(List
  (FunctionDef try []
    (List
      (Com {[LIT_CHARS echo]} {[DQ [VarSub @]]})
      (AndOr OP_OR_IF
        (Com {[DQ [VarSub @]]})
        (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
      )
    )
  )
  (Com {[LIT_CHARS try]} {[LIT_CHARS rm]} {[LIT_CHARS -rf]} {[LIT_CHARS out]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS mkdir]} {[LIT_CHARS out]})
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Create]} {[LIT_CHARS the]} {[LIT_CHARS serial]} {[LIT_CHARS number]} {[LIT_CHARS files]} {[LIT_CHARS and]} {[LIT_CHARS indices.]})
  (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('serial', {[LIT_CHARS 1000]})])
  (For i [{[LIT_CHARS B]}, {[LIT_CHARS C]}, {[LIT_CHARS E]}])
    (List
      (Com {[LIT_CHARS try]} {[LIT_CHARS /bin/sh]} {[LIT_CHARS -c]} {[DQ [LIT_CHARS "echo "][VarSub serial][LIT_CHARS " > out/"][VarSub i][LIT_CHARS -serial]]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('serial', {[ComSub (Com {[LIT_CHARS expr]} {[VarSub serial]} {[LIT_OTHER "+"]} {[LIT_CHARS 1]})]})])
      (Com {[LIT_CHARS touch]} {[LIT_CHARS out/] [VarSub i] [LIT_CHARS -index.txt]})
      (Com {[LIT_CHARS touch]} {[LIT_CHARS out/] [VarSub i] [LIT_CHARS -index.txt.attr]})
    )
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Generate]} {[LIT_CHARS the]} {[LIT_CHARS keys.]})
  (For i [{[LIT_CHARS A]}, {[LIT_CHARS B]}, {[LIT_CHARS C]}, {[LIT_CHARS D]}, {[LIT_CHARS E]}])
    (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS genrsa]} {[LIT_CHARS -out]} {[LIT_CHARS out/] [VarSub i] [LIT_CHARS .key]} {[LIT_CHARS 2048]})
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Generate]} {[LIT_CHARS the]} {[LIT_CHARS C]} {[LIT_CHARS CSR]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS req]} {[LIT_CHARS -new]} {[LIT_CHARS -key]} {[LIT_CHARS out/C.key]} {[LIT_CHARS -out]} {[LIT_CHARS out/C.csr]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "C Root CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS C]})]
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS C]} {[LIT_CHARS signs]} {[LIT_CHARS itself.]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS x509]} {[LIT_CHARS -req]} {[LIT_CHARS -days]} {[LIT_CHARS 3650]} {[LIT_CHARS -in]} {[LIT_CHARS out/C.csr]} {[LIT_CHARS -extensions]} {[LIT_CHARS ca_cert]} {[LIT_CHARS -extfile]} {[LIT_CHARS client-certs.cnf]} {[LIT_CHARS -signkey]} {[LIT_CHARS out/C.key]} {[LIT_CHARS -out]} {[LIT_CHARS out/C.pem]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "C Root CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS C]})]
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Generate]} {[LIT_CHARS the]} {[LIT_CHARS intermediates]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS req]} {[LIT_CHARS -new]} {[LIT_CHARS -key]} {[LIT_CHARS out/B.key]} {[LIT_CHARS -out]} {[LIT_CHARS out/B.csr]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "B CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS B]})]
  )
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS ca]} {[LIT_CHARS -batch]} {[LIT_CHARS -extensions]} {[LIT_CHARS ca_cert]} {[LIT_CHARS -in]} {[LIT_CHARS out/B.csr]} {[LIT_CHARS -out]} {[LIT_CHARS out/B.pem]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "C CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS C]})]
  )
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS req]} {[LIT_CHARS -new]} {[LIT_CHARS -key]} {[LIT_CHARS out/E.key]} {[LIT_CHARS -out]} {[LIT_CHARS out/E.csr]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "E CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS E]})]
  )
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS ca]} {[LIT_CHARS -batch]} {[LIT_CHARS -extensions]} {[LIT_CHARS ca_cert]} {[LIT_CHARS -in]} {[LIT_CHARS out/E.csr]} {[LIT_CHARS -out]} {[LIT_CHARS out/E.pem]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "C CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS C]})]
