension;
extensionList.add(basicConstraints);
}
} else if (extension instanceof ExtendedKeyUsageExtension) {
// Don't override a value already provided on the command line.
if (extendedKeyUsage == null) {
extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
extensionList.add(extendedKeyUsage);
}
} else if (extension instanceof KeyUsageExtension) {
// Don't override a value already provided on the command line.
if (keyUsage == null) {
keyUsage = (KeyUsageExtension) extension;
extensionList.add(keyUsage);
}
} else if (extension instanceof SubjectAlternativeNameExtension) {
// line.
if (sanValues.isEmpty()) {
final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
for (final String dnsName : e.getDNSNames()) {
sanBuilder.addDNSName(dnsName);
sanValues.add("DNS:" + dnsName);
}
for (final InetAddress ipAddress : e.getIPAddresses()) {
sanBuilder.addIPAddress(ipAddress);
sanValues.add("IP:" + ipAddress.getHostAddress());
}
for (final String emailAddress : e.getRFC822Names()) {
sanBuilder.addRFC822Name(emailAddress);
sanValues.add("EMAIL:" + emailAddress);
}
for (final String uri : e.getUniformResourceIdentifiers()) {
sanBuilder.addUniformResourceIdentifier(uri);
sanValues.add("URI:" + uri);
}
for (final OID oid : e.getRegisteredIDs()) {
sanBuilder.addRegisteredID(oid);
sanValues.add("OID:" + oid.toString());
}
try {
extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
} catch (final Exception ex) {
// This should never happen.
Debug.debugException(ex);
throw new RuntimeException(ex);
}
}
} else {
genericExtensions.add(extension);
extensionList.add(extension);
}
}
}
}
// Generate the keytool arguments to use to sign the requested certificate.
final ArrayList<String> keytoolArguments = new ArrayList<>(30);
keytoolArguments.add("-gencert");
keytoolArguments.add("-keystore");
keytoolArguments.add(keystorePath.getAbsolutePath());
keytoolArguments.add("-storetype");
keytoolArguments.add(keystoreType);
keytoolArguments.add("-storepass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-keypass");
keytoolArguments.add("*****REDACTED*****");
keytoolArguments.add("-alias");
keytoolArguments.add(alias);
keytoolArguments.add("-dname");
keytoolArguments.add(subjectDN.toString());
keytoolArguments.add("-sigalg");
keytoolArguments.add(signatureAlgorithmName);
keytoolArguments.add("-validity");
keytoolArguments.add(String.valueOf(daysValid));
if (validityStartTime != null) {
keytoolArguments.add("-startdate");
keytoolArguments.add(formatValidityStartTime(validityStartTime));
}
addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
keytoolArguments.add("-infile");
keytoolArguments.add(inputFile.getAbsolutePath());
if (outputFile != null) {
keytoolArguments.add("-outfile");
keytoolArguments.add(outputFile.getAbsolutePath());
}
if (outputPEM) {
keytoolArguments.add("-rfc");
}
if (displayKeytoolCommand) {
displayKeytoolCommand(keytoolArguments);
}
// Generate the signed certificate.
final long notBefore;
if (validityStartTime == null) {
notBefore = System.currentTimeMillis();
} else {
notBefore = validityStartTime.getTime();
}
final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
extensionList.toArray(extensions);
final X509Certificate signedCertificate;
try {
signedCertificate = X509Certificate.generateIssuerSignedCertificate(signatureAlgorithmIdentifier, issuerCertificate, issuerPrivateKey, csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), subjectDN, notBefore, notAfter, extensions);
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_SIGNING_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// Write the signed certificate signing request to the appropriate location.
try {
final PrintStream ps;
if (outputFile == null) {
ps = getOut();
} else {
ps = new PrintStream(outputFile);
}
if (outputPEM) {
writePEMCertificate(ps, signedCertificate.getX509CertificateBytes());
} else {
ps.write(signedCertificate.getX509CertificateBytes());
}
if (outputFile != null) {
ps.close();
}
} catch (final Exception e) {
Debug.debugException(e);
wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_SIGNED_CERT.get());
e.printStackTrace(getErr());
return ResultCode.LOCAL_ERROR;
}
// able to see it.
if (outputFile != null) {
out();
wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_SIGNED_CERT.get(outputFile.getAbsolutePath()));
}
return ResultCode.SUCCESS;
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PrivateKey(java.security.PrivateKey)
ArrayList(java.util.ArrayList)
DN(com.unboundid.ldap.sdk.DN)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
FileArgument(com.unboundid.util.args.FileArgument)
DNArgument(com.unboundid.util.args.DNArgument)
IntegerArgument(com.unboundid.util.args.IntegerArgument)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
KeyPair(java.security.KeyPair)
SubCommand(com.unboundid.util.args.SubCommand)
PublicKey(java.security.PublicKey)
OID(com.unboundid.util.OID)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
File(java.io.File)
InetAddress(java.net.InetAddress)
Certificate(java.security.cert.Certificate)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
PrintStream(java.io.PrintStream)
BooleanArgument(com.unboundid.util.args.BooleanArgument)
KeyStore(java.security.KeyStore)
Date(java.util.Date)
ArgumentException(com.unboundid.util.args.ArgumentException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
IOException(java.io.IOException)
StringArgument(com.unboundid.util.args.StringArgument)
NotNull(com.unboundid.util.NotNull)
Example 2 with TimestampArgument
use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.
the class ManageCertificates method addToolArguments.
/**
* Adds the command-line arguments supported for use with this tool to the
* provided argument parser. The tool may need to retain references to the
* arguments (and/or the argument parser, if trailing arguments are allowed)
* to it in order to obtain their values for use in later processing.
*
* @param parser The argument parser to which the arguments are to be added.
*
* @throws ArgumentException If a problem occurs while adding any of the
* tool-specific arguments to the provided
* argument parser.
*/
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
globalParser = parser;
// Define the "list-certificates" subcommand and all of its arguments.
final ArgumentParser listCertsParser = new ArgumentParser("list-certificates", INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get());
final FileArgument listCertsKeystore = new FileArgument(null, "keystore", (JVM_DEFAULT_CACERTS_FILE == null), 1, null, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_DESC.get(), true, true, true, false);
listCertsKeystore.addLongIdentifier("keystore-path", true);
listCertsKeystore.addLongIdentifier("keystorePath", true);
listCertsKeystore.addLongIdentifier("keystore-file", true);
listCertsKeystore.addLongIdentifier("keystoreFile", true);
listCertsParser.addArgument(listCertsKeystore);
if (JVM_DEFAULT_CACERTS_FILE != null) {
final BooleanArgument listCertsUseJVMDefault = new BooleanArgument(null, "use-jvm-default-trust-store", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_JVM_DEFAULT_DESC.get(JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
listCertsUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore", true);
listCertsUseJVMDefault.addLongIdentifier("jvm-default", true);
listCertsUseJVMDefault.addLongIdentifier("jvmDefault", true);
listCertsParser.addArgument(listCertsUseJVMDefault);
listCertsParser.addRequiredArgumentSet(listCertsUseJVMDefault, listCertsKeystore);
listCertsParser.addExclusiveArgumentSet(listCertsUseJVMDefault, listCertsKeystore);
}
final StringArgument listCertsKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_DESC.get());
listCertsKeystorePassword.addLongIdentifier("keystorePassword", true);
listCertsKeystorePassword.addLongIdentifier("keystore-passphrase", true);
listCertsKeystorePassword.addLongIdentifier("keystorePassphrase", true);
listCertsKeystorePassword.addLongIdentifier("keystore-pin", true);
listCertsKeystorePassword.addLongIdentifier("keystorePIN", true);
listCertsKeystorePassword.addLongIdentifier("storepass", true);
listCertsKeystorePassword.setSensitive(true);
listCertsParser.addArgument(listCertsKeystorePassword);
final FileArgument listCertsKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
listCertsKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
listCertsKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
listCertsKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
listCertsParser.addArgument(listCertsKeystorePasswordFile);
final BooleanArgument listCertsPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_PROMPT_FOR_KS_PW_DESC.get());
listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
listCertsPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
listCertsPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
listCertsPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
listCertsParser.addArgument(listCertsPromptForKeystorePassword);
final StringArgument listCertsKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
listCertsKeystoreType.addLongIdentifier("key-store-type", true);
listCertsKeystoreType.addLongIdentifier("keystoreType", true);
listCertsKeystoreType.addLongIdentifier("keystore-format", true);
listCertsKeystoreType.addLongIdentifier("key-store-format", true);
listCertsKeystoreType.addLongIdentifier("keystoreFormat", true);
listCertsKeystoreType.addLongIdentifier("storetype", true);
listCertsParser.addArgument(listCertsKeystoreType);
final StringArgument listCertsAlias = new StringArgument(null, "alias", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_ALIAS_DESC.get());
listCertsAlias.addLongIdentifier("nickname", true);
listCertsParser.addArgument(listCertsAlias);
final BooleanArgument listCertsDisplayPEM = new BooleanArgument(null, "display-pem-certificate", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_PEM_DESC.get());
listCertsDisplayPEM.addLongIdentifier("displayPEMCertificate", true);
listCertsDisplayPEM.addLongIdentifier("display-pem", true);
listCertsDisplayPEM.addLongIdentifier("displayPEM", true);
listCertsDisplayPEM.addLongIdentifier("show-pem-certificate", true);
listCertsDisplayPEM.addLongIdentifier("showPEMCertificate", true);
listCertsDisplayPEM.addLongIdentifier("show-pem", true);
listCertsDisplayPEM.addLongIdentifier("showPEM", true);
listCertsDisplayPEM.addLongIdentifier("pem", true);
listCertsDisplayPEM.addLongIdentifier("rfc", true);
listCertsParser.addArgument(listCertsDisplayPEM);
final BooleanArgument listCertsVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_VERBOSE_DESC.get());
listCertsParser.addArgument(listCertsVerbose);
final BooleanArgument listCertsDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_COMMAND_DESC.get());
listCertsDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
listCertsDisplayCommand.addLongIdentifier("show-keytool-command", true);
listCertsDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
listCertsParser.addArgument(listCertsDisplayCommand);
listCertsParser.addExclusiveArgumentSet(listCertsKeystorePassword, listCertsKeystorePasswordFile, listCertsPromptForKeystorePassword);
final LinkedHashMap<String[], String> listCertsExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
listCertsExamples.put(new String[] { "list-certificates", "--keystore", getPlatformSpecificPath("config", "keystore") }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
listCertsExamples.put(new String[] { "list-certificates", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--verbose", "--display-pem-certificate", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_2.get(getPlatformSpecificPath("config", "keystore.p12"), getPlatformSpecificPath("config", "keystore.pin")));
if (JVM_DEFAULT_CACERTS_FILE != null) {
listCertsExamples.put(new String[] { "list-certificates", "--use-jvm-default-trust-store" }, INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_3.get());
}
final SubCommand listCertsSubCommand = new SubCommand("list-certificates", INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC.get(), listCertsParser, listCertsExamples);
listCertsSubCommand.addName("listCertificates", true);
listCertsSubCommand.addName("list-certs", true);
listCertsSubCommand.addName("listCerts", true);
listCertsSubCommand.addName("list", true);
parser.addSubCommand(listCertsSubCommand);
// Define the "export-certificate" subcommand and all of its arguments.
final ArgumentParser exportCertParser = new ArgumentParser("export-certificate", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get());
final FileArgument exportCertKeystore = new FileArgument(null, "keystore", (JVM_DEFAULT_CACERTS_FILE == null), 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_DESC.get(), true, true, true, false);
exportCertKeystore.addLongIdentifier("keystore-path", true);
exportCertKeystore.addLongIdentifier("keystorePath", true);
exportCertKeystore.addLongIdentifier("keystore-file", true);
exportCertKeystore.addLongIdentifier("keystoreFile", true);
exportCertParser.addArgument(exportCertKeystore);
if (JVM_DEFAULT_CACERTS_FILE != null) {
final BooleanArgument exportCertUseJVMDefault = new BooleanArgument(null, "use-jvm-default-trust-store", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERTS_ARG_JVM_DEFAULT_DESC.get(JVM_DEFAULT_CACERTS_FILE.getAbsolutePath()));
exportCertUseJVMDefault.addLongIdentifier("useJVMDefaultTrustStore", true);
exportCertUseJVMDefault.addLongIdentifier("jvm-default", true);
exportCertUseJVMDefault.addLongIdentifier("jvmDefault", true);
exportCertParser.addArgument(exportCertUseJVMDefault);
exportCertParser.addRequiredArgumentSet(exportCertUseJVMDefault, exportCertKeystore);
exportCertParser.addExclusiveArgumentSet(exportCertUseJVMDefault, exportCertKeystore);
}
final StringArgument exportCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_DESC.get());
exportCertKeystorePassword.addLongIdentifier("keystorePassword", true);
exportCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
exportCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
exportCertKeystorePassword.addLongIdentifier("keystore-pin", true);
exportCertKeystorePassword.addLongIdentifier("keystorePIN", true);
exportCertKeystorePassword.addLongIdentifier("storepass", true);
exportCertKeystorePassword.setSensitive(true);
exportCertParser.addArgument(exportCertKeystorePassword);
final FileArgument exportCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
exportCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
exportCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
exportCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
exportCertParser.addArgument(exportCertKeystorePasswordFile);
final BooleanArgument exportCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
exportCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
exportCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
exportCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
exportCertParser.addArgument(exportCertPromptForKeystorePassword);
final StringArgument exportCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
exportCertKeystoreType.addLongIdentifier("key-store-type", true);
exportCertKeystoreType.addLongIdentifier("keystoreType", true);
exportCertKeystoreType.addLongIdentifier("keystore-format", true);
exportCertKeystoreType.addLongIdentifier("key-store-format", true);
exportCertKeystoreType.addLongIdentifier("keystoreFormat", true);
exportCertKeystoreType.addLongIdentifier("storetype", true);
exportCertParser.addArgument(exportCertKeystoreType);
final StringArgument exportCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_ALIAS_DESC.get());
exportCertAlias.addLongIdentifier("nickname", true);
exportCertParser.addArgument(exportCertAlias);
final BooleanArgument exportCertChain = new BooleanArgument(null, "export-certificate-chain", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_CHAIN_DESC.get());
exportCertChain.addLongIdentifier("exportCertificateChain", true);
exportCertChain.addLongIdentifier("export-chain", true);
exportCertChain.addLongIdentifier("exportChain", true);
exportCertChain.addLongIdentifier("certificate-chain", true);
exportCertChain.addLongIdentifier("certificateChain", true);
exportCertChain.addLongIdentifier("chain", true);
exportCertParser.addArgument(exportCertChain);
final Set<String> exportCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument exportCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FORMAT_DESC.get(), exportCertOutputFormatAllowedValues, "PEM");
exportCertOutputFormat.addLongIdentifier("outputFormat", true);
exportCertParser.addArgument(exportCertOutputFormat);
final FileArgument exportCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FILE_DESC.get(), false, true, true, false);
exportCertOutputFile.addLongIdentifier("outputFile", true);
exportCertOutputFile.addLongIdentifier("export-file", true);
exportCertOutputFile.addLongIdentifier("exportFile", true);
exportCertOutputFile.addLongIdentifier("certificate-file", true);
exportCertOutputFile.addLongIdentifier("certificateFile", true);
exportCertOutputFile.addLongIdentifier("file", true);
exportCertOutputFile.addLongIdentifier("filename", true);
exportCertParser.addArgument(exportCertOutputFile);
final BooleanArgument exportCertSeparateFile = new BooleanArgument(null, "separate-file-per-certificate", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_SEPARATE_FILE_DESC.get());
exportCertSeparateFile.addLongIdentifier("separateFilePerCertificate", true);
exportCertSeparateFile.addLongIdentifier("separate-files", true);
exportCertSeparateFile.addLongIdentifier("separateFiles", true);
exportCertParser.addArgument(exportCertSeparateFile);
final BooleanArgument exportCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
exportCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
exportCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
exportCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
exportCertParser.addArgument(exportCertDisplayCommand);
exportCertParser.addExclusiveArgumentSet(exportCertKeystorePassword, exportCertKeystorePasswordFile, exportCertPromptForKeystorePassword);
exportCertParser.addDependentArgumentSet(exportCertSeparateFile, exportCertChain);
exportCertParser.addDependentArgumentSet(exportCertSeparateFile, exportCertOutputFile);
final LinkedHashMap<String[], String> exportCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
exportCertExamples.put(new String[] { "export-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_1.get());
exportCertExamples.put(new String[] { "export-certificate", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--export-certificate-chain", "--output-format", "DER", "--output-file", "certificate-chain.der", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_2.get());
final SubCommand exportCertSubCommand = new SubCommand("export-certificate", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportCertParser, exportCertExamples);
exportCertSubCommand.addName("exportCertificate", true);
exportCertSubCommand.addName("export-cert", true);
exportCertSubCommand.addName("exportCert", true);
exportCertSubCommand.addName("export", true);
parser.addSubCommand(exportCertSubCommand);
// Define the "export-private-key" subcommand and all of its arguments.
final ArgumentParser exportKeyParser = new ArgumentParser("export-private-key", INFO_MANAGE_CERTS_SC_EXPORT_KEY_DESC.get());
final FileArgument exportKeyKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_DESC.get(), true, true, true, false);
exportKeyKeystore.addLongIdentifier("keystore-path", true);
exportKeyKeystore.addLongIdentifier("keystorePath", true);
exportKeyKeystore.addLongIdentifier("keystore-file", true);
exportKeyKeystore.addLongIdentifier("keystoreFile", true);
exportKeyParser.addArgument(exportKeyKeystore);
final StringArgument exportKeyKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_DESC.get());
exportKeyKeystorePassword.addLongIdentifier("keystorePassword", true);
exportKeyKeystorePassword.addLongIdentifier("keystore-passphrase", true);
exportKeyKeystorePassword.addLongIdentifier("keystorePassphrase", true);
exportKeyKeystorePassword.addLongIdentifier("keystore-pin", true);
exportKeyKeystorePassword.addLongIdentifier("keystorePIN", true);
exportKeyKeystorePassword.addLongIdentifier("storepass", true);
exportKeyKeystorePassword.setSensitive(true);
exportKeyParser.addArgument(exportKeyKeystorePassword);
final FileArgument exportKeyKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
exportKeyKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
exportKeyParser.addArgument(exportKeyKeystorePasswordFile);
final BooleanArgument exportKeyPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_KS_PW_DESC.get());
exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
exportKeyPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
exportKeyPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
exportKeyPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
exportKeyParser.addArgument(exportKeyPromptForKeystorePassword);
final StringArgument exportKeyPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_DESC.get());
exportKeyPKPassword.addLongIdentifier("privateKeyPassword", true);
exportKeyPKPassword.addLongIdentifier("private-key-passphrase", true);
exportKeyPKPassword.addLongIdentifier("privateKeyPassphrase", true);
exportKeyPKPassword.addLongIdentifier("private-key-pin", true);
exportKeyPKPassword.addLongIdentifier("privateKeyPIN", true);
exportKeyPKPassword.addLongIdentifier("key-password", true);
exportKeyPKPassword.addLongIdentifier("keyPassword", true);
exportKeyPKPassword.addLongIdentifier("key-passphrase", true);
exportKeyPKPassword.addLongIdentifier("keyPassphrase", true);
exportKeyPKPassword.addLongIdentifier("key-pin", true);
exportKeyPKPassword.addLongIdentifier("keyPIN", true);
exportKeyPKPassword.addLongIdentifier("keypass", true);
exportKeyPKPassword.setSensitive(true);
exportKeyParser.addArgument(exportKeyPKPassword);
final FileArgument exportKeyPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
exportKeyPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
exportKeyPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
exportKeyPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
exportKeyPKPasswordFile.addLongIdentifier("key-password-file", true);
exportKeyPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
exportKeyPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
exportKeyPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
exportKeyPKPasswordFile.addLongIdentifier("key-pin-file", true);
exportKeyPKPasswordFile.addLongIdentifier("keyPINFile", true);
exportKeyParser.addArgument(exportKeyPKPasswordFile);
final BooleanArgument exportKeyPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_PK_PW_DESC.get());
exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
exportKeyPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
exportKeyPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
exportKeyParser.addArgument(exportKeyPromptForPKPassword);
final StringArgument exportKeyKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
exportKeyKeystoreType.addLongIdentifier("key-store-type", true);
exportKeyKeystoreType.addLongIdentifier("keystoreType", true);
exportKeyKeystoreType.addLongIdentifier("keystore-format", true);
exportKeyKeystoreType.addLongIdentifier("key-store-format", true);
exportKeyKeystoreType.addLongIdentifier("keystoreFormat", true);
exportKeyKeystoreType.addLongIdentifier("storetype", true);
exportKeyParser.addArgument(exportKeyKeystoreType);
final StringArgument exportKeyAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ALIAS_DESC.get());
exportKeyAlias.addLongIdentifier("nickname", true);
exportKeyParser.addArgument(exportKeyAlias);
final Set<String> exportKeyOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument exportKeyOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FORMAT_DESC.get(), exportKeyOutputFormatAllowedValues, "PEM");
exportKeyOutputFormat.addLongIdentifier("outputFormat", true);
exportKeyParser.addArgument(exportKeyOutputFormat);
final FileArgument exportKeyOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FILE_DESC.get(), false, true, true, false);
exportKeyOutputFile.addLongIdentifier("outputFile", true);
exportKeyOutputFile.addLongIdentifier("export-file", true);
exportKeyOutputFile.addLongIdentifier("exportFile", true);
exportKeyOutputFile.addLongIdentifier("private-key-file", true);
exportKeyOutputFile.addLongIdentifier("privateKeyFile", true);
exportKeyOutputFile.addLongIdentifier("key-file", true);
exportKeyOutputFile.addLongIdentifier("keyFile", true);
exportKeyOutputFile.addLongIdentifier("file", true);
exportKeyOutputFile.addLongIdentifier("filename", true);
exportKeyParser.addArgument(exportKeyOutputFile);
exportKeyParser.addRequiredArgumentSet(exportKeyKeystorePassword, exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
exportKeyParser.addExclusiveArgumentSet(exportKeyKeystorePassword, exportKeyKeystorePasswordFile, exportKeyPromptForKeystorePassword);
exportKeyParser.addExclusiveArgumentSet(exportKeyPKPassword, exportKeyPKPasswordFile, exportKeyPromptForPKPassword);
final LinkedHashMap<String[], String> exportKeyExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
exportKeyExamples.put(new String[] { "export-private-key", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_1.get());
exportKeyExamples.put(new String[] { "export-private-key", "--keystore", getPlatformSpecificPath("config", "keystore.p12"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--private-key-password-file", getPlatformSpecificPath("config", "server-cert-key.pin"), "--alias", "server-cert", "--output-format", "DER", "--output-file", "server-cert-key.der" }, INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_2.get());
final SubCommand exportKeySubCommand = new SubCommand("export-private-key", INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC.get(), exportKeyParser, exportKeyExamples);
exportKeySubCommand.addName("exportPrivateKey", true);
exportKeySubCommand.addName("export-key", true);
exportKeySubCommand.addName("exportKey", true);
parser.addSubCommand(exportKeySubCommand);
// Define the "import-certificate" subcommand and all of its arguments.
