base/java-tools/doc/README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

                               Certificate System
                          Java Command Line Utilities


Command Line Utility                           Purpose
==============================================================================
AtoB <input file> <output file>                A command line utility utilized
                                               to convert an ASCII BASE 64
                                               blob into a BINARY BASE 64 blob.

AuditVerify                                    A command line utility utilized
                                               to verify signatures in signed
                                               audit log files.

BtoA <input file> <output file>                A command line utility utilized
                                               to convert a BINARY BASE 64
                                               blob into an ASCII BASE 64 blob.

CMCEnroll                                      A command line utility used to
                                               sign a certificate enrollment
                                               request with an agent's
                                               certificate. 

CMCRequest                                     A command line utility used to
                                               construct a Certificate 
                                               Management Messages over
                                               CMS (CMC) request.

CMCResponse                                    A command line utility used to
                                               parse a CMC response.

CMCRevoke                                      A command line utility used to
                                               sign a revocation request with
                                               an agent's certificate.

CRMFPopClient                                  A command line utility used to
                                               generate CRMF requests with
                                               proof of possession (POP).

DRMTool -drmtool_config_file                   A command line utility used to
        <path + drmtool config file>           change the storage key used
        -source_ldif_file                      to wrap the symmetric key
        <path + source ldif file>              which is used to encrypt the
        -target_ldif_file                      user's private key.
        <path + target ldif file>              Optionally, this utility
        -log_file                              may also be used to re-index IDs
        <path + log file >                     associated with the various
        [-source_pki_security_database_path    records which may be useful
         <path to PKI source databases>        for DRM consolidation.
         -source_storage_token_name
         '<source token>'
         -source_storage_certificate_nickname
         '<source nickname>'
         -target_storage_certificate_file
         <path to target certificate file>
         [-source_pki_security_database_pwdfile
          <path + pwdfile>]]
        [-append_id_offset
         <numeric offset> ||
         -remove_id_offset
         <numeric offset>]
        [-source_drm_naming_context
          <source DRM naming context>]
        [-target_drm_naming_context
          <target DRM naming context>]
        [-process_requests_and_key_records_only]

ExtJoiner <ext_file0> . . . <ext_file9>        A command line utility utilized
                                               to join a sequence of extensions
                                               together so that the final
                                               output can be used in the
                                               configuration wizard for
                                               specifying extra extensions
                                               in default certificates
                                               (i. e. - CA  certificate,
                                                        SSL certificate).

GenExtKeyUsage [true|false]                    A command line utility utilized
               <OID_1> . . . <OID_9>           to generate a DER-encoded
                                               Extended Key Usage extension.
                                               The first parameter is the
                                               criticality of the extension,
                                               true or false.  The OIDs to be
                                               included in the extension are
                                               passed as command-line
                                               arguments.  The OIDs are
                                               described in RFC 2459.  For
                                               example, the OID for code
                                               signing is 1.3.6.1.5.5.7.3.3.

GenIssuerAltNameExt <general_type0>            A command line utility utilized
                    <general_name0>            to generate an issuer
                    . . .                      alternative name extension in
                    <general_type3>            base-64 encoding. The encoding
                    <general_name3>            output can be used with the
                                               configuration wizard, where:
                                                   <general_type#> can be one
                                                   of the following strings:
                                                       DNSName 
                                                       EDIPartyName
                                                       IPAddressName
                                                       URIName
                                                       RFC822Name
                                                       OIDName
                                                       X500Name
                                                   <general_name#> is a string

GenSubjectAltNameExt <general_type0>           A command line utility utilized
                     <general_name0>           to generate a subject
                     . . .                     alternative name extension in
                     <general_type3>           base-64 encoding. The encoding
                     <general_name3>           output can be used with the
                                               configuration wizard, where:
                                                   <general_type#> can be one
                                                   of the following strings:
                                                       DNSName 
                                                       EDIPartyName
                                                       IPAddressName
                                                       URIName
                                                       RFC822Name
                                                       OIDName
                                                       X500Name
                                                   <general_name#> is a string

HttpClient                                     A command line utility used
                                               to communicate with any
                                               http/https server.

OCSPClient                                     A command line utility that
                                               verifies certificate status by
                                               submitting Online Certificate
                                               Status Protocol (OCSP) requests
                                               to an instance of an OCSP
                                               subsystem.

PKCS10Client                                   A command line utility that
                                               generates a Public Key 
                                               Cryptography Standards
                                               (PKCS) #10 enrollment
                                               request.

PKCS12Export                                   A command line utility utilized
                                               to create PKCS12 file.

PrettyPrintCert <input file> [output file]     A command line utility utilized
                                               to print the contents of a
                                               certificate stored as an ASCII
                                               BASE 64 encoded blob in a
                                               user-friendly manner.

PrettyPrintCrl <input file> [output file]      A command line utility utilized
                                               to print the contents of a 
                                               Certificate Revocation List
                                               (CRL) stored as an ASCII
                                               BASE 64 encoded blob in a
                                               user-friendly manner.

TokenInfo                                      A command line utility utilized
                                               to display all external HSMs
                                               visible to JSS.