comp_include _filedir _get_cword _known_hosts


_openssl_sections()
{
    local config

    config=/etc/ssl/openssl.cnf
    [ ! -f $config ] && config=/usr/share/ssl/openssl.cnf
    for (( i=2; i < COMP_CWORD; i++ )); do
        if [[ "${COMP_WORDS[i]}" == -config ]]; then
            config=${COMP_WORDS[i+1]}
            break
        fi
    done
    [ ! -f $config ] && return 0

    COMPREPLY=( $( awk '/\[.*\]/ {print $2} ' $config | grep "^$cur" ) )
}

_openssl()
{
    local cur prev

    COMPREPLY=()
    cur=`_get_cword`

    if [ $COMP_CWORD -eq 1 ]; then
        COMPREPLY=( $( compgen -W 'asn1parse ca ciphers crl crl2pkcs7 \
            dgst dh dhparam dsa dsaparam enc errstr gendh gendsa \
            genrsa nseq passwd pkcs12 pkcs7 pkcs8 rand req rsa \
            rsautl s_client s_server s_time sess_id smime speed \
            spkac verify version x509 md2 md4 md5 mdc2 rmd160 sha \
            sha1 base64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast \
            cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des \
            des-cbc des-cfb des-ecb des-ede des-ede-cbc \
            des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc \
            des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 \
            rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb \
            rc4 rc4-40' -- $cur ) )
    else
        prev=${COMP_WORDS[COMP_CWORD-1]}
        case ${COMP_WORDS[1]} in
            asn1parse)
                case $prev in
                    -inform)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out|oid))
                        _filedir
                        return 0
                        ;;
                    esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -in -out -noout -offset \
                        -length -i -oid -strparse' -- $cur ) )
                fi
                ;;
            ca)
                case $prev in
                    -@(config|revoke|cert|in|out|spkac|ss_cert))
                        _filedir
                        return 0
                        ;;
                    -outdir)
                        _filedir -d
                        return 0
                        ;;
                    -@(name|crlexts|extensions))
                        _openssl_sections
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-verbose -config -name \
                        -gencrl -revoke -crldays -crlhours -crlexts \
                        -startdate -enddate -days -md -policy -keyfile \
                        -key -passin -cert -in -out -notext -outdir \
                        -infiles -spkac -ss_cert -preserveDN -batch \
                        -msie_hack -extensions' -- $cur ) )
                fi
                ;;
            ciphers)
                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-v -ssl2 -ssl3 -tls1' -- $cur ) )
                fi
                ;;
            crl)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out|CAfile))
                        _filedir
                        return 0
                        ;;
                    -CAPath)
                        _filedir -d
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -text -in -out -noout \
                        -hash -issuer -lastupdate -nextupdate -CAfile -CApath' -- $cur ) )
                fi
                ;;
            crl2pkcs7)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -out -print_certs' -- $cur ) )
                fi
                ;;
            dgst)
                case $prev in
                    -@(out|sign|verify|prvrify|signature))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-md5 -md4 -md2 -sha1 -sha -mdc2 -ripemd160 -dss1 \
                        -c -d -hex -binary -out -sign -verify -prverify -signature' -- $cur ) )
                else
                        _filedir
                fi
                   ;;
            dsa)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -passin -out -passout -des -des3 -idea -text -noout \
                        -modulus -pubin -pubout' -- $cur ) )
                fi
                ;;
            dsaparam)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -out -noout \
                        -text -C -rand -genkey' -- $cur ) )
                fi
                ;;
            enc)
                case $prev in
                    -@(in|out|kfile))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-ciphername -in -out -pass \
                        -e -d -a -A -k -kfile -S -K -iv -p -P -bufsize -debug' -- $cur ) )
                fi
                ;;
            dhparam)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -out -dsaparam -noout \
                        -text -C -2 -5 -rand' -- $cur ) )
                fi
                ;;
            gendsa)
                case $prev in
                    -@(out|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-out -des -des3 -idea -rand' -- $cur ) )
                else
                        _filedir
                fi
                ;;
            genrsa)
                case $prev in
                    -@(out|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-out -passout -des -des3 -idea -f4 -3 -rand' -- $cur ) )
                fi
                ;;
            pkcs7)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -out -print_certs -text -noout' -- $cur ) )
                fi
                ;;
            rand)
                case $prev in
                    -@(out|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-out -rand -base64' -- $cur ) )
                fi
                ;;
            req)
                case "$prev" in
                    -@(in|out|key)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;