final ArgumentParser importCertParser = new ArgumentParser("import-certificate", INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get());
final FileArgument importCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_DESC.get(), false, true, true, false);
importCertKeystore.addLongIdentifier("keystore-path", true);
importCertKeystore.addLongIdentifier("keystorePath", true);
importCertKeystore.addLongIdentifier("keystore-file", true);
importCertKeystore.addLongIdentifier("keystoreFile", true);
importCertParser.addArgument(importCertKeystore);
final StringArgument importCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_DESC.get());
importCertKeystorePassword.addLongIdentifier("keystorePassword", true);
importCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
importCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
importCertKeystorePassword.addLongIdentifier("keystore-pin", true);
importCertKeystorePassword.addLongIdentifier("keystorePIN", true);
importCertKeystorePassword.addLongIdentifier("storepass", true);
importCertKeystorePassword.setSensitive(true);
importCertParser.addArgument(importCertKeystorePassword);
final FileArgument importCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
importCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
importCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
importCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
importCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
importCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
importCertParser.addArgument(importCertKeystorePasswordFile);
final BooleanArgument importCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
importCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
importCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
importCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
importCertParser.addArgument(importCertPromptForKeystorePassword);
final StringArgument importCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
importCertKeystoreType.addLongIdentifier("key-store-type", true);
importCertKeystoreType.addLongIdentifier("keystoreType", true);
importCertKeystoreType.addLongIdentifier("keystore-format", true);
importCertKeystoreType.addLongIdentifier("key-store-format", true);
importCertKeystoreType.addLongIdentifier("keystoreFormat", true);
importCertKeystoreType.addLongIdentifier("storetype", true);
importCertParser.addArgument(importCertKeystoreType);
final StringArgument importCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ALIAS_DESC.get());
importCertAlias.addLongIdentifier("nickname", true);
importCertParser.addArgument(importCertAlias);
final FileArgument importCertCertificateFile = new FileArgument(null, "certificate-file", true, 0, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_CERT_FILE_DESC.get(), true, true, true, false);
importCertCertificateFile.addLongIdentifier("certificateFile", true);
importCertCertificateFile.addLongIdentifier("certificate-chain-file", true);
importCertCertificateFile.addLongIdentifier("certificateChainFile", true);
importCertCertificateFile.addLongIdentifier("input-file", true);
importCertCertificateFile.addLongIdentifier("inputFile", true);
importCertCertificateFile.addLongIdentifier("import-file", true);
importCertCertificateFile.addLongIdentifier("importFile", true);
importCertCertificateFile.addLongIdentifier("file", true);
importCertCertificateFile.addLongIdentifier("filename", true);
importCertParser.addArgument(importCertCertificateFile);
final FileArgument importCertPKFile = new FileArgument(null, "private-key-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KEY_FILE_DESC.get(), true, true, true, false);
importCertPKFile.addLongIdentifier("privateKeyFile", true);
importCertPKFile.addLongIdentifier("key-file", true);
importCertPKFile.addLongIdentifier("keyFile", true);
importCertParser.addArgument(importCertPKFile);
final StringArgument importCertPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_DESC.get());
importCertPKPassword.addLongIdentifier("privateKeyPassword", true);
importCertPKPassword.addLongIdentifier("private-key-passphrase", true);
importCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
importCertPKPassword.addLongIdentifier("private-key-pin", true);
importCertPKPassword.addLongIdentifier("privateKeyPIN", true);
importCertPKPassword.addLongIdentifier("key-password", true);
importCertPKPassword.addLongIdentifier("keyPassword", true);
importCertPKPassword.addLongIdentifier("key-passphrase", true);
importCertPKPassword.addLongIdentifier("keyPassphrase", true);
importCertPKPassword.addLongIdentifier("key-pin", true);
importCertPKPassword.addLongIdentifier("keyPIN", true);
importCertPKPassword.addLongIdentifier("keypass", true);
importCertPKPassword.setSensitive(true);
importCertParser.addArgument(importCertPKPassword);
final FileArgument importCertPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
importCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
importCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
importCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
importCertPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
importCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
importCertPKPasswordFile.addLongIdentifier("key-password-file", true);
importCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
importCertPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
importCertPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
importCertPKPasswordFile.addLongIdentifier("key-pin-file", true);
importCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
importCertParser.addArgument(importCertPKPasswordFile);
final BooleanArgument importCertPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
importCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
importCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
importCertPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
importCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
importCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
importCertParser.addArgument(importCertPromptForPKPassword);
final BooleanArgument importCertNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_NO_PROMPT_DESC.get());
importCertNoPrompt.addLongIdentifier("noPrompt", true);
importCertParser.addArgument(importCertNoPrompt);
final BooleanArgument importCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_DISPLAY_COMMAND_DESC.get());
importCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
importCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
importCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
importCertParser.addArgument(importCertDisplayCommand);
importCertParser.addRequiredArgumentSet(importCertKeystorePassword, importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
importCertParser.addExclusiveArgumentSet(importCertKeystorePassword, importCertKeystorePasswordFile, importCertPromptForKeystorePassword);
importCertParser.addExclusiveArgumentSet(importCertPKPassword, importCertPKPasswordFile, importCertPromptForPKPassword);
final LinkedHashMap<String[], String> importCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
importCertExamples.put(new String[] { "import-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--certificate-file", "server-cert.crt" }, INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_1.get("server-cert.crt"));
importCertExamples.put(new String[] { "import-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--certificate-file", "server-cert.crt", "--certificate-file", "server-cert-issuer.crt", "--private-key-file", "server-cert.key", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_2.get());
final SubCommand importCertSubCommand = new SubCommand("import-certificate", INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC.get(), importCertParser, importCertExamples);
importCertSubCommand.addName("importCertificate", true);
importCertSubCommand.addName("import-certificates", true);
importCertSubCommand.addName("importCertificates", true);
importCertSubCommand.addName("import-cert", true);
importCertSubCommand.addName("importCert", true);
importCertSubCommand.addName("import-certs", true);
importCertSubCommand.addName("importCerts", true);
importCertSubCommand.addName("import-certificate-chain", true);
importCertSubCommand.addName("importCertificateChain", true);
importCertSubCommand.addName("import-chain", true);
importCertSubCommand.addName("importChain", true);
importCertSubCommand.addName("import", true);
parser.addSubCommand(importCertSubCommand);
// Define the "delete-certificate" subcommand and all of its arguments.
final ArgumentParser deleteCertParser = new ArgumentParser("delete-certificate", INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get());
final FileArgument deleteCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_DESC.get(), true, true, true, false);
deleteCertKeystore.addLongIdentifier("keystore-path", true);
deleteCertKeystore.addLongIdentifier("keystorePath", true);
deleteCertKeystore.addLongIdentifier("keystore-file", true);
deleteCertKeystore.addLongIdentifier("keystoreFile", true);
deleteCertParser.addArgument(deleteCertKeystore);
final StringArgument deleteCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_DESC.get());
deleteCertKeystorePassword.addLongIdentifier("keystorePassword", true);
deleteCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
deleteCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
deleteCertKeystorePassword.addLongIdentifier("keystore-pin", true);
deleteCertKeystorePassword.addLongIdentifier("keystorePIN", true);
deleteCertKeystorePassword.addLongIdentifier("storepass", true);
deleteCertKeystorePassword.setSensitive(true);
deleteCertParser.addArgument(deleteCertKeystorePassword);
final FileArgument deleteCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
deleteCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
deleteCertParser.addArgument(deleteCertKeystorePasswordFile);
final BooleanArgument deleteCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
deleteCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
deleteCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
deleteCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
deleteCertParser.addArgument(deleteCertPromptForKeystorePassword);
final StringArgument deleteCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
deleteCertKeystoreType.addLongIdentifier("key-store-type", true);
deleteCertKeystoreType.addLongIdentifier("keystoreType", true);
deleteCertKeystoreType.addLongIdentifier("keystore-format", true);
deleteCertKeystoreType.addLongIdentifier("key-store-format", true);
deleteCertKeystoreType.addLongIdentifier("keystoreFormat", true);
deleteCertKeystoreType.addLongIdentifier("storetype", true);
deleteCertParser.addArgument(deleteCertKeystoreType);
final StringArgument deleteCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_ALIAS_DESC.get());
deleteCertAlias.addLongIdentifier("nickname", true);
deleteCertParser.addArgument(deleteCertAlias);
final BooleanArgument deleteCertNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_NO_PROMPT_DESC.get());
deleteCertNoPrompt.addLongIdentifier("noPrompt", true);
deleteCertParser.addArgument(deleteCertNoPrompt);
final BooleanArgument deleteCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_DISPLAY_COMMAND_DESC.get());
deleteCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
deleteCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
deleteCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
deleteCertParser.addArgument(deleteCertDisplayCommand);
deleteCertParser.addExclusiveArgumentSet(deleteCertKeystorePassword, deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
deleteCertParser.addRequiredArgumentSet(deleteCertKeystorePassword, deleteCertKeystorePasswordFile, deleteCertPromptForKeystorePassword);
final LinkedHashMap<String[], String> deleteCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
deleteCertExamples.put(new String[] { "delete-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_DELETE_CERT_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
final SubCommand deleteCertSubCommand = new SubCommand("delete-certificate", INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC.get(), deleteCertParser, deleteCertExamples);
deleteCertSubCommand.addName("deleteCertificate", true);
deleteCertSubCommand.addName("remove-certificate", true);
deleteCertSubCommand.addName("removeCertificate", true);
deleteCertSubCommand.addName("delete", true);
deleteCertSubCommand.addName("remove", true);
parser.addSubCommand(deleteCertSubCommand);
// Define the "generate-self-signed-certificate" subcommand and all of its
// arguments.
final ArgumentParser genCertParser = new ArgumentParser("generate-self-signed-certificate", INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get());
final FileArgument genCertKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_DESC.get(), false, true, true, false);
genCertKeystore.addLongIdentifier("keystore-path", true);
genCertKeystore.addLongIdentifier("keystorePath", true);
genCertKeystore.addLongIdentifier("keystore-file", true);
genCertKeystore.addLongIdentifier("keystoreFile", true);
genCertParser.addArgument(genCertKeystore);
final StringArgument genCertKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_DESC.get());
genCertKeystorePassword.addLongIdentifier("keystorePassword", true);
genCertKeystorePassword.addLongIdentifier("keystore-passphrase", true);
genCertKeystorePassword.addLongIdentifier("keystorePassphrase", true);
genCertKeystorePassword.addLongIdentifier("keystore-pin", true);
genCertKeystorePassword.addLongIdentifier("keystorePIN", true);
genCertKeystorePassword.addLongIdentifier("storepass", true);
genCertKeystorePassword.setSensitive(true);
genCertParser.addArgument(genCertKeystorePassword);
final FileArgument genCertKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
genCertKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
genCertKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
genCertKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
genCertKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
genCertKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
genCertParser.addArgument(genCertKeystorePasswordFile);
final BooleanArgument genCertPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_KS_PW_DESC.get());
genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
genCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
genCertPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
genCertPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
genCertParser.addArgument(genCertPromptForKeystorePassword);
final StringArgument genCertPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_DESC.get());
genCertPKPassword.addLongIdentifier("privateKeyPassword", true);
genCertPKPassword.addLongIdentifier("private-key-passphrase", true);
genCertPKPassword.addLongIdentifier("privateKeyPassphrase", true);
genCertPKPassword.addLongIdentifier("private-key-pin", true);
genCertPKPassword.addLongIdentifier("privateKeyPIN", true);
genCertPKPassword.addLongIdentifier("key-password", true);
genCertPKPassword.addLongIdentifier("keyPassword", true);
genCertPKPassword.addLongIdentifier("key-passphrase", true);
genCertPKPassword.addLongIdentifier("keyPassphrase", true);
genCertPKPassword.addLongIdentifier("key-pin", true);
genCertPKPassword.addLongIdentifier("keyPIN", true);
genCertPKPassword.addLongIdentifier("keypass", true);
genCertPKPassword.setSensitive(true);
genCertParser.addArgument(genCertPKPassword);
final FileArgument genCertPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
genCertPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
genCertPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
genCertPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
genCertPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
genCertPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
genCertPKPasswordFile.addLongIdentifier("key-password-file", true);
genCertPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
genCertPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
genCertPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
genCertPKPasswordFile.addLongIdentifier("key-pin-file", true);
genCertPKPasswordFile.addLongIdentifier("keyPINFile", true);
genCertParser.addArgument(genCertPKPasswordFile);
final BooleanArgument genCertPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_PK_PW_DESC.get());
genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
genCertPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
genCertPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
genCertPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
genCertPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
genCertPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
genCertParser.addArgument(genCertPromptForPKPassword);
final StringArgument genCertKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
genCertKeystoreType.addLongIdentifier("key-store-type", true);
genCertKeystoreType.addLongIdentifier("keystoreType", true);
genCertKeystoreType.addLongIdentifier("keystore-format", true);
genCertKeystoreType.addLongIdentifier("key-store-format", true);
genCertKeystoreType.addLongIdentifier("keystoreFormat", true);
genCertKeystoreType.addLongIdentifier("storetype", true);
genCertParser.addArgument(genCertKeystoreType);
final StringArgument genCertAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_ALIAS_DESC.get());
genCertAlias.addLongIdentifier("nickname", true);
genCertParser.addArgument(genCertAlias);
final BooleanArgument genCertReplace = new BooleanArgument(null, "replace-existing-certificate", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_REPLACE_DESC.get());
genCertReplace.addLongIdentifier("replaceExistingCertificate", true);
genCertReplace.addLongIdentifier("replace-certificate", true);
genCertReplace.addLongIdentifier("replaceCertificate", true);
genCertReplace.addLongIdentifier("replace-existing", true);
genCertReplace.addLongIdentifier("replaceExisting", true);
genCertReplace.addLongIdentifier("replace", true);
genCertReplace.addLongIdentifier("use-existing-key-pair", true);
genCertReplace.addLongIdentifier("use-existing-keypair", true);
genCertReplace.addLongIdentifier("useExistingKeypair", true);
genCertParser.addArgument(genCertReplace);
final DNArgument genCertSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SUBJECT_DN_DESC.get());
genCertSubjectDN.addLongIdentifier("subjectDN", true);
genCertSubjectDN.addLongIdentifier("subject", true);
genCertSubjectDN.addLongIdentifier("dname", true);
genCertParser.addArgument(genCertSubjectDN);
final IntegerArgument genCertDaysValid = new IntegerArgument(null, "days-valid", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DAYS_VALID_DESC.get(), 1, Integer.MAX_VALUE);
genCertDaysValid.addLongIdentifier("daysValid", true);
genCertDaysValid.addLongIdentifier("validity", true);
genCertParser.addArgument(genCertDaysValid);
final TimestampArgument genCertNotBefore = new TimestampArgument(null, "validity-start-time", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_VALIDITY_START_TIME_DESC.get("20180102123456"));
genCertNotBefore.addLongIdentifier("validityStartTime", true);
genCertNotBefore.addLongIdentifier("not-before", true);
genCertNotBefore.addLongIdentifier("notBefore", true);
genCertParser.addArgument(genCertNotBefore);
final StringArgument genCertKeyAlgorithm = new StringArgument(null, "key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_ALGORITHM_DESC.get());
genCertKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
genCertKeyAlgorithm.addLongIdentifier("key-alg", true);
genCertKeyAlgorithm.addLongIdentifier("keyAlg", true);
genCertParser.addArgument(genCertKeyAlgorithm);
final IntegerArgument genCertKeySizeBits = new IntegerArgument(null, "key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_SIZE_BITS_DESC.get(), 1, Integer.MAX_VALUE);
genCertKeySizeBits.addLongIdentifier("keySizeBits", true);
genCertKeySizeBits.addLongIdentifier("key-length-bits", true);
genCertKeySizeBits.addLongIdentifier("keyLengthBits", true);
genCertKeySizeBits.addLongIdentifier("key-size", true);
genCertKeySizeBits.addLongIdentifier("keySize", true);
genCertKeySizeBits.addLongIdentifier("key-length", true);
genCertKeySizeBits.addLongIdentifier("keyLength", true);
genCertParser.addArgument(genCertKeySizeBits);
final StringArgument genCertSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SIG_ALG_DESC.get());
genCertSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
genCertSignatureAlgorithm.addLongIdentifier("signature-alg", true);
genCertSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
genCertSignatureAlgorithm.addLongIdentifier("sig-alg", true);
genCertSignatureAlgorithm.addLongIdentifier("sigAlg", true);
genCertParser.addArgument(genCertSignatureAlgorithm);
final BooleanArgument genCertInheritExtensions = new BooleanArgument(null, "inherit-extensions", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_INHERIT_EXT_DESC.get());
genCertInheritExtensions.addLongIdentifier("inheritExtensions", true);
genCertParser.addArgument(genCertInheritExtensions);
final StringArgument genCertSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_DNS_DESC.get());
genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
genCertSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
genCertSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
genCertSubjectAltDNS.addLongIdentifier("san-dns", true);
genCertSubjectAltDNS.addLongIdentifier("sanDNS", true);
genCertSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
genCertParser.addArgument(genCertSubjectAltDNS);
final StringArgument genCertSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_IP_DESC.get());
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
genCertSubjectAltIP.addLongIdentifier("subjectAltIP", true);
genCertSubjectAltIP.addLongIdentifier("san-ip-address", true);
genCertSubjectAltIP.addLongIdentifier("sanIPAddress", true);
genCertSubjectAltIP.addLongIdentifier("san-ip", true);
genCertSubjectAltIP.addLongIdentifier("sanIP", true);
genCertSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
genCertParser.addArgument(genCertSubjectAltIP);
final StringArgument genCertSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_EMAIL_DESC.get());
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
genCertSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
genCertSubjectAltEmail.addLongIdentifier("san-email-address", true);
genCertSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
genCertSubjectAltEmail.addLongIdentifier("san-email", true);
genCertSubjectAltEmail.addLongIdentifier("sanEmail", true);
genCertSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
genCertParser.addArgument(genCertSubjectAltEmail);
final StringArgument genCertSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_URI_DESC.get());
genCertSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
genCertSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
genCertSubjectAltURI.addLongIdentifier("subjectAltURI", true);
genCertSubjectAltURI.addLongIdentifier("san-uri", true);
genCertSubjectAltURI.addLongIdentifier("sanURI", true);
genCertParser.addArgument(genCertSubjectAltURI);
final StringArgument genCertSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_OID_DESC.get());
genCertSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
genCertSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
genCertSubjectAltOID.addLongIdentifier("subjectAltOID", true);
genCertSubjectAltOID.addLongIdentifier("san-oid", true);
genCertSubjectAltOID.addLongIdentifier("sanOID", true);
genCertSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
genCertParser.addArgument(genCertSubjectAltOID);
final BooleanValueArgument genCertBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_IS_CA_DESC.get());
genCertBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
genCertBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
genCertBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
genCertParser.addArgument(genCertBasicConstraintsIsCA);
final IntegerArgument genCertBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
genCertBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
genCertParser.addArgument(genCertBasicConstraintsPathLength);
final StringArgument genCertKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KU_DESC.get());
genCertKeyUsage.addLongIdentifier("keyUsage", true);
genCertParser.addArgument(genCertKeyUsage);
final StringArgument genCertExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EKU_DESC.get());
genCertExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
genCertParser.addArgument(genCertExtendedKeyUsage);
final StringArgument genCertExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EXT_DESC.get());
genCertExtension.addLongIdentifier("ext", true);
genCertParser.addArgument(genCertExtension);
final FileArgument genCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
genCertOutputFile.addLongIdentifier("outputFile", true);
genCertOutputFile.addLongIdentifier("filename", true);
genCertOutputFile.addLongIdentifier("file", true);
genCertParser.addArgument(genCertOutputFile);
final Set<String> genCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument genCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_FORMAT_DESC.get(), genCertOutputFormatAllowedValues, "PEM");
genCertOutputFormat.addLongIdentifier("outputFormat", true);
genCertParser.addArgument(genCertOutputFormat);
final BooleanArgument genCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DISPLAY_COMMAND_DESC.get());
genCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
genCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
genCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
genCertParser.addArgument(genCertDisplayCommand);
genCertParser.addRequiredArgumentSet(genCertKeystorePassword, genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
genCertParser.addExclusiveArgumentSet(genCertKeystorePassword, genCertKeystorePasswordFile, genCertPromptForKeystorePassword);
genCertParser.addExclusiveArgumentSet(genCertPKPassword, genCertPKPasswordFile, genCertPromptForPKPassword);
genCertParser.addExclusiveArgumentSet(genCertReplace, genCertKeyAlgorithm);
genCertParser.addExclusiveArgumentSet(genCertReplace, genCertKeySizeBits);
genCertParser.addExclusiveArgumentSet(genCertReplace, genCertSignatureAlgorithm);
genCertParser.addDependentArgumentSet(genCertBasicConstraintsPathLength, genCertBasicConstraintsIsCA);
genCertParser.addDependentArgumentSet(genCertOutputFormat, genCertOutputFile);
final LinkedHashMap<String[], String> genCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(4));
genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_1.get());
genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--replace-existing-certificate", "--inherit-extensions" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_2.get());
genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US", "--days-valid", "3650", "--validity-start-time", "20170101000000", "--key-algorithm", "RSA", "--key-size-bits", "4096", "--signature-algorithm", "SHA256withRSA", "--subject-alternative-name-dns", "ldap1.example.com", "--subject-alternative-name-dns", "ldap2.example.com", "--subject-alternative-name-ip-address", "1.2.3.4", "--subject-alternative-name-ip-address", "1.2.3.5", "--extended-key-usage", "server-auth", "--extended-key-usage", "client-auth", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_3.get());
genCertExamples.put(new String[] { "generate-self-signed-certificate", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "ca-cert", "--subject-dn", "CN=Example Certification Authority,O=Example Corp,C=US", "--days-valid", "7300", "--validity-start-time", "20170101000000", "--key-algorithm", "EC", "--key-size-bits", "256", "--signature-algorithm", "SHA256withECDSA", "--basic-constraints-is-ca", "true", "--key-usage", "key-cert-sign", "--key-usage", "crl-sign", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_4.get());
final SubCommand genCertSubCommand = new SubCommand("generate-self-signed-certificate", INFO_MANAGE_CERTS_SC_GEN_CERT_DESC.get(), genCertParser, genCertExamples);
genCertSubCommand.addName("generateSelfSignedCertificate", true);
genCertSubCommand.addName("generate-certificate", true);
genCertSubCommand.addName("generateCertificate", true);
genCertSubCommand.addName("self-signed-certificate", true);
genCertSubCommand.addName("selfSignedCertificate", true);
genCertSubCommand.addName("selfcert", true);
parser.addSubCommand(genCertSubCommand);
// Define the "generate-certificate-signing-request" subcommand and all of
// its arguments.
