#	Placed in the Public Domain.

# generate keys and loads them into the virtual token
# NOTE: require OpenSSL 1.0+ utility genpkey
RSA=$SSH_SOFTHSM_DIR/RSA
EC=$SSH_SOFTHSM_DIR/EC
p11_genkeys() {
	out=`$SOFTHSM2_TOOL --init-token --free --label token-slot-0 --pin "$TEST_SSH_PIN" --so-pin "$TEST_SSH_SOPIN"`
	slot=`echo -- $out | sed 's/.* //'`

	# RSA key
	RSAP8=$SSH_SOFTHSM_DIR/RSAP8
	$OPENSSL genpkey -algorithm rsa > $RSA 2>/dev/null || \
	    fatal "genpkey RSA fail"
	$OPENSSL pkcs8 -nocrypt -in $RSA > $RSAP8 || fatal "pkcs8 RSA fail"
	$SOFTHSM2_TOOL --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" \
	    --import $RSAP8 >/dev/null || fatal "softhsm import RSA fail"
	chmod 600 $RSA
	$SSHKEYGEN -y -f $RSA > $RSA.pub

	# EC key
	ECPARAM=$SSH_SOFTHSM_DIR/ECPARAM
	ECP8=$SSH_SOFTHSM_DIR/ECP8
	$OPENSSL genpkey -genparam -algorithm ec \
	    -pkeyopt ec_paramgen_curve:prime256v1 > $ECPARAM || \
	    fatal "param EC fail"
	$OPENSSL genpkey -paramfile $ECPARAM > $EC || \
	    fatal "genpkey EC fail"
	$OPENSSL pkcs8 -nocrypt -in $EC > $ECP8 || fatal "pkcs8 EC fail"
	$SOFTHSM2_TOOL --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" \
	    --import $ECP8 >/dev/null || fatal "softhsm import EC fail"
	chmod 600 $EC
	$SSHKEYGEN -y -f $EC > $EC.pub
}
