(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:DESTDIR) op: assign_op.Equal rhs: {(/var/unbound)} spids: [110] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:SERVERNAME) op: assign_op.Equal rhs: {(unbound)} spids: [117] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CLIENTNAME) op: assign_op.Equal rhs: {(unbound-control)} spids: [120] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:DAYS) op: assign_op.Equal rhs: {(7200)} spids: [127] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:BITS) op: assign_op.Equal rhs: {(3072)} spids: [134] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:HASH) op: assign_op.Equal rhs: {(sha256)} spids: [141] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:SVR_BASE) op: assign_op.Equal rhs: {(unbound_server)} spids: [148] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CTL_BASE) op: assign_op.Equal rhs: {(unbound_control)} spids: [155] ) ] ) (C {(umask)} {(0027)}) (command.ShFunction name: error body: (command.BraceGroup children: [ (C {(echo)} {(DQ ($ Id.VSub_Number '$0') (' fatal error: ') ($ Id.VSub_Number '$1'))}) (command.ControlFlow token: (Token id:Id.ControlFlow_Exit val:exit span_id:192) arg_word: {(1)} ) ] ) ) (command.WhileUntil keyword: (Token id:Id.KW_While val:while span_id:202) cond: [ (command.Sentence child: (C {(test)} {($ Id.VSub_Pound '$#')} {(-ne)} {(0)}) terminator: (Token id:Id.Op_Semi val:';' span_id:211) ) ] body: (command.DoGroup children: [ (command.Case to_match: {($ Id.VSub_Number '$1')} arms: [ (case_arm pat_list: [{(-d)}] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(test)} {($ Id.VSub_Pound '$#')} {(-eq)} {(1)}) terminator: (Token id:Id.Op_Semi val:';' span_id:236) ) ] action: [ (command.Sentence child: (C {(error)} {(DQ ('need argument for -d'))}) terminator: (Token id:Id.Op_Semi val:';' span_id:245) ) ] spids: [227 238] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:DESTDIR) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$2'))} spids: [250] ) ] ) (C {(shift)}) ] spids: [223 224 259 -1] ) (case_arm pat_list: [{(Id.Lit_Star '*')}] action: [ (C {(echo)} {(DQ ('unbound-control-setup.sh - setup SSL keys for unbound-control'))}) (C {(echo)} {(DQ ('\t-d dir\tuse directory to store keys and certificates.'))}) (C {(echo)} {(DQ ('\t\tdefault: ') ($ Id.VSub_DollarName '$DESTDIR'))}) (C {(echo)} {(DQ ('please run this command using the same user id that the '))}) (C {(echo)} {(DQ ('unbound daemon uses, it needs read privileges.'))}) (command.ControlFlow token: (Token id:Id.ControlFlow_Exit val:exit span_id:302) arg_word: {(1)} ) ] spids: [262 263 307 -1] ) ] ) (C {(shift)}) ] ) ) (C {(echo)} {(DQ ('setup in directory ') ($ Id.VSub_DollarName '$DESTDIR'))}) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(cd)} {(DQ ($ Id.VSub_DollarName '$DESTDIR'))}) (C {(error)} {(DQ ('could not cd to ') ($ Id.VSub_DollarName '$DESTDIR'))}) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(test)} {(-f)} {($ Id.VSub_DollarName '$SVR_BASE') (.key)}) terminator: (Token id:Id.Op_Semi val:';' span_id:355) ) ] action: [(C {(echo)} {(DQ ($ Id.VSub_DollarName '$SVR_BASE') ('.key exists'))})] spids: [347 357] ) ] else_action: [ (C {(echo)} {(DQ ('generating ') ($ Id.VSub_DollarName '$SVR_BASE') (.key))}) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(openssl)} {(genrsa)} {(-out)} {($ Id.VSub_DollarName '$SVR_BASE') (.key)} {($ Id.VSub_DollarName '$BITS')} ) (C {(error)} {(DQ ('could not genrsa'))}) ] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(test)} {(-f)} {($ Id.VSub_DollarName '$CTL_BASE') (.key)}) terminator: (Token id:Id.Op_Semi val:';' span_id:408) ) ] action: [(C {(echo)} {(DQ ($ Id.VSub_DollarName '$CTL_BASE') ('.key exists'))})] spids: [400 410] ) ] else_action: [ (C {(echo)} {(DQ ('generating ') ($ Id.VSub_DollarName '$CTL_BASE') (.key))}) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(openssl)} {(genrsa)} {(-out)} {($ Id.VSub_DollarName '$CTL_BASE') (.key)} {($ Id.VSub_DollarName '$BITS')} ) (C {(error)} {(DQ ('could not genrsa'))}) ] ) ] ) (command.Simple words: [{(echo)} {(DQ ('[req]'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_Great val:'>' span_id:463) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('default_bits=') ($ Id.VSub_DollarName '$BITS'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:474) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('default_md=') ($ Id.VSub_DollarName '$HASH'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:485) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('prompt=no'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:495) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('distinguished_name=req_distinguished_name'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:505) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ )}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:514) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('[req_distinguished_name]'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:524) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('commonName=') ($ Id.VSub_DollarName '$SERVERNAME'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:535) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(test)} {(-f)} {(request.cfg)}) (C {(error)} {(DQ ('could not create request.cfg'))}) ] ) (C {(echo)} {(DQ ('create ') ($ Id.VSub_DollarName '$SVR_BASE') ('.pem (self signed certificate)'))}) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(openssl)} {(req)} {(-key)} {($ Id.VSub_DollarName '$SVR_BASE') (.key)} {(-config)} {(request.cfg)} {(-new)} {(-x509)} {(-days)} {($ Id.VSub_DollarName '$DAYS')} {(-out)} {($ Id.VSub_DollarName '$SVR_BASE') (.pem)} ) (C {(error)} {(DQ ('could not create ') ($ Id.VSub_DollarName '$SVR_BASE') (.pem))}) ] ) (C {(openssl)} {(x509)} {(-in)} {($ Id.VSub_DollarName '$SVR_BASE') (.pem)} {(-addtrust)} {(serverAuth)} {(-out)} {($ Id.VSub_DollarName '$SVR_BASE') (DQ (_trust.pem))} ) (command.Simple words: [{(echo)} {(DQ ('[req]'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_Great val:'>' span_id:632) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('default_bits=') ($ Id.VSub_DollarName '$BITS'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:643) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('default_md=') ($ Id.VSub_DollarName '$HASH'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:654) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('prompt=no'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:664) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('distinguished_name=req_distinguished_name'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:674) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ )}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:683) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('[req_distinguished_name]'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:693) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.Simple words: [{(echo)} {(DQ ('commonName=') ($ Id.VSub_DollarName '$CLIENTNAME'))}] redirects: [ (redir.Redir op: (Token id:Id.Redir_DGreat val:'>>' span_id:704) fd: -1 arg_word: {(request.cfg)} ) ] ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(test)} {(-f)} {(request.cfg)}) (C {(error)} {(DQ ('could not create request.cfg'))}) ] ) (C {(echo)} {(DQ ('create ') ($ Id.VSub_DollarName '$CTL_BASE') ('.pem (signed client certificate)'))} ) (command.Pipeline children: [ (C {(openssl)} {(req)} {(-key)} {($ Id.VSub_DollarName '$CTL_BASE') (.key)} {(-config)} {(request.cfg)} {(-new)} ) (C {(openssl)} {(x509)} {(-req)} {(-days)} {($ Id.VSub_DollarName '$DAYS')} {(-CA)} {($ Id.VSub_DollarName '$SVR_BASE') (DQ (_trust.pem))} {(-CAkey)} {($ Id.VSub_DollarName '$SVR_BASE') (.key)} {(-CAcreateserial)} {(-) ($ Id.VSub_DollarName '$HASH')} {(-out)} {($ Id.VSub_DollarName '$CTL_BASE') (.pem)} ) ] negated: F ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(test)} {(-f)} {($ Id.VSub_DollarName '$CTL_BASE') (.pem)}) (C {(error)} {(DQ ('could not create ') ($ Id.VSub_DollarName '$CTL_BASE') (.pem))}) ] ) (C {(chmod)} {(o-rw)} {($ Id.VSub_DollarName '$SVR_BASE') (.pem)} {($ Id.VSub_DollarName '$SVR_BASE') (.key)} {($ Id.VSub_DollarName '$CTL_BASE') (.pem)} {($ Id.VSub_DollarName '$CTL_BASE') (.key)} ) (C {(rm)} {(-f)} {(request.cfg)}) (C {(rm)} {(-f)} {($ Id.VSub_DollarName '$CTL_BASE') (DQ (_trust.pem))} {($ Id.VSub_DollarName '$SVR_BASE') (DQ (_trust.pem))} {($ Id.VSub_DollarName '$SVR_BASE') (DQ (_trust.srl))} ) (C {(echo)} {(DQ ('Setup success. Certificates created. Enable in unbound.conf file to use'))}) (command.ControlFlow token:(Token id:Id.ControlFlow_Exit val:exit span_id:880) arg_word:{(0)}) ] )