final ArgumentParser genCSRParser = new ArgumentParser("generate-certificate-signing-request", INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get());
final Set<String> genCSROutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument genCSROutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_FORMAT_DESC.get(), genCSROutputFormatAllowedValues, "PEM");
genCSROutputFormat.addLongIdentifier("outputFormat", true);
genCSRParser.addArgument(genCSROutputFormat);
final FileArgument genCSROutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
genCSROutputFile.addLongIdentifier("outputFile", true);
genCSROutputFile.addLongIdentifier("filename", true);
genCSROutputFile.addLongIdentifier("file", true);
genCSRParser.addArgument(genCSROutputFile);
final FileArgument genCSRKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_DESC.get(), false, true, true, false);
genCSRKeystore.addLongIdentifier("keystore-path", true);
genCSRKeystore.addLongIdentifier("keystorePath", true);
genCSRKeystore.addLongIdentifier("keystore-file", true);
genCSRKeystore.addLongIdentifier("keystoreFile", true);
genCSRParser.addArgument(genCSRKeystore);
final StringArgument genCSRKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_DESC.get());
genCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
genCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
genCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
genCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
genCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
genCSRKeystorePassword.addLongIdentifier("storepass", true);
genCSRKeystorePassword.setSensitive(true);
genCSRParser.addArgument(genCSRKeystorePassword);
final FileArgument genCSRKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
genCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
genCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
genCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
genCSRParser.addArgument(genCSRKeystorePasswordFile);
final BooleanArgument genCSRPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
genCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
genCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
genCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
genCSRParser.addArgument(genCSRPromptForKeystorePassword);
final StringArgument genCSRPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_DESC.get());
genCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
genCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
genCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
genCSRPKPassword.addLongIdentifier("private-key-pin", true);
genCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
genCSRPKPassword.addLongIdentifier("key-password", true);
genCSRPKPassword.addLongIdentifier("keyPassword", true);
genCSRPKPassword.addLongIdentifier("key-passphrase", true);
genCSRPKPassword.addLongIdentifier("keyPassphrase", true);
genCSRPKPassword.addLongIdentifier("key-pin", true);
genCSRPKPassword.addLongIdentifier("keyPIN", true);
genCSRPKPassword.addLongIdentifier("keypass", true);
genCSRPKPassword.setSensitive(true);
genCSRParser.addArgument(genCSRPKPassword);
final FileArgument genCSRPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
genCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
genCSRPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
genCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
genCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
genCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
genCSRPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
genCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
genCSRPKPasswordFile.addLongIdentifier("key-pin-file", true);
genCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
genCSRParser.addArgument(genCSRPKPasswordFile);
final BooleanArgument genCSRPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
genCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
genCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
genCSRParser.addArgument(genCSRPromptForPKPassword);
final StringArgument genCSRKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
genCSRKeystoreType.addLongIdentifier("key-store-type", true);
genCSRKeystoreType.addLongIdentifier("keystoreType", true);
genCSRKeystoreType.addLongIdentifier("keystore-format", true);
genCSRKeystoreType.addLongIdentifier("key-store-format", true);
genCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
genCSRKeystoreType.addLongIdentifier("storetype", true);
genCSRParser.addArgument(genCSRKeystoreType);
final StringArgument genCSRAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_ALIAS_DESC.get());
genCSRAlias.addLongIdentifier("nickname", true);
genCSRParser.addArgument(genCSRAlias);
final BooleanArgument genCSRReplace = new BooleanArgument(null, "use-existing-key-pair", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_REPLACE_DESC.get());
genCSRReplace.addLongIdentifier("use-existing-keypair", true);
genCSRReplace.addLongIdentifier("useExistingKeyPair", true);
genCSRReplace.addLongIdentifier("replace-existing-certificate", true);
genCSRReplace.addLongIdentifier("replaceExistingCertificate", true);
genCSRReplace.addLongIdentifier("replace-certificate", true);
genCSRReplace.addLongIdentifier("replaceCertificate", true);
genCSRReplace.addLongIdentifier("replace-existing", true);
genCSRReplace.addLongIdentifier("replaceExisting", true);
genCSRReplace.addLongIdentifier("replace", true);
genCSRParser.addArgument(genCSRReplace);
final DNArgument genCSRSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SUBJECT_DN_DESC.get());
genCSRSubjectDN.addLongIdentifier("subjectDN", true);
genCSRSubjectDN.addLongIdentifier("subject", true);
genCSRSubjectDN.addLongIdentifier("dname", true);
genCSRParser.addArgument(genCSRSubjectDN);
final StringArgument genCSRKeyAlgorithm = new StringArgument(null, "key-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_ALGORITHM_DESC.get());
genCSRKeyAlgorithm.addLongIdentifier("keyAlgorithm", true);
genCSRKeyAlgorithm.addLongIdentifier("key-alg", true);
genCSRKeyAlgorithm.addLongIdentifier("keyAlg", true);
genCSRParser.addArgument(genCSRKeyAlgorithm);
final IntegerArgument genCSRKeySizeBits = new IntegerArgument(null, "key-size-bits", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_BITS.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_SIZE_BITS_DESC.get(), 1, Integer.MAX_VALUE);
genCSRKeySizeBits.addLongIdentifier("keySizeBits", true);
genCSRKeySizeBits.addLongIdentifier("key-length-bits", true);
genCSRKeySizeBits.addLongIdentifier("keyLengthBits", true);
genCSRKeySizeBits.addLongIdentifier("key-size", true);
genCSRKeySizeBits.addLongIdentifier("keySize", true);
genCSRKeySizeBits.addLongIdentifier("key-length", true);
genCSRKeySizeBits.addLongIdentifier("keyLength", true);
genCSRParser.addArgument(genCSRKeySizeBits);
final StringArgument genCSRSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SIG_ALG_DESC.get());
genCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
genCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
genCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
genCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
genCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
genCSRParser.addArgument(genCSRSignatureAlgorithm);
final BooleanArgument genCSRInheritExtensions = new BooleanArgument(null, "inherit-extensions", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_INHERIT_EXT_DESC.get());
genCSRInheritExtensions.addLongIdentifier("inheritExtensions", true);
genCSRParser.addArgument(genCSRInheritExtensions);
final StringArgument genCSRSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_DNS_DESC.get());
genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
genCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
genCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
genCSRSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
genCSRParser.addArgument(genCSRSubjectAltDNS);
final StringArgument genCSRSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_IP_DESC.get());
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
genCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
genCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
genCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
genCSRSubjectAltIP.addLongIdentifier("san-ip", true);
genCSRSubjectAltIP.addLongIdentifier("sanIP", true);
genCSRSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
genCSRParser.addArgument(genCSRSubjectAltIP);
final StringArgument genCSRSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_EMAIL_DESC.get());
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
genCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
genCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
genCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
genCSRSubjectAltEmail.addLongIdentifier("san-email", true);
genCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
genCSRSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
genCSRParser.addArgument(genCSRSubjectAltEmail);
final StringArgument genCSRSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_URI_DESC.get());
genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
genCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
genCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
genCSRSubjectAltURI.addLongIdentifier("san-uri", true);
genCSRSubjectAltURI.addLongIdentifier("sanURI", true);
genCSRParser.addArgument(genCSRSubjectAltURI);
final StringArgument genCSRSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_OID_DESC.get());
genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
genCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
genCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
genCSRSubjectAltOID.addLongIdentifier("san-oid", true);
genCSRSubjectAltOID.addLongIdentifier("sanOID", true);
genCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
genCSRParser.addArgument(genCSRSubjectAltOID);
final BooleanValueArgument genCSRBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_BC_IS_CA_DESC.get());
genCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
genCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
genCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
genCSRParser.addArgument(genCSRBasicConstraintsIsCA);
final IntegerArgument genCSRBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
genCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
genCSRParser.addArgument(genCSRBasicConstraintsPathLength);
final StringArgument genCSRKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KU_DESC.get());
genCSRKeyUsage.addLongIdentifier("keyUsage", true);
genCSRParser.addArgument(genCSRKeyUsage);
final StringArgument genCSRExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EKU_DESC.get());
genCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
genCSRParser.addArgument(genCSRExtendedKeyUsage);
final StringArgument genCSRExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EXT_DESC.get());
genCSRExtension.addLongIdentifier("ext", true);
genCSRParser.addArgument(genCSRExtension);
final BooleanArgument genCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
genCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
genCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
genCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
genCSRParser.addArgument(genCSRDisplayCommand);
genCSRParser.addRequiredArgumentSet(genCSRKeystorePassword, genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
genCSRParser.addExclusiveArgumentSet(genCSRKeystorePassword, genCSRKeystorePasswordFile, genCSRPromptForKeystorePassword);
genCSRParser.addExclusiveArgumentSet(genCSRPKPassword, genCSRPKPasswordFile, genCSRPromptForPKPassword);
genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRKeyAlgorithm);
genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRKeySizeBits);
genCSRParser.addExclusiveArgumentSet(genCSRReplace, genCSRSignatureAlgorithm);
genCSRParser.addDependentArgumentSet(genCSRBasicConstraintsPathLength, genCSRBasicConstraintsIsCA);
final LinkedHashMap<String[], String> genCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(3));
genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_1.get());
genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--use-existing-key-pair", "--inherit-extensions", "--output-file", "server-cert.csr" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_2.get());
genCSRExamples.put(new String[] { "generate-certificate-signing-request", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--subject-dn", "CN=ldap.example.com,O=Example Corp,C=US", "--key-algorithm", "EC", "--key-size-bits", "256", "--signature-algorithm", "SHA256withECDSA", "--subject-alternative-name-dns", "ldap1.example.com", "--subject-alternative-name-dns", "ldap2.example.com", "--subject-alternative-name-ip-address", "1.2.3.4", "--subject-alternative-name-ip-address", "1.2.3.5", "--extended-key-usage", "server-auth", "--extended-key-usage", "client-auth", "--output-file", "server-cert.csr", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_3.get());
final SubCommand genCSRSubCommand = new SubCommand("generate-certificate-signing-request", INFO_MANAGE_CERTS_SC_GEN_CSR_DESC.get(), genCSRParser, genCSRExamples);
genCSRSubCommand.addName("generateCertificateSigningRequest", true);
genCSRSubCommand.addName("generate-certificate-request", true);
genCSRSubCommand.addName("generateCertificateRequest", true);
genCSRSubCommand.addName("generate-csr", true);
genCSRSubCommand.addName("generateCSR", true);
genCSRSubCommand.addName("certificate-signing-request", true);
genCSRSubCommand.addName("certificateSigningRequest", true);
genCSRSubCommand.addName("csr", true);
genCSRSubCommand.addName("certreq", true);
parser.addSubCommand(genCSRSubCommand);
// Define the "sign-certificate-signing-request" subcommand and all of its
// arguments.
final ArgumentParser signCSRParser = new ArgumentParser("sign-certificate-signing-request", INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get());
final FileArgument signCSRInputFile = new FileArgument(null, "request-input-file", true, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INPUT_FILE_DESC.get(), true, true, true, false);
signCSRInputFile.addLongIdentifier("requestInputFile", true);
signCSRInputFile.addLongIdentifier("certificate-signing-request", true);
signCSRInputFile.addLongIdentifier("certificateSigningRequest", true);
signCSRInputFile.addLongIdentifier("input-file", false);
signCSRInputFile.addLongIdentifier("inputFile", true);
signCSRInputFile.addLongIdentifier("csr", true);
signCSRParser.addArgument(signCSRInputFile);
final FileArgument signCSROutputFile = new FileArgument(null, "certificate-output-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_OUTPUT_FILE_DESC.get(), false, true, true, false);
signCSROutputFile.addLongIdentifier("certificateOutputFile", true);
signCSROutputFile.addLongIdentifier("output-file", false);
signCSROutputFile.addLongIdentifier("outputFile", true);
signCSROutputFile.addLongIdentifier("certificate-file", true);
signCSROutputFile.addLongIdentifier("certificateFile", true);
signCSRParser.addArgument(signCSROutputFile);
final Set<String> signCSROutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument signCSROutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_FORMAT_DESC.get(), signCSROutputFormatAllowedValues, "PEM");
signCSROutputFormat.addLongIdentifier("outputFormat", true);
signCSRParser.addArgument(signCSROutputFormat);
final FileArgument signCSRKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_DESC.get(), true, true, true, false);
signCSRKeystore.addLongIdentifier("keystore-path", true);
signCSRKeystore.addLongIdentifier("keystorePath", true);
signCSRKeystore.addLongIdentifier("keystore-file", true);
signCSRKeystore.addLongIdentifier("keystoreFile", true);
signCSRParser.addArgument(signCSRKeystore);
final StringArgument signCSRKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_DESC.get());
signCSRKeystorePassword.addLongIdentifier("keystorePassword", true);
signCSRKeystorePassword.addLongIdentifier("keystore-passphrase", true);
signCSRKeystorePassword.addLongIdentifier("keystorePassphrase", true);
signCSRKeystorePassword.addLongIdentifier("keystore-pin", true);
signCSRKeystorePassword.addLongIdentifier("keystorePIN", true);
signCSRKeystorePassword.addLongIdentifier("storepass", true);
signCSRKeystorePassword.setSensitive(true);
signCSRParser.addArgument(signCSRKeystorePassword);
final FileArgument signCSRKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
signCSRKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
signCSRKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
signCSRKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
signCSRParser.addArgument(signCSRKeystorePasswordFile);
final BooleanArgument signCSRPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_KS_PW_DESC.get());
signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
signCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
signCSRPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
signCSRPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
signCSRParser.addArgument(signCSRPromptForKeystorePassword);
final StringArgument signCSRPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_DESC.get());
signCSRPKPassword.addLongIdentifier("privateKeyPassword", true);
signCSRPKPassword.addLongIdentifier("private-key-passphrase", true);
signCSRPKPassword.addLongIdentifier("privateKeyPassphrase", true);
signCSRPKPassword.addLongIdentifier("private-key-pin", true);
signCSRPKPassword.addLongIdentifier("privateKeyPIN", true);
signCSRPKPassword.addLongIdentifier("key-password", true);
signCSRPKPassword.addLongIdentifier("keyPassword", true);
signCSRPKPassword.addLongIdentifier("key-passphrase", true);
signCSRPKPassword.addLongIdentifier("keyPassphrase", true);
signCSRPKPassword.addLongIdentifier("key-pin", true);
signCSRPKPassword.addLongIdentifier("keyPIN", true);
signCSRPKPassword.addLongIdentifier("keypass", true);
signCSRPKPassword.setSensitive(true);
signCSRParser.addArgument(signCSRPKPassword);
final FileArgument signCSRPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
signCSRPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
signCSRPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
signCSRPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
signCSRPKPasswordFile.addLongIdentifier("key-password-file", true);
signCSRPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
signCSRPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
signCSRPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
signCSRPKPasswordFile.addLongIdentifier("key-pin-file", true);
signCSRPKPasswordFile.addLongIdentifier("keyPINFile", true);
signCSRParser.addArgument(signCSRPKPasswordFile);
final BooleanArgument signCSRPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_PK_PW_DESC.get());
signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
signCSRPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
signCSRPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
signCSRParser.addArgument(signCSRPromptForPKPassword);
final StringArgument signCSRKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
signCSRKeystoreType.addLongIdentifier("key-store-type", true);
signCSRKeystoreType.addLongIdentifier("keystoreType", true);
signCSRKeystoreType.addLongIdentifier("keystore-format", true);
signCSRKeystoreType.addLongIdentifier("key-store-format", true);
signCSRKeystoreType.addLongIdentifier("keystoreFormat", true);
signCSRKeystoreType.addLongIdentifier("storetype", true);
signCSRParser.addArgument(signCSRKeystoreType);
final StringArgument signCSRAlias = new StringArgument(null, "signing-certificate-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_ALIAS_DESC.get());
signCSRAlias.addLongIdentifier("signingCertificateAlias", true);
signCSRAlias.addLongIdentifier("signing-certificate-nickname", true);
signCSRAlias.addLongIdentifier("signingCertificateNickname", true);
signCSRAlias.addLongIdentifier("alias", true);
signCSRAlias.addLongIdentifier("nickname", true);
signCSRParser.addArgument(signCSRAlias);
final DNArgument signCSRSubjectDN = new DNArgument(null, "subject-dn", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SUBJECT_DN_DESC.get());
signCSRSubjectDN.addLongIdentifier("subjectDN", true);
signCSRSubjectDN.addLongIdentifier("subject", true);
signCSRSubjectDN.addLongIdentifier("dname", true);
signCSRParser.addArgument(signCSRSubjectDN);
final IntegerArgument signCSRDaysValid = new IntegerArgument(null, "days-valid", false, 1, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DAYS_VALID_DESC.get(), 1, Integer.MAX_VALUE);
signCSRDaysValid.addLongIdentifier("daysValid", true);
signCSRDaysValid.addLongIdentifier("validity", true);
signCSRParser.addArgument(signCSRDaysValid);
final TimestampArgument signCSRNotBefore = new TimestampArgument(null, "validity-start-time", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_VALIDITY_START_TIME_DESC.get("20180102123456"));
signCSRNotBefore.addLongIdentifier("validityStartTime", true);
signCSRNotBefore.addLongIdentifier("not-before", true);
signCSRNotBefore.addLongIdentifier("notBefore", true);
signCSRParser.addArgument(signCSRNotBefore);
final StringArgument signCSRSignatureAlgorithm = new StringArgument(null, "signature-algorithm", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SIG_ALG_DESC.get());
signCSRSignatureAlgorithm.addLongIdentifier("signatureAlgorithm", true);
signCSRSignatureAlgorithm.addLongIdentifier("signature-alg", true);
signCSRSignatureAlgorithm.addLongIdentifier("signatureAlg", true);
signCSRSignatureAlgorithm.addLongIdentifier("sig-alg", true);
signCSRSignatureAlgorithm.addLongIdentifier("sigAlg", true);
signCSRParser.addArgument(signCSRSignatureAlgorithm);
final BooleanArgument signCSRIncludeExtensions = new BooleanArgument(null, "include-requested-extensions", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INCLUDE_EXT_DESC.get());
signCSRIncludeExtensions.addLongIdentifier("includeRequestedExtensions", true);
signCSRParser.addArgument(signCSRIncludeExtensions);
final StringArgument signCSRSubjectAltDNS = new StringArgument(null, "subject-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_DNS_DESC.get());
signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeNameDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alt-name-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAltNameDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alternative-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAlternativeDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("subject-alt-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("subjectAltDNS", true);
signCSRSubjectAltDNS.addLongIdentifier("san-dns", true);
signCSRSubjectAltDNS.addLongIdentifier("sanDNS", true);
signCSRSubjectAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRSubjectAltDNS);
final StringArgument signCSRSubjectAltIP = new StringArgument(null, "subject-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_IP_DESC.get());
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-name-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeNameIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-name-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltNameIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alternative-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAlternativeIP", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("subject-alt-ip", true);
signCSRSubjectAltIP.addLongIdentifier("subjectAltIP", true);
signCSRSubjectAltIP.addLongIdentifier("san-ip-address", true);
signCSRSubjectAltIP.addLongIdentifier("sanIPAddress", true);
signCSRSubjectAltIP.addLongIdentifier("san-ip", true);
signCSRSubjectAltIP.addLongIdentifier("sanIP", true);
signCSRSubjectAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
signCSRParser.addArgument(signCSRSubjectAltIP);
final StringArgument signCSRSubjectAltEmail = new StringArgument(null, "subject-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_EMAIL_DESC.get());
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-name-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeNameEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-name-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltNameEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alternative-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAlternativeEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("subject-alt-email", true);
signCSRSubjectAltEmail.addLongIdentifier("subjectAltEmail", true);
signCSRSubjectAltEmail.addLongIdentifier("san-email-address", true);
signCSRSubjectAltEmail.addLongIdentifier("sanEmailAddress", true);
signCSRSubjectAltEmail.addLongIdentifier("san-email", true);
signCSRSubjectAltEmail.addLongIdentifier("sanEmail", true);
signCSRSubjectAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRSubjectAltEmail);
final StringArgument signCSRSubjectAltURI = new StringArgument(null, "subject-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_URI_DESC.get());
signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeNameURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alt-name-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAltNameURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alternative-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAlternativeURI", true);
signCSRSubjectAltURI.addLongIdentifier("subject-alt-uri", true);
signCSRSubjectAltURI.addLongIdentifier("subjectAltURI", true);
signCSRSubjectAltURI.addLongIdentifier("san-uri", true);
signCSRSubjectAltURI.addLongIdentifier("sanURI", true);
signCSRParser.addArgument(signCSRSubjectAltURI);
final StringArgument signCSRSubjectAltOID = new StringArgument(null, "subject-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_OID_DESC.get());
signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeNameOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alt-name-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAltNameOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alternative-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAlternativeOID", true);
signCSRSubjectAltOID.addLongIdentifier("subject-alt-oid", true);
signCSRSubjectAltOID.addLongIdentifier("subjectAltOID", true);
signCSRSubjectAltOID.addLongIdentifier("san-oid", true);
signCSRSubjectAltOID.addLongIdentifier("sanOID", true);
signCSRSubjectAltOID.addValueValidator(new OIDArgumentValueValidator(true));
signCSRParser.addArgument(signCSRSubjectAltOID);
final StringArgument signCSRIssuerAltDNS = new StringArgument(null, "issuer-alternative-name-dns", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_DNS_DESC.get());
signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeNameDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-name-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAltNameDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alternative-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAlternativeDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("issuer-alt-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("issuerAltDNS", true);
signCSRIssuerAltDNS.addLongIdentifier("ian-dns", true);
signCSRIssuerAltDNS.addLongIdentifier("ianDNS", true);
signCSRIssuerAltDNS.addValueValidator(new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRIssuerAltDNS);
final StringArgument signCSRIssuerAltIP = new StringArgument(null, "issuer-alternative-name-ip-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_IP_DESC.get());
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-name-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeNameIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-name-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltNameIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alternative-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAlternativeIP", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("issuer-alt-ip", true);
signCSRIssuerAltIP.addLongIdentifier("issuerAltIP", true);
signCSRIssuerAltIP.addLongIdentifier("ian-ip-address", true);
signCSRIssuerAltIP.addLongIdentifier("ianIPAddress", true);
signCSRIssuerAltIP.addLongIdentifier("ian-ip", true);
signCSRIssuerAltIP.addLongIdentifier("ianIP", true);
signCSRIssuerAltIP.addValueValidator(new IPAddressArgumentValueValidator(true, true));
signCSRParser.addArgument(signCSRIssuerAltIP);
final StringArgument signCSRIssuerAltEmail = new StringArgument(null, "issuer-alternative-name-email-address", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_NAME.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_EMAIL_DESC.get());
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeNameEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-name-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeNameEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-name-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltNameEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alternative-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAlternativeEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("issuer-alt-email", true);
signCSRIssuerAltEmail.addLongIdentifier("issuerAltEmail", true);
signCSRIssuerAltEmail.addLongIdentifier("ian-email-address", true);
signCSRIssuerAltEmail.addLongIdentifier("ianEmailAddress", true);
signCSRIssuerAltEmail.addLongIdentifier("ian-email", true);
signCSRIssuerAltEmail.addLongIdentifier("ianEmail", true);
signCSRIssuerAltEmail.addValueValidator(new IA5StringArgumentValueValidator(false));
signCSRParser.addArgument(signCSRIssuerAltEmail);
final StringArgument signCSRIssuerAltURI = new StringArgument(null, "issuer-alternative-name-uri", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_URI.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_URI_DESC.get());
signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeNameURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alt-name-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAltNameURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alternative-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAlternativeURI", true);
signCSRIssuerAltURI.addLongIdentifier("issuer-alt-uri", true);
signCSRIssuerAltURI.addLongIdentifier("issuerAltURI", true);
signCSRIssuerAltURI.addLongIdentifier("ian-uri", true);
signCSRIssuerAltURI.addLongIdentifier("ianURI", true);
signCSRParser.addArgument(signCSRIssuerAltURI);
final StringArgument signCSRIssuerAltOID = new StringArgument(null, "issuer-alternative-name-oid", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_OID.get(), INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_OID_DESC.get());
signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeNameOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alt-name-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAltNameOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alternative-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAlternativeOID", true);
signCSRIssuerAltOID.addLongIdentifier("issuer-alt-oid", true);
signCSRIssuerAltOID.addLongIdentifier("issuerAltOID", true);
signCSRIssuerAltOID.addLongIdentifier("ian-oid", true);
signCSRIssuerAltOID.addLongIdentifier("ianOID", true);
signCSRIssuerAltOID.addValueValidator(new OIDArgumentValueValidator(true));
signCSRParser.addArgument(signCSRIssuerAltOID);
final BooleanValueArgument signCSRBasicConstraintsIsCA = new BooleanValueArgument(null, "basic-constraints-is-ca", false, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_BC_IS_CA_DESC.get());
signCSRBasicConstraintsIsCA.addLongIdentifier("basicConstraintsIsCA", true);
signCSRBasicConstraintsIsCA.addLongIdentifier("bc-is-ca", true);
signCSRBasicConstraintsIsCA.addLongIdentifier("bcIsCA", true);
signCSRParser.addArgument(signCSRBasicConstraintsIsCA);
final IntegerArgument signCSRBasicConstraintsPathLength = new IntegerArgument(null, "basic-constraints-maximum-path-length", false, 1, null, INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC.get(), 0, Integer.MAX_VALUE);
signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaximumPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-max-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsMaxPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("basic-constraints-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("basicConstraintsPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bc-maximum-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaximumPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bc-max-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcMaxPathLength", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bc-path-length", true);
signCSRBasicConstraintsPathLength.addLongIdentifier("bcPathLength", true);
signCSRParser.addArgument(signCSRBasicConstraintsPathLength);
final StringArgument signCSRKeyUsage = new StringArgument(null, "key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KU_DESC.get());
signCSRKeyUsage.addLongIdentifier("keyUsage", true);
signCSRParser.addArgument(signCSRKeyUsage);
final StringArgument signCSRExtendedKeyUsage = new StringArgument(null, "extended-key-usage", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EKU_DESC.get());
signCSRExtendedKeyUsage.addLongIdentifier("extendedKeyUsage", true);
signCSRParser.addArgument(signCSRExtendedKeyUsage);
final StringArgument signCSRExtension = new StringArgument(null, "extension", false, 0, null, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EXT_DESC.get());
signCSRExtension.addLongIdentifier("ext", true);
signCSRParser.addArgument(signCSRExtension);
final BooleanArgument signCSRNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_NO_PROMPT_DESC.get());
signCSRNoPrompt.addLongIdentifier("noPrompt", true);
signCSRParser.addArgument(signCSRNoPrompt);
final BooleanArgument signCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DISPLAY_COMMAND_DESC.get());
signCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
signCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
signCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
signCSRParser.addArgument(signCSRDisplayCommand);
signCSRParser.addRequiredArgumentSet(signCSRKeystorePassword, signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
signCSRParser.addExclusiveArgumentSet(signCSRKeystorePassword, signCSRKeystorePasswordFile, signCSRPromptForKeystorePassword);
signCSRParser.addExclusiveArgumentSet(signCSRPKPassword, signCSRPKPasswordFile, signCSRPromptForPKPassword);
signCSRParser.addDependentArgumentSet(signCSRBasicConstraintsPathLength, signCSRBasicConstraintsIsCA);
final LinkedHashMap<String[], String> signCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
signCSRExamples.put(new String[] { "sign-certificate-signing-request", "--request-input-file", "server-cert.csr", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--signing-certificate-alias", "ca-cert", "--include-requested-extensions" }, INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
signCSRExamples.put(new String[] { "sign-certificate-signing-request", "--request-input-file", "server-cert.csr", "--certificate-output-file", "server-cert.der", "--output-format", "DER", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--signing-certificate-alias", "ca-cert", "--days-valid", "730", "--validity-start-time", "20170101000000", "--include-requested-extensions", "--issuer-alternative-name-email-address", "ca@example.com" }, INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_2.get(getPlatformSpecificPath("config", "keystore")));
final SubCommand signCSRSubCommand = new SubCommand("sign-certificate-signing-request", INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC.get(), signCSRParser, signCSRExamples);
signCSRSubCommand.addName("signCertificateSigningRequest", true);
signCSRSubCommand.addName("sign-certificate-request", true);
signCSRSubCommand.addName("signCertificateRequest", true);
signCSRSubCommand.addName("sign-certificate", true);
signCSRSubCommand.addName("signCertificate", true);
signCSRSubCommand.addName("sign-csr", true);
signCSRSubCommand.addName("signCSR", true);
signCSRSubCommand.addName("sign", true);
signCSRSubCommand.addName("gencert", true);
parser.addSubCommand(signCSRSubCommand);
// Define the "change-certificate-alias" subcommand and all of its
// arguments.
