From a150d1753e32ae0e26bd6e865de0f60732ce0e55 Mon Sep 17 00:00:00 2001 From: gpkvt Date: Sat, 15 Jul 2023 14:44:09 +0200 Subject: [PATCH] Added completion functions --- zsh/zsh-completions/_glances | 125 +++ zsh/zsh-completions/_mc | 82 ++ zsh/zsh-completions/_mkcert | 58 ++ zsh/zsh-completions/_nano | 74 ++ zsh/zsh-completions/_neofetch | 146 +++ zsh/zsh-completions/_nftables | 500 ++++++++++ zsh/zsh-completions/_openssl | 1687 +++++++++++++++++++++++++++++++++ zsh/zsh-completions/_openvpn3 | 246 +++++ zsh/zsh-completions/_ufw | 145 +++ zsh/zsh-completions/_vnstat | 127 +++ zsh/zsh-completions/_wg-quick | 25 + 11 files changed, 3215 insertions(+) create mode 100644 zsh/zsh-completions/_glances create mode 100644 zsh/zsh-completions/_mc create mode 100644 zsh/zsh-completions/_mkcert create mode 100644 zsh/zsh-completions/_nano create mode 100644 zsh/zsh-completions/_neofetch create mode 100644 zsh/zsh-completions/_nftables create mode 100644 zsh/zsh-completions/_openssl create mode 100644 zsh/zsh-completions/_openvpn3 create mode 100644 zsh/zsh-completions/_ufw create mode 100644 zsh/zsh-completions/_vnstat create mode 100644 zsh/zsh-completions/_wg-quick diff --git a/zsh/zsh-completions/_glances b/zsh/zsh-completions/_glances new file mode 100644 index 0000000..043bd69 --- /dev/null +++ b/zsh/zsh-completions/_glances @@ -0,0 +1,125 @@ +#compdef glances +# ------------------------------------------------------------------------------ +# Copyright (c) 2011 Github zsh-users - https://github.com/zsh-users +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the zsh-users nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for glances (https://nicolargo.github.io/glances/). +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * loranger (https://github.com/loranger) +# * Shohei Yoshida (https://github.com/syohex) +# +# ------------------------------------------------------------------------------ + +_glances() { + _arguments \ + '(- *)'{-h,--help}'[show this help message and exit]' \ + '(- *)'{-V,--version}"[show program's version number and exit]" \ + '(-C,--config)'{-C,--config}'[path to the configuration file]: :_files' \ + '(--modules-list --module-list)'{--modules-list,--module-list}'[display modules list and exit]' \ + '(--disable-plugin --disable-plugins)'{--disable-plugin,--disable-plugins}'[disable plugin(comma separated list or all)]:plugin' \ + '(--enable-plugin --enable-plugins)'{--enable-plugin,--enable-plugins}'[enable plugin(comma separated list)]:plugin' \ + '--disable-process[disable process module]' \ + '--disable-webui[disable the Web Interface]' \ + '(--light --enable-light)'{--light,--enable-light}'[light mode for Curses UI]' \ + '(-0 --disable-irix)'{-0,--disable-irix}"[task's cpu usage will be divided by the total number of CPUs]" \ + '(-1 --percpu)'{-1,--percpu}'[start Clances in per CPU mode]' \ + '(-2 --disable-left-sidebar)'{-2,--disable-left-sidebar}'[disable network, disk I/O, FS and sensors modules]' \ + '(-3 --disable-quicklook)'{-3,--disable-quicklook}'[disable quick look module]' \ + '(-4 --full-quicklook)'{-4,--full-quicklook}'[disable all but quick look and load]' \ + '(-5 --disable-top)'{-5,--disable-top}'[disable top menu(QL, CPU, MEM, SWAP and LOAD)]' \ + '(-6 --menugpu)'{-6,--menugpu}'[start Glances in mean GPU mode]' \ + '--disable-history[disable stats history]' \ + '--disable-bold[disable bold mode in the terminal]' \ + '--disable-bg[disable background colors in the terminal]' \ + '--enable-irq[enable IRQ mode]' \ + '--enable-process-extended[enable extended stats on top process]' \ + '(--separator --enable-separator)'{--separator,--enable-separator}'[enable separator in the UI]' \ + '--sort-process[sort processes]: :(cpu_percent memory_percent username cpu_times io_counters name)' \ + '(--programs --program)'{--programs,--program}'[Accumulate processes by program]' \ + '--export[enable export module]:module' \ + '--export-csv-file[file path for CSV exporter]: :_files' \ + '--export-csv-overwrite[overwrite existing CSV file]' \ + '--export-json-file[file path for JSON exporter]: :_files' \ + '--export-graph-path[Folder for Graph exporter]: :_files -/' \ + '(-c --client)'{-c,--client}'[connect to a Glances server]:host:_hosts' \ + '(-s --server)'{-s,--server}'[run Glances in server mode]' \ + '--browser[start the client browser]' \ + '--disable-autodiscover[disable autodiscover feature]' \ + '(-p --port)'{-p,--port}'[define the client/server TCP port]' \ + '(-B --bind)'{-B,--bind}'[bind server to the given IPv4/IPv6 address or hostname]:host:_hosts' \ + '--username[define a client/server username]' \ + '--password[define a client/server password]' \ + '-u[use the given client/server username]:user_name' \ + '--snmp-community[SNMP community]:community' \ + '--snmp-port[SNMP community]:port' \ + '--snmp-version[SNMP version]:version:(1 2c 3)' \ + '--snmp-user[SNMP user]:user' \ + '--snmp-auth[SNMP auth]:auth' \ + '--snmp-force[force SNMP mode]' \ + '(-t --time)'{-t,--time}'[set minimum refresh rate in seconds(default: 2 sec)]:seconds' \ + '(-w --webserver)'{-w,--webserver}'[run Glances in web server mode]' \ + '--cached-time[set the server cache time(default: 1 sec)]:seconds' \ + '--stop-after[stop Glances after n fresh]:' \ + '--open-web-browser[try to open the Web UI in the default browser]' \ + '(-q --quiet)'{-q,--quiet}'[do not display the curses interface]' \ + '(-f --process-filter)'{-f,--process-filter}'[set the process filter pattern]:regexp' \ + '--process-short-name[force short name for processes name]' \ + '--process-long-name[force long name for processes name]' \ + '--stdout[display stats to stdout one stat per line]:stats' \ + '--stdout-json[display stats to stdout, JSON format]:stats' \ + '--stdout-csv[display stats to CSV, JSON format]:stats' \ + '--issue[test all plugins and exit]' \ + '--trace-malloc[trace memory allocation and display it at the end of the process]' \ + '--memory-leak[test memory leak]' \ + '--api-doc[display fields descriptions]'\ + '--hide-kernel-threads[hide kernel threads in process list]' \ + '(-b --byte)'{-b,--byte}'[display network rate in byte per second]' \ + '--diskio-show-ramfs[show RAM Fs in the DiskIO plugin]' \ + '--diskio-iops[show IO per second in the DiskIO plugin]' \ + '--fahrenheit[display temperature in Fahrenheit]' \ + '--fs-free-space[display FS free space instead of used]' \ + '--sparkline[display sparklines instead of bar in the curses interface]' \ + '--disable-unicode[disable unicode characters in the curses interface]' \ + '--theme-white[optimize display colors for white background ]' \ + '--disable-check-update[disable online Glances version check]' \ + '--strftime[strftime format string for displaying current date in standalone mode]' \ +} + +_glances "$@" + +# Local Variables: +# mode: Shell-Script +# sh-indentation: 2 +# indent-tabs-mode: nil +# sh-basic-offset: 2 +# End: +# vim: ft=zsh sw=2 ts=2 et diff --git a/zsh/zsh-completions/_mc b/zsh/zsh-completions/_mc new file mode 100644 index 0000000..64eaf00 --- /dev/null +++ b/zsh/zsh-completions/_mc @@ -0,0 +1,82 @@ +#compdef mc +# ------------------------------------------------------------------------------ +# Copyright (c) 2019 Sebastian Gniazdowski +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for Midnight Commander 4.8.28 (https://midnight-commander.org/) +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Sebastian Gniazdowski (https://github.com/psprint) +# ------------------------------------------------------------------------------ + +setopt localoptions warncreateglobal typesetsilent + +local -a opts +opts=( + {-h,--help}'[show help on options]' + --help-all'[show help on all options]' + --help-terminal'[terminal options help]' + --help-color'[color options help]' + {-a,--stickchars}'[use stickchars to draw]' + '(-c --color -b --nocolor)'{-b,--nocolor}'[requests to run in black and white]' + '(-b --nocolor -c --color)'{-c,--color}'[request to run in color mode]' + {-C,--colors=}'[specifies a color configuration]:arg:' + --configure-options'[print configure options]' + {-d,--nomouse}'[disable mouse support in text version]' + {-d,--debuglevel=}'[save the debug level for SMB VFS]:debug level:(0 1 2 3 4 5 6 7 8 9 10)' + {-e,--edit=}'[edit files]:file:_files' + {-f,--datadir}'[print data directory]' + {-F,--datadir-info}'[print extended info about used data directories]' + {-g,--oldmouse}'[tries to use an old highlight mouse tracking]' + {-k,--resetsoft}'[resets soft keys on HP terminals]' + {-K,--keymap=}'[load definitions of key bindings from specified file]:file:_files' + {-l,--ftplog=}'[log ftp dialog to specified file]:file:_files' + --nokeymap"[don't load key bindings from any file, use default hardcoded keys]" + {-P,--printwd=}'[print last working directory to specified file]:file:_files' + {-s,--slow}'[to run on slow terminals]' + {-S,--skin=}'[show mc with specified skin]:skin:' + {-t,--termcap}'[tries to use termcap instead of terminfo]' + '(-U --subshell -u --nosubshell)'{-u,--nosubshell}'[disables subshell support]' + '(-u --nosubshell -U --subshell)'{-U,--subshell}'[enables subshell support (default)]' + {-v,--view=}'[launches the file viewer on a file]:file:_files' + {-V,--version}'[displays the current version]' + {-x,--xterm}'[forces xterm features]' + {-X,--no-x11}'[disable X11 support]' + '*:pane directory:_directories' +) + +_arguments -s $opts + +# Return value passes through + +# Local Variables: +# mode: Shell-Script +# sh-indentation: 2 +# indent-tabs-mode: nil +# sh-basic-offset: 2 +# End: +# vim: ft=zsh sw=2 ts=2 et diff --git a/zsh/zsh-completions/_mkcert b/zsh/zsh-completions/_mkcert new file mode 100644 index 0000000..6c639de --- /dev/null +++ b/zsh/zsh-completions/_mkcert @@ -0,0 +1,58 @@ +#compdef mkcert +# ------------------------------------------------------------------------------ +# Copyright (c) 2023 Github zsh-users - https://github.com/zsh-users +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for mkcert v1.4.4 (https://github.com/FiloSottile/mkcert) +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Shohei Yoshida (https://github.com/syohex) +# +# ------------------------------------------------------------------------------ + +_arguments \ + '(- *)-help[Print help message]' \ + '(- *)-version[Print version information]' \ + '-install[Install the local CA in the system trust store]' \ + '-uninstall[Uninstall the local CA]' \ + '-cert-file[Specify cert file output path]:path:_files' \ + '-key-file[Specify key file output path]:path:_files' \ + '-p12-file[Specify p12 file output path]:path:_files' \ + '-client[Generate a certificate for client authentication]' \ + '-ecdsa[Generate a certificate with an ECDSA key]' \ + '-pkcs12[Generate a ".p12" PKCS #12 file]' \ + '-csr[Generate a certificate based on the supplied CSR]:csr' \ + '(- *)-CAROOT[Print the CA certificate and key storage location]' \ + && return 0 + +# Local Variables: +# mode: Shell-Script +# sh-indentation: 2 +# indent-tabs-mode: nil +# sh-basic-offset: 2 +# End: +# vim: ft=zsh sw=2 ts=2 et diff --git a/zsh/zsh-completions/_nano b/zsh/zsh-completions/_nano new file mode 100644 index 0000000..602443b --- /dev/null +++ b/zsh/zsh-completions/_nano @@ -0,0 +1,74 @@ +#compdef nano + +local curcontext="$curcontext" state line +local -i ret=1 + +_arguments -s -S -C \ + '(-)'{-A,--smarthome}'[enable smart home key]' \ + '(-B --backup)'{-B,--backup}'[save backups of existing files]' \ + '(-C --backupdir)'{-C+,--backupdir=}'[specify directory for saving unique backup files]:directory:_directories' \ + '(-D --boldtext)'{-D,--boldtext}'[use bold instead of reverse video text]' \ + '(-E --tabstospaces)'{-E,--tabstospaces}'[convert typed tabs to spaces]' \ + '(-F --multibuffer)'{-F,--multibuffer}'[read a file into a new buffer by default]' \ + '(-G --locking)'{-G,--locking}'[use vim-style lock files]' \ + '(-H --historylog)'{-H,--historylog}'[log & read search replace string history]' \ + '(-I --ignorercfiles)'{-I,--ignorercfiles}"[don't look at nanorc files]" \ + '(-J --guidestripe)'{-J+,--guidestripe=}'[show a guide bar at specified column]:number' \ + '(-K --rawsequences)'{-K,--rawsequences}'[fix numeric keypad key confusion problem]' \ + '(-L --nonewlines)'{-L,--nonewlines}"[don't add an automatic newline]" \ + '(-M --trimblanks)'{-M,--trimblanks}'[trim trailing spaces when hard-wrapping]' \ + '(-N --noconvert -u --unix)'{-N,--noconvert}"[don't convert files from DOS/Mac format]" \ + '(-O --bookstyle)'{-O,--bookstyle}'[leading whitespace means new paragraph]' \ + '(-P --positionlog)'{-P,--positionlog}'[log & read location of cursor position]' \ + '(-Q --quotestr)'{-Q+,--quotestr=}'[specify regular expression to match quoted parts of lines]:regex [^([ \t]*([!#%\:;>|}]|//))+]' \ + '(-R --restricted)'{-R,--restricted}'[restricted mode]' \ + '(-S --softwrap)'{-S,--softwrap}'[display overly long lines on multiple rows]' \ + '(-T --tabsize)'{-T+,--tabsize=}'[set width of a tab]:columns [8]' \ + '(-U --quickblank -c --constantshow -_ --minibar)'{-U,--quickblank}'[do quick statusbar blanking]' \ + '(- *)'{-V,--version}'[print version information and exit]' \ + '(-W --wordbounds -X --wordchars)'{-W,--wordbounds}'[detect word boundaries more accurately]' \ + '(-X --wordchars -W --wordbounds)'{-X+,--wordchars=}'[specify which other characters are word parts]:string' \ + '(-Y --syntax=)'{-Y+,--syntax=}'[syntax definition to use for coloring]:value' \ + '(-Z --zap)'{-Z,--zap}'[let backspace and delete erase a marked region]' \ + '(-a --atblanks)'{-a,--atblanks}'[when soft-wrapping, do it at whitespace]' \ + '(-b --breaklonglines -w --nowrap)'{-b,--breaklonglines}'[automatically hard-wrap overlong lines]' \ + '(-c --constantshow -U --quickblank)'{-c,--constantshow}'[show cursor position constantly]' \ + '(-d --rebinddelete)'{-d,--rebinddelete}'[fix Backspace/Delete confusion problem]' \ + '(-e --emptyline)'{-e,--emptyline}'[keep the line below the title bar empty]' \ + '(-f --rcfile)'{-f,--rcfile=}'[Use only specified file for configuring nano]:file:_files' \ + '(-g --showcursor)'{-g,--showcursor}'[show cursor in file browser & help text]' \ + '(- *)'{-h,--help}'[show help text and exit]' \ + '(-i --autoindent)'{-i,--autoindent}'[automatically indent new lines]' \ + '(-j --jumpyscrolling)'{-j,--jumpyscrolling}'[scroll by half-screen, not by line]' \ + '(-k --cutfromcursor)'{-k,--cutfromcursor}'[cut from cursor to end of line]' \ + '(-l --linenumbers)'{-l,--linenumbers}'[show line numbers in front of the text]' \ + '(-m --mouse)'{-m,--mouse}'[enable the use of the mouse]' \ + '(-n --noread)'{-n,--noread}"[don't read the file (only write it)]" \ + '(-o --operatingdir)'{-o+,--operatingdir=}'[set operating directory]:directory:_directories' \ + '(-p --preserve)'{-p,--preserve}'[preserve XON (^Q) and XOFF (^S) keys]' \ + '(-q --indicator)'{-q,--indicator}'[show a position+portion indicator]' \ + '(-r --fill)'{-r+,--fill=}'[set width for hard-wrap and justification]:width [-8]' \ + '(-s --speller)'{-s+,--speller=}'[enable alternate speller]:program:_command_names -e' \ + '(-t --tempfile)'{-t,--tempfile}'[auto save on exit, do not prompt]' \ + '(-u --unix -N --noconvert)'{-u,--unix}'[save a file by default in Unix format]' \ + '(-v --view)'{-v,--view}'[view mode (read-only)]' \ + '(-w --nowrap -b --breaklonglines)'{-w,--nowrap}"[don't hard-wrap long lines default]" \ + '(-x --nohelp)'{-x,--nohelp}"[don't show the two help lines]" \ + '(-y --afterends)'{-y,--afterends}'[make Ctrl+Right stop at word ends]' \ + '(-z --suspend)'{-z,--suspend}'[enable suspension]' \ + '(-% --stateflags)'{-%,--stateflags}'[show some states in the title bar]' \ + '(-_ --minibar -U --quickblank)'{-_,--minibar}'[suppress the title bar and show information at the bottom of the screen]' \ + '(-! --magic)'{-\!,--magic}'[try libmagic to determine applicable syntax]' \ + '(-0 --zero)'{-0,--zero}'[Hide all bars, use whole terminal]' \ + '(-t -q)*: :->args' && ret=0 + +if [[ -n $state ]]; then + case $PREFIX in + +) _message -e lines "start at a given line" ;; + +[crCR]#[/?]) _message -e 'search string' ;; + +<->,) _message -e 'column number' ;; + *) _files && ret=0 ;; + esac +fi + +return ret diff --git a/zsh/zsh-completions/_neofetch b/zsh/zsh-completions/_neofetch new file mode 100644 index 0000000..df02bc0 --- /dev/null +++ b/zsh/zsh-completions/_neofetch @@ -0,0 +1,146 @@ +#compdef neofetch +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for neofetch (https://github.com/dylanaraps/neofetch) +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Wu Zhenyu +# +# ------------------------------------------------------------------------------ + +_neofetch_files_none() { + _alternative 'none:none:((none\:"Launch the script without a config file"))' 'files:file:_files' +} +_neofetch_sources() { + _alternative 'choices:choices:(auto ascii wallpaper "command output")' 'files: :_files' +} +local func_names=( + title underline os distro model kernel uptime packages shell resolution de wm + wm_theme icons term term_font cpu gpu memory gpu_driver cpu_usage disk battery + font song local_ip public_ip users locale cols +) +local colors=(black blue cyan default gray green magenta orange red white) +local distros=( + AIX Alpine AlterLinux Anarchy Android Antergos antiX + "AOSC OS" "AOSC OS/Retro" Apricity ArcoLinux ArchBox + ARCHlabs ArchStrike XFerience ArchMerge Arch Artix Arya + Bedrock Bitrig BlackArch BLAG BlankOn BlueLight bonsai BSD + BunsenLabs Calculate Carbs CentOS Chakra ChaletOS Chapeau + Chrom Cleanjaro ClearOS Clear_Linux Clover Condres + Container_Linux CRUX Cucumber Debian Deepin DesaOS Devuan + DracOS DarkOs DragonFly Drauger Elementary EndeavourOS Endless + EuroLinux Exherbo Fedora Feren FreeBSD FreeMiNT Frugalware + Funtoo GalliumOS Garuda Gentoo Pentoo gNewSense GNOME GNU + GoboLinux Grombyang Guix Haiku Huayra Hyperbola janus Kali + KaOS KDE_neon Kibojoe Kogaion Korora KSLinux Kubuntu LEDE + LFS Linux_Lite LMDE Lubuntu Lunar macos Mageia MagpieOS + Mandriva Manjaro Maui Mer Minix LinuxMint MX_Linux Namib + Neptune NetBSD Netrunner Nitrux NixOS Nurunner NuTyX + OBRevenge OpenBSD openEuler OpenIndiana openmamba OpenMandriva + OpenStage OpenWrt osmc Oracle OS Elbrus PacBSD Parabola + Pardus Parrot Parsix TrueOS PCLinuxOS Peppermint popos + Porteus PostMarketOS Proxmox Puppy PureOS Qubes Radix + Raspbian Reborn_OS Redstar Redcore Redhat Refracted_Devuan + Regata Rosa sabotage Sabayon Sailfish SalentOS Scientific + Septor SereneLinux SharkLinux Siduction Slackware SliTaz + SmartOS Solus Source_Mage Sparky Star SteamOS SunOS + openSUSE_Leap openSUSE_Tumbleweed openSUSE SwagArch Tails + Trisquel Ubuntu-Budgie Ubuntu-GNOME Ubuntu-MATE Ubuntu-Studio + Ubuntu Venom Void Obarun windows10 Windows7 Xubuntu Zorin IRIX +) +local options=( + --disable"[Allows you to disable an info line from appearing in the output]:func_name:($func_names)" + --title_fqdn"[Hide/Show Fully Qualified Domain Name in title]:on/off:(on off)" + --package_managers"[Hide/Show Package Manager names]:on/off:(on tiny off)" + --os_arch"[Hide/Show OS architecture]:on/off:(on off)" + --speed_type"[Change the type of cpu speed to display]:type:(current min max bios scaling_current scaling_min scaling_max cpufreq)" + --speed_shorthand"[Whether or not to show decimals in CPU speed]:on/off:(on off)" + --cpu_brand"[Enable/Disable CPU brand in output]:on/off:(on off)" + --cpu_cores"[Whether or not to display the number of CPU cores]:type:(logical physical off)" + --cpu_speed"[Hide/Show cpu speed]:on/off:(on off)" + --cpu_temp"[Hide/Show cpu temperature]:C/F/off:(C F off)" + --distro_shorthand"[Shorten the output of distro]:on/off:(on tiny off)" + --kernel_shorthand"[Shorten the output of kernel]:on/off:(on off)" + --uptime_shorthand"[Shorten the output of uptime]:on/off:(on tiny off)" + --refresh_rate"[Whether to display the refresh rate of each monitor]:on/off:(on off)" + --gpu_brand"[Enable/Disable GPU brand in output]:on/off:(on off)" + --gpu_type"[Which GPU to display]:type:(all dedicated integrated)" + --de_version"[Show/Hide Desktop Environment version]:on/off:(on off)" + --gtk_shorthand"[Shorten output of gtk theme/icons]:on/off:(on off)" + --gtk2"[Enable/Disable gtk2 theme/font/icons output]:on/off:(on off)" + --gtk3"[Enable/Disable gtk3 theme/font/icons output]:on/off:(on off)" + --shell_path"[Enable/Disable showing $SHELL path]:on/off:(on off)" + --shell_version"[Enable/Disable showing $SHELL version]:on/off:(on off)" + --disk_show"[Which disks to display]:value:('/' '/dev/sdXX' '/path/to/mount point')" + --disk_subtitle"[What information to append to the Disk subtitle]:type:(name mount dir none)" + --disk_percent"[Hide/Show disk percent]:on/off:(on off)" + --ip_host"[URL to query for public IP]:url:_urls" + --ip_timeout"[Public IP timeout (in seconds)]:int" + --song_format"[Print the song data in a specific format]:format:(%artist% %album% %title%)" + --song_shorthand"[Print the Artist/Album/Title on separate lines]:on/off:(on off)" + --memory_percent"[Display memory percentage]:on/off:(on off)" + --memory_unit"[Memory output unit]:kib/mib/gib:(kib mib gib)" + --music_player"[Manually specify a player to use]:player-name" + --colors"[Changes the text colors]:title color:($colors):@ color:($colors):underline color:($colors):subtitle color:($colors):colon color:($colors):info color:($colors)" + --underline"[Enable/Disable the underline]:on/off:(on off)" + --underline_char"[Character to use when underlining title]:char" + --bold"[Enable/Disable bold text]:on/off:(on off)" + --separator"[Changes the default ':' separator to the specified string]:string" + --color_blocks"[Enable/Disable the color blocks]:on/off:(on off)" + --col_offset"[Left-padding of color blocks]:auto/num" + --block_width"[Width of color blocks in spaces]:num" + --block_height"[Height of color blocks in lines]:num" + --block_range"[Range of colors to print as blocks]:num::num" + --bar_char"[Characters to use when drawing bars]:elapsed char::total char" + --bar_border"[Whether or not to surround the bar with '\\[\\]']:on/off:(on off)" + --bar_length"[Length in spaces to make the bars]:num" + --bar_colors"[Colors to make the bar in elapsed, total]:num::num" + --cpu_display"[Bar mode]:mode:(bar infobar barinfo off)" + --memory_display"[Bar mode]:mode:(bar infobar barinfo off)" + --battery_display"[Bar mode]:mode:(bar infobar barinfo off)" + --disk_display"[Bar mode]:mode:(bar infobar barinfo off)" + --backend"[Which image backend to use]:backend:(ascii caca chafa jp2a iterm2 off sixel tycat w3m kitty)" + --source"[Which image or ascii file to use]:source:_neofetch_sources" + --ascii"[Shortcut to use 'ascii' backend]:source:_neofetch_sources" + --caca"[Shortcut to use 'caca' backend]:source:_neofetch_sources" + --chafa"[Shortcut to use 'chafa' backend]:source:_neofetch_sources" + --iterm2"[Shortcut to use 'iterm2' backend]:source:_neofetch_sources" + --jp2a"[Shortcut to use 'jp2a' backend]:source:_neofetch_sources" + --kitty"[Shortcut to use 'kitty' backend]:source:_neofetch_sources" + --pot"[Shortcut to use 'pot' backend]:source:_neofetch_sources" + --pixterm"[Shortcut to use 'pixterm' backend]:source:_neofetch_sources" + --sixel"[Shortcut to use 'sixel' backend]:source:_neofetch_sources" + --termpix"[Shortcut to use 'termpix' backend]:source:_neofetch_sources" + --tycat"[Shortcut to use 'tycat' backend]:source:_neofetch_sources" + --w3m"[Shortcut to use 'w3m' backend]:source:_neofetch_sources" + --off"[Shortcut to use off backend (Disable ascii art)]" + --ascii_colors"[Colors to print the ascii art]:title color:($colors):@ color:($colors):underline color:($colors):subtitle color:($colors):colon color:($colors):info color:($colors)" + --ascii_distro"[Which Distro's ascii art to print]:distro:($distros)" + --ascii_bold"[Whether or not to bold the ascii logo]:on/off:(on off)" + {-L,--logo}"[Hide the info text and only show the ascii logo]" + --loop"[Redraw the image constantly until Ctrl+C is used]" + --size"[How to size the image]:00px or 00%:(auto none)" + --crop_mode"[Which crop mode to use]:mode:(normal fit fill)" + --crop_offset"[Change the crop offset for normal mode]:value:(northwest north northeast west center east southwest south southeast)" + --xoffset"[How close the image will be to the left edge of the]:px" + --yoffset"[How close the image will be to the top edge of the]:px" + --bg_color"[Background color to display behind transparent image]:color:($colors)" + --gap"[Gap between image and text]:num" + --clean"[Delete cached files and thumbnails]" + --config"[Specify a path to a custom config file]:files or none:_neofetch_files_none" + --no_config"[Don't create the user config file]" + '(- : *)'--print_config"[Print the default config file to stdout]" + --stdout"[Turn off all colors and disables any ASCII/image backend]" + '(- : *)'--help"[Print this text and exit]" + '(- : *)'--version"[Show neofetch version]" + -v"[Display error messages]" + -vv"[Display a verbose log for error reporting]" + '(- : *)'--gen-man"[Generate a manpage for Neofetch in your PWD]" +) + +_arguments $options "*::func_name:($func_names)" diff --git a/zsh/zsh-completions/_nftables b/zsh/zsh-completions/_nftables new file mode 100644 index 0000000..c891ead --- /dev/null +++ b/zsh/zsh-completions/_nftables @@ -0,0 +1,500 @@ +#compdef nft +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for nft 0.9.0 (https://www.netfilter.org/projects/nftables/index.html). +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Markus Richter ( https://github.com/mqus , ) +# +# ------------------------------------------------------------------------------ +_nft(){ +local -a rules states prev args families options descriptors +local state="start" line nextstate cmd_obj cmd_subcmd cmd_fam cmd_tab cmd_chain #curcontext="$curcontext" + +options=( + '(-)'{-h,--help}'[show help]' \ + '(-)'{-v,--version}'[print version information]' \ + "(-i --interactive)"{-i,--interactive}'[read input from interactive CLI]: :->end' \ + "(-f --file)"{-f,--file}'[read input from ]:nftables rule file:_files' \ + '(-c --check -n --numeric -N)'{-c,--check}"[check command's validity without actually applying the changes]" \ + '(-j --json)'{-j,--json}'[format output in json]' \ + '(-c --check -N)*'{-n,--numeric}'[can be specified up to 3 times, Shows 1:network addresses(default behaviour), 2:internet services (port numbers) and 3:protocols, user IDs, and group IDs numerically]' \ + '(-s --stateless)'{-s,--stateless}'[omit stateful information of ruleset]' \ + '(-N -n --numeric -c --check)'-N'[translate IP addresses to names]' \ + '(-a --handle)'{-a,--handle}'[output rule handle]' \ + '(-e --echo)'{-e,--echo}'[echo what has been added, inserted or replaced]' \ + {-I,--includepath}'[add specified directory to the paths searched for include files]:include directory [/usr/share]:include directory:_directories' +) + +# start a state machine. The state is modified by _arguments if the +# current argument (descriptors) cannot be completed. Each state has to define is successive state and the +# 'descriptors' for _arguments, which essentially tells _arguments how to complete +local _i=0 +while true;do + (( _i+=1 )) + #Guard for endless loops + [[ $_i -gt 100 ]] && return 1 + + descriptors=() + nextstate="end" + case $state in + (start) + ##if line is empty (at the start) or ends with semicolon, autocomplete subcommands, + # else if we are after a space,complete a semicolon (end the current nft command) and start anew + if [[ $line[1] = "" || $line[1] =~ ';$' ]] ; then + descriptors=( ":: :_nft_subcommands" ) + nextstate="category" + else + if [[ $words =~ ' $' ]]; then + descriptors=(':: :(\;)') + else + descriptors=(':argument: ') + fi + nextstate="start" + fi + ;; + (category) + case $line[1] in + (add | list | flush | delete | create | rename | insert | replace | reset) + descriptors=( ":: :_nft_${line[1]}" ) + nextstate=$line[1] + ;; + (monitor) + descriptors=( ":: : _nft_mon_filter" ) + nextstate="mon1" + ;; + (export) + descriptors=( ":: :(ruleset)" ":: :_nft_out_format" ) + nextstate="preend" + ;; + (describe) + descriptors=( ":expression: ") + nextstate="start" #x restart + ;; + (*) + return 1; + ;; + esac + + #descriptors=( "(ruleset)" ) + #nextstate="end" + ;; + (mon1) + case $line[1] in + (new | destroy) +# descriptors=( ":: :_nft_mon_keywords" ":: :_nft_out_format") + descriptors=( ":: : _nft_mon_keywords") + nextstate="mon1" + ;; + (tables | chains | sets | rules | elements | ruleset) + descriptors=( ":: : _nft_out_format") + nextstate="preend" + ;; + esac + ;; + #all completions for create and insert match with the completions of add + (create | insert) + state="add" + ;| + #all completions for reset and flush match with the completions of list + (reset | flush) + state="list" + ;| + #(add(^table)/create(^table)/delete/flush(^ruleset)/insert/list(^ruleset)/rename/replace)[family]table + (reset | delete | insert | rename | replace | add | create | flush | list) + if [[ $state = "add" && $line[1] = "table" ]]; then + descriptors=( ":: :_nft_families" ":table name:") + nextstate="start" #x restart + elif [[ $state = "list" && ( $line[1] = "ruleset" || $line[1] = "tables" ) ]]; then + descriptors=( ":: :_nft_families") + nextstate="start" #x restart + elif [[ $state = "delete" && $line[1] = "table" ]]; then + descriptors=(": : _nft_table all-handle") + nextstate="tcomplete-delete-table" + else + cmd_obj=$line[1] + cmd_subcmd=$state + descriptors=(": : _nft_table all") + nextstate="tcomplete" + fi + ;; + (tcomplete-delete-table) + # if only a family was completed, complete the table name. + case $line[1] in + (arp | bridge | inet | ip | ip6 | netdev) + descriptors=(": : _nft_table ${line[1]}-handle") + cmd_fam=$line[1] + ;; + # if 'handle' was completed, complete the handle number. + (handle) + descriptors=(": : _nft_table_handle_all " ) + ;; + # else, complete nothing and go to the next state. default family is 'ip' + (*) + descriptors=() + cmd_fam="ip" + ;; + esac + nextstate="delete-table" + ;; + (tcomplete) + # if only a family was completed, complete the table name. + case $line[1] in + (arp | bridge | inet | ip | ip6 | netdev) + descriptors=(": : _nft_table ${line[1]}") + cmd_fam=$line[1] + ;; + # else, complete nothing and go to the next state. default family is 'ip' + (*) + descriptors=() + cmd_fam="ip" + ;; + esac + nextstate="$cmd_subcmd-$cmd_obj" + ;; + (list-table) + descriptors=(":: :(\;)") + nextstate="start" + ;; + (delete-table) + #if family AND handle were input, complete handle number for given family. + if [[ $line[1] == "handle" ]]; then + descriptors=(":table handle: _nft_table_handle $cmd_fam" ) + else + descriptors=() + fi + nextstate="start" + ;; + (delete-chain | delete-set | delete-quota | delete-counter | delete-ct\\ helper) + cmd_tab=$line[1] + descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj true") + nextstate="delete-obj-handle" + ;; + (delete-obj-handle) + if [[ $line[1] == "handle" ]]; then + descriptors=(": : _nft_object_handle $cmd_fam $cmd_tab $cmd_obj") + else + descriptors=(": :(\;)") + fi + nextstate="start" + ;; + (add-chain) + descriptors=(":chain name:") + nextstate="start" + ;; + (rename-chain) + cmd_tab=$line[1] + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") + nextstate="add-chain" + ;; + (replace-rule | delete-rule) + cmd_tab=$line[1] + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") + nextstate="repdel-rule" + ;; + (repdel-rule) + cmd_chain=$line[1] + descriptors=(": :(handle)" ": : _nft_rule_handle $cmd_fam $cmd_tab ${line[1]}") + if [[ $cmd_subcmd = "replace" ]];then + nextstate="rule-stmt" + else + nextstate="start" + fi + ;; + (add-rule) + cmd_tab=$line[1] + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") + nextstate="add-rule-2" + ;; + (add-rule-2) + cmd_chain=$line[1] + descriptors=(": :(handle index position)") + nextstate="add-rule-3" + ;; + (add-rule-3) + case $line[1] in + (index | position) + descriptors=(":${line[1]}:") + ;; + (handle) + descriptors=(": : _nft_rule_handle $cmd_fam $cmd_tab $cmd_chain") + ;; + (*) + descriptors=() + ;; + esac + nextstate="rule-stmt" + ;; + (rule-stmt) + #TODO + # _nft_rule $cmd_fam $cmd_tab $cmd_chain\ + # && return 0; + descriptors=":expression: " + nextstate="start" + ;; + (list-set | list-map | delete-map | list-chain | list-flowtable | delete-flowtable | list-ct\\ helper | list-counter | list-quota | list-meter) + cmd_tab=$line[1] + descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj false") + nextstate="start" + ;; + #TODO: + #(add-element | delete-element) + #(add-set | add-map) + #(add-flowtable) + #("add-ct\ helper") + #(add-counter) + #(add-quota) + + (*) + return 1; + ;; + esac + _arguments -C -s \ + "${options[@]}" \ + "${descriptors[@]}" \ + "*:: :->$nextstate" \ + && return 0; + +done +} # end _nft + +_nft_subcommands(){ + local commands=( + 'add:add a table, chain, rule, set, map, or object' + 'list:list a ruleset, table, chain, set, map, or object' + 'flush:flush (delete everything