int main | (int, char**) |
PrintConfigTemplate (akenti PC)
FindUC (akenti FU)
VerifyX509Cert (akenti VX)
HashX509 (akenti HX)
PrettyPrintAkentiCert (akenti PP)
VerifyAkentiCert (akenti VA)
ConvertAkentiCert (akenti CO)
PrintAkentiCertTemplate (akenti PT)
CertGen (akenti CG)
RemoteDeletePolCert (akenti RDP)
RemoteUploadPolCert (akenti RUP)
RemoteCreateResource (akenti RCR)
RemoteResourceBrowse (akenti RRB)
Use this program to browse a remote resource. RemoteCheckPolicy (akenti RCP)
Use this program to check policy for a remote resource. RemoteCheckAccess (akenti RCA)
DeletePolCert (akenti DP)
UploadPolCert (akenti UP)
CreateResource (akenti RCR)
ResourceBrowse (akenti RB)
CheckPolicy (akenti CP)
CheckAccess (akenti CA)
PrintConfigTemplate (akenti PC)
Use this programe to generate a configuration file template.
* [-E] - engine/server config file * [-C] - remote client config file * [-o] - output file name * [-v] - verbose * [-h] - prints this message *Generate a remote client config file example: akenti PC -C FindUC (akenti FU)
Use this program to locate Use-Condition certificates.
* -r arg - resource * -u arg - location in a url format * [-v] - verbose * [-h] - prints this message *Find a Use-Condition certificate for "R1/S1" at "localhost/dir"
example: akenti FindUC -r R1/S1 -u http://localhost/dir VerifyX509Cert (akenti VX)
Purpose: Use this program to verify an x509 cert.
Check 1: time validity
Check 2: signature (optional)* -x arg - X509 certificate * [-i arg] - ca's X509 cert * [-v] - verbos * [-h] - prints this message *Make sure that this myX509certificate hasn't expired
example: akenti VerifyX509Cert -x myX509certificate HashX509 (akenti HX)
Use this program to generate the hash of an X509 cert.
* -x arg - X509 certificate (in PEM format) * [-v] - verbose * [-h] - prints this message *Create a hash of "myX509certificate".
example: akenti HashX509 -x myX509certificate PrettyPrintAkentiCert (akenti PP)
Use this program to pretty print an akenti certificate.
* -a arg - akenti certificate * [-v] - verbose * [-h] - prints this message *Print a beautiful human readable representation of a certificate.
example: akenti PrettyPrintAkentiCert -a mycertificate VerifyAkentiCert (akenti VA)
Check 1: akenti certificate has not expired
Check 2: akenti certificate's signature is valid (optional)
Note: a check is made on the time validity of the signer's certificate if one is supplied.* -a arg - akenti certificate * [-i arg] - issuer's x509 certificate * [-v] - verbos * [-h] - prints this message *Check to make sure "mycertificate" is good.
example: akenti VerifyAkentiCert -a mycertificate ConvertAkentiCert (akenti CO)
Use this program to convert an akenti certificate from one format to another. Currently we support two formats PEM and XML.
* -a arg - akenti certificate * [-i arg] - in format PEM or XML * [-o arg] - out format PEM or XML * [-v] - verbos * [-h] - prints this message *Convert "mycertificate" from PEM to XML
example: akenti ConvertAkentiCert -a mycertificate -i "PEM" -o "XML" PrintAkentiCertTemplate (akenti PT)
Use this program to print an akenti certificate template. Edit the templates for your own use.
* [-R] - Root Policy certificate * [-P] - Policy certificate * [-U] - Use-Condition certificate * [-A] - Attribute certificate * [-o] - output file name * [-v] - verbos * [-h] - prints this message *Print a template for a Root Policy Certificate.
example: akenti PT -R CertGen (akenti CG)
Use this program to generate signed Policy, Use-Condition, and Attribute certificates.
* -k arg - keyfile in p12 format * -p arg - file where passphrase is stored * -i arg - xml input file * [-o arg] - friendly name to store file * [-d arg] - number of days * [-v] - verbose * [-h] - prints this message *Sign the certificate called "xmlCertFile" (probably based on a template generated with PrintAkentiCertTemplate) with my key and password
example: akenti CertGen -k mykeyfile -p mypasswordfile -i xmlCertFile RemoteDeletePolCert (akenti RDP)
Use this program to remotely delete a policy certificate.
* -F arg - akenti client config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *Delete the policy certificate located at R2 if there is one. example: akenti RDP -F conf.txt -r "R2" RemoteUploadPolCert (akenti RUP)
Use this program to remotely upload a policy certificate.