final ArgumentParser changeAliasParser = new ArgumentParser("change-certificate-alias", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get());
final FileArgument changeAliasKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_DESC.get(), true, true, true, false);
changeAliasKeystore.addLongIdentifier("keystore-path", true);
changeAliasKeystore.addLongIdentifier("keystorePath", true);
changeAliasKeystore.addLongIdentifier("keystore-file", true);
changeAliasKeystore.addLongIdentifier("keystoreFile", true);
changeAliasParser.addArgument(changeAliasKeystore);
final StringArgument changeAliasKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_DESC.get());
changeAliasKeystorePassword.addLongIdentifier("keystorePassword", true);
changeAliasKeystorePassword.addLongIdentifier("keystore-passphrase", true);
changeAliasKeystorePassword.addLongIdentifier("keystorePassphrase", true);
changeAliasKeystorePassword.addLongIdentifier("keystore-pin", true);
changeAliasKeystorePassword.addLongIdentifier("keystorePIN", true);
changeAliasKeystorePassword.addLongIdentifier("storepass", true);
changeAliasKeystorePassword.setSensitive(true);
changeAliasParser.addArgument(changeAliasKeystorePassword);
final FileArgument changeAliasKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
changeAliasKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
changeAliasParser.addArgument(changeAliasKeystorePasswordFile);
final BooleanArgument changeAliasPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_KS_PW_DESC.get());
changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
changeAliasPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
changeAliasPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
changeAliasPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
changeAliasParser.addArgument(changeAliasPromptForKeystorePassword);
final StringArgument changeAliasPKPassword = new StringArgument(null, "private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_DESC.get());
changeAliasPKPassword.addLongIdentifier("privateKeyPassword", true);
changeAliasPKPassword.addLongIdentifier("private-key-passphrase", true);
changeAliasPKPassword.addLongIdentifier("privateKeyPassphrase", true);
changeAliasPKPassword.addLongIdentifier("private-key-pin", true);
changeAliasPKPassword.addLongIdentifier("privateKeyPIN", true);
changeAliasPKPassword.addLongIdentifier("key-password", true);
changeAliasPKPassword.addLongIdentifier("keyPassword", true);
changeAliasPKPassword.addLongIdentifier("key-passphrase", true);
changeAliasPKPassword.addLongIdentifier("keyPassphrase", true);
changeAliasPKPassword.addLongIdentifier("key-pin", true);
changeAliasPKPassword.addLongIdentifier("keyPIN", true);
changeAliasPKPassword.addLongIdentifier("keypass", true);
changeAliasPKPassword.setSensitive(true);
changeAliasParser.addArgument(changeAliasPKPassword);
final FileArgument changeAliasPKPasswordFile = new FileArgument(null, "private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_FILE_DESC.get(), true, true, true, false);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPasswordFile", true);
changeAliasPKPasswordFile.addLongIdentifier("private-key-passphrase-file", true);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPassphraseFile", true);
changeAliasPKPasswordFile.addLongIdentifier("private-key-pin-file", true);
changeAliasPKPasswordFile.addLongIdentifier("privateKeyPINFile", true);
changeAliasPKPasswordFile.addLongIdentifier("key-password-file", true);
changeAliasPKPasswordFile.addLongIdentifier("keyPasswordFile", true);
changeAliasPKPasswordFile.addLongIdentifier("key-passphrase-file", true);
changeAliasPKPasswordFile.addLongIdentifier("keyPassphraseFile", true);
changeAliasPKPasswordFile.addLongIdentifier("key-pin-file", true);
changeAliasPKPasswordFile.addLongIdentifier("keyPINFile", true);
changeAliasParser.addArgument(changeAliasPKPasswordFile);
final BooleanArgument changeAliasPromptForPKPassword = new BooleanArgument(null, "prompt-for-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_PK_PW_DESC.get());
changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassword", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-private-key-passphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPassphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-private-key-pin", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForPrivateKeyPIN", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-password", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPassword", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-passphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPassphrase", true);
changeAliasPromptForPKPassword.addLongIdentifier("prompt-for-key-pin", true);
changeAliasPromptForPKPassword.addLongIdentifier("promptForKeyPIN", true);
changeAliasParser.addArgument(changeAliasPromptForPKPassword);
final StringArgument changeAliasKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
changeAliasKeystoreType.addLongIdentifier("key-store-type", true);
changeAliasKeystoreType.addLongIdentifier("keystoreType", true);
changeAliasKeystoreType.addLongIdentifier("keystore-format", true);
changeAliasKeystoreType.addLongIdentifier("key-store-format", true);
changeAliasKeystoreType.addLongIdentifier("keystoreFormat", true);
changeAliasKeystoreType.addLongIdentifier("storetype", true);
changeAliasParser.addArgument(changeAliasKeystoreType);
final StringArgument changeAliasCurrentAlias = new StringArgument(null, "current-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_CURRENT_ALIAS_DESC.get());
changeAliasCurrentAlias.addLongIdentifier("currentAlias", true);
changeAliasCurrentAlias.addLongIdentifier("old-alias", true);
changeAliasCurrentAlias.addLongIdentifier("oldAlias", true);
changeAliasCurrentAlias.addLongIdentifier("source-alias", true);
changeAliasCurrentAlias.addLongIdentifier("sourceAlias", true);
changeAliasCurrentAlias.addLongIdentifier("alias", true);
changeAliasCurrentAlias.addLongIdentifier("current-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("currentNickname", true);
changeAliasCurrentAlias.addLongIdentifier("old-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("oldNickname", true);
changeAliasCurrentAlias.addLongIdentifier("source-nickname", true);
changeAliasCurrentAlias.addLongIdentifier("sourceNickname", true);
changeAliasCurrentAlias.addLongIdentifier("nickname", true);
changeAliasCurrentAlias.addLongIdentifier("from", false);
changeAliasParser.addArgument(changeAliasCurrentAlias);
final StringArgument changeAliasNewAlias = new StringArgument(null, "new-alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_NEW_ALIAS_DESC.get());
changeAliasNewAlias.addLongIdentifier("newAlias", true);
changeAliasNewAlias.addLongIdentifier("destination-alias", true);
changeAliasNewAlias.addLongIdentifier("destinationAlias", true);
changeAliasNewAlias.addLongIdentifier("new-nickname", true);
changeAliasNewAlias.addLongIdentifier("newNickname", true);
changeAliasNewAlias.addLongIdentifier("destination-nickname", true);
changeAliasNewAlias.addLongIdentifier("destinationNickname", true);
changeAliasNewAlias.addLongIdentifier("to", false);
changeAliasParser.addArgument(changeAliasNewAlias);
final BooleanArgument changeAliasDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_DISPLAY_COMMAND_DESC.get());
changeAliasDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changeAliasDisplayCommand.addLongIdentifier("show-keytool-command", true);
changeAliasDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changeAliasParser.addArgument(changeAliasDisplayCommand);
changeAliasParser.addRequiredArgumentSet(changeAliasKeystorePassword, changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
changeAliasParser.addExclusiveArgumentSet(changeAliasKeystorePassword, changeAliasKeystorePasswordFile, changeAliasPromptForKeystorePassword);
changeAliasParser.addExclusiveArgumentSet(changeAliasPKPassword, changeAliasPKPasswordFile, changeAliasPromptForPKPassword);
final LinkedHashMap<String[], String> changeAliasExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changeAliasExamples.put(new String[] { "change-certificate-alias", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--current-alias", "server-cert", "--new-alias", "server-certificate", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_EXAMPLE_1.get());
final SubCommand changeAliasSubCommand = new SubCommand("change-certificate-alias", INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC.get(), changeAliasParser, changeAliasExamples);
changeAliasSubCommand.addName("changeCertificateAlias", true);
changeAliasSubCommand.addName("change-alias", true);
changeAliasSubCommand.addName("changeAlias", true);
changeAliasSubCommand.addName("rename-certificate", true);
changeAliasSubCommand.addName("renameCertificate", true);
changeAliasSubCommand.addName("rename", true);
parser.addSubCommand(changeAliasSubCommand);
// Define the "change-keystore-password" subcommand and all of its
// arguments.
final ArgumentParser changeKSPWParser = new ArgumentParser("change-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get());
final FileArgument changeKSPWKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_KS_DESC.get(), true, true, true, false);
changeKSPWKeystore.addLongIdentifier("keystore-path", true);
changeKSPWKeystore.addLongIdentifier("keystorePath", true);
changeKSPWKeystore.addLongIdentifier("keystore-file", true);
changeKSPWKeystore.addLongIdentifier("keystoreFile", true);
changeKSPWParser.addArgument(changeKSPWKeystore);
final StringArgument changeKSPWCurrentPassword = new StringArgument(null, "current-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_DESC.get());
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassword", true);
changeKSPWCurrentPassword.addLongIdentifier("current-keystore-passphrase", true);
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePassphrase", true);
changeKSPWCurrentPassword.addLongIdentifier("current-keystore-pin", true);
changeKSPWCurrentPassword.addLongIdentifier("currentKeystorePIN", true);
changeKSPWCurrentPassword.addLongIdentifier("storepass", true);
changeKSPWCurrentPassword.setSensitive(true);
changeKSPWParser.addArgument(changeKSPWCurrentPassword);
final FileArgument changeKSPWCurrentPasswordFile = new FileArgument(null, "current-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_FILE_DESC.get(), true, true, true, false);
changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePasswordFile", true);
changeKSPWCurrentPasswordFile.addLongIdentifier("current-keystore-passphrase-file", true);
changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePassphraseFile", true);
changeKSPWCurrentPasswordFile.addLongIdentifier("current-keystore-pin-file", true);
changeKSPWCurrentPasswordFile.addLongIdentifier("currentKeystorePINFile", true);
changeKSPWParser.addArgument(changeKSPWCurrentPasswordFile);
final BooleanArgument changeKSPWPromptForCurrentPassword = new BooleanArgument(null, "prompt-for-current-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePassword", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-keystore-passphrase", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePassphrase", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-keystore-pin", true);
changeKSPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentKeystorePIN", true);
changeKSPWParser.addArgument(changeKSPWPromptForCurrentPassword);
final StringArgument changeKSPWNewPassword = new StringArgument(null, "new-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_DESC.get());
changeKSPWNewPassword.addLongIdentifier("newKeystorePassword", true);
changeKSPWNewPassword.addLongIdentifier("new-keystore-passphrase", true);
changeKSPWNewPassword.addLongIdentifier("newKeystorePassphrase", true);
changeKSPWNewPassword.addLongIdentifier("new-keystore-pin", true);
changeKSPWNewPassword.addLongIdentifier("newKeystorePIN", true);
changeKSPWNewPassword.addLongIdentifier("new", true);
changeKSPWNewPassword.setSensitive(true);
changeKSPWParser.addArgument(changeKSPWNewPassword);
final FileArgument changeKSPWNewPasswordFile = new FileArgument(null, "new-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_FILE_DESC.get(), true, true, true, false);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePasswordFile", true);
changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-passphrase-file", true);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePassphraseFile", true);
changeKSPWNewPasswordFile.addLongIdentifier("new-keystore-pin-file", true);
changeKSPWNewPasswordFile.addLongIdentifier("newKeystorePINFile", true);
changeKSPWParser.addArgument(changeKSPWNewPasswordFile);
final BooleanArgument changeKSPWPromptForNewPassword = new BooleanArgument(null, "prompt-for-new-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePassword", true);
changeKSPWPromptForNewPassword.addLongIdentifier("prompt-for-new-keystore-passphrase", true);
changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePassphrase", true);
changeKSPWPromptForNewPassword.addLongIdentifier("prompt-for-new-keystore-pin", true);
changeKSPWPromptForNewPassword.addLongIdentifier("promptForNewKeystorePIN", true);
changeKSPWParser.addArgument(changeKSPWPromptForNewPassword);
final BooleanArgument changeKSPWDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_DISPLAY_COMMAND_DESC.get());
changeKSPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changeKSPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
changeKSPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changeKSPWParser.addArgument(changeKSPWDisplayCommand);
changeKSPWParser.addRequiredArgumentSet(changeKSPWCurrentPassword, changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
changeKSPWParser.addExclusiveArgumentSet(changeKSPWCurrentPassword, changeKSPWCurrentPasswordFile, changeKSPWPromptForCurrentPassword);
changeKSPWParser.addRequiredArgumentSet(changeKSPWNewPassword, changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
changeKSPWParser.addExclusiveArgumentSet(changeKSPWNewPassword, changeKSPWNewPasswordFile, changeKSPWPromptForNewPassword);
final LinkedHashMap<String[], String> changeKSPWExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changeKSPWExamples.put(new String[] { "change-keystore-password", "--keystore", getPlatformSpecificPath("config", "keystore"), "--current-keystore-password-file", getPlatformSpecificPath("config", "current.pin"), "--new-keystore-password-file", getPlatformSpecificPath("config", "new.pin"), "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore"), getPlatformSpecificPath("config", "current.pin"), getPlatformSpecificPath("config", "new.pin")));
final SubCommand changeKSPWSubCommand = new SubCommand("change-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC.get(), changeKSPWParser, changeKSPWExamples);
changeKSPWSubCommand.addName("changeKeystorePassword", true);
changeKSPWSubCommand.addName("change-keystore-passphrase", true);
changeKSPWSubCommand.addName("changeKeystorePassphrase", true);
changeKSPWSubCommand.addName("change-keystore-pin", true);
changeKSPWSubCommand.addName("changeKeystorePIN", true);
changeKSPWSubCommand.addName("storepasswd", true);
parser.addSubCommand(changeKSPWSubCommand);
// Define the "change-private-key-password" subcommand and all of its
// arguments.
