(command.CommandList
  children: [
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:tid)
          op: assign_op.Equal
          rhs: {(DQ <'pkcs11 agent test'>)}
          spids: [7]
        )
      ]
    )
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:TEST_SSH_PIN)
          op: assign_op.Equal
          rhs: {(DQ )}
          spids: [13]
        )
      ]
    )
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:TEST_SSH_PKCS11)
          op: assign_op.Equal
          rhs: {<'/usr/local/lib/soft-pkcs11.so.0.0'>}
          spids: [17]
        )
      ]
    )
    (command.AndOr
      ops: [Id.Op_DPipe]
      children: [
        (C {<test>} {<-f>} {(DQ ($ Id.VSub_DollarName '$TEST_SSH_PKCS11'))})
        (C {<fatal>} {(DQ ($ Id.VSub_DollarName '$TEST_SSH_PKCS11') <' does not exist'>)})
      ]
    )
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:SOFTPKCS11RC)
          op: assign_op.Equal
          rhs: {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.info'>}
          spids: [42]
        )
      ]
    )
    (C {<export>} {<SOFTPKCS11RC>})
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:SSH_ASKPASS)
          op: assign_op.Equal
          rhs: {<'/usr/bin/true'>}
          spids: [53]
        )
      ]
    )
    (C {<export>} {<SSH_ASKPASS>})
    (C {<unset>} {<DISPLAY>})
    (command.ShFunction
      name: notty
      body: 
        (BraceGroup
          children: [
            (C {<perl>} {<-e>} 
              {
                (SQ <'use POSIX; POSIX::setsid(); \n'> 
                  <'\t    if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }'>
                )
              } {(DQ ($ Id.VSub_At '$@'))}
            )
          ]
        )
    )
    (C {<trace>} {(DQ <'start agent'>)})
    (command.Simple
      words: [
        {<eval>}
        {(command_sub left_token:<Id.Left_Backtick '`'> child:(C {(${ Id.VSub_Name SSHAGENT)} {<-s>}))}
      ]
      redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})]
      do_fork: T
    )
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:r)
          op: assign_op.Equal
          rhs: {($ Id.VSub_QMark '$?')}
          spids: [113]
        )
      ]
    )
    (command.If
      arms: [
        (if_arm
          cond: 
            (condition.Shell
              commands: [
                (command.Sentence
                  child: 
                    (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<0>} 
                      {<Id.Lit_RBracket ']'>}
                    )
                  terminator: <Id.Op_Semi _>
                )
              ]
            )
          action: [
            (C {<fail>} {(DQ <'could not start ssh-agent: exit code '> ($ Id.VSub_DollarName '$r'))})
          ]
          spids: [116 129]
        )
      ]
      else_action: [
        (C {<trace>} {(DQ <'generating key/cert'>)})
        (C {<rm>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>} 
          {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.crt'>}
        )
        (command.Simple
          words: [{<openssl>} {<genrsa>} {<-out>} {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>} {<2048>}]
          redirects: [
            (redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})
            (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>})
          ]
          do_fork: T
        )
        (C {<chmod>} {<600>} {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>})
        (command.Simple
          words: [
            {<openssl>}
            {<req>}
            {<-key>}
            {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>}
            {<-new>}
            {<-x509>}
            {<-out>}
            {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.crt'>}
            {<-text>}
            {<-subj>}
            {(SQ <'/CN=pkcs11 test'>)}
          ]
          redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})]
          do_fork: T
        )
        (command.Simple
          words: [
            {<printf>}
            {
              (DQ <a> <Id.Lit_BadBackslash '\\'> <ta> <Id.Lit_BadBackslash '\\'> <t> 
                ($ Id.VSub_DollarName '$OBJ') <'/pkcs11.crt'> <Id.Lit_BadBackslash '\\'> <t> ($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>
              )
            }
          ]
          redirects: [
            (redir
              op: <Id.Redir_Great '>'>
              loc: (redir_loc.Fd fd:1)
              arg: {($ Id.VSub_DollarName '$SOFTPKCS11RC')}
            )
          ]
          do_fork: T
        )
        (command.Simple
          words: [
            {(${ Id.VSub_Name SSHKEYGEN)}
            {<-y>}
            {<-f>}
            {($ Id.VSub_DollarName '$OBJ') <'/pkcs11.key'>}
          ]
          redirects: [
            (redir
              op: <Id.Redir_Great '>'>
              loc: (redir_loc.Fd fd:1)
              arg: 
                {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER')}
            )
          ]
          do_fork: T
        )
        (C {<trace>} {(DQ <'add pkcs11 key to agent'>)})
        (command.Pipeline
          children: [
            (C {<echo>} {(${ Id.VSub_Name TEST_SSH_PIN)})
            (command.Simple
              words: [{<notty>} {(${ Id.VSub_Name SSHADD)} {<-s>} {(${ Id.VSub_Name TEST_SSH_PKCS11)}]
              redirects: [