from) a ruleset, table, chain, set, or map' + 'export:print the ruleset in a machine readable format (json or xml)' + 'delete:delete a table, chain, rule, set, element, map, or object' + 'create:similar to add but returns an error for existing chain' + 'rename:rename the specified chain' + 'insert:similar to the add command, but the rule is prepended to the beginning of the chain or before the rule at the given position' + 'replace:similar to the add command, but replaces the specified rule' + 'reset:list-and-reset stateful object' + 'monitor:listen to Netlink events' + 'describe:show information about the type of an expression and its data type' + ) + _describe -t commands 'nft subcommand' commands "$@" +} +_nft_mon_filter(){ + local monitor_filters=( + 'new:show only events of created objects' + 'destroy:show only events of deleted objects' + ) + _describe -t monitor_filters 'nft monitor' monitor_filters -J monitor_filters "$@" + _nft_mon_keywords +} + +_nft_mon_keywords(){ + local monitor_keywords=( + 'tables:show table events' + 'chains:show chain events' + 'sets:show set events' + 'rules:show rule events' + 'elements:show only events of element objects' + 'ruleset:show ruleset events, such as table, chain, rule, set, counters and quotas' + ) + _describe -t monitor_keywords 'nft monitor' monitor_keywords -J monitor_keywords "$@" + _nft_out_format +} + +_nft_out_format(){ + local monitor_format=( + 'json:format output to JSON' + 'xml:format output to XML' + ) + _describe -t monitor_format "output format" monitor_format -J monitor_format "$@" +} + +_nft_add(){ + local commands=( + 'table:add a new table' + 'flowtable:add a new flowtable' + 'chain:add a chain to a table' + 'rule:add a rule to an existing chain' + 'set:add a set to a table' + 'map:add a map to a table' + 'element:add one or multiple element(s) to a set or map' + 'ct\ helper:add a ct helper to a table' + 'counter:add a named counter to a table' + 'quota:add a named quota helper to a table' + ) + _describe -t commands 'nft add' commands "$@" +} + +_nft_create(){ + local commands=( + "table:add a table, but return an error if it already exists" + "chain:add a chain to a table, but return an error if it already exists" + "flowtable:add a flowtable, but return an error if it already exists" + ) + _describe -t commands 'nft create' commands "$@" +} + +_nft_delete(){ + local commands=( + "table:delete the specified table" + "chain:delete the specified chain, chain must be empty and mustn't be used as jump target" + "rule:delete the specified rule, rule must be referable to by a handle" + "set:delete the specified set" + "map:delete the specified map" + "element:delete element(s) from the specified set/map" + "flowtable:delete the specified flowtable" + "ct\ helper:delete the specified ct helper" + "counter:delete the specified counter" + "quota:delete the specified quota" + ) + _describe -t commands 'nft delete' commands "$@" +} + +_nft_flush(){ + local commands=( + "ruleset:clear the whole ruleset, including removing all tables and containing objects" + "table:flush all chains and rules of the specified table" + "chain:flush all rules of the specified chain" + "set:remove all elements from the specified set" + "map:remove all elements from the specified map" + ) + _describe -t commands 'nft flush' commands "$@" +} + +_nft_insert(){ + local commands=( + "rule:prepend a rule to the beginning of the chain or before the rule with the given handle" + ) + _describe -t commands 'nft insert' commands "$@" +} + +_nft_list(){ + local commands=( + "ruleset:print the ruleset in human-readable format" + "tables:list all tables (undocumented)" + "table:list all chains and rules of the specified table" + "chain:list all rules of the specified chain" + "set:display the elements in the specified set" + "map:display the elements in the specified map" + "flowtable:list all flowtables" + "ct\ helper:display stateful information the ct helper holds" + "counter:display stateful information the counter holds" + "quota:display stateful information the quota holds" + ) + _describe -t commands 'nft list' commands "$@" +} + +_nft_rename(){ + local commands=( + "chain:replace a chain" + ) + _describe -t commands 'nft rename' commands "$@" +} + +_nft_replace(){ + local commands=( + "rule:replace a rule" + ) + _describe -t commands 'nft replace' commands "$@" +} + +_nft_reset(){ + local commands=( + 'ct\ helper:reset and list a ct helper to a table' + 'counter:reset and list a counter from a table' + 'quota:reset and list a quota object a table' + ) + _describe -t commands 'nft reset' commands "$@" +} +_nft_families(){ + local families=( + "ip:IPv4 address family" + "ip6:IPv6 address family" + "inet:internet (IPv4+IPv6) address family" + "arp:ARP address family, handling IPv4 ARP packets" + "bridge:Bridge address family, handling packets which traverse a bridge device" + "netdev:Netdev address family, handling packets from ingress" + ) + _describe -t families 'nft families' families "$@" +} + +_nft_table(){ + # complete the names of tables and the families of existing tables + #$1 can be: all all-handle -handle + local tables=() + if [[ "$1" =~ "^all" ]]; then + local families=( ${(f)"$(_call_program -p tables nft list tables 2>/dev/null \ + | cut -d\ -f2 )"} ) + # ip is the default family, search also for table names there + 1="${1/all/ip}" + _describe -t families "family" families -J "family" + fi + if [[ "$1" =~ "-handle$" ]]; then + tables=("handle:address the table by handle") + #remove -handle from $1 to be able to complete table names + 1="${1/-handle/}" + _describe -t tables "table" tables -V "handle" + fi + case $1 in + (arp | bridge | inet | ip | ip6 | netdev) + tables=( ${(f)"$(_call_program -p tables nft -a list ruleset 2>/dev/null \ + | grep '^table '"$1" | sed 's/table // ;s/{ # handle // ;s/\(\S*\) \(\S*\) \(\S*\)/\2:type \1, handle \3/' )"} ) + _describe -t tables "table" tables -V "table-name" + ;; + esac +} + +_nft_table_handle(){ + # complete the handles of tables with the specified family (with the table name in the description) + #$1:protocol family + local tables=( ${(f)"$(_call_program -p tables nft -a list ruleset 2>/dev/null \ + | grep '^table '"$1" | sed 's/table // ;s/{ # handle // ;s/\(\S*\) \(\S*\) \(\S*\)/\3:\2(type \1)/' )"} ) + echo $1 > /tmp/znfttab + _describe -t tables "table handle" tables +} + +_nft_table_handle_all(){ + # complete the handles of tables of all families (with the table name in the description) + local tables=( ${(f)"$(_call_program -p tables nft -a list ruleset 2>/dev/null \ + | grep '^table' | sed 's/table // ;s/{ # handle // ;s/\(\S*\) \(\S*\) \(\S*\)/\3:\2(type \1)/' )"} ) + _describe -t tables "table handle" tables +} + +_nft_object(){ + # complete the names of objects contained directly in a table (with the handle number in the description) + #$1:protocol family + #$2:table + #$3:object type (chain/set/map/flowtable/ct helper/counter/quota/meter) + #$4:include 'handle'? + local objects=( ${(f)"$(_call_program -p objects nft -a list table $1 $2 2>/dev/null\ + | grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # \(.*\)/:(\1)/' )"} ) + if $4 ;then + objects+=( "handle:address $3 by handle") + fi + _describe -t objects "$3" objects +} + +_nft_object_handle(){ + # complete handles of objects contained directly in a table (with the name in the description) + #$1:protocol family + #$2:table + #$3:object type (chain/set/ct helper/counter/quota) + local handles=( ${(f)"$(_call_program -p handles nft -a list table $1 $2 2>/dev/null\ + | grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # handle// ;s/\(\S*\) \(\S*\)/\2:\1/' )"} ) + _describe -t handles "$3-handle" handles +} + +_nft_rule_handle(){ + # complete the handles of rules (and put the rule into the description) + #$1:protocol family + #$2:table + #$3:chain name + local rules=( ${(f)"$(_call_program -p nft-rule-handle nft -a list chain $1 $2 $3 2>/dev/null \ + |grep -v '^\s*\(table\|chain\|type\|\}\)'|sed 's/^\s*\(.*\) # handle \(\S*\)$/\2:\1/' )"} ) + # don't sort those entries alphabetically, so they get shown in the order they are executed in nftables + _describe -t rules "rule" rules -V "rules" +} + +#currently, only the `nft` command is covered by this script. +_nft "$@" diff --git a/zsh/zsh-completions/_openssl b/zsh/zsh-completions/_openssl new file mode 100644 index 0000000..9e93be0 --- /dev/null +++ b/zsh/zsh-completions/_openssl @@ -0,0 +1,1687 @@ +#compdef openssl +# ------------------------------------------------------------------------------ +# Copyright (c) 2011 Github zsh-users - https://github.com/zsh-users +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the zsh-users nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# ------------------------------------------------------------------------------ + +# openssl command [ command_opts ] [ command_args ] + +_openssl() { + local openssl_commands cmd cmds + if [[ "$CURRENT" -lt 2 ]]; then + # I do not think this can happen... + return + elif [[ "$CURRENT" -eq 2 ]]; then + # first parameter, the command + openssl_commands=(${(z)${${(f)"$(openssl help 2>&1)"}:#([A-Z]|openssl:Error:)*}}) + _describe 'openssl commands' openssl_commands + else + # $CURRENT -gt 2 + cmd="${words[2]}" + # Note: we could use ${(k)functions} to get a list of all functions and + # filter those that start with _openssl_ + # but that would mean defining a new function *somewhere* might mess with + # the completion... + cmds=(asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam \ + ec ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp \ + passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa \ + rsautl s_client s_server s_time sess_id smime speed spkac srp ts \ + verify version x509) + # check if $cmd is in $cmds, the list of supported commands + if [[ "${cmds[(r)$cmd]}" == "${cmd}" ]]; then + # we should be able to complete $cmd + # run _openssl_$cmd with the remaining words from the command line + shift words + (( CURRENT-- )) + _openssl_${cmd} + elif [[ ${${=${"$(openssl help 2>&1)"/*Cipher commands[^)]#)/}}[(re)$cmd]} == "$cmd" ]]; then + # $cmd is a cipher command, which is practically an alias to enc + shift words + (( CURRENT-- )) + _openssl_enc + elif [[ ${${=${${"$(openssl help 2>&1)"%%Cipher commands*}/*Message Digest commands[^)]#)/}}[(re)$cmd]} == "$cmd" ]]; then + # $cmd is a message digest command, which is practically an alias to dgst + shift words + (( CURRENT-- )) + _openssl_dgst + fi + fi +} + + +_openssl_asn1parse() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format - one of DER PEM]:format:(DER PEM)' \ + '-in[input file]:file:_files' \ + '-out[output file (output format is always DER]:file:_files' \ + "-noout[don't produce any output]" \ + '-offset[offset into file]:number: ' \ + '-length[length of section in file]:number: ' \ + '-i[indent entries]' \ + '-dump[dump unknown data in hex form]' \ + '-dlimit[dump the first arg bytes of unknown data in hex form]:number: ' \ + '-oid[file of extra oid definitions]:file:_files' \ + "-strparse[a series of these can be used to 'dig' into multiple ASN1 blob wrappings]:offset:" \ + '-genstr[string to generate ASN1 structure from]:str:' \ + '-genconf[file to generate ASN1 structure from]:file:_files' +} + + +_openssl_ca() { + # written for openssl 1.0.1k + _arguments -C \ + '-verbose[talk a lot while doing things]' \ + '-config[a config file]:file:_files' \ + '-name[the particular CA definition to use]:section: ' \ + '-gencrl[generate a new CRL]' \ + '-crldays[days is when the next CRL is due]:days: ' \ + '-crlhours[hours is when the next CRL is due]:hours: ' \ + '-startdate[certificate validity notBefore]:date: ' \ + '-enddate[certificate validity notAfter (overrides -days)]:date: ' \ + '-days[number of days to certify the certificate for]:days: ' \ + '-md[md to use, one of md2, md5, sha or sha1]:alg:(md2 md5 sha sha1)' \ + "-policy[the CA 'policy' to support]:policy: " \ + '-keyfile[private key file]:file:_files' \ + '-keyform[private key file format (PEM or ENGINE)]:format:(PEM ENGINE)' \ + '-key[key to decode the private key if it is encrypted]:password: ' \ + '-cert[the CA certificate]:file:_files' \ + '-selfsign[sign a certificate with the key associated with it]' \ + '-in[the input PEM encoded certificate request(s)]:file:_files' \ + '-out[where to put the output file(s)]:file:_files' \ + '-outdir[where to put output certificates]:dir:_files -/' \ + '-infiles[the last argument, requests to process]:*:files:_files' \ + '-spkac[file contains DN and signed public key and challenge]:file:_files' \ + '-ss_cert[file contains a self signed cert to sign]:file:_files' \ + "-preserveDN[don't re-order the DN]" \ + "-noemailDN[don't add the EMAIL field into certificate' subject]" \ + "-batch[don't ask questions]" \ + '-msie_hack[msie modifications to handle all those universal strings]' \ + '-revoke[revoke a certificate (given in file)]:file:_files' \ + "-subj[use arg instead of request's subject]:subject: " \ + '-utf8[input characters are UTF8 (default ASCII)]' \ + '-multivalue-rdn[enable support for multivalued RDNs]' \ + '-extensions[extension section (override value in config file)]:section: ' \ + '-extfile[configuration file with X509v3 extensions to add]:file:_files' \ + '-crlexts[CRL extension section (override value in config file)]:section: ' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-status[shows certificate status given the serial number]:serial: ' \ + '-updatedb[updates db for expired certificates]' +} + + +_openssl_ciphers() { + # written for openssl 1.0.1k + _arguments -C \ + '-v[verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL]' \ + '-V[even more verbose]' \ + '-ssl2[SSL2 mode]' \ + '-ssl3[SSL3 mode]' \ + '-tls1[TLS1 mode]' \ + ':cipher suite:_list_ciphers' +} + + +_openssl_cms() { + # written for openssl 1.0.1k + _arguments -C \ + '-encrypt[encrypt message]' \ + '-decrypt[decrypt encrypted message]' \ + '-sign[sign message]' \ + '-verify[verify signed message]' \ + '-cmsout[output CMS structure]' \ + '-des3[encrypt with triple DES]' \ + '-des[encrypt with DES]' \ + '-seed[encrypt with SEED]' \ + '-rc2-40[encrypt with RC2-40 (default)]' \ + '-rc2-64[encrypt with RC2-64]' \ + '-rc2-128[encrypt with RC2-128]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + "-nointern[don't search certificates in message for signer]" \ + "-nosigs[don't verify message signature]" \ + "-noverify[don't verify signers certificate]" \ + "-nocerts[don't include signers certificate when signing]" \ + '-nodetach[use opaque signing]' \ + "-noattr[don't include any signed attributes]" \ + "-binary[don't translate message to text]" \ + '-certfile[other certificates file]:file:_files' \ + '-certsout[certificate output file]:file:_files' \ + '-signer[signer certificate file]:file:_files' \ + '-recip[recipient certificate file for decryption]:file:_files' \ + '-keyid[use subject key identifier]' \ + '-in[input file]:file:_files' \ + '-inform[input format SMIME (default), PEM or DER]:format:(SMIME PEM DER)' \ + '-inkey[input private key (if not signer or recipient)]:file:_files' \ + '-keyform[input private key format (PEM or ENGINE)]:format:(PEM ENGINE)' \ + '-out[output file]:file:_files' \ + '-outform[output format SMIME (default), PEM or DER]:format:(SMIME PEM DER)' \ + '-content[supply or override content for detached signature]:file:_files' \ + '-to[to address mail head]:address: ' \ + '-from[from address mail head]:address: ' \ + '-subject[subject mail head]:subject: ' \ + '-text[include or delete text MIME headers]' \ + '-CApath[trusted certificates directory]:dir:_files -/' \ + '-CAfile[trusted certificates file]:file:_files' \ + "-crl_check[check revocation status of signer's certificate using CRLs]" \ + "-crl_check_all[check revocation status of signer's certificate chain using CRLs]" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '*:certificate:_files' +} + + +_openssl_crl() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format - default PEM (DER or PEM)]:format:(PEM DER)' \ + '-outform[output format - default PEM]:format:(PEM DER)' \ + '-text[print out a text format version]' \ + '-in[input file - default stdin]:file:_files' \ + '-out[output file - default stdout]:file:_files' \ + '-hash[print hash value]' \ + '-hash_old[print old-style (MD5) hash value]' \ + '-fingerprint[print the crl fingerprint]' \ + '-issuer[print issuer DN]' \ + '-lastupdate[print lastUpdate field]' \ + '-nextupdate[print nextUpdate field]' \ + '-crlnumber[print CRL number]' \ + '-noout[no CRL output]' \ + '-CAfile[verify CRL using certificates in the specified file]:file:_files' \ + '-CApath[verify CRL using certificates in the specified directory]:dir:_files -/' \ + '*-nameopt[various certificate name options]:options:_nameopts' +} + + +_openssl_crl2pkcs7() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format - DER or PEM]:format:(PEM DER)' \ + '-outform[output format - DER or PEM]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-certfile[certificates file of chain to a trusted CA (can be used more than once)]:file:_files' \ + "-nocrl[no crl to load, just certs from '-certfile']" +} + + +_openssl_dgst() { + # written for openssl 1.0.1k + local digests + digests=(-dss1 -md4 -md5 -mdc2 -ripemd160 -sha -sha1 -sha224 -sha256 -sha384 -sha512 -whirlpool) + # -hmac is listed twice because it's documented twice by openssl + _arguments -C -A '-*' \ + '(-r -hex -binary)-c[to output the digest with separating colons]' \ + '(-c -hex -binary)-r[to output the digest in coreutils format]' \ + '-d[to output debug info]' \ + '(-c -r -binary)-hex[output as hex dump]' \ + '(-c -r -hex)-binary[output in binary form]' \ + '-hmac[set the HMAC key to arg]:key: ' \ + '-non-fips-allow[allow use of non FIPS digest]' \ + '-sign[sign digest using private key in the specified file]:file:_files' \ + '-verify[verify a signature using public key in the specified file]:file:_files' \ + '-prverify[verify a signature using private key in the specified file]:file:_files' \ + '-keyform[key file format (PEM or ENGINE)]:format:(PEM ENGINE)' \ + '-out[output to filename rather than stdout]:file:_files' \ + '-signature[signature to verify]:file:_files' \ + '-sigopt[signature parameter]:nm\:v: ' \ + '-hmac[create hashed MAC with key]:key: ' \ + '-mac[create MAC (not necessarily HMAC)]:algorithm: ' \ + '-macopt[MAC algorithm parameters or key]:nm\:v: ' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + "($digests)-dss1[use the dss1 message digest algorithm]" \ + "($digests)-md4[to use the md4 message digest algorithm]" \ + "($digests)-md5[to use the md5 message digest algorithm]" \ + "($digests)-mdc2[to use the mdc2 message digest algorithm]" \ + "($digests)-ripemd160[to use the ripemd160 message digest algorithm]" \ + "($digests)-sha[to use the sha message digest algorithm]" \ + "($digests)-sha1[to use the sha1 message digest algorithm]" \ + "($digests)-sha224[to use the sha224 message digest algorithm]" \ + "($digests)-sha256[to use the sha256 message digest algorithm]" \ + "($digests)-sha384[to use the sha384 message digest algorithm]" \ + "($digests)-sha512[to use the sha512 message digest algorithm]" \ + "($digests)-whirlpool[to use the whirlpool message digest algorithm]" \ + '*:file:_files' +} + + +_openssl_dh() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-check[check the DH parameters]' \ + '-text[print a text form of the DH parameters]' \ + '-C[output C code]' \ + '-noout[no output]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_dhparam() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-dsaparam[read or generate DSA parameters, convert to DH]' \ + '-check[check the DH parameters]' \ + '-text[print a text form of the DH parameters]' \ + '-C[output C code]' \ + '-2[generate parameters using 2 as the generator value]' \ + '-5[generate parameters using 5 as the generator value]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-noout[no output]' \ + ':numbits: ' +} + + +_openssl_dsa() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-passin[input file pass phrase source]:file:_files' \ + '-out[output file]:file:_files' \ + '-passout[output file pass phrase source]:file:_files' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-des[encrypt PEM output with cbc des]' \ + '-des3[encrypt PEM output with ede cbc des using 168 bit key]' \ + '-idea[encrypt PEM output with cbc idea]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + '-seed[encrypt PEM output with cbc seed]' \ + '-text[print the key in text]' \ + "-noout[don't print key out]" \ + '-modulus[print the DSA public value]' +} + + +_openssl_dsaparam() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-text[print as text]' \ + '-C[output C code]' \ + '-noout[no output]' \ + '-genkey[generate a DSA key]' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + ':numbits: ' +} + + +_openssl_ec() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-passin[input file pass phrase source]:file:_files' \ + '-out[output file]:file:_files' \ + '-passout[output file pass phrase source]:file:_files' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + "-des[encrypt PEM output, instead of 'des' every other cipher supported by OpenSSL can be used]" \ + '-text[print the key]' \ + "-noout[don't print key out]" \ + '-param_out[print the elliptic curve parameters]' \ + '-conv_form[specifies the point conversion form]:form:(compressed uncompressed hybrid)' \ + '-param_enc[specifies the way the ec parameters are encoded in the asn1 der encoding]:encoding:(named_curve explicit)' +} + + +_openssl_ecparam() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file - default stdin]:file:_files' \ + '-out[output file - default stdout]:file:_files' \ + '-noout[do not print the ec parameter]' \ + '-text[print the ec parameters in text form]' \ + '-check[validate the ec parameters]' \ + "-C[print a 'C' function creating the parameters]" \ + "-name[use the ec parameters with 'short name' name]:name: " \ + "-list_curves[prints a list of all currently available curve 'short names']" \ + '-conv_form[specifies the point conversion form]:form:(compressed uncompressed hybrid)' \ + '-param_enc[specifies the way the ec parameters are encoded in the asn1 der encoding]:encoding:(named_curve explicit)' \ + "-no_seed[if 'explicit' parameters are chosen do not use the seed]" \ + '-genkey[generate ec key]' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_enc() { + # written for openssl 1.0.1k + local ciphers + ciphers=(-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-cfb -aes-128-cfb1 \ + -aes-128-cfb8 -aes-128-ctr -aes-128-ecb -aes-128-gcm -aes-128-ofb \ + -aes-128-xts -aes-192-cbc -aes-192-cfb -aes-192-cfb1 -aes-192-cfb8 \ + -aes-192-ctr -aes-192-ecb -aes-192-gcm -aes-192-ofb -aes-256-cbc \ + -aes-256-cbc-hmac-sha1 -aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 \ + -aes-256-ctr -aes-256-ecb -aes-256-gcm -aes-256-ofb -aes-256-xts \ + -aes128 -aes192 -aes256 -bf -bf-cbc -bf-cfb -bf-ecb -bf-ofb \ + -blowfish -camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1 \ + -camellia-128-cfb8 -camellia-128-ecb -camellia-128-ofb \ + -camellia-192-cbc -camellia-192-cfb -camellia-192-cfb1 \ + -camellia-192-cfb8 -camellia-192-ecb -camellia-192-ofb \ + -camellia-256-cbc -camellia-256-cfb -camellia-256-cfb1 \ + -camellia-256-cfb8 -camellia-256-ecb -camellia-256-ofb \ + -camellia128 -camellia192 -camellia256 -cast -cast-cbc -cast5-cbc \ + -cast5-cfb -cast5-ecb -cast5-ofb -des -des-cbc -des-cfb -des-cfb1 \ + -des-cfb8 -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ofb \ + -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1 \ + -des-ede3-cfb8 -des-ede3-ofb -des-ofb -des3 -desx -desx-cbc \ + -id-aes128-GCM -id-aes192-GCM -id-aes256-GCM -idea -idea-cbc \ + -idea-cfb -idea-ecb -idea-ofb -rc2 -rc2-40-cbc -rc2-64-cbc \ + -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -rc4-hmac-md5 \ + -rc5 -rc5-cbc -rc5-cfb -rc5-ecb -rc5-ofb -seed -seed-cbc -seed-cfb \ + -seed-ecb -seed-ofb) + _arguments -C \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-pass[pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-e[encrypt]' \ + '-d[decrypt]' \ + '(-a -base64)'{-a,-base64}'[base64 encode/decode, depending on encryption flag]' \ + '-k[the password to derive the key from]:password: ' \ + '-kfile[read the password to derive the key from the first line of the file]:file:_files' \ + '-md[the md to use to create a key from a passphrase]:alg:(md2 md5 sha sha1)' \ + '-S[the actual salt to use]:salt: ' \ + '-K[the actual key to use]:key: ' \ + '-iv[the actual IV to use]:IV: ' \ + '-p[print out the key and IV used]' \ + '-P[print out the key and IV used the exit]' \ + '-bufsize[set the buffer size for I/O]:size: ' \ + '-nopad[disable standard block padding]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + "(${ciphers})-aes-128-cbc[cipher types]" \ + "(${ciphers})-aes-128-cbc-hmac-sha1[cipher types]" \ + "(${ciphers})-aes-128-cfb[cipher types]" \ + "(${ciphers})-aes-128-cfb1[cipher types]" \ + "(${ciphers})-aes-128-cfb8[cipher types]" \ + "(${ciphers})-aes-128-ctr[cipher types]" \ + "(${ciphers})-aes-128-ecb[cipher types]" \ + "(${ciphers})-aes-128-gcm[cipher types]" \ + "(${ciphers})-aes-128-ofb[cipher types]" \ + "(${ciphers})-aes-128-xts[cipher types]" \ + "(${ciphers})-aes-192-cbc[cipher types]" \ + "(${ciphers})-aes-192-cfb[cipher types]" \ + "(${ciphers})-aes-192-cfb1[cipher types]" \ + "(${ciphers})-aes-192-cfb8[cipher types]" \ + "(${ciphers})-aes-192-ctr[cipher types]" \ + "(${ciphers})-aes-192-ecb[cipher types]" \ + "(${ciphers})-aes-192-gcm[cipher types]" \ + "(${ciphers})-aes-192-ofb[cipher types]" \ + "(${ciphers})-aes-256-cbc[cipher types]" \ + "(${ciphers})-aes-256-cbc-hmac-sha1[cipher types]" \ + "(${ciphers})-aes-256-cfb[cipher types]" \ + "(${ciphers})-aes-256-cfb1[cipher types]" \ + "(${ciphers})-aes-256-cfb8[cipher types]" \ + "(${ciphers})-aes-256-ctr[cipher types]" \ + "(${ciphers})-aes-256-ecb[cipher types]" \ + "(${ciphers})-aes-256-gcm[cipher types]" \ + "(${ciphers})-aes-256-ofb[cipher types]" \ + "(${ciphers})-aes-256-xts[cipher types]" \ + "(${ciphers})-aes128[cipher types]" \ + "(${ciphers})-aes192[cipher types]" \ + "(${ciphers})-aes256[cipher types]" \ + "(${ciphers})-bf[cipher types]" \ + "(${ciphers})-bf-cbc[cipher types]" \ + "(${ciphers})-bf-cfb[cipher types]" \ + "(${ciphers})-bf-ecb[cipher types]" \ + "(${ciphers})-bf-ofb[cipher types]" \ + "(${ciphers})-blowfish[cipher types]" \ + "(${ciphers})-camellia-128-cbc[cipher types]" \ + "(${ciphers})-camellia-128-cfb[cipher types]" \ + "(${ciphers})-camellia-128-cfb1[cipher types]" \ + "(${ciphers})-camellia-128-cfb8[cipher types]" \ + "(${ciphers})-camellia-128-ecb[cipher types]" \ + "(${ciphers})-camellia-128-ofb[cipher types]" \ + "(${ciphers})-camellia-192-cbc[cipher types]" \ + "(${ciphers})-camellia-192-cfb[cipher types]" \ + "(${ciphers})-camellia-192-cfb1[cipher types]" \ + "(${ciphers})-camellia-192-cfb8[cipher types]" \ + "(${ciphers})-camellia-192-ecb[cipher types]" \ + "(${ciphers})-camellia-192-ofb[cipher types]" \ + "(${ciphers})-camellia-256-cbc[cipher types]" \ + "(${ciphers})-camellia-256-cfb[cipher types]" \ + "(${ciphers})-camellia-256-cfb1[cipher types]" \ + "(${ciphers})-camellia-256-cfb8[cipher types]" \ + "(${ciphers})-camellia-256-ecb[cipher types]" \ + "(${ciphers})-camellia-256-ofb[cipher types]" \ + "(${ciphers})-camellia128[cipher types]" \ + "(${ciphers})-camellia192[cipher types]" \ + "(${ciphers})-camellia256[cipher types]" \ + "(${ciphers})-cast[cipher types]" \ + "(${ciphers})-cast-cbc[cipher types]" \ + "(${ciphers})-cast5-cbc[cipher types]" \ + "(${ciphers})-cast5-cfb[cipher types]" \ + "(${ciphers})-cast5-ecb[cipher types]" \ + "(${ciphers})-cast5-ofb[cipher types]" \ + "(${ciphers})-des[cipher types]" \ + "(${ciphers})-des-cbc[cipher types]" \ + "(${ciphers})-des-cfb[cipher types]" \ + "(${ciphers})-des-cfb1[cipher types]" \ + "(${ciphers})-des-cfb8[cipher types]" \ + "(${ciphers})-des-ecb[cipher types]" \ + "(${ciphers})-des-ede[cipher types]" \ + "(${ciphers})-des-ede-cbc[cipher types]" \ + "(${ciphers})-des-ede-cfb[cipher types]" \ + "(${ciphers})-des-ede-ofb[cipher types]" \ + "(${ciphers})-des-ede3[cipher types]" \ + "(${ciphers})-des-ede3-cbc[cipher types]" \ + "(${ciphers})-des-ede3-cfb[cipher types]" \ + "(${ciphers})-des-ede3-cfb1[cipher types]" \ + "(${ciphers})-des-ede3-cfb8[cipher types]" \ + "(${ciphers})-des-ede3-ofb[cipher types]" \ + "(${ciphers})-des-ofb[cipher types]" \ + "(${ciphers})-des3[cipher types]" \ + "(${ciphers})-desx[cipher types]" \ + "(${ciphers})-desx-cbc[cipher types]" \ + "(${ciphers})-id-aes128-GCM[cipher types]" \ + "(${ciphers})-id-aes192-GCM[cipher types]" \ + "(${ciphers})-id-aes256-GCM[cipher types]" \ + "(${ciphers})-idea[cipher types]" \ + "(${ciphers})-idea-cbc[cipher types]" \ + "(${ciphers})-idea-cfb[cipher types]" \ + "(${ciphers})-idea-ecb[cipher types]" \ + "(${ciphers})-idea-ofb[cipher types]" \ + "(${ciphers})-rc2[cipher types]" \ + "(${ciphers})-rc2-40-cbc[cipher types]" \ + "(${ciphers})-rc2-64-cbc[cipher types]" \ + "(${ciphers})-rc2-cbc[cipher types]" \ + "(${ciphers})-rc2-cfb[cipher types]" \ + "(${ciphers})-rc2-ecb[cipher types]" \ + "(${ciphers})-rc2-ofb[cipher types]" \ + "(${ciphers})-rc4[cipher types]" \ + "(${ciphers})-rc4-40[cipher types]" \ + "(${ciphers})-rc4-hmac-md5[cipher types]" \ + "(${ciphers})-rc5[cipher types]" \ + "(${ciphers})-rc5-cbc[cipher types]" \ + "(${ciphers})-rc5-cfb[cipher types]" \ + "(${ciphers})-rc5-ecb[cipher types]" \ + "(${ciphers})-rc5-ofb[cipher types]" \ + "(${ciphers})-seed[cipher types]" \ + "(${ciphers})-seed-cbc[cipher types]" \ + "(${ciphers})-seed-cfb[cipher types]" \ + "(${ciphers})-seed-ecb[cipher types]" \ + "(${ciphers})-seed-ofb[cipher types]" +} + + +_openssl_engine() { + # written for openssl 1.0.1k + _arguments -C \ + '(-vv -vvv -vvvv)-v[verbose mode, for each engine, list its "control commands"]' \ + "(-v -vvv -vvvv)-vv[like -v, but additionally display each command's description]" \ + '(-v -vv -vvvv)-vvv[like -vv, but also add the input flags for each command]' \ + '(-v -vv -vvv)-vvvv[like -vvv, but also show internal input flags]' \ + '-c[for each engine, also list the capabilities]' \ + '(-tt)-t[for each engine, check that they are really available]' \ + '(-t)-tt[display error trace for unavailable engines]' \ + "-pre[runs command 'cmd' against the ENGINE before any attempts to load it (if -t is used)]:cmd: " \ + "-post[runs command 'cmd' against the ENGINE after loading it (only used if -t is also provided)]:cmd: " \ + '*:engine:_engines' + # TODO: can cmd (for -pre and -post) be completed? +} + + +_openssl_errstr() { + # written for openssl 1.0.1k + # written for openssl 1.0.2a + _arguments -C \ + '-stats' \ + ':errno: ' +} + + +_openssl_gendh() { + # written for openssl 1.0.1k + _arguments -C \ + "-out[output the key to 'file']:file:_files" \ + '-2[use 2 as the generator value]' \ + '-5[use 5 as the generator value]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + ':numbits: ' +} + + +_openssl_gendsa() { + # written for openssl 1.0.1k + _arguments -C \ + "-out[output the key to 'file']:file:_files" \ + '-des[encrypt the generated key with DES in cbc mode]' \ + '-des3[encrypt the generated key with DES in ede cbc mode (168 bit key)]' \ + '-idea[encrypt the generated key with IDEA in cbc mode]' \ + '-seed[encrypt PEM output with cbc seed]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + ':dsaparam-file:_files' +} + + +_openssl_genpkey() { + # written for openssl 1.0.1k + local ciphers cipher_opts + if ! ciphers=( ${$(openssl list-cipher-algorithms | cut -d' ' -f1)} ) 2>/dev/null ; then + ciphers=( ${$(openssl list -cipher-algorithms | cut -d' ' -f1)} ) + fi + cipher_opts=() + for alg in ${ciphers}; do + cipher_opts=(${cipher_opts} "(${${(l:32:: ::-:)ciphers[@]}// / })-${alg}[use this cipher to encrypt the key]") + done + _arguments -C \ + '-out[output file]:file:_files' \ + '-outform[output format]:format:(PEM DER)' \ + '-pass[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + $cipher_opts \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '(-algorithm)-paramfile[parameters file]:file:_files' \ + '(-paramfile)-algorithm[the public key algorithm]:algorithm:(EC RSA DSA DH)' \ + '-pkeyopt[public key options]:option\:value: ' \ + '-genparam[generate parameters, not key]' \ + '-text[print the in text]' + # NB: options order may be important! See the manual page. + # TODO: complete pkeyopts + # However: "The precise set of options supported depends on the public key + # algorithm used and its implementation." +} + + +_openssl_genrsa() { + # written for openssl 1.0.1k + _arguments -C \ + '-des[encrypt the generated key with DES in cbc mode]' \ + '-des3[encrypt the generated key with DES in ede cbc mode (168 bit key)]' \ + '-idea[encrypt the generated key with IDEA in cbc mode]' \ + '-seed[encrypt PEM output with cbc seed]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + '-out[output the key to