final ArgumentParser changePKPWParser = new ArgumentParser("change-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get());
final FileArgument changePKPWKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_DESC.get(), true, true, true, false);
changePKPWKeystore.addLongIdentifier("keystore-path", true);
changePKPWKeystore.addLongIdentifier("keystorePath", true);
changePKPWKeystore.addLongIdentifier("keystore-file", true);
changePKPWKeystore.addLongIdentifier("keystoreFile", true);
changePKPWParser.addArgument(changePKPWKeystore);
final StringArgument changePKPWKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_DESC.get());
changePKPWKeystorePassword.addLongIdentifier("keystorePassword", true);
changePKPWKeystorePassword.addLongIdentifier("keystore-passphrase", true);
changePKPWKeystorePassword.addLongIdentifier("keystorePassphrase", true);
changePKPWKeystorePassword.addLongIdentifier("keystore-pin", true);
changePKPWKeystorePassword.addLongIdentifier("keystorePIN", true);
changePKPWKeystorePassword.addLongIdentifier("storepass", true);
changePKPWKeystorePassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWKeystorePassword);
final FileArgument changePKPWKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
changePKPWKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
changePKPWParser.addArgument(changePKPWKeystorePasswordFile);
final BooleanArgument changePKPWPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_KS_PW_DESC.get());
changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
changePKPWPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
changePKPWPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
changePKPWPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
changePKPWParser.addArgument(changePKPWPromptForKeystorePassword);
final StringArgument changePKPWKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
changePKPWKeystoreType.addLongIdentifier("key-store-type", true);
changePKPWKeystoreType.addLongIdentifier("keystoreType", true);
changePKPWKeystoreType.addLongIdentifier("keystore-format", true);
changePKPWKeystoreType.addLongIdentifier("key-store-format", true);
changePKPWKeystoreType.addLongIdentifier("keystoreFormat", true);
changePKPWKeystoreType.addLongIdentifier("storetype", true);
changePKPWParser.addArgument(changePKPWKeystoreType);
final StringArgument changePKPWAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_ALIAS_DESC.get());
changePKPWAlias.addLongIdentifier("nickname", true);
changePKPWParser.addArgument(changePKPWAlias);
final StringArgument changePKPWCurrentPassword = new StringArgument(null, "current-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_DESC.get());
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassword", true);
changePKPWCurrentPassword.addLongIdentifier("current-private-key-passphrase", true);
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPassphrase", true);
changePKPWCurrentPassword.addLongIdentifier("current-private-key-pin", true);
changePKPWCurrentPassword.addLongIdentifier("currentPrivateKeyPIN", true);
changePKPWCurrentPassword.addLongIdentifier("keypass", true);
changePKPWCurrentPassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWCurrentPassword);
final FileArgument changePKPWCurrentPasswordFile = new FileArgument(null, "current-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_FILE_DESC.get(), true, true, true, false);
changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPasswordFile", true);
changePKPWCurrentPasswordFile.addLongIdentifier("current-private-key-passphrase-file", true);
changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPassphraseFile", true);
changePKPWCurrentPasswordFile.addLongIdentifier("current-private-key-pin-file", true);
changePKPWCurrentPasswordFile.addLongIdentifier("currentPrivateKeyPINFile", true);
changePKPWParser.addArgument(changePKPWCurrentPasswordFile);
final BooleanArgument changePKPWPromptForCurrentPassword = new BooleanArgument(null, "prompt-for-current-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC.get());
changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPassword", true);
changePKPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-private-key-passphrase", true);
changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPassphrase", true);
changePKPWPromptForCurrentPassword.addLongIdentifier("prompt-for-current-private-key-pin", true);
changePKPWPromptForCurrentPassword.addLongIdentifier("promptForCurrentPrivateKeyPIN", true);
changePKPWParser.addArgument(changePKPWPromptForCurrentPassword);
final StringArgument changePKPWNewPassword = new StringArgument(null, "new-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_DESC.get());
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassword", true);
changePKPWNewPassword.addLongIdentifier("new-private-key-passphrase", true);
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPassphrase", true);
changePKPWNewPassword.addLongIdentifier("new-private-key-pin", true);
changePKPWNewPassword.addLongIdentifier("newPrivateKeyPIN", true);
changePKPWNewPassword.addLongIdentifier("new", true);
changePKPWNewPassword.setSensitive(true);
changePKPWParser.addArgument(changePKPWNewPassword);
final FileArgument changePKPWNewPasswordFile = new FileArgument(null, "new-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_FILE_DESC.get(), true, true, true, false);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPasswordFile", true);
changePKPWNewPasswordFile.addLongIdentifier("new-private-key-passphrase-file", true);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPassphraseFile", true);
changePKPWNewPasswordFile.addLongIdentifier("new-private-key-pin-file", true);
changePKPWNewPasswordFile.addLongIdentifier("newPrivateKeyPINFile", true);
changePKPWParser.addArgument(changePKPWNewPasswordFile);
final BooleanArgument changePKPWPromptForNewPassword = new BooleanArgument(null, "prompt-for-new-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_NEW_PW_DESC.get());
changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPassword", true);
changePKPWPromptForNewPassword.addLongIdentifier("prompt-for-new-private-key-passphrase", true);
changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPassphrase", true);
changePKPWPromptForNewPassword.addLongIdentifier("prompt-for-new-private-key-pin", true);
changePKPWPromptForNewPassword.addLongIdentifier("promptForNewPrivateKeyPIN", true);
changePKPWParser.addArgument(changePKPWPromptForNewPassword);
final BooleanArgument changePKPWDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_DISPLAY_COMMAND_DESC.get());
changePKPWDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
changePKPWDisplayCommand.addLongIdentifier("show-keytool-command", true);
changePKPWDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
changePKPWParser.addArgument(changePKPWDisplayCommand);
changePKPWParser.addRequiredArgumentSet(changePKPWKeystorePassword, changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWKeystorePassword, changePKPWKeystorePasswordFile, changePKPWPromptForKeystorePassword);
changePKPWParser.addRequiredArgumentSet(changePKPWCurrentPassword, changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWCurrentPassword, changePKPWCurrentPasswordFile, changePKPWPromptForCurrentPassword);
changePKPWParser.addRequiredArgumentSet(changePKPWNewPassword, changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
changePKPWParser.addExclusiveArgumentSet(changePKPWNewPassword, changePKPWNewPasswordFile, changePKPWPromptForNewPassword);
final LinkedHashMap<String[], String> changePKPWExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
changePKPWExamples.put(new String[] { "change-private-key-password", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert", "--current-private-key-password-file", getPlatformSpecificPath("config", "current.pin"), "--new-private-key-password-file", getPlatformSpecificPath("config", "new.pin"), "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore"), getPlatformSpecificPath("config", "current.pin"), getPlatformSpecificPath("config", "new.pin")));
final SubCommand changePKPWSubCommand = new SubCommand("change-private-key-password", INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC.get(), changePKPWParser, changePKPWExamples);
changePKPWSubCommand.addName("changePrivateKeyPassword", true);
changePKPWSubCommand.addName("change-private-key-passphrase", true);
changePKPWSubCommand.addName("changePrivateKeyPassphrase", true);
changePKPWSubCommand.addName("change-private-key-pin", true);
changePKPWSubCommand.addName("changePrivateKeyPIN", true);
changePKPWSubCommand.addName("change-key-password", true);
changePKPWSubCommand.addName("changeKeyPassword", true);
changePKPWSubCommand.addName("change-key-passphrase", true);
changePKPWSubCommand.addName("changeKeyPassphrase", true);
changePKPWSubCommand.addName("change-key-pin", true);
changePKPWSubCommand.addName("changeKeyPIN", true);
changePKPWSubCommand.addName("keypasswd", true);
parser.addSubCommand(changePKPWSubCommand);
// Define the "copy-keystore" subcommand and all of its arguments.
final ArgumentParser copyKSParser = new ArgumentParser("copy-keystore", INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get());
final FileArgument copyKSSourceKeystore = new FileArgument(null, "source-keystore", true, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_DESC.get(), true, true, true, false);
copyKSSourceKeystore.addLongIdentifier("sourceKeystore", true);
copyKSSourceKeystore.addLongIdentifier("source-keystore-path", true);
copyKSSourceKeystore.addLongIdentifier("sourceKeystorePath", true);
copyKSSourceKeystore.addLongIdentifier("source-keystore-file", true);
copyKSSourceKeystore.addLongIdentifier("sourceKeystoreFile", true);
copyKSParser.addArgument(copyKSSourceKeystore);
final StringArgument copyKSSourceKeystorePassword = new StringArgument(null, "source-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_DESC.get());
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassword", true);
copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-passphrase", true);
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePassphrase", true);
copyKSSourceKeystorePassword.addLongIdentifier("source-keystore-pin", true);
copyKSSourceKeystorePassword.addLongIdentifier("sourceKeystorePIN", true);
copyKSParser.addArgument(copyKSSourceKeystorePassword);
final FileArgument copyKSSourceKeystorePasswordFile = new FileArgument(null, "source-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_FILE_DESC.get(), true, true, true, false);
copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePasswordFile", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier("source-keystore-passphrase-file", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePassphraseFile", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier("source-keystore-pin-file", true);
copyKSSourceKeystorePasswordFile.addLongIdentifier("sourceKeystorePINFile", true);
copyKSParser.addArgument(copyKSSourceKeystorePasswordFile);
final BooleanArgument copyKSPromptForSourceKeystorePassword = new BooleanArgument(null, "prompt-for-source-keystore-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_KS_PW.get());
copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePassword", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier("prompt-for-source-keystore-passphrase", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePassphrase", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier("prompt-for-source-keystore-pin", true);
copyKSPromptForSourceKeystorePassword.addLongIdentifier("promptForSourceKeystorePIN", true);
copyKSParser.addArgument(copyKSPromptForSourceKeystorePassword);
final StringArgument copyKSSourcePKPassword = new StringArgument(null, "source-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_DESC.get());
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassword", true);
copyKSSourcePKPassword.addLongIdentifier("source-private-key-passphrase", true);
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPassphrase", true);
copyKSSourcePKPassword.addLongIdentifier("source-private-key-pin", true);
copyKSSourcePKPassword.addLongIdentifier("sourcePrivateKeyPIN", true);
copyKSParser.addArgument(copyKSSourcePKPassword);
final FileArgument copyKSSourcePKPasswordFile = new FileArgument(null, "source-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_FILE_DESC.get(), true, true, true, false);
copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPasswordFile", true);
copyKSSourcePKPasswordFile.addLongIdentifier("source-private-key-passphrase-file", true);
copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPassphraseFile", true);
copyKSSourcePKPasswordFile.addLongIdentifier("source-private-key-pin-file", true);
copyKSSourcePKPasswordFile.addLongIdentifier("sourcePrivateKeyPINFile", true);
copyKSParser.addArgument(copyKSSourcePKPasswordFile);
final BooleanArgument copyKSPromptForSourcePKPassword = new BooleanArgument(null, "prompt-for-source-private-key-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_PK_PW.get());
copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPassword", true);
copyKSPromptForSourcePKPassword.addLongIdentifier("prompt-for-source-private-key-passphrase", true);
copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPassphrase", true);
copyKSPromptForSourcePKPassword.addLongIdentifier("prompt-for-source-private-key-pin", true);
copyKSPromptForSourcePKPassword.addLongIdentifier("promptForSourcePrivateKeyPIN", true);
copyKSParser.addArgument(copyKSPromptForSourcePKPassword);
final StringArgument copyKSSourceKeystoreType = new StringArgument(null, "source-keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_TYPE.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
copyKSSourceKeystoreType.addLongIdentifier("source-key-store-type", true);
copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreType", true);
copyKSSourceKeystoreType.addLongIdentifier("source-keystore-format", true);
copyKSSourceKeystoreType.addLongIdentifier("source-key-store-format", true);
copyKSSourceKeystoreType.addLongIdentifier("sourceKeystoreFormat", true);
copyKSParser.addArgument(copyKSSourceKeystoreType);
final FileArgument copyKSDestKeystore = new FileArgument(null, "destination-keystore", true, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_DESC.get(), false, true, true, false);
copyKSDestKeystore.addLongIdentifier("destinationKeystore", true);
copyKSDestKeystore.addLongIdentifier("destination-keystore-path", true);
copyKSDestKeystore.addLongIdentifier("destinationKeystorePath", true);
copyKSDestKeystore.addLongIdentifier("destination-keystore-file", true);
copyKSDestKeystore.addLongIdentifier("destinationKeystoreFile", true);
copyKSDestKeystore.addLongIdentifier("target-keystore", true);
copyKSDestKeystore.addLongIdentifier("targetKeystore", true);
copyKSDestKeystore.addLongIdentifier("target-keystore-path", true);
copyKSDestKeystore.addLongIdentifier("targetKeystorePath", true);
copyKSDestKeystore.addLongIdentifier("target-keystore-file", true);
copyKSDestKeystore.addLongIdentifier("targetKeystoreFile", true);
copyKSParser.addArgument(copyKSDestKeystore);
final StringArgument copyKSDestKeystorePassword = new StringArgument(null, "destination-keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_DESC.get());
copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePassword", true);
copyKSDestKeystorePassword.addLongIdentifier("destination-keystore-passphrase", true);
copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePassphrase", true);
copyKSDestKeystorePassword.addLongIdentifier("destination-keystore-pin", true);
copyKSDestKeystorePassword.addLongIdentifier("destinationKeystorePIN", true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-password", true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassword", true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-passphrase", true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePassphrase", true);
copyKSDestKeystorePassword.addLongIdentifier("target-keystore-pin", true);
copyKSDestKeystorePassword.addLongIdentifier("targetKeystorePIN", true);
copyKSParser.addArgument(copyKSDestKeystorePassword);
final FileArgument copyKSDestKeystorePasswordFile = new FileArgument(null, "destination-keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_FILE_DESC.get(), true, true, true, false);
copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePasswordFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("destination-keystore-passphrase-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePassphraseFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("destination-keystore-pin-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("destinationKeystorePINFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-password-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePasswordFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-passphrase-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePassphraseFile", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("target-keystore-pin-file", true);
copyKSDestKeystorePasswordFile.addLongIdentifier("targetKeystorePINFile", true);
copyKSParser.addArgument(copyKSDestKeystorePasswordFile);
final BooleanArgument copyKSPromptForDestKeystorePassword = new BooleanArgument(null, "prompt-for-destination-keystore-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_KS_PW.get());
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePassword", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Destination-keystore-passphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePassphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Destination-keystore-pin", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForDestinationKeystorePIN", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-target-keystore-password", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePassword", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Target-keystore-passphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePassphrase", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("prompt-for-Target-keystore-pin", true);
copyKSPromptForDestKeystorePassword.addLongIdentifier("promptForTargetKeystorePIN", true);
copyKSParser.addArgument(copyKSPromptForDestKeystorePassword);
final StringArgument copyKSDestPKPassword = new StringArgument(null, "destination-private-key-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_DESC.get());
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassword", true);
copyKSDestPKPassword.addLongIdentifier("destination-private-key-passphrase", true);
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPassphrase", true);
copyKSDestPKPassword.addLongIdentifier("destination-private-key-pin", true);
copyKSDestPKPassword.addLongIdentifier("destinationPrivateKeyPIN", true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-password", true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassword", true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-passphrase", true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPassphrase", true);
copyKSDestPKPassword.addLongIdentifier("target-private-key-pin", true);
copyKSDestPKPassword.addLongIdentifier("targetPrivateKeyPIN", true);
copyKSParser.addArgument(copyKSDestPKPassword);
final FileArgument copyKSDestPKPasswordFile = new FileArgument(null, "destination-private-key-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_FILE_DESC.get(), true, true, true, false);
copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPasswordFile", true);
copyKSDestPKPasswordFile.addLongIdentifier("destination-private-key-passphrase-file", true);
copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPassphraseFile", true);
copyKSDestPKPasswordFile.addLongIdentifier("destination-private-key-pin-file", true);
copyKSDestPKPasswordFile.addLongIdentifier("destinationPrivateKeyPINFile", true);
copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-password-file", true);
copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPasswordFile", true);
copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-passphrase-file", true);
copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPassphraseFile", true);
copyKSDestPKPasswordFile.addLongIdentifier("target-private-key-pin-file", true);
copyKSDestPKPasswordFile.addLongIdentifier("targetPrivateKeyPINFile", true);
copyKSParser.addArgument(copyKSDestPKPasswordFile);
final BooleanArgument copyKSPromptForDestPKPassword = new BooleanArgument(null, "prompt-for-destination-private-key-password", 1, INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_PK_PW.get());
copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPassword", true);
copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Destination-private-key-passphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPassphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Destination-private-key-pin", true);
copyKSPromptForDestPKPassword.addLongIdentifier("promptForDestinationPrivateKeyPIN", true);
copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-target-private-key-password", true);
copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPassword", true);
copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Target-private-key-passphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPassphrase", true);
copyKSPromptForDestPKPassword.addLongIdentifier("prompt-for-Target-private-key-pin", true);
copyKSPromptForDestPKPassword.addLongIdentifier("promptForTargetPrivateKeyPIN", true);
copyKSParser.addArgument(copyKSPromptForDestPKPassword);
final StringArgument copyKSDestKeystoreType = new StringArgument(null, "destination-keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_TYPE.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
copyKSDestKeystoreType.addLongIdentifier("destination-key-store-type", true);
copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreType", true);
copyKSDestKeystoreType.addLongIdentifier("destination-keystore-format", true);
copyKSDestKeystoreType.addLongIdentifier("destination-key-store-format", true);
copyKSDestKeystoreType.addLongIdentifier("destinationKeystoreFormat", true);
copyKSDestKeystoreType.addLongIdentifier("target-key-store-type", true);
copyKSDestKeystoreType.addLongIdentifier("targetKeystoreType", true);
copyKSDestKeystoreType.addLongIdentifier("target-keystore-format", true);
copyKSDestKeystoreType.addLongIdentifier("target-key-store-format", true);
copyKSDestKeystoreType.addLongIdentifier("targetKeystoreFormat", true);
copyKSParser.addArgument(copyKSDestKeystoreType);
final StringArgument copyKSAlias = new StringArgument(null, "alias", false, 0, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_COPY_KS_ARG_ALIAS.get());
copyKSAlias.addLongIdentifier("nickname", true);
copyKSParser.addArgument(copyKSAlias);
copyKSParser.addRequiredArgumentSet(copyKSSourceKeystorePassword, copyKSSourceKeystorePasswordFile, copyKSPromptForSourceKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSSourceKeystorePassword, copyKSSourceKeystorePasswordFile, copyKSPromptForSourceKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSSourcePKPassword, copyKSSourcePKPasswordFile, copyKSPromptForDestPKPassword);
copyKSParser.addExclusiveArgumentSet(copyKSDestKeystorePassword, copyKSDestKeystorePasswordFile, copyKSPromptForDestKeystorePassword);
copyKSParser.addExclusiveArgumentSet(copyKSDestPKPassword, copyKSDestPKPasswordFile, copyKSPromptForDestPKPassword);
final LinkedHashMap<String[], String> copyKeyStoreExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
copyKeyStoreExamples.put(new String[] { "copy-keystore", "--source-keystore", getPlatformSpecificPath("config", "keystore.jks"), "--source-keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--source-keystore-type", "JKS", "--destination-keystore", getPlatformSpecificPath("config", "keystore.p12"), "--destination-keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--destination-keystore-type", "PKCS12" }, INFO_MANAGE_CERTS_SC_COPY_KS_EXAMPLE_1.get("keystore.jks", "keystore.p12"));
final SubCommand copyKeyStoreSubCommand = new SubCommand("copy-keystore", INFO_MANAGE_CERTS_SC_COPY_KS_DESC.get(), copyKSParser, copyKeyStoreExamples);
copyKeyStoreSubCommand.addName("copy-key-store", true);
copyKeyStoreSubCommand.addName("copyKeyStore", true);
copyKeyStoreSubCommand.addName("import-keystore", true);
copyKeyStoreSubCommand.addName("import-key-store", true);
copyKeyStoreSubCommand.addName("importKeyStore", true);
copyKeyStoreSubCommand.addName("convert-keystore", true);
copyKeyStoreSubCommand.addName("convert-key-store", true);
copyKeyStoreSubCommand.addName("convertKeyStore", true);
parser.addSubCommand(copyKeyStoreSubCommand);
// Define the "retrieve-server-certificate" subcommand and all of its
// arguments.
final ArgumentParser retrieveCertParser = new ArgumentParser("retrieve-server-certificate", INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get());
final StringArgument retrieveCertHostname = new StringArgument('h', "hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_HOSTNAME_DESC.get());
retrieveCertHostname.addLongIdentifier("server-address", true);
retrieveCertHostname.addLongIdentifier("serverAddress", true);
retrieveCertHostname.addLongIdentifier("address", true);
retrieveCertParser.addArgument(retrieveCertHostname);
final IntegerArgument retrieveCertPort = new IntegerArgument('p', "port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_PORT_DESC.get(), 1, 65_535);
retrieveCertPort.addLongIdentifier("server-port", true);
retrieveCertPort.addLongIdentifier("serverPort", true);
retrieveCertParser.addArgument(retrieveCertPort);
final BooleanArgument retrieveCertUseStartTLS = new BooleanArgument('q', "use-ldap-start-tls", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_USE_START_TLS_DESC.get());
retrieveCertUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
retrieveCertUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
retrieveCertUseStartTLS.addLongIdentifier("use-start-tls", true);
retrieveCertUseStartTLS.addLongIdentifier("use-starttls", true);
retrieveCertUseStartTLS.addLongIdentifier("useStartTLS", true);
retrieveCertParser.addArgument(retrieveCertUseStartTLS);
final FileArgument retrieveCertOutputFile = new FileArgument(null, "output-file", false, 1, null, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FILE_DESC.get(), false, true, true, false);
retrieveCertOutputFile.addLongIdentifier("outputFile", true);
retrieveCertOutputFile.addLongIdentifier("export-file", true);
retrieveCertOutputFile.addLongIdentifier("exportFile", true);
retrieveCertOutputFile.addLongIdentifier("certificate-file", true);
retrieveCertOutputFile.addLongIdentifier("certificateFile", true);
retrieveCertOutputFile.addLongIdentifier("file", true);
retrieveCertOutputFile.addLongIdentifier("filename", true);
retrieveCertParser.addArgument(retrieveCertOutputFile);
final Set<String> retrieveCertOutputFormatAllowedValues = StaticUtils.setOf("PEM", "text", "txt", "RFC", "DER", "binary", "bin");
final StringArgument retrieveCertOutputFormat = new StringArgument(null, "output-format", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT.get(), INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FORMAT_DESC.get(), retrieveCertOutputFormatAllowedValues, "PEM");
retrieveCertOutputFormat.addLongIdentifier("outputFormat", true);
retrieveCertParser.addArgument(retrieveCertOutputFormat);
final BooleanArgument retrieveCertOnlyPeer = new BooleanArgument(null, "only-peer-certificate", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ONLY_PEER_DESC.get());
retrieveCertOnlyPeer.addLongIdentifier("onlyPeerCertificate", true);
retrieveCertOnlyPeer.addLongIdentifier("only-peer", true);
retrieveCertOnlyPeer.addLongIdentifier("onlyPeer", true);
retrieveCertOnlyPeer.addLongIdentifier("peer-certificate-only", true);
retrieveCertOnlyPeer.addLongIdentifier("peerCertificateOnly", true);
retrieveCertOnlyPeer.addLongIdentifier("peer-only", true);
retrieveCertOnlyPeer.addLongIdentifier("peerOnly", true);
retrieveCertParser.addArgument(retrieveCertOnlyPeer);
final BooleanArgument retrieveCertEnableSSLDebugging = new BooleanArgument(null, "enableSSLDebugging", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ENABLE_SSL_DEBUGGING_DESC.get());
retrieveCertEnableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-tls-debugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-starttls-debugging", true);
retrieveCertEnableSSLDebugging.addLongIdentifier("enable-start-tls-debugging", true);
retrieveCertParser.addArgument(retrieveCertEnableSSLDebugging);
addEnableSSLDebuggingArgument(retrieveCertEnableSSLDebugging);
final BooleanArgument retrieveCertVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_VERBOSE_DESC.get());
retrieveCertParser.addArgument(retrieveCertVerbose);
retrieveCertParser.addDependentArgumentSet(retrieveCertOutputFormat, retrieveCertOutputFile);
final LinkedHashMap<String[], String> retrieveCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
retrieveCertExamples.put(new String[] { "retrieve-server-certificate", "--hostname", "ds.example.com", "--port", "636" }, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_1.get(getPlatformSpecificPath("config", "truststore")));
retrieveCertExamples.put(new String[] { "retrieve-server-certificate", "--hostname", "ds.example.com", "--port", "389", "--use-ldap-start-tls", "--only-peer-certificate", "--output-file", "ds-cert.pem", "--output-format", "PEM", "--verbose" }, INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_2.get(getPlatformSpecificPath("config", "truststore")));
final SubCommand retrieveCertSubCommand = new SubCommand("retrieve-server-certificate", INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC.get(), retrieveCertParser, retrieveCertExamples);
retrieveCertSubCommand.addName("retrieveServerCertificate", true);
retrieveCertSubCommand.addName("retrieve-certificate", true);
retrieveCertSubCommand.addName("retrieveCertificate", true);
retrieveCertSubCommand.addName("get-server-certificate", true);
retrieveCertSubCommand.addName("getServerCertificate", true);
retrieveCertSubCommand.addName("get-certificate", true);
retrieveCertSubCommand.addName("getCertificate", true);
retrieveCertSubCommand.addName("display-server-certificate", true);
retrieveCertSubCommand.addName("displayServerCertificate", true);
parser.addSubCommand(retrieveCertSubCommand);
// Define the "trust-server-certificate" subcommand and all of its
// arguments.
