# bash completion for openssl                              -*- shell-script -*-

_comp_cmd_openssl__compgen_sections()
{
    local config="" _i _file

    # check if a specific configuration file is used
    for ((_i = 2; _i < cword; _i++)); do
        if [[ ${words[_i]} == -config ]]; then
            config=${words[_i + 1]}
            break
        fi
    done

    # if no config given, check some usual default locations
    if [[ ! $config ]]; then
        for _file in /etc/ssl/openssl.cnf /etc/pki/tls/openssl.cnf \
            /usr/share/ssl/openssl.cnf; do
            [[ -f $_file ]] && config=$_file && break
        done
    fi

    [[ ! -f $config ]] && return

    _comp_compgen -U config split -- "$(_comp_awk '/\[.*\]/ {print $2}' "$config")"
}

_comp_cmd_openssl__compgen_digests()
{
    [[ $cur == -* ]] || return
    _comp_compgen_split -- "$(
        "$1" dgst -h 2>&1 |
            _comp_awk '/^-.*[ \t]to use the .* message digest algorithm/ { print $1 }'
    )"
    _comp_compgen -ac "${cur#-}" split -P "-" -- "$("$1" help 2>&1 |
        command sed -ne '/^Message Digest commands/,/^[[:space:]]*$/p' |
        command sed -e 1d)"
}

_comp_cmd_openssl()
{
    local cur prev words cword comp_args
    _comp_initialize -- "$@" || return

    local commands command formats

    commands='asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam
        ec ecparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd
        pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time
        sess_id smime speed spkac storeutl verify version x509 md2 md4 md5 rmd160
        sha sha1 aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
        aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc
        camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc
        camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
        des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb
        des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2
        rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40
        sha224 sha256 sha384 sha512 genpkey pkey pkeyparam pkeyutl'

    if ((cword == 1)); then
        _comp_compgen -- -W "$commands"
    else
        command=${words[1]}
        case $prev in
            -CA | -CAfile | -CAkey | -CAserial | -cert | -certfile | -config | -content | \
                -dcert | -dkey | -dhparam | -extfile | -in | -inkey | -kfile | -key | -keyout | \
                -out | -oid | -paramfile | -peerkey | -prvrify | -rand | -recip | -revoke | \
                -sess_in | -sess_out | -spkac | -sigfile | -sign | -signkey | -signer | \
                -signature | -ss_cert | -untrusted | -verify | -writerand)
                _comp_compgen_filedir
                return
                ;;
            -outdir | -CApath)
                _comp_compgen_filedir -d
                return
                ;;
            -name | -crlexts | -extensions)
                _comp_cmd_openssl__compgen_sections
                return
                ;;
            -inform | -outform | -keyform | -certform | -CAform | -CAkeyform | -dkeyform | \
                -dcertform | -peerform)
                formats='DER PEM'
                case $command in
                    x509)
                        formats+=" NET"
                        ;;
                    smime)
                        formats+=" SMIME"
                        ;;
                    pkeyutl)
                        formats+=" ENGINE"
                        ;;
                esac
                _comp_compgen -- -W "$formats"
                return
                ;;
            -connect)
                _comp_compgen_known_hosts -- "$cur"
                return
                ;;
            -starttls)
                _comp_compgen -- -W ' smtp pop3 imap ftp xmpp xmpp-server
                    telnet irc mysql postgres lmtp nntp sieve ldap'
                return
                ;;
            -cipher)
                _comp_compgen_split -F : -- "$("$1" ciphers)"
                return
                ;;
            -kdf)
                _comp_compgen -- -W 'TLS1-PRF HKDF'
                return
                ;;
        esac

        if [[ $cur == -* ]]; then
            # possible options for the command
            _comp_compgen_help -- "$command" -help
            case $command in
                dgst | req | x509)
                    _comp_compgen -a -i openssl digests "$1"
                    ;;
            esac
        else
            if [[ $command == speed ]]; then
                _comp_compgen -- -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc
                    rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024
                    rsa2048 rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa
                    blowfish'
            else
                _comp_compgen_filedir
            fi
        fi
    fi
} &&
    complete -F _comp_cmd_openssl -o default openssl

# ex: filetype=sh