file]:file:_files' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-f4[use F4 (0x10001) for the E value]' \ + '-3[use 3 for the E value]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + ':numbits: ' +} + + +_openssl_nseq() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-toseq[output NS Sequence file]' +} + + +_openssl_ocsp() { + # written for openssl 1.0.1k + _arguments -C \ + '-out[output filename]:file:_files' \ + '-issuer[issuer certificate]:file:_files' \ + '-cert[certificate to check]:file:_files' \ + '-serial[serial number to check]:serial: ' \ + '-signer[certificate to sign OCSP request with]:file:_files' \ + '-signkey[private key to sign OCSP request with]:file:_files' \ + '-sign_other[additional certificates to include in signed request]:file:_files' \ + "-no_certs[don't include any certificates in signed request]" \ + '-req_text[print text form of request]' \ + '-resp_text[print text form of response]' \ + '-text[print text form of request and response]' \ + '-reqout[write DER encoded OCSP request to "file"]:file:_files' \ + '-respout[write DER encoded OCSP response to "file"]:file:_files' \ + '-reqin[read DER encoded OCSP request from "file"]:file:_files' \ + '-respin[read DER encoded OCSP response from "file"]:file:_files' \ + '-nonce[add OCSP nonce to request]' \ + "-no_nonce[don't add OCSP nonce to request]" \ + '-url[OCSP responder URL]:URL: ' \ + '-host[send OCSP request to given host on given port]:host\:port: ' \ + '-path[path to use in OCSP request]' \ + '-CApath[trusted certificates directory]:directory:_files -/' \ + '-CAfile[trusted certificates file]:file:_files' \ + '-VAfile[validator certificates file]:file:_files' \ + '-validity_period[maximum validity discrepancy in seconds]:seconds: ' \ + '-status_age[maximum status age in seconds]:seconds: ' \ + "-noverify[don't verify response at all]" \ + '-verify_other[additional certificates to search for signer]:file:_files' \ + "-trust_other[don't verify additional certificates]" \ + "-no_intern[don't search certificates contained in response for signer]" \ + "-no_signature_verify[don't check signature on response]" \ + "-no_cert_verify[don't check signing certificate]" \ + "-no_chain[don't chain verify response]" \ + "-no_cert_checks[don't do additional checks on signing certificate]" \ + '-port[port to run responder on]:port: ' \ + '-index[certificate status index file]:file:_files' \ + '-CA[CA certificate]:file:_files' \ + '-rsigner[responder certificate to sign responses with]:file:_files' \ + '-rkey[responder key to sign responses with]:file:_files' \ + '-rother[other certificates to include in response]:file:_files' \ + "-resp_no_certs[don't include any certificates in response]" \ + '-nmin[number of minutes before next update]:minutes: ' \ + '-ndays[number of days before next update]:days: ' \ + '-resp_key_id[identify response by signing certificate key ID]' \ + '-nrequest[number of requests to accept (default unlimited)]:limit: ' \ + '-dss1[use specified digest in the request]' \ + '-md4[use specified digest in the request]' \ + '-md5[use specified digest in the request]' \ + '-mdc2[use specified digest in the request]' \ + '-ripemd160[use specified digest in the request]' \ + '-ripemd[use specified digest in the request]' \ + '-rmd160[use specified digest in the request]' \ + '-sha1[use specified digest in the request]' \ + '-sha224[use specified digest in the request]' \ + '-sha256[use specified digest in the request]' \ + '-sha384[use specified digest in the request]' \ + '-sha512[use specified digest in the request]' \ + '-sha[use specified digest in the request]' \ + '-ssl2-md5[use specified digest in the request]' \ + '-ssl3-md5[use specified digest in the request]' \ + '-ssl3-sha1[use specified digest in the request]' \ + '-whirlpool[use specified digest in the request]' \ + '-timeout[timeout connection to OCSP responder after n seconds]:seconds: ' +} + + +_openssl_passwd() { + # written for openssl 1.0.1k + _arguments -C \ + '-crypt[standard Unix password algorithm (default)]' \ + '-1[MD5-based password algorithm]' \ + '-apr1[MD5-based password algorithm, Apache variant]' \ + '-salt[use provided salt]:salt: ' \ + '-in[read passwords from file]:file:_files' \ + '-stdin[read passwords from stdin]' \ + '-noverify[never verify when reading password from terminal]' \ + '-quiet[no warnings]' \ + '-table[format output as table]' \ + '-reverse[switch table columns]' \ + '*:password:' +} + + +_openssl_pkcs12() { + # written for openssl 1.0.2d + local algorithms + algorithms=(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc \ + aes-256-ecb bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc \ + camellia-128-ecb camellia-192-cbc camellia-192-ecb \ + camellia-256-cbc camellia-256-ecb cast-cbc cast5-cbc cast5-cfb \ + cast5-ecb cast5-ofb des-cbc des-cfb des-ecb des-ede des-ede-cbc \ + des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb \ + des-ede3-ofb des-ofb idea-cbc idea-cfb idea-ecb idea-ofb \ + rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 \ + rc4-40 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed-cbc seed-cfb \ + seed-ecb seed-ofb PBE-MD2-DES PBE-MD5-DES PBE-SHA1-RC2-64 \ + PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES PBE-SHA1-RC4-128 \ + PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 \ + PBE-SHA1-RC2-40) + _arguments -C \ + '-export[output PKCS12 file]' \ + '-chain[add certificate chain]' \ + '-inkey[private key if not infile]:file:_files' \ + '-certfile[add all certs in the specified file]:file:_files' \ + "-CApath[PEM format directory of CA's]:file:_files" \ + "-CAfile[PEM format file of CA's]:file:_files" \ + '-name[use specified friendly name]:name: ' \ + '*-caname[use specified CA friendly name]:name: ' \ + '-in[input filename]:file:_files' \ + '-out[output filename]:file:_files' \ + "-noout[don't output anything, just verify]" \ + "-nomacver[don't verify MAC]" \ + "-nocerts[don't output certificates]" \ + '-clcerts[only output client certificates]' \ + '-cacerts[only output CA certificates]' \ + "-nokeys[don't output private keys]" \ + '-info[give info about PKCS#12 structure]' \ + '-des[encrypt private keys with DES]' \ + '-des3[encrypt private keys with triple DES (default)]' \ + '-idea[encrypt private keys with idea]' \ + '-seed[encrypt private keys with seed]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + "-nodes[don't encrypt private keys]" \ + "-noiter[don't use encryption iteration]" \ + "-nomaciter[don't use MAC iteration]" \ + '-maciter[use MAC iteration]' \ + "-nomac[don't generate MAC]" \ + '-twopass[separate MAC, encryption passwords]' \ + '-descert[encrypt PKCS#12 certificates with triple DES (default RC2-40)]' \ + "-certpbe[specify certificate PBE algorithm (default RC2-40)]:alg:(${algorithms})" \ + '-keypbe[specify private key PBE algorithm (default 3DES)]:alg:(${algorithms})' \ + '-macalg[digest algorithm used in MAC (default SHA1)]:alg:_list_message_digest_algorithms' \ + '-keyex[set MS key exchange type]' \ + '-keysig[set MS key signature type]' \ + '-password[set import/export password source]:pass phrase source:_pass_phrase_source' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-CSP[Microsoft CSP name]:name: ' \ + '-LMK[add local machine keyset attribute to private key]' +} + + +_openssl_pkcs7() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-print_certs[print any certs or crl in the input]' \ + '-text[print full details of certificates]' \ + "-noout[don't output encoded data]" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_pkcs8() { + # written for openssl 1.0.2d + _arguments -C \ + '-in[input file]:file:_files' \ + '-inform[input format]:format:(PEM DER)' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-outform[output format]:format:(PEM DER)' \ + '-out[output file]:file:_files' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-topk8[output PKCS8 file]' \ + '-nooct[use (nonstandard) no octet format]' \ + '-embed[use (nonstandard) embedded DSA parameters format]' \ + '-nsdb[use (nonstandard) DSA Netscape DB format]' \ + '-noiter[use 1 as iteration count]' \ + '-nocrypt[use or expect unencrypted private key]' \ + '-v2[use PKCS#5 v2.0 and given cipher]:alg:(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed seed-cbc seed-cfb seed-ecb seed-ofb)' \ + '-v2prf[set the PRF algorithm to use with PKCS#5 v2.0]:alg:(hmacWithMD5 hmacWithRMD160 hmacWithSHA1 hmacWithSHA224 hmacWithSHA256 hmacWithSHA384 hmacWithSHA512)' \ + '-v1[use PKCS#5 v1.5 and given cipher]:obj:(PBE-MD2-DES PBE-MD5-DES PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40)' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_pkey() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[input file]:file:_files' \ + '-inform[input format]:format:(PEM DER)' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-outform[output format]:format:(PEM DER)' \ + '-out[output file]:file:_files' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_pkeyparam() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[the input filename to read parameters from]:file:_files' \ + '-out[the output filename to write parameters]:file:_files' \ + '-text[prints out the parameters in plain text in addition to the encoded version]' \ + '-noout[do not output the encoded version of the parameters]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_pkeyutl() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-sigfile[signature file (verify operation only)]:file:_files' \ + '-inkey[input key]:file:_files' \ + '-keyform[private key format]:format:(PEM DER)' \ + '-pubin[input is a public key]' \ + '-certin[input is a certificate carrying a public key]' \ + '-pkeyopt[public key options]:option\:value:_pkeyopts' \ + '-sign[sign with private key]' \ + '-verify[verify with public key]' \ + '-verifyrecover[verify with public key, recover original data]' \ + '-encrypt[encrypt with public key]' \ + '-decrypt[decrypt with private key]' \ + '-derive[derive shared secret]' \ + '-hexdump[hex dump output]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-passin[pass phrase source]:pass phrase source:_pass_phrase_source' +} + + +_openssl_prime() { + # written for openssl 1.0.1k + _arguments -C \ + '-hex[hex]' \ + '-checks[number of checks]:checks: ' \ + ':number:' +} + + +_openssl_rand() { + # written for openssl 1.0.1k + _arguments -C \ + '-out[write to file]:file:_files' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-base64[base64 encode output]' \ + '-hex[hex encode output]' \ + ':num:' +} + + +_openssl_req() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-text[text form of request]' \ + '-pubkey[output public key]' \ + '-noout[do not output REQ]' \ + '-verify[verify signature on REQ]' \ + '-modulus[RSA modulus]' \ + "-nodes[don't encrypt the output key]" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + "-subject[output the request's subject]" \ + '-passin[private key pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-key[use the private key contained in the specified file]:file:_files' \ + '-keyform[key file format]:format:(PEM DER)' \ + '-keyout[file to send the key to]:file:_files' \ + '-rand[files to use for random number input]:file:_rand_files' \ + "-newkey rsa\:-[generate a new RSA key of the specified number of bits in size]:bits: " \ + "-newkey dsa\:[generate a new DSA key, parameters taken from CA in the specified file]:file:_files" \ + "-newkey ec\:[generate a new EC key, parameters taken from CA in the specified file]:file:_files" \ + '-md2[digest to sign with]' \ + '-md4[digest to sign with]' \ + '-md5[digest to sign with]' \ + '-mdc2[digest to sign with]' \ + '-sha1[digest to sign with]' \ + '-config[request template file]:file:_files' \ + '-subj[set or modify request subject]:subject: ' \ + '-multivalue-rdn[enable support for multivalued RDNs]' \ + '-new[new request]' \ + '-batch[do not ask anything during request generation]' \ + '-x509[output a x509 structure instead of a certificate request]' \ + '-days[number of days a certificate generated by -x509 is valid for]:days: ' \ + '-set_serial[serial number to use for a certificate generated by -x509]:serial: ' \ + '-newhdr[output "NEW" in the header lines]' \ + "-asn1-kludge[output the 'request' in a format that is wrong but some CA's have been reported as requiring]" \ + '-extensions[specify certificate extension section (override value in config file)]:section: ' \ + '-reqexts[specify request extension section (override value in config file)]:section: ' \ + '-utf8[input characters are UTF8 (default ASCII)]' \ + '*-nameopt[various certificate name options]:options:_nameopts' \ + '*-reqopt[- various request text options]:options:_certopts' + # TODO: complete -extensions and -reqexts +} + + +_openssl_rsa() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER NET)' \ + '-outform[output format]:format:(PEM DER NET)' \ + '-in[input file]:file:_files' \ + '-sgckey[use IIS SGC key format]' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-out[output file]:file:_files' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-des[encrypt PEM output with cbc des]' \ + '-des3[encrypt PEM output with ede cbc des using 168 bit key]' \ + '-idea[encrypt PEM output with cbc idea]' \ + '-seed[encrypt PEM output with cbc seed]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + '-text[print the key in text]' \ + "-noout[don't print key out]" \ + '-modulus[print the RSA key modulus]' \ + '-check[verify key consistency]' \ + '-pubin[expect a public key in input file]' \ + '-pubout[output a public key]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_rsautl() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-inkey[input key]:file:_files' \ + '-keyform[private key format]:format:(PEM DER)' \ + '-pubin[input is an RSA public]' \ + '-certin[input is a certificate carrying an RSA public key]' \ + '-ssl[use SSL v2 padding]' \ + '-raw[use no padding]' \ + '-pkcs[use PKCS#1 v1.5 padding (default)]' \ + '-oaep[use PKCS#1 OAEP]' \ + '-sign[sign with private key]' \ + '-verify[verify with public key]' \ + '-encrypt[encrypt with public key]' \ + '-decrypt[decrypt with private key]' \ + '-hexdump[hex dump output]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-passin[pass phrase source]:pass phrase source:_pass_phrase_source' +} + + +_openssl_s_client() { + # written for openssl 1.0.1k + _arguments -C \ + '(-6)-4[use IPv4 only]' \ + '(-4)-6[use IPv6 only]' \ + '(-connect)-host[use -connect instead]:host: ' \ + '(-connect)-port[use -connect instead]:port: ' \ + '(-host -port)-connect[who to connect to (default is localhost:4433)]:host\:port: ' \ + '-verify[turn on peer certificate verification]:depth: ' \ + '-verify_return_error[return verification errors]' \ + '-cert[certificate file to use, PEM format assumed]:file:_files' \ + '-certform[certificate format (PEM or DER) PEM default]:format:(PEM DER)' \ + '-key[private key file to use, in cert file if not specified but cert file is]:file:_files' \ + '-keyform[key format (PEM or DER) PEM default]:format:(PEM DER)' \ + '-pass[private key file pass phrase source]:pass phrase source:_pass_phrase_source' \ + "-CApath[PEM format directory of CA's]:directory:_files -/" \ + "-CAfile[PEM format file of CA's]:file:_files" \ + '-reconnect[drop and re-make the connection with the same Session-ID]' \ + '-pause[sleep(1) after each read(2) and write(2) system call]' \ + '-prexit[print session information even on connection failure]' \ + '-showcerts[show all certificates in the chain]' \ + '-debug[extra output]' \ + '-msg[show protocol messages]' \ + '-nbio_test[more ssl protocol testing]' \ + "-state[print the 'ssl' states]" \ + '-nbio[run with non-blocking IO]' \ + '-crlf[convert LF from terminal into CRLF]' \ + '-quiet[no s_client output]' \ + '(-no_ign_eof)-ign_eof[ignore input eof (default when -quiet)]' \ + "(-ign_eof)-no_ign_eof[don't ignore input eof]" \ + '-psk_identity[PSK identity]:identity: ' \ + '-psk[PSK in hex (without 0x)]:key: ' \ + "-srpuser[SRP authentication for 'user']:user: " \ + "-srppass[password for 'user']:password: " \ + '-srp_lateuser[SRP username into second ClientHello message]' \ + '-srp_moregroups[tolerate other than the known g N values]' \ + '-srp_strength[minimal length in bits for N (default 1024)]:int: ' \ + '(-no_ssl2 -ssl3 -tls1 -tls1_1 -tls1_2 -dtls1)-ssl2[just use SSLv2]' \ + '(-no_ssl3 -ssl2 -tls1 -tls1_1 -tls1_2 -dtls1)-ssl3[just use SSLv3]' \ + '(-no_tls1_2 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1_2[just use TLSv1.2]' \ + '(-no_tls1_1 