- block:
  - name: Generate privatekey
    openssl_privatekey:
      path: '{{ output_dir }}/ansible_pkey.pem'
  - name: Generate privatekey2
    openssl_privatekey:
      path: '{{ output_dir }}/ansible_pkey2.pem'
  - name: Generate privatekey3
    openssl_privatekey:
      path: '{{ output_dir }}/ansible_pkey3.pem'
  - name: Generate CSR
    openssl_csr:
      path: '{{ output_dir }}/ansible.csr'
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      commonName: www.ansible.com
  - name: Generate CSR 2
    openssl_csr:
      path: '{{ output_dir }}/ansible2.csr'
      privatekey_path: '{{ output_dir }}/ansible_pkey2.pem'
      commonName: www2.ansible.com
  - name: Generate CSR 3
    openssl_csr:
      path: '{{ output_dir }}/ansible3.csr'
      privatekey_path: '{{ output_dir }}/ansible_pkey3.pem'
      commonName: www3.ansible.com
  - name: Generate certificate
    x509_certificate:
      path: '{{ output_dir }}/{{ item.name }}.crt'
      privatekey_path: '{{ output_dir }}/{{ item.pkey }}'
      csr_path: '{{ output_dir }}/{{ item.name }}.csr'
      provider: selfsigned
    loop:
    - name: ansible
      pkey: ansible_pkey.pem
    - name: ansible2
      pkey: ansible_pkey2.pem
    - name: ansible3
      pkey: ansible_pkey3.pem
  - name: Generate PKCS#12 file
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      return_content: true
    register: p12_standard
  - name: Generate PKCS#12 file again, idempotency
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      return_content: true
    register: p12_standard_idempotency
  - name: Read ansible.p12
    slurp:
      src: '{{ output_dir }}/ansible.p12'
    register: ansible_p12_content
  - name: Validate PKCS#12
    assert:
      that:
      - p12_standard.pkcs12 == ansible_p12_content.content
      - p12_standard_idempotency.pkcs12 == p12_standard.pkcs12
  - name: Generate PKCS#12 file (force)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      force: true
    register: p12_force
  - name: Generate PKCS#12 file (force + change mode)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      force: true
      mode: '0644'
    register: p12_force_and_mode
  - name: Dump PKCS#12
    openssl_pkcs12:
      src: '{{ output_dir }}/ansible.p12'
      path: '{{ output_dir }}/ansible_parse.pem'
      action: parse
      state: present
  - name: Generate PKCS#12 file with multiple certs
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_multi_certs.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      ca_certificates:
      - '{{ output_dir }}/ansible2.crt'
      - '{{ output_dir }}/ansible3.crt'
      state: present
    register: p12_multiple_certs
  - name: Generate PKCS#12 file with multiple certs, again (idempotency)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_multi_certs.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      ca_certificates:
      - '{{ output_dir }}/ansible2.crt'
      - '{{ output_dir }}/ansible3.crt'
      state: present
    register: p12_multiple_certs_idempotency
  - name: Dump PKCS#12 with multiple certs
    openssl_pkcs12:
      src: '{{ output_dir }}/ansible_multi_certs.p12'
      path: '{{ output_dir }}/ansible_parse_multi_certs.pem'
      action: parse
      state: present
  - name: Generate privatekey with password
    openssl_privatekey:
      path: '{{ output_dir }}/privatekeypw.pem'
      passphrase: hunter2
      cipher: auto
      select_crypto_backend: cryptography
  - name: Generate PKCS#12 file (password fail 1)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_pw1.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      privatekey_passphrase: hunter2
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
    ignore_errors: true
    register: passphrase_error_1
  - name: Generate PKCS#12 file (password fail 2)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_pw2.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      privatekey_passphrase: wrong_password
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
    ignore_errors: true
    register: passphrase_error_2
  - name: Generate PKCS#12 file (password fail 3)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_pw3.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
    ignore_errors: true
    register: passphrase_error_3
  - name: Generate PKCS#12 file, no privatekey
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_no_pkey.p12'
      friendly_name: abracadabra
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
    register: p12_no_pkey
  - name: Create broken PKCS#12
    copy:
      dest: '{{ output_dir }}/broken.p12'
      content: broken
  - name: Regenerate broken PKCS#12
    openssl_pkcs12:
      path: '{{ output_dir }}/broken.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      force: true
      mode: '0644'
    register: output_broken
  - name: Generate PKCS#12 file
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_backup.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      backup: true
    register: p12_backup_1
  - name: Generate PKCS#12 file (idempotent)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_backup.p12'
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      backup: true
    register: p12_backup_2
  - name: Generate PKCS#12 file (change)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_backup.p12'
      friendly_name: abra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
      state: present
      force: true
      backup: true
    register: p12_backup_3
  - name: Generate PKCS#12 file (remove)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_backup.p12'
      state: absent
      backup: true
      return_content: true
    register: p12_backup_4
  - name: Generate PKCS#12 file (remove, idempotent)
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_backup.p12'
      state: absent
      backup: true
    register: p12_backup_5
  - import_tasks: ../tests/validate.yml
  always:
  - name: Delete PKCS#12 file
    openssl_pkcs12:
      state: absent
      path: '{{ output_dir }}/{{ item }}.p12'
    loop:
    - ansible
    - ansible_no_pkey
    - ansible_multi_certs
    - ansible_pw1
    - ansible_pw2
    - ansible_pw3