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Generate]} {[LIT_CHARS the]} {[LIT_CHARS leaf]} {[LIT_CHARS certs]})
  (For id [{[LIT_CHARS A]}, {[LIT_CHARS D]}])
    (List
      (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS req]} {[LIT_CHARS -new]} {[LIT_CHARS -key]} {[LIT_CHARS out/] [VarSub id] [LIT_CHARS .key]} {[LIT_CHARS -out]} {[LIT_CHARS out/] [VarSub id] [LIT_CHARS .csr]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
            more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "Client Cert "][VarSub id]]}), ('ID', {[VarSub id]})]
      )
      (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS pkcs8]} {[LIT_CHARS -topk8]} {[LIT_CHARS -nocrypt]} {[LIT_CHARS -in]} {[LIT_CHARS out/] [VarSub id] [LIT_CHARS .key]} {[LIT_CHARS -outform]} {[LIT_CHARS DER]} {[LIT_CHARS -out]} {[LIT_CHARS out/] [VarSub id] [LIT_CHARS .pk8]})
    )
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS B]} {[LIT_CHARS signs]} {[LIT_CHARS A]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS ca]} {[LIT_CHARS -batch]} {[LIT_CHARS -extensions]} {[LIT_CHARS user_cert]} {[LIT_CHARS -in]} {[LIT_CHARS out/A.csr]} {[LIT_CHARS -out]} {[LIT_CHARS out/A.pem]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "B CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS B]})]
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS E]} {[LIT_CHARS signs]} {[LIT_CHARS D]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS ca]} {[LIT_CHARS -batch]} {[LIT_CHARS -extensions]} {[LIT_CHARS user_cert]} {[LIT_CHARS -in]} {[LIT_CHARS out/D.csr]} {[LIT_CHARS -out]} {[LIT_CHARS out/D.pem]} {[LIT_CHARS -config]} {[LIT_CHARS client-certs.cnf]}
    more_env=[('COMMON_NAME', {[DQ [LIT_CHARS "E CA"]]}), ('CA_DIR', {[LIT_CHARS out]}), ('ID', {[LIT_CHARS E]})]
  )
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Package]} {[LIT_CHARS the]} {[LIT_CHARS client]} {[LIT_CHARS certs]} {[LIT_CHARS and]} {[LIT_CHARS private]} {[LIT_CHARS keys]} {[LIT_CHARS into]} {[LIT_CHARS PKCS12]} {[LIT_CHARS files]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS /bin/sh]} {[LIT_CHARS -c]} {[DQ [LIT_CHARS "cat out/A.pem out/A.key out/B.pem out/C.pem > out/A-chain.pem"]]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS /bin/sh]} {[LIT_CHARS -c]} {[DQ [LIT_CHARS "cat out/D.pem out/D.key out/E.pem out/C.pem > out/D-chain.pem"]]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS pkcs12]} {[LIT_CHARS -in]} {[LIT_CHARS out/A-chain.pem]} {[LIT_CHARS -out]} {[LIT_CHARS client_1.p12]} {[LIT_CHARS -export]} {[LIT_CHARS -passout]} {[LIT_CHARS pass] [LIT_OTHER ":"] [LIT_CHARS chrome]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS openssl]} {[LIT_CHARS pkcs12]} {[LIT_CHARS -in]} {[LIT_CHARS out/D-chain.pem]} {[LIT_CHARS -out]} {[LIT_CHARS client_2.p12]} {[LIT_CHARS -export]} {[LIT_CHARS -passout]} {[LIT_CHARS pass] [LIT_OTHER ":"] [LIT_CHARS chrome]})
  (Com {[LIT_CHARS echo]} {[LIT_CHARS Package]} {[LIT_CHARS the]} {[LIT_CHARS client]} {[LIT_CHARS certs]} {[LIT_CHARS for]} {[LIT_CHARS unit]} {[LIT_CHARS tests]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/A.pem]} {[LIT_CHARS ../certificates/client_1.pem]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/A.key]} {[LIT_CHARS ../certificates/client_1.key]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/A.pk8]} {[LIT_CHARS ../certificates/client_1.pk8]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/B.pem]} {[LIT_CHARS ../certificates/client_1_ca.pem]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/D.pem]} {[LIT_CHARS ../certificates/client_2.pem]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/D.key]} {[LIT_CHARS ../certificates/client_2.key]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/D.pk8]} {[LIT_CHARS ../certificates/client_2.pk8]})
  (Com {[LIT_CHARS try]} {[LIT_CHARS cp]} {[LIT_CHARS out/E.pem]} {[LIT_CHARS ../certificates/client_2_ca.pem]})
)