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1_1[just use TLSv1.1]' \ + '(-no_tls1 -ssl2 -ssl3 -tls1 -tls1_1 -dtls1)-tls1[just use TLSv1.0]' \ + '(-no_dtls1 -ssl2 -ssl3 -tls1 -tls1_1 -tls1_2)-dtls1[just use DTLSv1]' \ + '-fallback_scsv[send TLS_FALLBACK_SCSV]' \ + '-mtu[set the link layer MTU]' \ + '(-tls1_2)-no_tls1_2[turn off TLSv1.2]' \ + '(-tls1_1)-no_tls1_1[turn off TLSv1.1]' \ + '(-tls1)-no_tls1[turn off TLSv1.0]' \ + '(-ssl3)-no_ssl3[turn off SSLv3]' \ + '(-ssl2)-no_ssl2[turn off SSLv2]' \ + '-bugs[switch on all SSL implementation bug workarounds]' \ + "-serverpref[use server's cipher preferences (only SSLv2)]" \ + '-cipher[preferred cipher to use]:cipher suite:_list_ciphers' \ + "-starttls[use the STARTTLS command before starting TLS for those protocols that support it]:protocol:(smtp pop3 imap ftp xmpp)" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-sess_out[file to write SSL session to]:file:_files' \ + '-sess_in[file to read SSL session from]:file:_files' \ + '-servername[set TLS extension servername in ClientHello]:host: ' \ + '-tlsextdebug[hex dump of all TLS extensions received]' \ + '-status[request certificate status from server]' \ + '-no_ticket[disable use of RFC4507bis session tickets]' \ + '-nextprotoneg[enable NPN extension, considering named protocols supported (comma-separated list)]:protocols: ' \ + '-legacy_renegotiation[enable use of legacy renegotiation (dangerous)]' \ + '-use_srtp[offer SRTP key management with a colon-separated profile list]:profiles: ' \ + '-keymatexport[export keying material using label]:label: ' \ + '-keymatexportlen[export len bytes of keying material (default 20)]:len: ' +} + + +_openssl_s_server() { + # written for openssl 1.0.1k + _arguments -C \ + '-accept[port to accept on (default is 4433)]:port: ' \ + '-context[set session ID context]:id: ' \ + '-verify[turn on peer certificate verification]:depth: ' \ + '-Verify[turn on peer certificate verification, must have a cert]:depth: ' \ + '-verify_return_error[return verification errors]' \ + '-cert[certificate file to use (default is server.pem)]:file:_files' \ + '-crl_check[check the peer certificate has not been revoked by its CA]' \ + '-crl_check_all[check the peer certificate has not been revoked by its CA or any other CRL in the CA chain]' \ + '-certform[certificate format]:format:(PEM DER)' \ + '-key[Private Key file to use, in cert file if not specified (default is server.pem)]:file:_files' \ + '-keyform[key format]:format:(PEM DER ENGINE)' \ + '-pass[private key file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-dcert[second certificate file to use (usually for DSA)]:file:_files' \ + '-dcertform[second certificate format]:format:(PEM DER)' \ + '-dkey[second private key file to use (usually for DSA)]:file:_files' \ + '-dkeyform[second key format]:format:(PEM DER ENGINE)' \ + '-dpass[second private key file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-dhparam[DH parameter file to use, in cert file if not specified or a default set of parameters is used]:file:_files' \ + '-named_curve[elliptic curve name to use for ephemeral ECDH keys. (default is nistp256)]:named curve:_list_curves' \ + '-nbio[run with non-blocking IO]' \ + '-nbio_test[test with the non-blocking test bio]' \ + '-crlf[convert LF from terminal into CRLF]' \ + '-debug[print more output]' \ + '-msg[show protocol messages]' \ + '-state[print the SSL states]' \ + "-CApath[PEM format directory of CA's]:file:_files -/" \ + "-CAfile[PEM format file of CA's]:file:_files" \ + "-nocert[don't use any certificates (Anon-DH)]" \ + '-cipher[preferred cipher to use]:cipher suite:_list_ciphers' \ + "-serverpref[use server's cipher preferences]" \ + '-quiet[no server output]' \ + '-no_tmp_rsa[do not generate a tmp RSA key]' \ + '-psk_hint[PSK identity hint to use]:hint: ' \ + '-psk[PSK in hex (without 0x)]:PSK: ' \ + '-srpvfile[the verifier file for SRP]:file:_files' \ + '-srpuserseed[a seed string for a default user salt]:seed: ' \ + '-ssl2[just talk SSLv2]' \ + '-ssl3[just talk SSLv3]' \ + '-tls1_2[just talk TLSv1.2]' \ + '-tls1_1[just talk TLSv1.1]' \ + '-tls1[just talk TLSv1]' \ + '-dtls1[just talk DTLSv1]' \ + '-timeout[enable timeouts]' \ + '-mtu[set link layer MTU]' \ + '-chain[read a certificate chain]' \ + '-no_ssl2[just disable SSLv2]' \ + '-no_ssl3[just disable SSLv3]' \ + '-no_tls1[just disable TLSv1]' \ + '-no_tls1_1[just disable TLSv1.1]' \ + '-no_tls1_2[just disable TLSv1.2]' \ + '-no_dhe[disable ephemeral DH]' \ + '-no_ecdhe[disable ephemeral ECDH]' \ + '-bugs[turn on SSL bug compatibility]' \ + '-hack[workaround for early Netscape code]' \ + "-www[respond to a 'GET /' with a status page]" \ + "-WWW[respond to a 'GET / HTTP/1.0' with file ./]" \ + "-HTTP[respond to a 'GET / HTTP/1.0' with file ./ with the assumption it contains a complete HTTP response]" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-id_prefix[generate SSL/TLS session IDs prefixed by arg]:prefix: ' \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-servername[servername for HostName TLS extension]:hostname: ' \ + '-servername_fatal[on mismatch send fatal alert (default warning alert)]' \ + '-cert2[certificate file to use for servername (default is server2.pem)]:file:_files' \ + '-key2[Private Key file to use for servername, in cert file if not specified (default is server2.pem)]:file:_files' \ + '-tlsextdebug[hex dump of all TLS extensions received]' \ + '-no_ticket[disable use of RFC4507bis session tickets]' \ + '-legacy_renegotiation[enable use of legacy renegotiation (dangerous)]' \ + '-nextprotoneg[set the advertised protocols for the NPN extension (comma-separated list)]:protocol:(http/1.0 http/1.1)' \ + '-use_srtp[offer SRTP key management with a colon-separated profile list]:profiles: ' \ + '-4[use IPv4 only]' \ + '-6[use IPv6 only]' \ + '-keymatexport[export keying material using label]:label: ' \ + '-keymatexportlen[export len bytes of keying material (default 20)]:length: ' \ + '-status[respond to certificate status requests]' \ + '-status_verbose[enable status request verbose printout]' \ + '-status_timeout[status request responder timeout]:seconds: ' \ + '-status_url[status request fallback URL]:URL: ' + # TODO: srtp profiles +} + + +_openssl_s_time() { + # written for openssl 1.0.1k + _arguments -C \ + '-connect[host:port to connect to (default is localhost:4433)]:host\:port: ' \ + '-nbio[run with non-blocking IO]' \ + '-ssl2[just use SSLv2]' \ + '-ssl3[just use SSLv3]' \ + '-bugs[turn on SSL bug compatibility]' \ + '-new[just time new connections]' \ + '-reuse[just time connection reuse]' \ + "-www[retrieve the specified page from the site]:page: " \ + '-time[max number of seconds to collect data, default 30]:seconds: ' \ + '-verify[turn on peer certificate verification]:depth: ' \ + '-cert[certificate file to use, PEM format assumed]:file:_files' \ + '-key[RSA file to use, PEM format assumed, key is in cert file]:file:_files' \ + "-CApath[PEM format directory of CA's]:file:_files -/" \ + "-CAfile[PEM format file of CA's]:file:_files" \ + '-cipher[preferred cipher to use]:cipher suite:_list_ciphers' +} + + +_openssl_sess_id() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format]:format:(PEM DER)' \ + '-outform[output format]:format:(PEM DER)' \ + '-in[input file (default stdin)]:file:_files' \ + '-out[output file (default stdout)]:file:_files' \ + '-text[print ssl session id details]' \ + '-cert[output certificate ]' \ + '-noout[no CRL output]' \ + '-context[set the session ID context]:id: ' +} + + +_openssl_smime() { + # written for openssl 1.0.1k + _arguments -C \ + '-encrypt[encrypt message]' \ + '-decrypt[decrypt encrypted message]' \ + '-sign[sign message]' \ + '-verify[verify signed message]' \ + '-pk7out[output PKCS#7 structure]' \ + '-des3[encrypt with triple DES]' \ + '-des[encrypt with DES]' \ + '-seed[encrypt with SEED]' \ + '-rc2-40[encrypt with RC2-40 (default)]' \ + '-rc2-64[encrypt with RC2-64]' \ + '-rc2-128[encrypt with RC2-128]' \ + '-aes128[encrypt PEM output with cbc aes]' \ + '-aes192[encrypt PEM output with cbc aes]' \ + '-aes256[encrypt PEM output with cbc aes]' \ + '-camellia128[encrypt PEM output with cbc camellia]' \ + '-camellia192[encrypt PEM output with cbc camellia]' \ + '-camellia256[encrypt PEM output with cbc camellia]' \ + "-nointern[don't search certificates in message for signer]" \ + "-nosigs[don't verify message signature]" \ + "-noverify[don't verify signers certificate]" \ + "-nocerts[don't include signers certificate when signing]" \ + '-nodetach[use opaque signing]' \ + "-noattr[don't include any signed attributes]" \ + "-binary[don't translate message to text]" \ + '-certfile[other certificates file]:file:_files' \ + '-signer[signer certificate file]:file:_files' \ + '-recip[recipient certificate file for decryption]:file:_files' \ + '-in[input file]:file:_files' \ + '-inform[input format]:format:(SMIME PEM DER)' \ + '-inkey[input private key (if not signer or recipient)]:file:_files' \ + '-keyform[input private key format]:format:(PEM ENGINE)' \ + '-out[output file]:file:_files' \ + '-outform[output format]:format:(SMIME PEM DER)' \ + '-content[supply or override content for detached signature]:file:_files' \ + '-to[to address]:address: ' \ + '-from[from address]:address: ' \ + '-subject[subject]:subject: ' \ + '-text[include or delete text MIME headers]' \ + '-CApath[trusted certificates directory]:directory:_files -/' \ + '-CAfile[trusted certificates file]:file:_files' \ + "-crl_check[check revocation status of signer's certificate using CRLs]" \ + "-crl_check_all[check revocation status of signer's certificate chain using CRLs]" \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-rand[files to use for random number input]:file:_rand_files' \ + ':certificate:_files' +} + + +_openssl_speed() { + # written for openssl 1.0.1k + local algorithms + algorithms=(mdc2 md4 md5 hmac sha1 sha256 sha512 whirlpoolrmd160 idea-cbc \ + seed-cbc rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 aes-128-cbc \ + aes-192-cbc aes-256-cbc aes-128-ige aes-192-ige aes-256-ige \ + camellia-128-cbc camellia-192-cbc camellia-256-cbc rc4 rsa512 \ + rsa1024 rsa2048 rsa4096 dsa512 dsa1024 dsa2048 ecdsap160 \ + ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521 ecdsak163 \ + ecdsak233 ecdsak283 ecdsak409 ecdsak571 ecdsab163 ecdsab233 \ + ecdsab283 ecdsab409 ecdsab571 ecdsa ecdhp160 ecdhp192 ecdhp224 \ + ecdhp256 ecdhp384 ecdhp521 ecdhk163 ecdhk233 ecdhk283 ecdhk409 \ + ecdhk571 ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571 ecdh idea \ + seed rc2 des aes camellia rsa blowfish) + _arguments -C \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-evp[use the specified EVP]:EVP: ' \ + '-decrypt[time decryption instead of encryption (only EVP)]' \ + '-mr[produce machine readable output]' \ + '-multi[run n benchmarks in parallel]:benchmarks: ' \ + "*:algorithm:(${algorithms})" +} + + +_openssl_spkac() { + # written for openssl 1.0.1k + _arguments -C \ + '-in[input file]:file:_files' \ + '-out[output file]:file:_files' \ + '-key[create SPKAC using private key]:file:_files' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-challenge[challenge string]:string: ' \ + '-spkac[alternative SPKAC name]:spkacname: ' \ + '-spksect[alternative section name]:section: ' \ + "-noout[don't print SPKAC]" \ + '-pubkey[output public key]' \ + '-verify[verify SPKAC signature]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' +} + + +_openssl_srp() { + # written for openssl 1.0.1k + _arguments -C \ + '-verbose[talk a lot while doing things]' \ + '-config[a config file]:file:_files' \ + '-name[the particular srp definition to use]:definition: ' \ + '-srpvfile[the srp verifier file name]:file:_files' \ + '(-modify -delete -list)-add[add an user and srp verifier]' \ + '(-add -delete -list)-modify[modify the srp verifier of an existing user]' \ + '(-add -modify -list)-delete[delete user from verifier file]' \ + '(-add -modify -delete)-list[list user]' \ + '-gn[g and N values to be used for new verifier]:g and N: ' \ + '-userinfo[additional info to be set for user]:userinfo: ' \ + '-passin[input file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-passout[output file pass phrase source]:pass phrase source:_pass_phrase_source' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '-rand[files to use for random number input]:file:_rand_files' \ + ':user:' +} + + +_openssl_ts() { + # written for openssl 1.0.1k + # written for openssl 1.0.2e + local action digests + digests=(-dss1 -md4 -md5 -mdc2 -ripemd160 -sha -sha1 -sha224 -sha256 \ + -sha384 -sha512 -whirlpool) + if [[ "${CURRENT}" -eq 2 ]]; then + # first parameter to ts + _values 'openssl time stamp action' '-query[time stamp request generation]' '-reply[time stamp response generation]' '-verify[time stamp response verification]' + else + action="${words[2]}" + case "${action}" in + -query) + _arguments -C \ + '-rand[files to use for random number input]:file:_rand_files' \ + '-config[config file to use]:file:_files' \ + '(-digest)-data[data file for which the time stamp request needs to be created]:file:_files' \ + '(-data)-digest[digest of the data file]:bytes: ' \ + "($digests)-dss1[use the dss1 message digest algorithm]" \ + "($digests)-md4[to use the md4 message digest algorithm]" \ + "($digests)-md5[to use the md5 message digest algorithm]" \ + "($digests)-mdc2[to use the mdc2 message digest algorithm]" \ + "($digests)-ripemd160[to use the ripemd160 message digest algorithm]" \ + "($digests)-sha[to use the sha message digest algorithm]" \ + "($digests)-sha1[to use the sha1 message digest algorithm]" \ + "($digests)-sha224[to use the sha224 message digest algorithm]" \ + "($digests)-sha256[to use the sha256 message digest algorithm]" \ + "($digests)-sha384[to use the sha384 message digest algorithm]" \ + "($digests)-sha512[to use the sha512 message digest algorithm]" \ + "($digests)-whirlpool[to use the whirlpool message digest algorithm]" \ + '-policy[policy to use for creating the time stamp token]:policy ID: ' \ + '-no_nonce[do not include a nonce in the request]' \ + '-cert[request a signing certificate in the response]' \ + '-in[use the previously created time stamp request]:file:_files' \ + '-out[name of the output file to which the request will be written]:file:_files' \ + '-text[output in human-readable format instead of DER]' + ;; + -reply) + _arguments -C \ + '-config[config file to use]:file:_files' \ + '-section[config file section for response generation]:section: ' \ + '-queryfile[file containing a DER encoded time stamp request]:file:_files' \ + '-passin[private key password source]:pass phrase source:_pass_phrase_source' \ + '-signer[signer certificate of the TSA in PEM format]:file:_files' \ + '-inkey[signer private key in PEM format]:file:_files' \ + '-chain[signer certificate chain in PEM format]:file:_files' \ + '-policy[default policy to use for response]:policy ID: ' \ + '-in[use the previously created time stamp response in DER format]:file:_files' \ + '-token_in[the parameter to -in is a time stamp token in DER format]' \ + '-out[name of the output file to which the response will be written]:file:_files' \ + '-token_out[output a time stamp token instead of a time stamp response]' \ + '-text[output in human-readable format instead of DER]' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' + ;; + -verify) + _arguments -C \ + '(-digest -queryfile)-data[verify response against the specified file]:file:_files' \ + '(-data -queryfile)-digest[verify the response against the specified message digest]:digest bytes: ' \ + '(-data -digest)-queryfile[the original time stamp request in DER format]:file:_files' \ + '-in[time stamp response that needs to be verified in DER format]:file:_files' \ + '-token_in[the parameter to -in is a time stamp token in DER format]' \ + '-CApath[directory containing the trusted CA certificates of the client]:directory:_files -/' \ + '-CAFile[file containing a set of trusted self-signed CA certificates in PEM format]:file:_files' \ + '-untrusted[set of additional untrusted certificates in PEM format which may be needed when building the certificate chain]:file:_files' + ;; + esac + fi +} + + +_openssl_verify() { + # written for openssl 1.0.1k + _arguments -C \ + '-CApath[a directory of trusted certificates]:directory:_files -/' \ + '-CAfile[file A file of trusted certificates]:file:_files' \ + '-purpose[the intended use for the certificate]:purpose:(sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper timestampsign)' \ + '*-policy[enable policy processing and add arg to the user-initial-policy-set]:object name or OID: ' \ + '-ignore_critical[ignore critical extensions]' \ + '-attime[perform validation checks using the given time]:timestamp: ' \ + '-check_ss_sig[verify the signature on the self-signed root CA]' \ + "-crlfile[file containing one or more CRL's (in PEM format) to load]:file:_files" \ + '-crl_check[check end entity certificate in CRL]' \ + '-crl_check_all[check all certificates in CRL]' \ + '-policy_check[enables certificate policy processing]' \ + '-explicit_policy[set policy variable require-explicit-policy]' \ + '-inhibit_any[set policy variable inhibit-any-policy]' \ + '-inhibit_map[set policy variable inhibit-policy-mapping]' \ + '-x509_strict[strict X.509-compliance]' \ + '-extended_crl[enable extended CRL features]' \ + '-use_deltas[enable support for delta CRLs]' \ + '-policy_print[print out diagnostics related to policy processing]' \ + '-untrusted[a file of untrusted certificates]:file:_files' \ + '(-*)-help[print out a usage message]' \ + '-issuer_checks[print out diagnostics relating to searches for the issuer certificate of the current certificate]' \ + '-verbose[print extra information about the operations being performed]' \ + '*:certificate:_files' + # TODO: - may be used to separate certificates from options + # TODO: Do not hardcode purposes +} + + +_openssl_version() { + # written for openssl 1.0.1k + _arguments -C \ + '-a[all information, this is the same as setting all the other flags]' \ + '-v[the current OpenSSL version]' \ + '-b[the date the current version of OpenSSL was built]' \ + '-o[option information: various options set when the library was built]' \ + '-f[compilation flags]' \ + '-p[platform setting]' \ + '-d[OPENSSLDIR setting]' +} + + +_openssl_x509() { + # written for openssl 1.0.1k + _arguments -C \ + '-inform[input format - default PEM (one of DER, NET or PEM)]:format:(DER NET PEM)' \ + '-outform[output format - default PEM (one of DER, NET or PEM)]:arg:(DER NET PEM)' \ + '-keyform[private key format - default PEM]:arg:(DER PEM)' \ + '-CAform[CA format - default PEM]:arg:(DER PEM)' \ + '-CAkeyform[CA key format - default PEM]:arg:(DER PEM)' \ + '-in[input file - default stdin]:file:_files' \ + '-out[output file - default stdout]:file:_files' \ + '-passin[private key password source]:pass phrase source:_pass_phrase_source' \ + '-serial[print serial number value]' \ + '-subject_hash[print subject hash value]' \ + '-subject_hash_old[print old-style (MD5) subject hash value]' \ + '-issuer_hash[print issuer hash value]' \ + '-issuer_hash_old[print old-style (MD5) issuer hash value]' \ + '-hash[synonym for -subject_hash]' \ + '-subject[print subject DN]' \ + '-issuer[print issuer DN]' \ + '-email[print email address(es)]' \ + '-startdate[notBefore field]' \ + '-enddate[notAfter field]' \ + '-purpose[print out certificate purposes]' \ + '-dates[both Before and After dates]' \ + '-modulus[print the RSA key modulus]' \ + '-pubkey[output the public key]' \ + '-fingerprint[print the certificate fingerprint]' \ + '-alias[output certificate alias]' \ + '-noout[no certificate output]' \ + '-ocspid[print OCSP hash values for the subject name and public key]' \ + '-ocsp_uri[print OCSP Responder URL(s)]' \ + '-trustout[output a "trusted" certificate]' \ + '-clrtrust[clear all trusted purposes]' \ + '-clrreject[clear all rejected purposes]' \ + '-addtrust[trust certificate for a given purpose]:purpose:(clientAuth serverAuth emailProtection)' \ + '-addreject[reject certificate for a given purpose]:purpose:(clientAuth serverAuth emailProtection)' \ + '-setalias[set certificate alias]:alias: ' \ + '-days[how long till expiry of a signed certificate (default 30 days)]:days: ' \ + '-checkend[check whether the cert expires in the specified time]:seconds: ' \ + '-signkey[self sign cert with arg]:file:_files' \ + '-x509toreq[output a certification request object]' \ + '-req[input is a certificate request, sign and output]' \ + '-CA[set the CA certificate, must be PEM format]:file:_files' \ + '-CAkey[set the CA key, must be PEM format]:file:_files' \ + '-CAcreateserial[create serial number file if it does not exist]' \ + '-CAserial[serial file]:file:_files' \ + '-set_serial[serial number to use]' \ + '-text[print the certificate in text form]' \ + '-C[print out C code forms]' \ + '(-md5 -sha1 -mdc2)-md2[digest to use]' \ + '(-md2 -sha1 -mdc2)-md5[digest to use]' \ + '(-md2 -md5 -mdc2)-sha1[digest to use]' \ + '(-md2 -md5 -sha1)-mdc2[digest to use]' \ + '-extfile[configuration file with X509V3 extensions to add]' \ + '-extensions[section from config file with X509V3 extensions to add]' \ + '-clrext[delete extensions before signing and input certificate]' \ + '*-nameopt[various certificate name options]:options:_nameopts' \ + '-engine[use the specified engine, possibly a hardware device]:engine:_engines' \ + '*-certopt[various certificate text options]:options:_certopts' +} + + +_pass_phrase_source() { + # pass:password + # env:var + # file:pathname + # fd:number + # stdin + _values -S : 'pass phrase source' \ + 'pass[obtain the password from the command line]:password: ' \ + 'env[obtain the password from the environment variable var]:var:_parameters -g "*export*"' \ + 'file[obtain the password from a file]:file:_files' \ + 'fd[read the password from the file descriptor number]:number: ' \ + 'stdin[read the password from standard input]' +} + + +_rand_files() { + # FIXME: this does not allow using multiple files separated by : + # the following would probably work, but how to generate $files? + #_values -s : -S ' ' 'random source file or directory' ${files} + _files +} + + +_engines() { + # openssl engines + local engines + engines=(${${${(@f)"$(_call_program engines openssl engine)"}%)*}#\(}) + _values 'engines' ${engines} +} + + +_list_ciphers() { + # openssl ciphers + local ciphers + # add cipher suites + ciphers=(${(@s/:/)"$(_call_program ciphers openssl ciphers)"}) + # add static cipher strings + ciphers=(${ciphers} \ + 'DEFAULT[the default cipher list]' \ + 'COMPLEMENTOFDEFAULT[the ciphers included in ALL but not enabled by default]' \ + 'ALL[all cipher suites except the eNULL ciphers]' \ + 'COMPLEMENTOFALL[the cipher suites not enabled by ALL]' \ + 'HIGH["high" encryption cipher suites]' \ + 'MEDIUM["medium" encryption cipher suites]' \ + 'LOW["low" encryption cipher suites]' \ + {EXP,EXPORT}'[export encryption algorithms]' \ + 'EXPORT40[40 bit export encryption algorithms]' \ + 'EXPORT56[56 bit export encryption algorithms]' \ + {eNULL,NULL}'[ciphers offering no encryption]' \ + 'aNULL[ciphers offering no authentication]' \ + {kRSA,RSA}'[cipher suites using RSA key exchange]' \ + 'kDHr[cipher suites using DH key agreement signed by CAs with RSA keys]' \ + 'kDHd[cipher suites using DH key agreement signed by CAs with DSS keys]' \ + 'kDH[cipher suites using DH key agreement]' \ + {kDHE,kEDH}'[cipher suites using ephemeral DH key agreement, including anonymous cipher suites]' \ + {DHE,EDH}'[cipher suites using authenticated ephemeral DH key agreement]' \ + 'ADH[anonymous DH cipher suites, not including anonymous ECDH ciphers]' \ + 'DH[cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH]' \ + 'kECDHr[cipher suites using fixed ECDH key agreement signed by CAs with RSA keys]' \ + 'kECDHe[cipher suites using fixed ECDH key agreement signed by CAs with ECDSA keys]' \ + 'kECDH[cipher suites using fixed ECDH key agreement]' \ + {kECDHE,kEECDH}'[cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites]' \ + {ECDHE,kEECDH}'[cipher suites using authenticated ephemeral ECDH key agreement]' \ + 'AECDH[anonymous Elliptic Curve Diffie Hellman cipher suites]' \ + 'ECDH[cipher suites using ECDH key exchange, including anonymous, ephemeral and fixed ECDH]' \ + 'aRSA[cipher suites using RSA authentication]' \ + {aDSS,DSS}'[cipher suites using DSS authentication]' \ + 'aDH[cipher suites effectively using DH authentication]' \ + 'aECDH[cipher suites effectively using ECDH authentication]' \ + {aECDSA,ECDSA}'[cipher suites using ECDSA authentication]' \ + 'TLSv1.2[TLSv1.2 cipher suites]' \ + 'TLSv1[TLSv1.0 cipher suites]' \ + 'SSLv3[SSLv3.0 cipher suites]' \ + 'SSLv2[SSLv2.0 cipher suites]' \ + 'AES128[cipher suites using 128 bit AES]' \ + 'AES256[cipher suites using 256 bit AES]' \ + 'AES[cipher suites using AES]' \ + 'AESGCM[AES in Galois Counter Mode (GCM)]' \ + 'CAMELLIA128[cipher suites using 128 bit CAMELLIA]' \ + 'CAMELLIA256[cipher suites using 256 bit CAMELLIA]' \ + 'CAMELLIA[cipher suites using CAMELLIA]' \ + '3DES[cipher suites using triple DES]' \ + 'DES[cipher suites using DES (not triple DES)]' \ + 'RC4[cipher suites using RC4]' \ + 'RC2[cipher suites using RC2]' \ + 'IDEA[cipher suites using IDEA]' \ + 'SEED[cipher suites using SEED]' \ + 'MD5[cipher suites using MD5]' \ + {SHA1,SHA}'[cipher suites using SHA1]' \ + 'SHA256[cipher suites using SHA256]' \ + 'SHA384[cipher suites using SHA284]' \ + 'aGOST[cipher suites using GOST R 34.10 for authentication]' \ + 'aGOST01[cipher suites using GOST R 34.10-2001 authentication]' \ + 'aGOST94[cipher suites using GOST R 34.10-94 authentication]' \ + 'kGOST[cipher suites, using VKO 34.10 key exchange]' \ + 'GOST94[cipher suites, using HMAC based on GOST R 34.11-94]' \ + 'GOST89MAC[cipher suites using GOST 28147-89 MAC instead of HMAC]' \ + 'PSK[cipher suites using pre-shared keys (PSK)]' \ + 'SUITEB128[suite B mode operation using 128 or 192 bit level of security]' \ + 'SUITEB128ONLY[suite B mode operation using 128 bit level of security]' \ + 'SUITEB192[suite B mode operation using 192 bit level of security]' \ + ) + # FIXME: support !, + and - before each cipher suite + _values -s : 'cipher suite' ${ciphers} +} + + +_list_curves() { + # openssl ecparam -list_curves + local curves not_curves + curves="$(_call_program list_curves openssl ecparam -list_curves)" + # identify lines that do not contain curve names but only descriptions + not_curves=(${${(f)curves[@]}:#*:*}) + # remove non-curve lines, trailing descriptions and leading spaces + curves=(${${${${(f)curves[@]}:|not_curves}%:*}##* }) + _values 'named curves' ${curves} +} + + +_list_message_digest_algorithms() { + # openssl list-message-digest-algorithms + local algorithms + algorithms=(${${(@f)"$(_call_program message_digest_algorithms openssl list-message-digest-algorithms)"}%% *}) + _values 'message digest algorithms' ${algorithms} +} + + +_nameopts() { + _values -s ',' -w 'nameopts' \ + '(-compat compat)'{-compat,compat}'[use the old format. This is equivalent to specifying no name options at all]' \ + '(-RFC2253 RFC2253)'{-RFC2253,RFC2253}'[displays names compatible with RFC2253 equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev and sname]' \ + '(-oneline oneline)'{-oneline,oneline}'[a oneline format which is more readable than RFC2253. Equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and sname options]' \ + '(-multiline multiline)'{-multiline,multiline}'[a multiline format. Equivalent to esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align]' \ + '(-esc_2253 esc_2253)'{-esc_2253,esc_2253}'[escape the "special" characters required by RFC2253 in a field]' \ + '(-esc_ctrl esc_ctrl)'{-esc_ctrl,esc_ctrl}'[escape control characters]' \ + '(-esc_msb esc_msb)'{-esc_msb,esc_msb}'[escape characters with the MSB set]' \ + '(-use_quote use_quote)'{-use_quote,use_quote}'[escapes some characters by surrounding the whole string with " characters]' \ + '(-utf8 utf8)'{-utf8,utf8}'[convert all strings to UTF8 format first]' \ + '(-ignore_type ignore_type)'{-ignore_type,ignore_type}'[this option does not attempt to interpret multibyte characters in any way]' \ + '(-show_type show_type)'{-show_type,show_type}'[show the type of the ASN1 character string]' \ + '(-dump_der dump_der)'{-dump_der,dump_der}'[use DER encoding when hexdumping fields]' \ + '(-dump_nostr dump_nostr)'{-dump_nostr,dump_nostr}'[dump non character string types]' \ + '(-dump_all dump_all)'{-dump_all,dump_all}'[dump all fields]' \ + '(-dump_unknown dump_unknown)'{-dump_unknown,dump_unknown}'[dump any field whose OID is not recognised by OpenSSL]' \ + '(-sep_comma_plus sep_comma_plus)'{-sep_comma_plus,sep_comma_plus}'[these options determine the field separators]' \ + '(-sep_comma_plus_space sep_comma_plus_space)'{-sep_comma_plus_space,sep_comma_plus_space}'[these options determine the field separators]' \ + '(-sep_semi_plus_space sep_semi_plus_space)'{-sep_semi_plus_space,sep_semi_plus_space}'[these options determine the field separators]' \ + '(-sep_multiline sep_multiline)'{-sep_multiline,sep_multiline}'[these options determine the field separators]' \ + '(-dn_rev dn_rev)'{-dn_rev,dn_rev}'[reverse the fields of the DN]' \ + '(-nofname nofname)'{-nofname,nofname}'[do not display field names]' \ + '(-sname sname)'{-sname,sname}'[display field names in short form]' \ + '(-lname lname)'{-lname,lname}'[display field names in long form]' \ + '(-oid oid)'{-oid,oid}'[display field names in numerical form]' \ + '(-align align)'{-align,align}'[align field values for a more readable output. Only usable with sep_multiline]' \ + '(-space_eq space_eq)'{-space_eq,space_eq}'[places spaces around the = character which follows the field name]' +} + + +_certopts() { + _values -s ',' -w 'certopts' \ + 'compatible[use the old format. This is equivalent to specifying no output options at all]' \ + "no_header[don't print header information: that is the lines saying \"Certificate\" and \"Data\"]" \ + "no_version[don't print out the version number]" \ + "no_serial[don't print out the serial number]" \ + "no_signame[don't print out the signature algorithm used]" \ + "no_validity[don't print the validity, that is the notBefore and notAfter fields]" \ + "no_subject[don't print out the subject name]" \ + "no_issuer[don't print out the issuer name]" \ + "no_pubkey[don't print out the public key]" \ + "no_sigdump[don't give a hexadecimal dump of the certificate signature]" \ + "no_aux[don't print out certificate trust information]" \ + "no_extensions[don't print out any X509V3 extensions]" \ + 'ext_default[retain default extension behaviour: attempt to print out unsupported certificate extensions]' \ + 'ext_error[print an error message for unsupported certificate extensions]' \ + 'ext_parse[ASN1 parse unsupported extensions]' \ + 'ext_dump[hex dump unsupported extensions]' \ + '(no_issuer no_pubkey no_header no_version no_sigdump no_signame)ca_default[the value used by the ca utility, equivalent to no_issuer, no_pubkey, no_header, no_version, no_sigdump and no_signame]' +} + + +_openssl "$@" + +# vim: ft=zsh sw=2 ts=2 et diff --git a/zsh/zsh-completions/_openvpn3 b/zsh/zsh-completions/_openvpn3 new file mode 100644 index 0000000..a6329b4 --- /dev/null +++ b/zsh/zsh-completions/_openvpn3 @@ -0,0 +1,246 @@ +#compdef openvpn3 +# ------------------------------------------------------------------------------ +# Copyright (c) 2011 Github zsh-users - https://github.com/zsh-users +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the zsh-users nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for openvpn 3 (https://github.com/openvpn/openvpn3) (https://openvpn.net/openvpn-client-for-linux/). +# version: 13_beta-1 (Jul 1 2021) +# openvpn 3/Linux git:makepkg:2031975261858750 (openvpn3) +# openvpn core 3.git:HEAD:ce0c9963 linux x86_64 64-bit +# +# ------------------------------------------------------------------------------ +# Author +# ------- +# +# * undg (https://github.com/undg) +# +# ------------------------------------------------------------------------------ + +local sessions_configs_names=$(openvpn3 sessions-list | grep 'Config name:' | awk '{print $3}' | xargs) +local sessions_paths=$(openvpn3 sessions-list | grep 'Path:' | awk '{print $2}' | xargs) +local sessions_interfaces=$(openvpn3 sessions-list | grep 'Device:' | awk '{print $4}' | xargs) +local sessions_users=$(openvpn3 sessions-list | grep 'Owner:' | awk '{print $2}' | xargs) +local sessions_names=$(openvpn3 sessions-list | grep 'Session name:' | awk '{print $2}' | xargs) +local configs_names=$(openvpn3 configs-list | awk 'count&&!