---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

- name: "({{ select_crypto_backend }}) Generate privatekey"
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    return_content: true
  check_mode: true
  register: publickey_check

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    return_content: true
  register: publickey

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    return_content: true
  check_mode: true
  register: publickey_check2

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (idempotence)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    return_content: true
  register: publickey_idempotence

- name: "({{ select_crypto_backend }}) Verify check mode"
  assert:
    that:
      - publickey_check is changed
      - publickey is changed
      - publickey_check2 is not changed
      - publickey_idempotence is not changed

- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey-ssh.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    format: OpenSSH
    select_crypto_backend: '{{ select_crypto_backend }}'
  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')

- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format - test idempotence (issue 33256)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey-ssh.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    format: OpenSSH
    select_crypto_backend: '{{ select_crypto_backend }}'
  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
  register: publickey_ssh_idempotence

- name: "({{ select_crypto_backend }}) Generate publickey2 - standard"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey2.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'

- name: "({{ select_crypto_backend }}) Delete publickey2 - standard"
  openssl_publickey:
    state: absent
    path: '{{ remote_tmp_dir }}/publickey2.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    return_content: true
  register: publickey2_absent

- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)"
  openssl_publickey:
    state: absent
    path: '{{ remote_tmp_dir }}/publickey2.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: publickey2_absent_idempotence

- name: "({{ select_crypto_backend }}) Generate privatekey3 - with passphrase"
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey3.pem'
    passphrase: ansible
    cipher: auto
    size: '{{ default_rsa_key_size }}'

- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey3.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem'
    privatekey_passphrase: ansible
    select_crypto_backend: '{{ select_crypto_backend }}'

- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey - idempotence"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey3.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem'
    privatekey_passphrase: ansible
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: publickey3_idempotence

- name: "({{ select_crypto_backend }}) Generate empty file that will hold a public key (issue 33072)"
  file:
    path: '{{ remote_tmp_dir }}/publickey4.pub'
    state: touch

- name: "({{ select_crypto_backend }}) Generate publickey in empty existing file (issue 33072)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey4.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'

- name: "({{ select_crypto_backend }}) Generate privatekey 5 (ECC)"
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey5.pem'
    type: ECC
    curve: secp256r1
    size: '{{ default_rsa_key_size }}'

- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey5.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    backup: true
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: privatekey5_1
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey5.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    backup: true
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: privatekey5_2
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey5.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem'
    backup: true
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: privatekey5_3

- name: "({{ select_crypto_backend }}) Generate privatekey with password"
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    cipher: auto
    select_crypto_backend: cryptography
    size: '{{ default_rsa_key_size }}'

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey_pw1.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    privatekey_passphrase: hunter2
    select_crypto_backend: '{{ select_crypto_backend }}'
  ignore_errors: true
  register: passphrase_error_1

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey_pw2.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: wrong_password
    select_crypto_backend: '{{ select_crypto_backend }}'
  ignore_errors: true
  register: passphrase_error_2

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey_pw3.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  ignore_errors: true
  register: passphrase_error_3

- name: "({{ select_crypto_backend }}) Create broken key"
  copy:
    dest: "{{ remote_tmp_dir }}/publickeybroken.pub"
    content: "broken"
- name: "({{ select_crypto_backend }}) Regenerate broken key"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickeybroken.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: output_broken

- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (for removal)"
  openssl_publickey:
    path: '{{ remote_tmp_dir }}/publickey_removal.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal)"
  openssl_publickey:
    state: absent
    path: '{{ remote_tmp_dir }}/publickey_removal.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    backup: true
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: remove_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)"
  openssl_publickey:
    state: absent
    path: '{{ remote_tmp_dir }}/publickey_removal.pub'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    backup: true
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: remove_2