* -F arg - akenti client config file * -p arg - policy certificate file * [-v] - verbose * [-h] - prints this message *Upload the policy certificate called "polCert". The policy certificate will indicate which resource it modifies.
example: akenti RUP -F conf.txt -p polCert RemoteCreateResource (akenti RCR)
Use this program to create a remote resource. Root resources cannot be created remotely.
* -F arg - akenti client config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *Create a resource called "S2" under the resource called "R1"
example: akenti CR -f conf.txt -r "R1/S2" RemoteResourceBrowse (akenti RRB)
Use this program to browse a remote resource.* -F arg - akenti client config file * [-r arg] - resource * [-v] - verbose * [-h] - prints this message *List top level resources.
example: akenti RemoteResourceBrowse -F conf.txtList immediate resources under R1/S1
example: akenti RRB -F conf.txt -r R1/S1 RemoteCheckPolicy (akenti RCP)
Use this program to check policy for a remote resource.* -F arg - akenti client config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *Check the policy of the resource named "R1"
example: akenti RemoteCheckPolicy -F conf.txt -r "R1" RemoteCheckAccess (akenti RCA)
Use this program to check a user's access to a remote resource.
* -F arg - akenti client config file * -r arg - resource * [-x arg] - user's x509 certificate chain * [-u arg -c arg] - user's DN and user's CADN * [-q] - show concise output * [-v] - verbose * [-h] - prints this message *What can a user do? example: akenti RemoteCheckAccess -F conf.txt -r "R1/S1" -x userX509Cert DeletePolCert (akenti DP)
Use this program to delete a policy certificate. Note: it will only delete a certificate if it is located in the resource specified. A resource may be controlled by a policy certificate in an ancestor directory.
* -f arg - akenti engine config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *Delete the policy certificate located at R2 if there is one. example: akenti DP -f conf.txt -r "R2" UploadPolCert (akenti UP)
Use this program to upload a policy certificate.
* -f arg - akenti engine config file * -p arg - policy certificate file * [-v] - verbose * [-h] - prints this message *Upload the policy certificate called "polCert". The policy certificate will indicate which resource it modifies.
example: akenti UP -f conf.txt -p polCert CreateResource (akenti RCR)
Use this program to create a resource. Unless a policy file is uploaded using the UploadPolCert command, the resource will inherit policy attributes from its parent resource.
* -f arg - akenti engine config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *Create a resource called "S2" under the resource called "R1"
example: akenti CR -f conf.txt -r "R1/S2" ResourceBrowse (akenti RB)
Use this program to browse a resource. Lists the immediate descendants of a particular resource. Do not supply a resource to list the root resources.
* -f arg - akenti engine config file * -r arg - resource * [-v] - verbose * [-h] - prints this message *List top level resources.
example: akenti ResourceBrowse -f conf.txtList immediate resources under R1/S1
example: akenti RB -f conf.txt -r R1/S1 CheckPolicy (akenti CP)
Use this program to check resource's policy.
* -f arg - akenti engine config file * -r arg - resource * [-l arg] - level 1, 2, or 3 * where each level is as follows: * 1 - prints WORKED/FAILED only * 2 - prints all messages collected (this is the default level) * 3 - prints level 3 and all the certificates as well, same as -a option * [-a] - use level 3 * [-v] - verbose * [-h] - prints this message *Check the policy of the resource named "R1"
example: akenti CheckPolicy -f conf.txt -r "R1"Request all information concerning the policy of the resource called "R20"
example: akenti CP -f conf.txt -r "R20" -a CheckAccess (akenti CA)
Use this program to checks a user's access to a resource.
* -f arg - akenti engine config file * -r arg - resource * [-x arg] - user's x509 certificate chain (PEM) * [-u arg -c arg] - user's DN and user's CADN * [-R arg]* - one or more specific action(s) * [-A arg -V arg]* - one or more attribute/value pair * [-P] - show all certificates used in making the decision * [-o arg] - certificates' output file (defaults to stdout) * [-q] - show concise output * [-v] - verbose * [-h] - prints this message *What can a user do? example: akenti CheckAccess -f conf.txt -r "R1/S1" -x userX509Cert
Can a user do read and write?> (Ignore other actions) example: akenti CA -f conf.txt -r "R1" -x cert -R read -R write
What can a user playing the role of a manager do? (Ignore other roles) example: akenti CA -f conf.txt -r "R3" -x cert -A role -V manager