                (redir
                  op: <Id.Redir_Great '>'>
                  loc: (redir_loc.Fd fd:1)
                  arg: {<'/dev/null'>}
                )
                (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>})
              ]
              do_fork: T
            )
          ]
          negated: F
        )
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name name:r)
              op: assign_op.Equal
              rhs: {($ Id.VSub_QMark '$?')}
              spids: [300]
            )
          ]
        )
        (command.If
          arms: [
            (if_arm
              cond: 
                (condition.Shell
                  commands: [
                    (command.Sentence
                      child: 
                        (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<0>} 
                          {<Id.Lit_RBracket ']'>}
                        )
                      terminator: <Id.Op_Semi _>
                    )
                  ]
                )
              action: [(C {<fail>} {(DQ <'ssh-add -s failed: exit code '> ($ Id.VSub_DollarName '$r'))})]
              spids: [304 317]
            )
          ]
        )
        (C {<trace>} {(DQ <'pkcs11 list via agent'>)})
        (command.Simple
          words: [{(${ Id.VSub_Name SSHADD)} {<-l>}]
          redirects: [
            (redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})
            (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>})
          ]
          do_fork: T
        )
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name name:r)
              op: assign_op.Equal
              rhs: {($ Id.VSub_QMark '$?')}
              spids: [353]
            )
          ]
        )
        (command.If
          arms: [
            (if_arm
              cond: 
                (condition.Shell
                  commands: [
                    (command.Sentence
                      child: 
                        (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<0>} 
                          {<Id.Lit_RBracket ']'>}
                        )
                      terminator: <Id.Op_Semi _>
                    )
                  ]
                )
              action: [(C {<fail>} {(DQ <'ssh-add -l failed: exit code '> ($ Id.VSub_DollarName '$r'))})]
              spids: [357 370]
            )
          ]
        )
        (C {<trace>} {(DQ <'pkcs11 connect via agent'>)})
        (C {(${ Id.VSub_Name SSH)} {<-2>} {<-F>} {($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy'>} 
          {<somehost>} {<Id.ControlFlow_Exit exit>} {<5>}
        )
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name name:r)
              op: assign_op.Equal
              rhs: {($ Id.VSub_QMark '$?')}
              spids: [410]
            )
          ]
        )
        (command.If
          arms: [
            (if_arm
              cond: 
                (condition.Shell
                  commands: [
                    (command.Sentence
                      child: 
                        (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<5>} 
                          {<Id.Lit_RBracket ']'>}
                        )
                      terminator: <Id.Op_Semi _>
                    )
                  ]
                )
              action: [
                (C {<fail>} {(DQ <'ssh connect failed (exit code '> ($ Id.VSub_DollarName '$r') <')'>)})
              ]
              spids: [414 427]
            )
          ]
        )
        (C {<trace>} {(DQ <'remove pkcs11 keys'>)})
        (command.Pipeline
          children: [
            (C {<echo>} {(${ Id.VSub_Name TEST_SSH_PIN)})
            (command.Simple
              words: [{<notty>} {(${ Id.VSub_Name SSHADD)} {<-e>} {(${ Id.VSub_Name TEST_SSH_PKCS11)}]
              redirects: [
                (redir
                  op: <Id.Redir_Great '>'>
                  loc: (redir_loc.Fd fd:1)
                  arg: {<'/dev/null'>}
                )
                (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>})
              ]
              do_fork: T
            )
          ]
          negated: F
        )
        (command.ShAssignment
          pairs: [
            (assign_pair
              lhs: (sh_lhs_expr.Name name:r)
              op: assign_op.Equal
              rhs: {($ Id.VSub_QMark '$?')}
              spids: [478]
            )
          ]
        )
        (command.If
          arms: [
            (if_arm
              cond: 
                (condition.Shell
                  commands: [
                    (command.Sentence
                      child: 
                        (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<0>} 
                          {<Id.Lit_RBracket ']'>}
                        )
                      terminator: <Id.Op_Semi _>
                    )
                  ]
                )
              action: [(C {<fail>} {(DQ <'ssh-add -e failed: exit code '> ($ Id.VSub_DollarName '$r'))})]
              spids: [482 495]
            )
          ]
        )
        (C {<trace>} {(DQ <'kill agent'>)})
        (command.Simple
          words: [{(${ Id.VSub_Name SSHAGENT)} {<-k>}]
          redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})]
          do_fork: T
        )
      ]
    )
  ]
)