--count; /\/net\/openvpn\//{count=2}' | awk '{print $1}' | xargs) +local configs_paths=$(openvpn3 configs-list | grep '/net/openvpn/v3/configuration/' | xargs) + +_openvpn3_config-acl(){ + _arguments \ + {-s,--show}"[Show the current access control lists]" \ + {-o,--path}"[OBJ-PATH Path to the configuration in the configuration manager]: :($configs_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($configs_names)" \ + {-S,--seal}"[Make the configuration profile permanently read-only]" \ + {-R,--revoke}"[ Revoke this user access from this configuration profile]" \ + {-G,--grant}"[ Grant this user access to this configuration profile]" \ + "--public-access[ Set/unset the public access flag]" \ + "--lock-down[ Set/unset the lock-down flag.Will disable config retrieval for users]: :(true false)" \ + "--config-path[OBJ-PATH Alias for --path]: :($configs_paths)" \ +} + +_openvpn3_config-import(){ + _arguments \ + {-p,--persistent}"[Make the configuration profile persistent through service restarts]" \ + {-n,--name}"[NAME Provide a different name for the configuration (default: CFG-FILE)]" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CFG-FILE Configuration file to import]: :_files" \ +} + +_openvpn3_config-manage(){ + _arguments \ + {-s,--show}"[Show current configuration options]" \ + {-r,--rename}"[NEW-CONFIG-NAME Renames the configuration]" \ + {-o,--path}"[CONFIG-PATH Path to the configuration in the configuration manager]: :($configs_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($configs_names)" \ + "--unset-override[ Removes the override]" \ + "--tls-version-min[ Sets the minimal TLS version for the control channel]: :(tls_1_0 tls_1_1 tls_1_2 tls_1_3)" \ + "--tls-cert-profile[ Sets the control channel tls profile]: :(legacy preferred suiteb)" \ + "--server-override[ Replace the remote, connecting to this server instead the server specified in the configuration]" \ + "--proxy-username[ HTTP Proxy username to authenticate as]" \ + "--proxy-port[ HTTP Proxy port to connect on]" \ + "--proxy-password[ HTTP Proxy password to use for authentication]" \ + "--proxy-host[ HTTP Proxy to connect via, overrides configuration file http-proxy]" \ + "--proxy-auth-cleartext[ Adds the boolean override proxy-auth-cleartext]: :(true false)" \ + "--proto-override[ Overrides the protocol being used]: :(tcp upd)" \ + "--port-override[ Replace the remote port, connecting to this port instead of the configuration value]" \ + "--persist-tun[ Adds the boolean override persist-tun]: :(true false)" \ + "--ipv6[ Sets the IPv6 policy of the client]: :(yes no default)" \ + "--force-cipher-aes-cbc[ Adds the boolean override force-cipher-aes-cbc]: :(true false)" \ + "--dns-sync-lookup[ Adds the boolean override dns-sync-lookup]: :(true false)" \ + "--dns-setup-disabled[ Adds the boolean override dns-setup-disabled]: :(true false)" \ + "--dns-fallback-google[ Adds the boolean override dns-fallback-google]: :(true false)" \ + "--config-path[CONFIG-PATH Alias for --path]: :($configs_paths)" \ + "--auth-fail-retry[ Adds the boolean override auth-fail-retry]: :(true false)" \ + "--allow-compression[ Set compression mode]: :(no asym yes)" \ +} + +_openvpn3_config-remove(){ + _arguments \ + {-o,--path}"[OBJ-PATH Path to the configuration in the configuration manager]: :($configs_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($configs_names)" \ + "--force[Force the deletion process without asking for confirmation]" \ + "--config-path[OBJ-PATH Alias for --path]: :($configs_paths)" \ +} + +_openvpn3_config-show(){ + _arguments \ + {-o,--path}"[OBJ-PATH Path to the configuration in the configuration manager]: :($configs_paths)" \ + {-j,--json}"[Dump the configuration in JSON format]" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($configs_names)" \ + "--config-path[OBJ-PATH Alias for --path]: :($configs_paths)" \ +} + +_openvpn3_configs-list(){ + _arguments \ + {-h,--help}"[This help screen]" \ +} + +_openvpn3_help(){ + _arguments \ + {-h,--help}"[This help screen]" \ +} + +_openvpn3_log(){ + _arguments \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --session-path, where configuration profile name is used instead]: :($sessions_configs_names $configs_names)" \ + {-I,--interface}"[INTERFACE Alternative to --session-path, where tun interface name is used instead]: :($sessions_interfaces)" \ + "--session-path[SESSION-PATH Receive log events for a specific session]: :($sessions_paths)" \ + "--log-level[LOG-LEVEL Set the log verbosity level of messages to be shown (default: 4)]" \ + "--config-events[Receive log events issued by the configuration manager]" \ +} + +_openvpn3__session-acl(){ + _arguments \ + {-s,--show}"[Show the current access control lists]" \ + {-o,--path}"[SESSION-PATH Path to the session in the session manager]: :($sessions_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($sessions_configs_names)" \ + {-R,--revoke}"[ Revoke this user access from this session]" \ + {-I,--interface}"[INTERFACE Alternative to --path, where tun interface name is used instead]: :($sessions_interfaces)" \ + {-G,--grant}"[ Grant this user access to this session]" \ + "--session-path[SESSION-PATH Alias for --path]: :($sessions_paths)" \ + "--public-access[ Set/unset the public access flag]: :(true false)" \ + "--allow-log-access[ Can users granted access also access the session log?]: :(true false)" \ +} + +_openvpn3_session-manage(){ + _arguments \ + {-o,--path}"[SESSION-PATH Path to the session in the session manager]: :($sessions_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($sessions_configs_names)" \ + {-R,--resume}"[Resumes a paused VPN session]" \ + {-P,--pause}"[Pauses the VPN session]" \ + {-I,--interface}"[INTERFACE Alternative to --path, where tun interface name is used instead]: :($sessions_interfaces)" \ + {-D,--disconnect}"[Disconnects a VPN session]" \ + "--session-path[SESSION-PATH Alias for --path]: :($sessions_paths)" \ + "--restart[Disconnect and reconnect a running VPN session]" \ + "--cleanup[Clean up stale sessions]" \ +} + +_openvpn3_session-start(){ + _arguments \ + {-p,--config-path}"[CONFIG-PATH Configuration path to an already imported configuration]: :($configs_paths)" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-FILE Configuration file to start directly]: :_files" \ + "--persist-tun[Enforces persistent tun/seamless tunnel (requires --config)]" \ +} + +_openvpn3_session-stats(){ + _arguments \ + {-o,--path}"[SESSION-PATH Path to the configuration in the configuration manager]: :($sessions_paths)" \ + {-j,--json}"[Dump the configuration in JSON format]" \ + {-h,--help}"[This help screen]" \ + {-c,--config}"[CONFIG-NAME Alternative to --path, where configuration profile name is used instead]: :($sessions_configs_names)" \ + {-I,--interface}"[INTERFACE Alternative to --path, where tun interface name is used instead]: :($sessions_interfaces)" \ + "--session-path[SESSION-PATH Alias for --path]: :($sessions_paths)" \ +} + +_openvpn3_sessions-list(){ + _arguments \ + {-h,--help}"[This help screen]" \ +} + +_openvpn3_shell-completion(){ + _arguments \ + {-h,--help}"[This help screen]" \ + "--list-commands[List all available commands]" \ + "--list-options[COMMAND List all available options for a specific command]: :($(openvpn3 shell-completion --list-commands))" \ + "--arg-helper[OPTION Used together with --list-options, lists value hint to an option]" +} + +_openvpn3_version(){ + _arguments \ + {-h,--help}"[This help screen]" \ +} + + +_openvpn3_command(){ + local -a _openvpn3_cmds + _openvpn3_cmds=( + "config-acl: Manage access control lists for configurations" \ + "config-import: Import configuration profiles" \ + "config-manage: Manage configuration properties" \ + "config-remove: Remove an available configuration profile" \ + "config-show: Show/dump a configuration profile" \ + "configs-list: List all available configuration profiles" \ + "help: This help screen" \ + "log: Receive log events as they occur" \ + "session-acl: Manage access control lists for sessions" \ + "session-manage: Manage VPN sessions" \ + "session-start: Start a new VPN session" \ + "session-stats: Show session statistics" \ + "sessions-list: List available VPN sessions" \ + "shell-completion: Helper function to provide shell completion data" \ + "version: Show program version information" \ + ) + + if ((CURRENT == 1)); then + _describe -t commands 'openvpn3 commands' _openvpn3_cmds + else + local curcontext="$curcontext" + cmd="${${_openvpn3_cmds[(r)$words[1]:*]%%:*}}" + if (($#cmd)); then + if (( $+functions[_openvpn3_$cmd] )); then + _openvpn3_$cmd + else + _message "no options for $cmd" + fi + else + _message "no more options" + fi + fi +} + +_arguments \ + {-h,--help}"[that This help screen]" \ + "*::openvpn3 commands:_openvpn3_command" \ + diff --git a/zsh/zsh-completions/_ufw b/zsh/zsh-completions/_ufw new file mode 100644 index 0000000..238ff1a --- /dev/null +++ b/zsh/zsh-completions/_ufw @@ -0,0 +1,145 @@ +#compdef ufw +# ------------------------------------------------------------------------------ +# Copyright (c) 2016 Github zsh-users - https://github.com/zsh-users +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the zsh-users nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for The Uncomplicated Firewall (ufw). (https://launchpad.net/ufw). +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Jindřich Pilař (https://github.com/JindrichPilar) +# +# ------------------------------------------------------------------------------ + + +_ufw_logging() { + + local params additional second + second=$words[2] + + if [ ! -z $second ]; then + return + fi + + params=( + "on" + "off" + ) + + additional=( + "low" + "medium" + "high" + "full" + ) + + _describe -t params 'on/off' params + _describe -t additional 'level' additional +} + + +_ufw_delete() { + local rules complrules second + + second=$words[2] + + if [ ! -z $second ]; then + return + fi + + complrules=() + rules=("${(f)$(ufw status | tr -s ' ' | tail -n +5 | tr -s '\n')}") + + for ((i=1; i<=${#rules[@]}; i++)); do + complrules+=("$i:$rules[i]"); + done + + _describe -t complrules 'Rules' complrules +} + +_ufw() { + local curcontext="$curcontext" ret=1 + local -a state line commands + + commands=( + "enable:enable the firewall" + "disable:disable the firewall" + "default:set default policy" + "logging:set logging level" + "allow:add allow rule" + "deny:add deny rule" + "reject:add reject rule" + "limit:add limit rule" + "delete:delete rule" + "insert:insert rule at position" + "route:add route rule" + "reload:reload firewall" + "reset:reset firewall" + "status:show firewall status" + "show:show firewall report" + "version:display version information" + "prepend:add rule before all of the same type" + ) + + _arguments -C -s -S -n \ + '(- 1 *)'--version"[display version information]: :->full" \ + '(- 1 *)'{-h,--help}'[display usage information]: :->full' \ + '(- 1 *)'--dry-run"[don't modify anything, just show the changes]: :->cmds" \ + '1:cmd:->cmds' \ + '*:: :->args' && ret=0 + + case "$state" in + (cmds) + _describe -t commands 'commands' commands + ;; + (args) + local cmd + cmd=$words[1] + case "$cmd" in + (logging) + _ufw_logging && ret=0 + ;; + (delete) + _ufw_delete && ret=0 + ;; + (*) + _default && ret=0 + ;; + esac + ;; + (*) + ;; + esac + + return ret +} + +_ufw + diff --git a/zsh/zsh-completions/_vnstat b/zsh/zsh-completions/_vnstat new file mode 100644 index 0000000..87d9ff1 --- /dev/null +++ b/zsh/zsh-completions/_vnstat @@ -0,0 +1,127 @@ +#compdef vnstat +# ------------------------------------------------------------------------------ +# Copyright (c) 2012 Github zsh-users - https://github.com/zsh-users +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the zsh-users nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL ZSH-USERS BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for vnstat 2.10 +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Aaron Schrab +# +# ------------------------------------------------------------------------------ + +local curcontext="$curcontext" state state_descr line ret=1 +typeset -A opt_args + +local period="-d --days -h --hours -m --months -w --weeks" + +_arguments -C : \ + '--add[create database entry for interface specified]' \ + '(-b --begin)'{-b,--begin}'[begin the list output with a specific date]:date:' \ + '--config[specify alternate configuration file]:file:_files' \ + "($period)"{-d,--days}'[show traffic for days]' \ + "($period)"{-h,--hours}'[show traffic for last 24 hours]' \ + "($period)"{-m,--months}'[show traffic for months]' \ + "($period)"{-w,--weeks}'[show traffic for 7 days]' \ + "($period)"{-y,--years}'[show traffic statistics for the last year]' \ + "($period)"{-5,--fiveminutes}'[show traffic statistic with a 5 minute resolution for the last hours]' \ + '--dbdir[specify database directory]:directory:_files -/' \ + '--dbiflist[List interfaces currently in the database]::mode:->dbiflist' \ + '(-D --debug)'{-D,--debug}'[show additional debug output]' \ + '(-e --end)'{-e,--end}'[end the list output with a specific date]:date:' \ + '--delete[delete database and stop monitoring selected interface]' \ + '--dumpdb[dump database in parseable format]' \ + '(--disable)--enable[enable updates for selected interface]' \ + '(--enable)--disable[disable updates for selected interface]' \ + '(-hg --hoursgraph)'{-hg,--hoursgraph}'[show traffic statistics using a bar graph]' \ + '(-i --iface)'{-i,--iface}'[specify interface for actions]:interface:->interface' \ + '--iflist[list available interfaces]' \ + '--limit[set the maximum number of shown entries]:limit:' \ + '(-l --live)'{-l,--live}'[display current transfer rate]:mode:->live' \ + '--json[show database content in json format]' \ + '--locale[specify locale]:locale:' \ + '--nick[set nickname for alias]:nickname:' \ + '--oneline[traffic summary in one-line, parseable format]' \ + '(-q --query)'{-q,--query}'[force database query mode]' \ + '--remove[delete the database entry for the interface specified]' \ + '--rename[rename the interface specified in the database with new name]' \ + '(-r --reset)'{-r,--reset}'[reset internal counters]' \ + '--setalias[set alias as an alias for the selected interface]:alias:' \ + '(-ru --rateunit)'{-ru,--rateunit}'[swap configured rate unit]' \ + '(-s --short)'{-s,--short}'[use short output mode]' \ + '--showconfig[show current configuration]' \ + '--style[modify content and style of output]:style:->style' \ + '--sync[synchronize internal counters]' \ + '--testkernel[test kernel boot time information]' \ + '(-t --top)'{-t,--top}'[show all time top traffic days]' \ + '(-tr --traffic)'{-tr,--traffic}'[calculate amount of traffic in given time]:seconds:' \ + '--xml[show database content in XML format]' \ + '(-)'{-v,--version}'[show current version]' \ + '(-)'{-\?,--help}'[show command summary]' \ + '(-)--longhelp[show complete options list]' \ + && ret=0 + +case "$state" in + (live) + _values 'live mode' \ + '0[packets per second]' \ + '1[traffic counters]' && ret=0 + ;; + (style) + _values 'output style' \ + '0[narrow output]' \ + '1[enable bar column]' \ + '2[bar column with average traffic rate]' \ + '3[enable average traffic rate]' \ + '4[disable use of terminal control characters]' && ret=0 + ;; + (interface) + local interfaces="$(_call_program interfaces 'vnstat --iflist')" + interfaces="${interfaces#*:}" + _values -s + 'interface' ${(z)interfaces} && ret=0 + ;; + (dbiflist) + _values 'mode' \ + '0[one line verbose format]' \ + '1[one interface per line]' \ + && ret=0 + ;; +esac + +return ret + +# Local Variables: +# mode: Shell-Script +# sh-indentation: 2 +# indent-tabs-mode: nil +# sh-basic-offset: 2 +# End: +# vim: filetype=zsh shiftwidth=2 tabstop=2 expandtab diff --git a/zsh/zsh-completions/_wg-quick b/zsh/zsh-completions/_wg-quick new file mode 100644 index 0000000..8de17ce --- /dev/null +++ b/zsh/zsh-completions/_wg-quick @@ -0,0 +1,25 @@ +#compdef wg-quick +# ------------------------------------------------------------------------------ +# Description +# ----------- +# +# Completion script for wg-quick (a script for easy managemant of wireguard +# VPN tunnels) (https://www.wireguard.com/) +# +# ------------------------------------------------------------------------------ +# Authors +# ------- +# +# * Nicolas Lenz +# +# ------------------------------------------------------------------------------ + +# The possible modes +local modes=('up\:"bring a wireguard interface up"'\ + 'down\:"tear down and remove a wireguard interface"'\ + 'save\:"save configuration of a running wireguard interface"') + +# 1: Complete mode +# 2: Complete interface with all .conf files in /etc/wireguard without the filename extension. +_arguments "1:mode:((${modes}))"\ + '2:interface:_path_files -W /etc/wireguard -g "*.conf(^/:r)"'