final ArgumentParser trustServerParser = new ArgumentParser("trust-server-certificate", INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get());
final StringArgument trustServerHostname = new StringArgument('h', "hostname", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_HOST.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_HOSTNAME_DESC.get());
trustServerHostname.addLongIdentifier("server-address", true);
trustServerHostname.addLongIdentifier("serverAddress", true);
trustServerHostname.addLongIdentifier("address", true);
trustServerParser.addArgument(trustServerHostname);
final IntegerArgument trustServerPort = new IntegerArgument('p', "port", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PORT.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PORT_DESC.get(), 1, 65_535);
trustServerPort.addLongIdentifier("server-port", true);
trustServerPort.addLongIdentifier("serverPort", true);
trustServerParser.addArgument(trustServerPort);
final BooleanArgument trustServerUseStartTLS = new BooleanArgument('q', "use-ldap-start-tls", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_USE_START_TLS_DESC.get());
trustServerUseStartTLS.addLongIdentifier("use-ldap-starttls", true);
trustServerUseStartTLS.addLongIdentifier("useLDAPStartTLS", true);
trustServerUseStartTLS.addLongIdentifier("use-start-tls", true);
trustServerUseStartTLS.addLongIdentifier("use-starttls", true);
trustServerUseStartTLS.addLongIdentifier("useStartTLS", true);
trustServerParser.addArgument(trustServerUseStartTLS);
final FileArgument trustServerKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_DESC.get(), false, true, true, false);
trustServerKeystore.addLongIdentifier("keystore-path", true);
trustServerKeystore.addLongIdentifier("keystorePath", true);
trustServerKeystore.addLongIdentifier("keystore-file", true);
trustServerKeystore.addLongIdentifier("keystoreFile", true);
trustServerParser.addArgument(trustServerKeystore);
final StringArgument trustServerKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_DESC.get());
trustServerKeystorePassword.addLongIdentifier("keystorePassword", true);
trustServerKeystorePassword.addLongIdentifier("keystore-passphrase", true);
trustServerKeystorePassword.addLongIdentifier("keystorePassphrase", true);
trustServerKeystorePassword.addLongIdentifier("keystore-pin", true);
trustServerKeystorePassword.addLongIdentifier("keystorePIN", true);
trustServerKeystorePassword.addLongIdentifier("storepass", true);
trustServerKeystorePassword.setSensitive(true);
trustServerParser.addArgument(trustServerKeystorePassword);
final FileArgument trustServerKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
trustServerKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
trustServerKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
trustServerKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
trustServerParser.addArgument(trustServerKeystorePasswordFile);
final BooleanArgument trustServerPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PROMPT_FOR_KS_PW_DESC.get());
trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
trustServerPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
trustServerPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
trustServerPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
trustServerParser.addArgument(trustServerPromptForKeystorePassword);
final StringArgument trustServerKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
trustServerKeystoreType.addLongIdentifier("key-store-type", true);
trustServerKeystoreType.addLongIdentifier("keystoreType", true);
trustServerKeystoreType.addLongIdentifier("keystore-format", true);
trustServerKeystoreType.addLongIdentifier("key-store-format", true);
trustServerKeystoreType.addLongIdentifier("keystoreFormat", true);
trustServerKeystoreType.addLongIdentifier("storetype", true);
trustServerParser.addArgument(trustServerKeystoreType);
final StringArgument trustServerAlias = new StringArgument(null, "alias", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ALIAS_DESC.get());
trustServerAlias.addLongIdentifier("nickname", true);
trustServerParser.addArgument(trustServerAlias);
final BooleanArgument trustServerIssuersOnly = new BooleanArgument(null, "issuers-only", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ISSUERS_ONLY_DESC.get());
trustServerIssuersOnly.addLongIdentifier("issuersOnly", true);
trustServerIssuersOnly.addLongIdentifier("issuer-certificates-only", true);
trustServerIssuersOnly.addLongIdentifier("issuerCertificatesOnly", true);
trustServerIssuersOnly.addLongIdentifier("only-issuers", true);
trustServerIssuersOnly.addLongIdentifier("onlyIssuers", true);
trustServerIssuersOnly.addLongIdentifier("only-issuer-certificates", true);
trustServerIssuersOnly.addLongIdentifier("onlyIssuerCertificates", true);
trustServerParser.addArgument(trustServerIssuersOnly);
final BooleanArgument trustServerEnableSSLDebugging = new BooleanArgument(null, "enableSSLDebugging", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ENABLE_SSL_DEBUGGING_DESC.get());
trustServerEnableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enableStartTLSDebugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-ssl-debugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-tls-debugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-starttls-debugging", true);
trustServerEnableSSLDebugging.addLongIdentifier("enable-start-tls-debugging", true);
trustServerParser.addArgument(trustServerEnableSSLDebugging);
addEnableSSLDebuggingArgument(trustServerEnableSSLDebugging);
final BooleanArgument trustServerVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_VERBOSE_DESC.get());
trustServerParser.addArgument(trustServerVerbose);
final BooleanArgument trustServerNoPrompt = new BooleanArgument(null, "no-prompt", 1, INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_NO_PROMPT_DESC.get());
trustServerNoPrompt.addLongIdentifier("noPrompt", true);
trustServerParser.addArgument(trustServerNoPrompt);
trustServerParser.addRequiredArgumentSet(trustServerKeystorePassword, trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
trustServerParser.addExclusiveArgumentSet(trustServerKeystorePassword, trustServerKeystorePasswordFile, trustServerPromptForKeystorePassword);
final LinkedHashMap<String[], String> trustServerExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
trustServerExamples.put(new String[] { "trust-server-certificate", "--hostname", "ds.example.com", "--port", "636", "--keystore", getPlatformSpecificPath("config", "truststore"), "--keystore-password-file", getPlatformSpecificPath("config", "truststore.pin"), "--verbose" }, INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_1.get(getPlatformSpecificPath("config", "truststore")));
trustServerExamples.put(new String[] { "trust-server-certificate", "--hostname", "ds.example.com", "--port", "389", "--use-ldap-start-tls", "--keystore", getPlatformSpecificPath("config", "truststore"), "--keystore-password-file", getPlatformSpecificPath("config", "truststore.pin"), "--issuers-only", "--alias", "ds-start-tls-cert", "--no-prompt" }, INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_2.get(getPlatformSpecificPath("config", "truststore")));
final SubCommand trustServerSubCommand = new SubCommand("trust-server-certificate", INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC.get(), trustServerParser, trustServerExamples);
trustServerSubCommand.addName("trustServerCertificate", true);
trustServerSubCommand.addName("trust-server", true);
trustServerSubCommand.addName("trustServer", true);
parser.addSubCommand(trustServerSubCommand);
// Define the "check-certificate-usability" subcommand and all of its
// arguments.
final ArgumentParser checkUsabilityParser = new ArgumentParser("check-certificate-usability", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get());
final FileArgument checkUsabilityKeystore = new FileArgument(null, "keystore", true, 1, null, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_DESC.get(), true, true, true, false);
checkUsabilityKeystore.addLongIdentifier("keystore-path", true);
checkUsabilityKeystore.addLongIdentifier("keystorePath", true);
checkUsabilityKeystore.addLongIdentifier("keystore-file", true);
checkUsabilityKeystore.addLongIdentifier("keystoreFile", true);
checkUsabilityParser.addArgument(checkUsabilityKeystore);
final StringArgument checkUsabilityKeystorePassword = new StringArgument(null, "keystore-password", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_DESC.get());
checkUsabilityKeystorePassword.addLongIdentifier("keystorePassword", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystore-passphrase", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystorePassphrase", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystore-pin", true);
checkUsabilityKeystorePassword.addLongIdentifier("keystorePIN", true);
checkUsabilityKeystorePassword.addLongIdentifier("storepass", true);
checkUsabilityKeystorePassword.setSensitive(true);
checkUsabilityParser.addArgument(checkUsabilityKeystorePassword);
final FileArgument checkUsabilityKeystorePasswordFile = new FileArgument(null, "keystore-password-file", false, 1, null, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_FILE_DESC.get(), true, true, true, false);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePasswordFile", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystore-passphrase-file", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePassphraseFile", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystore-pin-file", true);
checkUsabilityKeystorePasswordFile.addLongIdentifier("keystorePINFile", true);
checkUsabilityParser.addArgument(checkUsabilityKeystorePasswordFile);
final BooleanArgument checkUsabilityPromptForKeystorePassword = new BooleanArgument(null, "prompt-for-keystore-password", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_PROMPT_FOR_KS_PW_DESC.get());
checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassword", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-passphrase", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePassphrase", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier("prompt-for-keystore-pin", true);
checkUsabilityPromptForKeystorePassword.addLongIdentifier("promptForKeystorePIN", true);
checkUsabilityParser.addArgument(checkUsabilityPromptForKeystorePassword);
final StringArgument checkUsabilityKeystoreType = new StringArgument(null, "keystore-type", false, 1, INFO_MANAGE_CERTS_PLACEHOLDER_TYPE.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_TYPE_DESC.get(), ALLOWED_KEYSTORE_TYPE_VALUES);
checkUsabilityKeystoreType.addLongIdentifier("key-store-type", true);
checkUsabilityKeystoreType.addLongIdentifier("keystoreType", true);
checkUsabilityKeystoreType.addLongIdentifier("keystore-format", true);
checkUsabilityKeystoreType.addLongIdentifier("key-store-format", true);
checkUsabilityKeystoreType.addLongIdentifier("keystoreFormat", true);
checkUsabilityKeystoreType.addLongIdentifier("storetype", true);
checkUsabilityParser.addArgument(checkUsabilityKeystoreType);
final StringArgument checkUsabilityAlias = new StringArgument(null, "alias", true, 1, INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS.get(), INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_ALIAS_DESC.get());
checkUsabilityAlias.addLongIdentifier("nickname", true);
checkUsabilityParser.addArgument(checkUsabilityAlias);
final BooleanArgument checkUsabilityIgnoreSHA1Signature = new BooleanArgument(null, "allow-sha-1-signature-for-issuer-certificates", 1, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_IGNORE_SHA1_WARNING_DESC.get());
checkUsabilityIgnoreSHA1Signature.addLongIdentifier("allow-sha1-signature-for-issuer-certificates", true);
checkUsabilityIgnoreSHA1Signature.addLongIdentifier("allowSHA1SignatureForIssuerCertificates", true);
checkUsabilityParser.addArgument(checkUsabilityIgnoreSHA1Signature);
checkUsabilityParser.addRequiredArgumentSet(checkUsabilityKeystorePassword, checkUsabilityKeystorePasswordFile, checkUsabilityPromptForKeystorePassword);
checkUsabilityParser.addExclusiveArgumentSet(checkUsabilityKeystorePassword, checkUsabilityKeystorePasswordFile, checkUsabilityPromptForKeystorePassword);
final LinkedHashMap<String[], String> checkUsabilityExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
checkUsabilityExamples.put(new String[] { "check-certificate-usability", "--keystore", getPlatformSpecificPath("config", "keystore"), "--keystore-password-file", getPlatformSpecificPath("config", "keystore.pin"), "--alias", "server-cert" }, INFO_MANAGE_CERTS_SC_CHECK_USABILITY_EXAMPLE_1.get(getPlatformSpecificPath("config", "keystore")));
final SubCommand checkUsabilitySubCommand = new SubCommand("check-certificate-usability", INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC.get(), checkUsabilityParser, checkUsabilityExamples);
checkUsabilitySubCommand.addName("checkCertificateUsability", true);
checkUsabilitySubCommand.addName("check-usability", true);
checkUsabilitySubCommand.addName("checkUsability", true);
parser.addSubCommand(checkUsabilitySubCommand);
// Define the "display-certificate-file" subcommand and all of its
// arguments.
final ArgumentParser displayCertParser = new ArgumentParser("display-certificate-file", INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get());
final FileArgument displayCertFile = new FileArgument(null, "certificate-file", true, 1, null, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_FILE_DESC.get(), true, true, true, false);
displayCertFile.addLongIdentifier("certificateFile", true);
displayCertFile.addLongIdentifier("input-file", true);
displayCertFile.addLongIdentifier("inputFile", true);
displayCertFile.addLongIdentifier("file", true);
displayCertFile.addLongIdentifier("filename", true);
displayCertParser.addArgument(displayCertFile);
final BooleanArgument displayCertVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_VERBOSE_DESC.get());
displayCertParser.addArgument(displayCertVerbose);
final BooleanArgument displayCertDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_DISPLAY_COMMAND_DESC.get());
displayCertDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
displayCertDisplayCommand.addLongIdentifier("show-keytool-command", true);
displayCertDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
displayCertParser.addArgument(displayCertDisplayCommand);
final LinkedHashMap<String[], String> displayCertExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(2));
displayCertExamples.put(new String[] { "display-certificate-file", "--certificate-file", "certificate.pem" }, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_1.get("certificate.pem"));
displayCertExamples.put(new String[] { "display-certificate-file", "--certificate-file", "certificate.pem", "--verbose", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_2.get("certificate.pem"));
final SubCommand displayCertSubCommand = new SubCommand("display-certificate-file", INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC.get(), displayCertParser, displayCertExamples);
displayCertSubCommand.addName("displayCertificateFile", true);
displayCertSubCommand.addName("display-certificate", true);
displayCertSubCommand.addName("displayCertificate", true);
displayCertSubCommand.addName("display-certificates", true);
displayCertSubCommand.addName("displayCertificates", true);
displayCertSubCommand.addName("show-certificate", true);
displayCertSubCommand.addName("showCertificate", true);
displayCertSubCommand.addName("show-certificate-file", true);
displayCertSubCommand.addName("showCertificateFile", true);
displayCertSubCommand.addName("show-certificates", true);
displayCertSubCommand.addName("showCertificates", true);
displayCertSubCommand.addName("print-certificate-file", true);
displayCertSubCommand.addName("printCertificateFile", true);
displayCertSubCommand.addName("print-certificate", true);
displayCertSubCommand.addName("printCertificate", true);
displayCertSubCommand.addName("print-certificates", true);
displayCertSubCommand.addName("printCertificates", true);
displayCertSubCommand.addName("printcert", true);
parser.addSubCommand(displayCertSubCommand);
// Define the "display-certificate-signing-request-file" subcommand and all
// of its arguments.
final ArgumentParser displayCSRParser = new ArgumentParser("display-certificate-signing-request-file", INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get());
final FileArgument displayCSRFile = new FileArgument(null, "certificate-signing-request-file", true, 1, null, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_FILE_DESC.get(), true, true, true, false);
displayCSRFile.addLongIdentifier("certificateSigningRequestFile", true);
displayCSRFile.addLongIdentifier("request-file", true);
displayCSRFile.addLongIdentifier("requestFile", true);
displayCSRFile.addLongIdentifier("input-file", true);
displayCSRFile.addLongIdentifier("inputFile", true);
displayCSRFile.addLongIdentifier("file", true);
displayCSRFile.addLongIdentifier("filename", true);
displayCSRParser.addArgument(displayCSRFile);
final BooleanArgument displayCSRVerbose = new BooleanArgument(null, "verbose", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_VERBOSE_DESC.get());
displayCSRParser.addArgument(displayCSRVerbose);
final BooleanArgument displayCSRDisplayCommand = new BooleanArgument(null, "display-keytool-command", 1, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_DISPLAY_COMMAND_DESC.get());
displayCSRDisplayCommand.addLongIdentifier("displayKeytoolCommand", true);
displayCSRDisplayCommand.addLongIdentifier("show-keytool-command", true);
displayCSRDisplayCommand.addLongIdentifier("showKeytoolCommand", true);
displayCSRParser.addArgument(displayCSRDisplayCommand);
final LinkedHashMap<String[], String> displayCSRExamples = new LinkedHashMap<>(StaticUtils.computeMapCapacity(1));
displayCSRExamples.put(new String[] { "display-certificate-signing-request-file", "--certificate-signing-request-file", "server-cert.csr", "--display-keytool-command" }, INFO_MANAGE_CERTS_SC_DISPLAY_CSR_EXAMPLE_1.get("server-cert.csr"));
final SubCommand displayCSRSubCommand = new SubCommand("display-certificate-signing-request-file", INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC.get(), displayCSRParser, displayCSRExamples);
displayCSRSubCommand.addName("displayCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("display-certificate-signing-request", true);
displayCSRSubCommand.addName("displayCertificateSigningRequest", true);
displayCSRSubCommand.addName("display-certificate-request-file", true);
displayCSRSubCommand.addName("displayCertificateRequestFile", true);
displayCSRSubCommand.addName("display-certificate-request", true);
displayCSRSubCommand.addName("displayCertificateRequest", true);
displayCSRSubCommand.addName("display-csr-file", true);
displayCSRSubCommand.addName("displayCSRFile", true);
displayCSRSubCommand.addName("display-csr", true);
displayCSRSubCommand.addName("displayCSR", true);
displayCSRSubCommand.addName("show-certificate-signing-request-file", true);
displayCSRSubCommand.addName("showCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("show-certificate-signing-request", true);
displayCSRSubCommand.addName("showCertificateSigningRequest", true);
displayCSRSubCommand.addName("show-certificate-request-file", true);
displayCSRSubCommand.addName("showCertificateRequestFile", true);
displayCSRSubCommand.addName("show-certificate-request", true);
displayCSRSubCommand.addName("showCertificateRequest", true);
displayCSRSubCommand.addName("show-csr-file", true);
displayCSRSubCommand.addName("showCSRFile", true);
displayCSRSubCommand.addName("show-csr", true);
displayCSRSubCommand.addName("showCSR", true);
displayCSRSubCommand.addName("print-certificate-signing-request-file", true);
displayCSRSubCommand.addName("printCertificateSigningRequestFile", true);
displayCSRSubCommand.addName("print-certificate-signing-request", true);
displayCSRSubCommand.addName("printCertificateSigningRequest", true);
displayCSRSubCommand.addName("print-certificate-request-file", true);
displayCSRSubCommand.addName("printCertificateRequestFile", true);
displayCSRSubCommand.addName("print-certificate-request", true);
displayCSRSubCommand.addName("printCertificateRequest", true);
displayCSRSubCommand.addName("print-csr-file", true);
displayCSRSubCommand.addName("printCSRFile", true);
displayCSRSubCommand.addName("print-csr", true);
displayCSRSubCommand.addName("printCSR", true);
displayCSRSubCommand.addName("printcertreq", true);
parser.addSubCommand(displayCSRSubCommand);
}
Also used :
SubCommand(com.unboundid.util.args.SubCommand)
IA5StringArgumentValueValidator(com.unboundid.util.args.IA5StringArgumentValueValidator)
IPAddressArgumentValueValidator(com.unboundid.util.args.IPAddressArgumentValueValidator)
BooleanArgument(com.unboundid.util.args.BooleanArgument)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
FileArgument(com.unboundid.util.args.FileArgument)
ArgumentParser(com.unboundid.util.args.ArgumentParser)
StringArgument(com.unboundid.util.args.StringArgument)
LinkedHashMap(java.util.LinkedHashMap)
DNArgument(com.unboundid.util.args.DNArgument)
IntegerArgument(com.unboundid.util.args.IntegerArgument)
OIDArgumentValueValidator(com.unboundid.util.args.OIDArgumentValueValidator)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
Example 3 with TimestampArgument
use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.
the class ManageAccountTestCase method testAllSuccessResult.
/**
* Tests the behavior when running the tool and expecting a success result.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAllSuccessResult() throws Exception {
// Get an instance of the manage-account tool that we will run to generate a
// sample variable rate data file. Not only can we use this file to get
// test coverage later, but we can also use the tool instance to get the
// argument parser available so that we can introspect it to get information
// about what arguments we can use.
final String variableRateDataFile = createTempFile().getAbsolutePath();
final ManageAccount tool = new ManageAccount(null, null);
assertEquals(tool.runTool("--generateSampleRateFile", variableRateDataFile), ResultCode.SUCCESS);
final ArgumentParser parser = tool.getArgumentParser();
assertNotNull(parser);
// Create some other files that will be used for testing.
final String rejectFile = createTempFile().getAbsolutePath();
final String dnFile = createTempFile("# Comment at the top", "uid=user.1,ou=People,dc=example,dc=com", "# Comment in the middle. Also, blank line follows.", "", "uid=user.2,ou=People,dc=example,dc=com", "dn:uid=user.3,ou=People,dc=example,dc=com", "dn: uid=user.4,ou=People,dc=example,dc=com", "dn::" + Base64.encode("uid=user.5,ou=People,dc=example,dc=com"), "dn:: " + Base64.encode("uid=user.6,ou=People,dc=example,dc=com"), "", "# Comment at the end").getAbsolutePath();
// Create an in-memory directory server instance with fake support for the
// password policy state extended operation.
final InMemoryDirectoryServerConfig cfg = new InMemoryDirectoryServerConfig("dc=example,dc=com");
final String[] referralURLs = { "ldap://ds1.example.com:389/dc=example,dc=com", "ldap://ds2.example.com:389/dc=example,dc=com" };
final PasswordPolicyStateOperation[] resultOperations = { new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_DISABLED_STATE, new ASN1OctetString[] { new ASN1OctetString("false") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_FAILURE_LOCKOUT_TIME, null), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_IN_MINIMUM_PASSWORD_AGE, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_IN_MINIMUM_PASSWORD_AGE, "notice message").toString()), new ASN1OctetString("Notice 2") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_ACCOUNT_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_ACCOUNT_EXPIRING, "warning message").toString()), new ASN1OctetString("Warning 2") }), new PasswordPolicyStateOperation(PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS, new ASN1OctetString[] { new ASN1OctetString(new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_EXPIRED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_EXPIRED, "error message").toString()), new ASN1OctetString("Error 2") }) };
cfg.addExtendedOperationHandler(new CannedResponsePWPStateInMemoryExtendedOperationHandler(new PasswordPolicyStateExtendedResult(-1, ResultCode.SUCCESS, "Success", "ou=Matched DN,dc=example,dc=com", referralURLs, "uid=test.user,ou=People,dc=example,dc=com", resultOperations, null)));
final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(cfg);
ds.startListening();
try {
final ArrayList<String> argList = new ArrayList<String>(20);
final ByteArrayOutputStream out = new ByteArrayOutputStream();
for (final ManageAccountSubCommandType t : ManageAccountSubCommandType.values()) {
for (final String name : t.getAllNames()) {
argList.clear();
argList.add(name);
argList.add("--hostname");
argList.add("127.0.0.1");
argList.add("--port");
argList.add(String.valueOf(ds.getListenPort()));
argList.add("--targetDN");
argList.add("uid=test.user,ou=People,dc=example,dc=com");
final SubCommand sc = parser.getSubCommand(name);
assertNotNull(sc);
final ArgumentParser subCommandParser = sc.getArgumentParser();
final Argument a = subCommandParser.getNamedArgument('O');
if (a == null) {
String[] args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(out, out, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
out.reset();
args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(out, out, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
continue;
}
if (!a.isRequired()) {
out.reset();
String[] args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
argList.add("--suppressEmptyResultOperations");
args = argList.toArray(StaticUtils.NO_STRINGS);
out.reset();
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
argList.remove(argList.size() - 1);
}
final String value1;
final String value2;
if (a instanceof BooleanValueArgument) {
value1 = "true";
value2 = "false";
} else if (a instanceof StringArgument) {
if (sc.hasName("set-last-login-ip-address")) {
value1 = "1.2.3.4";
value2 = "5.6.7.8";
} else {
value1 = "value 1";
value2 = "value 2";
}
} else if (a instanceof TimestampArgument) {
final long now = System.currentTimeMillis();
value1 = StaticUtils.encodeGeneralizedTime(now - 1L);
value2 = StaticUtils.encodeGeneralizedTime(now);
} else {
throw new AssertionError("Unexpected argument type for argument " + a.getIdentifierString() + " in subcommand " + name + ": " + a.getClass().getName());
}
argList.add("--ratePerSecond");
argList.add("100");
argList.add("--variableRateData");
argList.add(variableRateDataFile);
argList.add("--rejectFile");
argList.add(rejectFile);
argList.add("--targetDNFile");
argList.add(dnFile);
argList.add("--numThreads");
argList.add("10");
argList.add("--numSearchThreads");
argList.add("10");
argList.add(a.getIdentifierString());
argList.add(value1);
out.reset();
String[] args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
out.reset();
argList.add("--suppressEmptyResultOperations");
args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
argList.remove(argList.size() - 1);
if (a.getMaxOccurrences() > 1) {
argList.add(a.getIdentifierString());
argList.add(value2);
out.reset();
args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
out.reset();
argList.add("--suppressEmptyResultOperations");
args = argList.toArray(StaticUtils.NO_STRINGS);
assertEquals(ManageAccount.main(null, null, args), ResultCode.SUCCESS, "Failed with arguments " + argList + ": " + StaticUtils.toUTF8String(out.toByteArray()));
argList.remove(argList.size() - 1);
}
}
}
} finally {
ds.shutDown(true);
}
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
PasswordPolicyStateAccountUsabilityError(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityError)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
Argument(com.unboundid.util.args.Argument)
StringArgument(com.unboundid.util.args.StringArgument)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)
ArrayList(java.util.ArrayList)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
PasswordPolicyStateExtendedResult(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateExtendedResult)
ArgumentParser(com.unboundid.util.args.ArgumentParser)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
SubCommand(com.unboundid.util.args.SubCommand)
InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer)
PasswordPolicyStateOperation(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateOperation)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
StringArgument(com.unboundid.util.args.StringArgument)
PasswordPolicyStateAccountUsabilityNotice(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityNotice)
PasswordPolicyStateAccountUsabilityWarning(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityWarning)
Test(org.testng.annotations.Test)
Example 4 with TimestampArgument
use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.
the class TestLDAPCommandLineTool method addNonLDAPArguments.