                    -@(in|out|rand|key|keyout|config))
                        _filedir
                        return 0
                        ;;
                    -extensions)
                        _openssl_sections
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in \
                        -passin -out -passout -text -noout -verify \
                        -modulus -new -rand -newkey -newkey -nodes \
                        -key -keyform -keyout -md5 -sha1 -md2 -mdc2 \
                        -config -x509 -days -asn1-kludge -newhdr \
                        -extensions -reqexts section' -- $cur ) )
                fi
                ;;
            rsa)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER NET PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -passin -out -passout \
                        -sgckey -des -des3 -idea -text -noout -modulus -check -pubin \
                        -pubout -engine' -- $cur ) )
                fi
                ;;
            rsautl)
                case $prev in
                    -@(in|out|inkey))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-in -out -inkey -pubin -certin -sign -verify \
                        -encrypt -decrypt -pkcs -ssl -raw -hexdump -asn1parse' -- $cur ) )
                fi
                ;;
            s_client)
                case $prev in
                    -connect)
                        _known_hosts
                        return 0
                        ;;
                    -@(cert|key|CAfile|rand))
                        _filedir
                        return 0
                        ;;
                    -CApath)
                        _filedir -d
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-connect -verify -cert -key -CApath -CAfile \
                        -reconnect -pause -showcerts -debug -msg -nbio_test -state -nbio \
                        -crlf -ign_eof -quiet -ssl2 -ssl3 -tls1 -no_ssl2 -no_ssl3 -no_tls1 \
                        -bugs -cipher -starttls -engine -rand' -- $cur ) )
                fi
                ;;
            s_server)
                case $prev in
                    -@(cert|key|dcert|dkey|dhparam|CAfile|rand))
                        _filedir
                        return 0
                        ;;
                    -CApath)
                        _filedir -d
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-accept -context -verify -Verify -cert -key \
                         -dcert -dkey -dhparam -nbio -nbio_test -crlf -debug -msg -state -CApath \
                         -CAfile -nocert -cipher -quiet -no_tmp_rsa -ssl2 -ssl3 -tls1 -no_ssl2 \
                         -no_ssl3 -no_tls1 -no_dhe -bugs -hack -www -WWW -HTTP -engine -id_prefix \
                         -rand' -- $cur ) )
                 fi
                 ;;
            s_time)
                case $prev in
                    -connect)
                        _known_hosts
                        return 0
                        ;;
                    -@(cert|key|CAfile))
                        _filedir
                        return 0
                        ;;
                    -CApath)
                        _filedir -d
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-connect -www -cert -key -CApath -CAfile -reuse \
                        -new -verify -nbio -time -ssl2 -ssl3 -bugs -cipher' -- $cur ) )
                fi
                ;;

            sess_id) 
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out))
                        _filedir
                        return 0
                        ;;
                esac


                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform -in -out -text -noout \
                        -context ID' -- $cur ) )
                fi
                ;;
            smime)
                case $prev in
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'SMIME DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -@(in|out|certfile|signer|recip|inkey|content|rand))
                        _filedir
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-encrypt -decrypt -sign -verify -pk7out -des -des3 \
                        -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -in -certfile -signer \
                        -recip -inform -passin -inkey -out -outform -content -to -from -subject \
                        -text -rand' -- $cur ) )
                else
                        _filedir
                fi
                ;;
            speed)
                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-engine' -- $cur ) )
                else
                    COMPREPLY=( $( compgen -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc \
                        rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024 rsa2048 \
                        rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa blowfish' -- $cur ) )
                fi
                ;;
            verify)
                case $prev in
                    -@(CAfile|untrusted))
                        _filedir
                        return 0
                        ;;
                    -CApath)
                        _filedir -d
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-CApath -CAfile -purpose -untrusted -help -issuer_checks \
                        -verbose -certificates' -- $cur ) )
                else
                        _filedir
                fi
                ;;
            x509)
                case "$prev" in
                    -@(in|out|CA|CAkey|CAserial|extfile))
                        _filedir
                        return 0
                        ;;
                    -@(in|out)form)
                        COMPREPLY=( $( compgen -W 'DER PEM NET' -- $cur ) )
                        return 0
                        ;;
                    -@(key|CA|CAkey)form)
                        COMPREPLY=( $( compgen -W 'DER PEM' -- $cur ) )
                        return 0
                        ;;
                    -extensions)
                        _openssl_sections
                        return 0
                        ;;
                esac

                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-inform -outform \
                        -keyform -CAform -CAkeyform -in -out \
                        -serial -hash -subject -issuer -nameopt \
                        -email -startdate -enddate -purpose \
                        -dates -modulus -fingerprint -alias \
                        -noout -trustout -clrtrust -clrreject \
                        -addtrust -addreject -setalias -days \
                        -set_serial -signkey -x509toreq -req \
                        -CA -CAkey -CAcreateserial -CAserial \
                        -text -C -md2 -md5 -sha1 -mdc2 -clrext \
                        -extfile -extensions -engine' -- $cur ) )
                fi
                ;;
            @(md5|md4|md2|sha1|sha|mdc2|ripemd160))
                if [[ "$cur" == -* ]]; then
                    COMPREPLY=( $( compgen -W '-c -d' -- $cur ) )
                else
                        _filedir
                fi
                ;;
        esac
    fi

    return 0
}
comp_install  # Make this completion persistent
_openssl  # Generate completions first time