/**
* {@inheritDoc}
*/
@Override()
public void addNonLDAPArguments(final ArgumentParser parser) throws ArgumentException {
final ArgumentParser argListParser1 = new ArgumentParser("argumentList1", "Argument List 1 Description");
argListParser1.addArgument(new StringArgument(null, "foo", false, -1, "{foo}", "Foo Description"));
final ArgumentParser argListParser2 = new ArgumentParser("argumentList2", "Argument List 2 Description");
argListParser2.addArgument(new StringArgument(null, "bar", false, -1, "{bar}", "Bar Description"));
singleValuedArgumentListArgument = new ArgumentListArgument(null, "singleValuedArgumentList", false, 1, "{argList}", "Argument List", argListParser1);
parser.addArgument(singleValuedArgumentListArgument);
multiValuedArgumentListArgument = new ArgumentListArgument(null, "multiValuedArgumentList", false, -1, "{argList}", "Argument List", argListParser2);
parser.addArgument(multiValuedArgumentListArgument);
booleanArgument = new BooleanArgument(null, "boolean", "Boolean Description");
parser.addArgument(booleanArgument);
booleanValueArgument = new BooleanValueArgument(null, "booleanValue", false, "{true|false}", "Boolean Value Description");
parser.addArgument(booleanValueArgument);
singleValuedControlArgument = new ControlArgument(null, "singleValuedControl", false, 1, null, "Control Description");
parser.addArgument(singleValuedControlArgument);
multiValuedControlArgument = new ControlArgument(null, "multiValuedControl", false, -1, null, "Control Description");
parser.addArgument(multiValuedControlArgument);
singleValuedDNArgument = new DNArgument(null, "singleValuedDN", false, 1, "{dn}", "DN Description");
parser.addArgument(singleValuedDNArgument);
multiValuedDNArgument = new DNArgument(null, "multiValuedDN", false, -1, "{dn}", "DN Description");
parser.addArgument(multiValuedDNArgument);
durationArgument = new DurationArgument(null, "duration", false, "{duration}", "Duration Description");
parser.addArgument(durationArgument);
singleValuedFileArgument = new FileArgument(null, "singleValuedFile", false, 1, "{path}", "File Description", false, true, true, false);
parser.addArgument(singleValuedFileArgument);
multiValuedFileArgument = new FileArgument(null, "multiValuedFile", false, -1, "{path}", "File Description", false, false, false, false);
parser.addArgument(multiValuedFileArgument);
singleValuedFilterArgument = new FilterArgument(null, "singleValuedFilter", false, 1, "{filter}", "Filter Description");
parser.addArgument(singleValuedFilterArgument);
multiValuedFilterArgument = new FilterArgument(null, "multiValuedFilter", false, -1, "{filter}", "Filter Description");
parser.addArgument(multiValuedFilterArgument);
singleValuedTimestampArgument = new TimestampArgument(null, "singleValuedGeneralizedTime", false, 1, "{timestamp}", "Generalized Time Description");
parser.addArgument(singleValuedTimestampArgument);
multiValuedTimestampArgument = new TimestampArgument(null, "multiValuedGeneralizedTime", false, -1, "{timestamp}", "Generalized Time Description");
parser.addArgument(multiValuedTimestampArgument);
singleValuedIntegerArgument = new IntegerArgument(null, "singleValuedInteger", false, 1, "{int}", "Integer Description");
parser.addArgument(singleValuedIntegerArgument);
multiValuedIntegerArgument = new IntegerArgument(null, "multiValuedInteger", false, -1, "{int}", "Integer Description");
parser.addArgument(multiValuedIntegerArgument);
scopeArgument = new ScopeArgument(null, "scope", false, "{scope}", "Scope Description");
parser.addArgument(scopeArgument);
singleValuedStringArgument = new StringArgument(null, "singleValuedString", false, 1, "{string}", "String Description");
parser.addArgument(singleValuedStringArgument);
multiValuedOpenOptionsStringArgument = new StringArgument(null, "multiValuedOpenOptionsString", false, -1, "{string}", "String Description");
parser.addArgument(multiValuedOpenOptionsStringArgument);
final LinkedHashSet<String> allowedValues = new LinkedHashSet<String>(5);
allowedValues.add("first");
allowedValues.add("second");
allowedValues.add("third");
allowedValues.add("fourth");
allowedValues.add("fifth");
multiValuedFixedOptionsStringArgument = new StringArgument(null, "multiValuedFixedOptionsString", false, -1, "{string}", "String Description", allowedValues);
parser.addArgument(multiValuedFixedOptionsStringArgument);
resultCodeArgument = new IntegerArgument(null, "resultCode", true, 1, "{intValue}", "The result code");
parser.addArgument(resultCodeArgument);
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ScopeArgument(com.unboundid.util.args.ScopeArgument)
DurationArgument(com.unboundid.util.args.DurationArgument)
BooleanArgument(com.unboundid.util.args.BooleanArgument)
FileArgument(com.unboundid.util.args.FileArgument)
ArgumentParser(com.unboundid.util.args.ArgumentParser)
StringArgument(com.unboundid.util.args.StringArgument)
ControlArgument(com.unboundid.util.args.ControlArgument)
DNArgument(com.unboundid.util.args.DNArgument)
FilterArgument(com.unboundid.util.args.FilterArgument)
IntegerArgument(com.unboundid.util.args.IntegerArgument)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
ArgumentListArgument(com.unboundid.util.args.ArgumentListArgument)
Example 5 with TimestampArgument
use of com.unboundid.util.args.TimestampArgument in project ldapsdk by pingidentity.
the class ManageAccount method addNonLDAPArguments.
/**
* {@inheritDoc}
*/
@Override()
public void addNonLDAPArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
// Get a copy of the argument parser for later use.
this.parser = parser;
// Get the current time formatted as a generalized time.
final String currentGeneralizedTime = StaticUtils.encodeGeneralizedTime(System.currentTimeMillis());
final String olderGeneralizedTime = StaticUtils.encodeGeneralizedTime(System.currentTimeMillis() - 12_345L);
// Define the global arguments used to indicate which users to target.
final DNArgument targetDN = new DNArgument('b', ARG_TARGET_DN, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_DN.get());
targetDN.addLongIdentifier("userDN", true);
targetDN.addLongIdentifier("target-dn", true);
targetDN.addLongIdentifier("user-dn", true);
targetDN.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(targetDN);
final FileArgument dnInputFile = new FileArgument(null, ARG_DN_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_DN_FILE.get(), true, true, true, false);
dnInputFile.addLongIdentifier("targetDNFile", true);
dnInputFile.addLongIdentifier("userDNFile", true);
dnInputFile.addLongIdentifier("dn-input-file", true);
dnInputFile.addLongIdentifier("target-dn-file", true);
dnInputFile.addLongIdentifier("user-dn-file", true);
dnInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(dnInputFile);
final FilterArgument targetFilter = new FilterArgument(null, ARG_TARGET_FILTER, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_FILTER.get(ARG_BASE_DN));
targetFilter.addLongIdentifier("target-filter", true);
targetFilter.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(targetFilter);
final FileArgument filterInputFile = new FileArgument(null, ARG_FILTER_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_FILTER_INPUT_FILE.get(ARG_BASE_DN), true, true, true, false);
filterInputFile.addLongIdentifier("targetFilterFile", true);
filterInputFile.addLongIdentifier("filter-input-file", true);
filterInputFile.addLongIdentifier("target-filter-file", true);
filterInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(filterInputFile);
final StringArgument targetUserID = new StringArgument(null, ARG_TARGET_USER_ID, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_TARGET_USER_ID.get(ARG_BASE_DN, ARG_USER_ID_ATTRIBUTE));
targetUserID.addLongIdentifier("userID", true);
targetUserID.addLongIdentifier("target-user-id", true);
targetUserID.addLongIdentifier("user-id", true);
targetUserID.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(targetUserID);
final FileArgument userIDInputFile = new FileArgument(null, ARG_USER_ID_INPUT_FILE, false, 0, null, INFO_MANAGE_ACCT_ARG_DESC_USER_ID_INPUT_FILE.get(ARG_BASE_DN, ARG_USER_ID_ATTRIBUTE), true, true, true, false);
userIDInputFile.addLongIdentifier("targetUserIDFile", true);
userIDInputFile.addLongIdentifier("user-id-input-file", true);
userIDInputFile.addLongIdentifier("target-user-id-file", true);
userIDInputFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(userIDInputFile);
final StringArgument userIDAttribute = new StringArgument(null, ARG_USER_ID_ATTRIBUTE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_USER_ID_ATTR.get(ARG_TARGET_USER_ID, ARG_USER_ID_INPUT_FILE, DEFAULT_USER_ID_ATTRIBUTE), DEFAULT_USER_ID_ATTRIBUTE);
userIDAttribute.addLongIdentifier("user-id-attribute", true);
userIDAttribute.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(userIDAttribute);
final DNArgument baseDN = new DNArgument(null, ARG_BASE_DN, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_BASE_DN.get(ARG_TARGET_FILTER, ARG_FILTER_INPUT_FILE, ARG_TARGET_USER_ID, ARG_USER_ID_INPUT_FILE), DEFAULT_BASE_DN);
baseDN.addLongIdentifier("base-dn", true);
baseDN.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get());
parser.addArgument(baseDN);
final IntegerArgument simplePageSize = new IntegerArgument('z', ARG_SIMPLE_PAGE_SIZE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_SIMPLE_PAGE_SIZE.get(getToolName()), 1, Integer.MAX_VALUE);
simplePageSize.addLongIdentifier("simple-page-size", true);
simplePageSize.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_TARGET_USER_ARGS.get(getToolName()));
parser.addArgument(simplePageSize);
// Ensure that the user will be required ot provide at least one of the
// arguments to specify which users to target.
parser.addRequiredArgumentSet(targetDN, dnInputFile, targetFilter, filterInputFile, targetUserID, userIDInputFile);
// Define the global arguments used to control the amount of load the tool
// should be permitted to generate.
final IntegerArgument numThreads = new IntegerArgument('t', ARG_NUM_THREADS, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_NUM_THREADS.get(getToolName()), 1, Integer.MAX_VALUE, 1);
numThreads.addLongIdentifier("num-threads", true);
numThreads.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
parser.addArgument(numThreads);
final IntegerArgument numSearchThreads = new IntegerArgument(null, ARG_NUM_SEARCH_THREADS, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_NUM_SEARCH_THREADS.get(getToolName()), 1, Integer.MAX_VALUE, 1);
numSearchThreads.addLongIdentifier("num-search-threads", true);
numSearchThreads.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
parser.addArgument(numSearchThreads);
final IntegerArgument ratePerSecond = new IntegerArgument('r', ARG_RATE_PER_SECOND, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_RATE_PER_SECOND.get(ARG_VARIABLE_RATE_DATA), 1, Integer.MAX_VALUE);
ratePerSecond.addLongIdentifier("rate-per-second", true);
ratePerSecond.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
parser.addArgument(ratePerSecond);
final FileArgument variableRateData = new FileArgument(null, ARG_VARIABLE_RATE_DATA, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_VARIABLE_RATE_DATA.get(ARG_RATE_PER_SECOND), true, true, true, false);
variableRateData.addLongIdentifier("variable-rate-data", true);
variableRateData.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
parser.addArgument(variableRateData);
final FileArgument generateSampleRateFile = new FileArgument(null, ARG_GENERATE_SAMPLE_RATE_FILE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_GENERATE_SAMPLE_RATE_FILE.get(ARG_VARIABLE_RATE_DATA), false, true, true, false);
generateSampleRateFile.addLongIdentifier("generate-sample-rate-file", true);
generateSampleRateFile.setArgumentGroupName(INFO_MANAGE_ACCT_ARG_GROUP_PERFORMANCE.get());
generateSampleRateFile.setUsageArgument(true);
parser.addArgument(generateSampleRateFile);
// Define the global arguments tht pertain to the reject file.
final FileArgument rejectFile = new FileArgument('R', ARG_REJECT_FILE, false, 1, null, INFO_MANAGE_ACCT_ARG_DESC_REJECT_FILE.get(), false, true, true, false);
rejectFile.addLongIdentifier("reject-file", true);
parser.addArgument(rejectFile);
final BooleanArgument appendToRejectFile = new BooleanArgument(null, ARG_APPEND_TO_REJECT_FILE, 1, INFO_MANAGE_ACCT_ARG_DESC_APPEND_TO_REJECT_FILE.get(rejectFile.getIdentifierString()));
appendToRejectFile.addLongIdentifier("append-to-reject-file", true);
parser.addArgument(appendToRejectFile);
parser.addDependentArgumentSet(appendToRejectFile, rejectFile);
// Define the argument used to suppress result operations without values.
final BooleanArgument suppressEmptyResultOperations = new BooleanArgument(null, ARG_SUPPRESS_EMPTY_RESULT_OPERATIONS, 1, INFO_MANAGE_ACCT_ARG_DESC_SUPPRESS_EMPTY_RESULT_OPERATIONS.get(getToolName()));
parser.addArgument(suppressEmptyResultOperations);
// Define the subcommand used to retrieve all state information for a user.
createSubCommand(ManageAccountSubCommandType.GET_ALL, INFO_MANAGE_ACCT_SC_GET_ALL_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand used to retrieve the password policy DN for a user.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_POLICY_DN, INFO_MANAGE_ACCT_SC_GET_POLICY_DN_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether the account is usable.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_USABLE, INFO_MANAGE_ACCT_SC_GET_IS_USABLE_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the set of password policy state
// account usability notice messages.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_NOTICES, INFO_MANAGE_ACCT_SC_GET_USABILITY_NOTICES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the set of password policy state
// account usability warning messages.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_WARNINGS, INFO_MANAGE_ACCT_SC_GET_USABILITY_WARNINGS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the set of password policy state
// account usability error messages.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_USABILITY_ERRORS, INFO_MANAGE_ACCT_SC_GET_USABILITY_ERRORS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the password changed time for a user.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the password changed time for a user.
final ArgumentParser setPWChangedTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME);
final TimestampArgument setPWChangedTimeValueArg = new TimestampArgument('O', "passwordChangedTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_TIME_ARG_VALUE.get());
setPWChangedTimeValueArg.addLongIdentifier("operationValue", true);
setPWChangedTimeValueArg.addLongIdentifier("password-changed-time", true);
setPWChangedTimeValueArg.addLongIdentifier("operation-value", true);
setPWChangedTimeParser.addArgument(setPWChangedTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME, setPWChangedTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--passwordChangedTime", currentGeneralizedTime));
// Define the subcommand to clear the password changed time for a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_CHANGED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_CHANGED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user account is disabled.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_GET_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to specify whether a user's account is disabled.
final ArgumentParser setAcctDisabledParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED);
final BooleanValueArgument setAcctDisabledValueArg = new BooleanValueArgument('O', "accountIsDisabled", true, null, INFO_MANAGE_ACCT_SC_SET_IS_DISABLED_ARG_VALUE.get());
setAcctDisabledValueArg.addLongIdentifier("operationValue", true);
setAcctDisabledValueArg.addLongIdentifier("account-is-disabled", true);
setAcctDisabledValueArg.addLongIdentifier("operation-value", true);
setAcctDisabledParser.addArgument(setAcctDisabledValueArg);
createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED, setAcctDisabledParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_SET_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsDisabled", "true"));
// Define the subcommand to clear the account disabled state.
createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_IS_DISABLED, INFO_MANAGE_ACCT_SC_CLEAR_IS_DISABLED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the account activation time for a user.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_GET_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the account activation time for a user.
final ArgumentParser setAcctActivationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME);
final TimestampArgument setAcctActivationTimeValueArg = new TimestampArgument('O', "accountActivationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_ACCT_ACT_TIME_ARG_VALUE.get());
setAcctActivationTimeValueArg.addLongIdentifier("operationValue", true);
setAcctActivationTimeValueArg.addLongIdentifier("account-activation-time", true);
setAcctActivationTimeValueArg.addLongIdentifier("operation-value", true);
setAcctActivationTimeParser.addArgument(setAcctActivationTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME, setAcctActivationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_SET_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--accountActivationTime", currentGeneralizedTime));
// Define the subcommand to clear the account activation time for a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_ACTIVATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_ACCT_ACT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the length of time until a user's
// account is activated.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_ACCT_ACT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user's account is not yet
// active.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_NOT_YET_ACTIVE, INFO_MANAGE_ACCT_SC_GET_ACCT_NOT_YET_ACTIVE_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the account expiration time for a user.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the account expiration time for a user.
final ArgumentParser setAcctExpirationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME);
final TimestampArgument setAcctExpirationTimeValueArg = new TimestampArgument('O', "accountExpirationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_ACCT_EXP_TIME_ARG_VALUE.get());
setAcctExpirationTimeValueArg.addLongIdentifier("operationValue", true);
setAcctExpirationTimeValueArg.addLongIdentifier("account-expiration-time", true);
setAcctExpirationTimeValueArg.addLongIdentifier("operation-value", true);
setAcctExpirationTimeParser.addArgument(setAcctExpirationTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME, setAcctExpirationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_SET_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--accountExpirationTime", currentGeneralizedTime));
// Define the subcommand to clear the account expiration time for a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_ACCOUNT_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_ACCT_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the length of time until a user's
// account is expired.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_ACCT_EXP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user's account is expired.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_EXPIRED, INFO_MANAGE_ACCT_SC_GET_ACCT_IS_EXPIRED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve a user's password expiration warned
// time.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set a user's password expiration warned time.
final ArgumentParser setPWExpWarnedTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME);
final TimestampArgument setPWExpWarnedTimeValueArg = new TimestampArgument('O', "passwordExpirationWarnedTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_EXP_WARNED_TIME_ARG_VALUE.get());
setPWExpWarnedTimeValueArg.addLongIdentifier("operationValue", true);
setPWExpWarnedTimeValueArg.addLongIdentifier("password-expiration-warned-time", true);
setPWExpWarnedTimeValueArg.addLongIdentifier("operation-value", true);
setPWExpWarnedTimeParser.addArgument(setPWExpWarnedTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME, setPWExpWarnedTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--passwordExpirationWarnedTime", currentGeneralizedTime));
// Define the subcommand to clear a user's password expiration warned time.
createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_EXPIRATION_WARNED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_EXP_WARNED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the number of seconds until a user is
// eligible to receive a password expiration warning.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_EXPIRATION_WARNING, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_PW_EXP_WARNING_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve a user's password expiration time.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_PW_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the number of seconds until a user's
// password expires.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_EXPIRATION, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_PW_EXP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user's password is expired.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_IS_EXPIRED, INFO_MANAGE_ACCT_SC_GET_PW_IS_EXPIRED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether an account is failure locked.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_FAILURE_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_FAILURE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to specify whether an account is failure locked.
final ArgumentParser setIsFailureLockedParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED);
final BooleanValueArgument setIsFailureLockedValueArg = new BooleanValueArgument('O', "accountIsFailureLocked", true, null, INFO_MANAGE_ACCT_SC_SET_ACCT_FAILURE_LOCKED_ARG_VALUE.get());
setIsFailureLockedValueArg.addLongIdentifier("operationValue", true);
setIsFailureLockedValueArg.addLongIdentifier("account-is-failure-locked", true);
setIsFailureLockedValueArg.addLongIdentifier("operation-value", true);
setIsFailureLockedParser.addArgument(setIsFailureLockedValueArg);
createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED, setIsFailureLockedParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_FAILURE_LOCKED, INFO_MANAGE_ACCT_SC_SET_ACCT_FAILURE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsFailureLocked", "true"));
// Define the subcommand to get the time an account was failure locked.
createSubCommand(ManageAccountSubCommandType.GET_FAILURE_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_FAILURE_LOCKED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the length of time until a failure-locked
// account will be automatically unlocked.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_AUTHENTICATION_FAILURE_UNLOCK, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_FAILURE_UNLOCK_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine the authentication failure times.
createSubCommand(ManageAccountSubCommandType.GET_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_GET_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to add values to the set of authentication failure
// times.
final ArgumentParser addAuthFailureTimeParser = createSubCommandParser(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME);
final TimestampArgument addAuthFailureTimeValueArg = new TimestampArgument('O', "authenticationFailureTime", false, 0, null, INFO_MANAGE_ACCT_SC_ADD_AUTH_FAILURE_TIME_ARG_VALUE.get());
addAuthFailureTimeValueArg.addLongIdentifier("operationValue", true);
addAuthFailureTimeValueArg.addLongIdentifier("authentication-failure-time", true);
addAuthFailureTimeValueArg.addLongIdentifier("operation-value", true);
addAuthFailureTimeParser.addArgument(addAuthFailureTimeValueArg);
createSubCommand(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME, addAuthFailureTimeParser, createSubCommandExample(ManageAccountSubCommandType.ADD_AUTHENTICATION_FAILURE_TIME, INFO_MANAGE_ACCT_SC_ADD_AUTH_FAILURE_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
// Define the subcommand to replace the authentication failure times.
final ArgumentParser setAuthFailureTimesParser = createSubCommandParser(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES);
final TimestampArgument setAuthFailureTimesValueArg = new TimestampArgument('O', "authenticationFailureTime", false, 0, null, INFO_MANAGE_ACCT_SC_SET_AUTH_FAILURE_TIMES_ARG_VALUE.get());
setAuthFailureTimesValueArg.addLongIdentifier("operationValue", true);
setAuthFailureTimesValueArg.addLongIdentifier("authentication-failure-time", true);
setAuthFailureTimesValueArg.addLongIdentifier("operation-value", true);
setAuthFailureTimesParser.addArgument(setAuthFailureTimesValueArg);
createSubCommand(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES, setAuthFailureTimesParser, createSubCommandExample(ManageAccountSubCommandType.SET_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_SET_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, olderGeneralizedTime, currentGeneralizedTime), "--authenticationFailureTime", olderGeneralizedTime, "--authenticationFailureTime", currentGeneralizedTime));
// Define the subcommand to clear the authentication failure times.
createSubCommand(ManageAccountSubCommandType.CLEAR_AUTHENTICATION_FAILURE_TIMES, INFO_MANAGE_ACCT_SC_CLEAR_AUTH_FAILURE_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the remaining authentication failure count.
createSubCommand(ManageAccountSubCommandType.GET_REMAINING_AUTHENTICATION_FAILURE_COUNT, INFO_MANAGE_ACCT_SC_GET_REMAINING_FAILURE_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether the account is idle locked.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_IDLE_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_IDLE_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the length of time until the account is
// idle locked.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_IDLE_LOCKOUT, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_IDLE_LOCKOUT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the idle lockout time for an account.
createSubCommand(ManageAccountSubCommandType.GET_IDLE_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_IDLE_LOCKOUT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user's password has been
// reset.
createSubCommand(ManageAccountSubCommandType.GET_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_GET_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to specify whether a user's password has been
// reset.
final ArgumentParser setPWIsResetParser = createSubCommandParser(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD);
final BooleanValueArgument setPWIsResetValueArg = new BooleanValueArgument('O', "mustChangePassword", true, null, INFO_MANAGE_ACCT_SC_SET_MUST_CHANGE_PW_ARG_VALUE.get());
setPWIsResetValueArg.addLongIdentifier("passwordIsReset", true);
setPWIsResetValueArg.addLongIdentifier("operationValue", true);
setPWIsResetValueArg.addLongIdentifier("must-change-password", true);
setPWIsResetValueArg.addLongIdentifier("password-is-reset", true);
setPWIsResetValueArg.addLongIdentifier("operation-value", true);
setPWIsResetParser.addArgument(setPWIsResetValueArg);
createSubCommand(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD, setPWIsResetParser, createSubCommandExample(ManageAccountSubCommandType.SET_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_SET_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--mustChangePassword", "true"));
// Define the subcommand to clear the password reset state information.
createSubCommand(ManageAccountSubCommandType.CLEAR_MUST_CHANGE_PASSWORD, INFO_MANAGE_ACCT_SC_CLEAR_MUST_CHANGE_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether the account is reset locked.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_PASSWORD_RESET_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_IS_RESET_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the length of time until the password is
// reset locked.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_PASSWORD_RESET_LOCKOUT, INFO_MANAGE_ACCT_SC_GET_SECONDS_UNTIL_RESET_LOCKOUT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the password reset lockout time.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_RESET_LOCKOUT_TIME, INFO_MANAGE_ACCT_SC_GET_RESET_LOCKOUT_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the last login time.
createSubCommand(ManageAccountSubCommandType.GET_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_GET_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the last login time.
final ArgumentParser setLastLoginTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME);
final TimestampArgument setLastLoginTimeValueArg = new TimestampArgument('O', "lastLoginTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_TIME_ARG_VALUE.get());
setLastLoginTimeValueArg.addLongIdentifier("operationValue", true);
setLastLoginTimeValueArg.addLongIdentifier("last-login-time", true);
setLastLoginTimeValueArg.addLongIdentifier("operation-value", true);
setLastLoginTimeParser.addArgument(setLastLoginTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME, setLastLoginTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--lastLoginTime", currentGeneralizedTime));
// Define the subcommand to clear the last login time.
createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_LOGIN_TIME, INFO_MANAGE_ACCT_SC_CLEAR_LAST_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the last login IP address.
createSubCommand(ManageAccountSubCommandType.GET_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_GET_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the last login IP address.
final ArgumentParser setLastLoginIPParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS);
final StringArgument setLastLoginIPValueArg = new StringArgument('O', "lastLoginIPAddress", true, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_IP_ARG_VALUE.get());
setLastLoginIPValueArg.addLongIdentifier("operationValue", true);
setLastLoginIPValueArg.addLongIdentifier("last-login-ip-address", true);
setLastLoginIPValueArg.addLongIdentifier("operation-value", true);
setLastLoginIPValueArg.addValueValidator(new IPAddressArgumentValueValidator());
setLastLoginIPParser.addArgument(setLastLoginIPValueArg);
createSubCommand(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS, setLastLoginIPParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_SET_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "1.2.3.4"), "--lastLoginIPAddress", "1.2.3.4"));
// Define the subcommand to clear the last login IP address.
createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_LOGIN_IP_ADDRESS, INFO_MANAGE_ACCT_SC_CLEAR_LAST_LOGIN_IP_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the grace login use times.
createSubCommand(ManageAccountSubCommandType.GET_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_GET_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to add values to the set of grace login use times.
final ArgumentParser addGraceLoginTimeParser = createSubCommandParser(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME);
final TimestampArgument addGraceLoginTimeValueArg = new TimestampArgument('O', "graceLoginUseTime", false, 0, null, INFO_MANAGE_ACCT_SC_ADD_GRACE_LOGIN_TIME_ARG_VALUE.get());
addGraceLoginTimeValueArg.addLongIdentifier("operationValue", true);
addGraceLoginTimeValueArg.addLongIdentifier("grace-login-use-time", true);
addGraceLoginTimeValueArg.addLongIdentifier("operation-value", true);
addGraceLoginTimeParser.addArgument(addGraceLoginTimeValueArg);
createSubCommand(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME, addGraceLoginTimeParser, createSubCommandExample(ManageAccountSubCommandType.ADD_GRACE_LOGIN_USE_TIME, INFO_MANAGE_ACCT_SC_ADD_GRACE_LOGIN_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
// Define the subcommand to replace the set of grace login use times.
final ArgumentParser setGraceLoginTimesParser = createSubCommandParser(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES);
final TimestampArgument setGraceLoginTimesValueArg = new TimestampArgument('O', "graceLoginUseTime", false, 0, null, INFO_MANAGE_ACCT_SC_SET_GRACE_LOGIN_TIMES_ARG_VALUE.get());
setGraceLoginTimesValueArg.addLongIdentifier("operationValue", true);
setGraceLoginTimesValueArg.addLongIdentifier("grace-login-use-time", true);
setGraceLoginTimesValueArg.addLongIdentifier("operation-value", true);
setGraceLoginTimesParser.addArgument(setGraceLoginTimesValueArg);
createSubCommand(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES, setGraceLoginTimesParser, createSubCommandExample(ManageAccountSubCommandType.SET_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_SET_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, olderGeneralizedTime, currentGeneralizedTime), "--graceLoginUseTime", olderGeneralizedTime, "--graceLoginUseTime", currentGeneralizedTime));
// Define the subcommand to clear the grace login use times.
createSubCommand(ManageAccountSubCommandType.CLEAR_GRACE_LOGIN_USE_TIMES, INFO_MANAGE_ACCT_SC_CLEAR_GRACE_LOGIN_TIMES_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the remaining grace login count.
createSubCommand(ManageAccountSubCommandType.GET_REMAINING_GRACE_LOGIN_COUNT, INFO_MANAGE_ACCT_SC_GET_REMAINING_GRACE_LOGIN_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the password changed by required time value.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the password changed by required time value.
final ArgumentParser setPWChangedByReqTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME);
final TimestampArgument setPWChangedByReqTimeValueArg = new TimestampArgument('O', "passwordChangedByRequiredTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_BY_REQ_TIME_ARG_VALUE.get());
setPWChangedByReqTimeValueArg.addLongIdentifier("operationValue", true);
setPWChangedByReqTimeValueArg.addLongIdentifier("password-changed-by-required-time", true);
setPWChangedByReqTimeValueArg.addLongIdentifier("operation-value", true);
setPWChangedByReqTimeParser.addArgument(setPWChangedByReqTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME, setPWChangedByReqTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_SET_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN)));
// Define the subcommand to clear the password changed by required time
// value.
createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_CHANGED_BY_REQUIRED_TIME, INFO_MANAGE_ACCT_SC_CLEAR_PW_CHANGED_BY_REQ_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the length of time until the required change
// time.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_UNTIL_REQUIRED_PASSWORD_CHANGE_TIME, INFO_MANAGE_ACCT_SC_GET_SECS_UNTIL_REQ_CHANGE_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the password history count.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_HISTORY_COUNT, INFO_MANAGE_ACCT_SC_GET_PW_HISTORY_COUNT_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to clear a user's password history.
createSubCommand(ManageAccountSubCommandType.CLEAR_PASSWORD_HISTORY, INFO_MANAGE_ACCT_SC_CLEAR_PW_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user has a retired password.
createSubCommand(ManageAccountSubCommandType.GET_HAS_RETIRED_PASSWORD, INFO_MANAGE_ACCT_SC_GET_HAS_RETIRED_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the time that a user's former password
// was retired.
createSubCommand(ManageAccountSubCommandType.GET_PASSWORD_RETIRED_TIME, INFO_MANAGE_ACCT_SC_GET_PW_RETIRED_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the retired password expiration time.
createSubCommand(ManageAccountSubCommandType.GET_RETIRED_PASSWORD_EXPIRATION_TIME, INFO_MANAGE_ACCT_SC_GET_RETIRED_PW_EXP_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to purge a retired password.
createSubCommand(ManageAccountSubCommandType.CLEAR_RETIRED_PASSWORD, INFO_MANAGE_ACCT_SC_PURGE_RETIRED_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the available SASL mechanisms for a user.
createSubCommand(ManageAccountSubCommandType.GET_AVAILABLE_SASL_MECHANISMS, INFO_MANAGE_ACCT_SC_GET_AVAILABLE_SASL_MECHS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the available OTP delivery mechanisms for a
// user.
createSubCommand(ManageAccountSubCommandType.GET_AVAILABLE_OTP_DELIVERY_MECHANISMS, INFO_MANAGE_ACCT_SC_GET_AVAILABLE_OTP_MECHS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user has at least one TOTP
// shared secret.
createSubCommand(ManageAccountSubCommandType.GET_HAS_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_GET_HAS_TOTP_SHARED_SECRET_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to add a value to the set of TOTP shared secrets
// for a user.
final ArgumentParser addTOTPSharedSecretParser = createSubCommandParser(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET);
final StringArgument addTOTPSharedSecretValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_ARG_VALUE.get());
addTOTPSharedSecretValueArg.addLongIdentifier("operationValue", true);
addTOTPSharedSecretValueArg.addLongIdentifier("totp-shared-secret", true);
addTOTPSharedSecretValueArg.addLongIdentifier("operation-value", true);
addTOTPSharedSecretValueArg.setSensitive(true);
addTOTPSharedSecretParser.addArgument(addTOTPSharedSecretValueArg);
createSubCommand(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET, addTOTPSharedSecretParser, createSubCommandExample(ManageAccountSubCommandType.ADD_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_ADD_TOTP_SHARED_SECRET_EXAMPLE.get("abcdefghijklmnop", EXAMPLE_TARGET_USER_DN), "--totpSharedSecret", "abcdefghijklmnop"));
// Define the subcommand to remove a value from the set of TOTP shared
// secrets for a user.
final ArgumentParser removeTOTPSharedSecretParser = createSubCommandParser(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET);
final StringArgument removeTOTPSharedSecretValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_ARG_VALUE.get());
removeTOTPSharedSecretValueArg.addLongIdentifier("operationValue", true);
removeTOTPSharedSecretValueArg.addLongIdentifier("totp-shared-secret", true);
removeTOTPSharedSecretValueArg.addLongIdentifier("operation-value", true);
removeTOTPSharedSecretValueArg.setSensitive(true);
removeTOTPSharedSecretParser.addArgument(removeTOTPSharedSecretValueArg);
createSubCommand(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET, removeTOTPSharedSecretParser, createSubCommandExample(ManageAccountSubCommandType.REMOVE_TOTP_SHARED_SECRET, INFO_MANAGE_ACCT_SC_REMOVE_TOTP_SHARED_SECRET_EXAMPLE.get("abcdefghijklmnop", EXAMPLE_TARGET_USER_DN), "--totpSharedSecret", "abcdefghijklmnop"));
// Define the subcommand to replace set of TOTP shared secrets for a user.
final ArgumentParser setTOTPSharedSecretsParser = createSubCommandParser(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS);
final StringArgument setTOTPSharedSecretsValueArg = new StringArgument('O', "totpSharedSecret", true, 0, null, INFO_MANAGE_ACCT_SC_SET_TOTP_SHARED_SECRETS_ARG_VALUE.get());
setTOTPSharedSecretsValueArg.addLongIdentifier("operationValue", true);
setTOTPSharedSecretsValueArg.addLongIdentifier("totp-shared-secret", true);
setTOTPSharedSecretsValueArg.addLongIdentifier("operation-value", true);
setTOTPSharedSecretsValueArg.setSensitive(true);
setTOTPSharedSecretsParser.addArgument(setTOTPSharedSecretsValueArg);
createSubCommand(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS, setTOTPSharedSecretsParser, createSubCommandExample(ManageAccountSubCommandType.SET_TOTP_SHARED_SECRETS, INFO_MANAGE_ACCT_SC_SET_TOTP_SHARED_SECRETS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "abcdefghijklmnop"), "--totpSharedSecret", "abcdefghijklmnop"));
// Define the subcommand to clear the set of TOTP shared secrets for a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_TOTP_SHARED_SECRETS, INFO_MANAGE_ACCT_SC_CLEAR_TOTP_SHARED_SECRETS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user has at least one
// registered YubiKey OTP device public ID.
createSubCommand(ManageAccountSubCommandType.GET_HAS_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_GET_HAS_YUBIKEY_ID_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to get the set of registered YubiKey OTP device
// public IDs for a user.
createSubCommand(ManageAccountSubCommandType.GET_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_GET_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to add a value to the set of registered YubiKey OTP
// device public IDs for a user.
final ArgumentParser addRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID);
final StringArgument addRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_ARG_VALUE.get());
addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
addRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
addRegisteredYubiKeyPublicIDParser.addArgument(addRegisteredYubiKeyPublicIDValueArg);
createSubCommand(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID, addRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.ADD_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_ADD_YUBIKEY_ID_EXAMPLE.get("abcdefghijkl", EXAMPLE_TARGET_USER_DN), "--publicID", "abcdefghijkl"));
// Define the subcommand to remove a value from the set of registered
// YubiKey OTP device public IDs for a user.
final ArgumentParser removeRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID);
final StringArgument removeRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_ARG_VALUE.get());
removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
removeRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
removeRegisteredYubiKeyPublicIDParser.addArgument(removeRegisteredYubiKeyPublicIDValueArg);
createSubCommand(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, removeRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, INFO_MANAGE_ACCT_SC_REMOVE_YUBIKEY_ID_EXAMPLE.get("abcdefghijkl", EXAMPLE_TARGET_USER_DN), "--publicID", "abcdefghijkl"));
// Define the subcommand to replace set of registered YubiKey OTP device
// public IDs for a user.
final ArgumentParser setRegisteredYubiKeyPublicIDParser = createSubCommandParser(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS);
final StringArgument setRegisteredYubiKeyPublicIDValueArg = new StringArgument('O', "publicID", true, 0, null, INFO_MANAGE_ACCT_SC_SET_YUBIKEY_IDS_ARG_VALUE.get());
setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operationValue", true);
setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("public-id", true);
setRegisteredYubiKeyPublicIDValueArg.addLongIdentifier("operation-value", true);
setRegisteredYubiKeyPublicIDParser.addArgument(setRegisteredYubiKeyPublicIDValueArg);
createSubCommand(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS, setRegisteredYubiKeyPublicIDParser, createSubCommandExample(ManageAccountSubCommandType.SET_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_SET_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, "abcdefghijkl"), "--publicID", "abcdefghijkl"));
// Define the subcommand to clear the set of registered YubiKey OTP device
// public IDs for a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS, INFO_MANAGE_ACCT_SC_CLEAR_YUBIKEY_IDS_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether a user has at least one static
// password.
createSubCommand(ManageAccountSubCommandType.GET_HAS_STATIC_PASSWORD, INFO_MANAGE_ACCT_SC_GET_HAS_STATIC_PW_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the last bind password validation time
// for a user.
createSubCommand(ManageAccountSubCommandType.GET_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_GET_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve the length of time since the last bind
// password validation for a user.
createSubCommand(ManageAccountSubCommandType.GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION, INFO_MANAGE_ACCT_SC_GET_SECS_SINCE_LAST_BIND_PW_VALIDATION_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to set the last bind password validation time for a
// user.
final ArgumentParser setLastBindPasswordValidationTimeParser = createSubCommandParser(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME);
final TimestampArgument setLastBindPasswordValidationTimeValueArg = new TimestampArgument('O', "validationTime", false, 1, null, INFO_MANAGE_ACCT_SC_SET_LAST_BIND_PW_VALIDATION_TIME_ARG_VALUE.get());
setLastBindPasswordValidationTimeValueArg.addLongIdentifier("operationValue", true);
setLastBindPasswordValidationTimeValueArg.addLongIdentifier("validation-time", true);
setLastBindPasswordValidationTimeValueArg.addLongIdentifier("operation-value", true);
setLastBindPasswordValidationTimeParser.addArgument(setLastBindPasswordValidationTimeValueArg);
createSubCommand(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME, setLastBindPasswordValidationTimeParser, createSubCommandExample(ManageAccountSubCommandType.SET_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_SET_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN, currentGeneralizedTime), "--validationTime", currentGeneralizedTime));
// Define the subcommand to clear the last bind password validation time for
// a user.
createSubCommand(ManageAccountSubCommandType.CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME, INFO_MANAGE_ACCT_SC_CLEAR_LAST_BIND_PW_VALIDATION_TIME_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to determine whether an account is locked because
// it contains a password that does not satisfy all of the configured
// password validators.
createSubCommand(ManageAccountSubCommandType.GET_ACCOUNT_IS_VALIDATION_LOCKED, INFO_MANAGE_ACCT_SC_GET_ACCT_VALIDATION_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to specify whether an account is locked because it
// contains a password that does not satisfy all of the configured password
// validators.
final ArgumentParser setIsValidationLockedParser = createSubCommandParser(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED);
final BooleanValueArgument setIsValidationLockedValueArg = new BooleanValueArgument('O', "accountIsValidationLocked", true, null, INFO_MANAGE_ACCT_SC_SET_ACCT_VALIDATION_LOCKED_ARG_VALUE.get());
setIsValidationLockedValueArg.addLongIdentifier("operationValue", true);
setIsValidationLockedValueArg.addLongIdentifier("account-is-validation-locked", true);
setIsValidationLockedValueArg.addLongIdentifier("operation-value", true);
setIsValidationLockedParser.addArgument(setIsValidationLockedValueArg);
createSubCommand(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED, setIsValidationLockedParser, createSubCommandExample(ManageAccountSubCommandType.SET_ACCOUNT_IS_VALIDATION_LOCKED, INFO_MANAGE_ACCT_SC_SET_ACCT_VALIDATION_LOCKED_EXAMPLE.get(EXAMPLE_TARGET_USER_DN), "--accountIsValidationLocked", "true"));
// Define the subcommand to retrieve a user's recent login history.
createSubCommand(ManageAccountSubCommandType.GET_RECENT_LOGIN_HISTORY, INFO_MANAGE_ACCT_SC_GET_RECENT_LOGIN_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
// Define the subcommand to retrieve a user's recent login history.
createSubCommand(ManageAccountSubCommandType.CLEAR_RECENT_LOGIN_HISTORY, INFO_MANAGE_ACCT_SC_CLEAR_RECENT_LOGIN_HISTORY_EXAMPLE.get(EXAMPLE_TARGET_USER_DN));
}
Also used :
DNArgument(com.unboundid.util.args.DNArgument)
IPAddressArgumentValueValidator(com.unboundid.util.args.IPAddressArgumentValueValidator)
FilterArgument(com.unboundid.util.args.FilterArgument)
IntegerArgument(com.unboundid.util.args.IntegerArgument)
BooleanArgument(com.unboundid.util.args.BooleanArgument)
FileArgument(com.unboundid.util.args.FileArgument)
TimestampArgument(com.unboundid.util.args.TimestampArgument)
BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument)
ArgumentParser(com.unboundid.util.args.ArgumentParser)
StringArgument(com.unboundid.util.args.StringArgument)
Aggregations
TimestampArgument (com.unboundid.util.args.TimestampArgument)7
ArgumentParser (com.unboundid.util.args.ArgumentParser)6
BooleanValueArgument (com.unboundid.util.args.BooleanValueArgument)5
StringArgument (com.unboundid.util.args.StringArgument)5
BooleanArgument (com.unboundid.util.args.BooleanArgument)4
DNArgument (com.unboundid.util.args.DNArgument)4
FileArgument (com.unboundid.util.args.FileArgument)4
IntegerArgument (com.unboundid.util.args.IntegerArgument)4
NotNull (com.unboundid.util.NotNull)3
SubCommand (com.unboundid.util.args.SubCommand)3
Date (java.util.Date)3
ASN1BitString (com.unboundid.asn1.ASN1BitString)2
FilterArgument (com.unboundid.util.args.FilterArgument)2
IPAddressArgumentValueValidator (com.unboundid.util.args.IPAddressArgumentValueValidator)2
ArrayList (java.util.ArrayList)2
LinkedHashSet (java.util.LinkedHashSet)2
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)1
InMemoryDirectoryServerConfig (com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)1
DN (com.unboundid.ldap.sdk.DN)1
