---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

- block:
  - name: Generate account keys
    openssl_privatekey:
      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
      type: ECC
      curve: secp256r1
      force: true
    loop: "{{ account_keys }}"

  - name: Parse account keys (to ease debugging some test failures)
    openssl_privatekey_info:
      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
      return_private_key_data: true
    loop: "{{ account_keys }}"

  vars:
    account_keys:
      - accountkey
      - accountkey2

- name: Check that account does not exist
  acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
  register: account_not_created

- name: Create it now
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
    state: present
    allow_creation: true
    terms_agreed: true
    contact:
    - mailto:example@example.org

- name: Check that account exists
  acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
  register: account_created

- name: Read account key
  slurp:
    src: '{{ remote_tmp_dir }}/accountkey.pem'
  register: slurp

- name: Clear email address
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ slurp.content | b64decode }}"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
    state: present
    allow_creation: false
    contact: []

- name: Check that account was modified
  acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
    account_uri: "{{ account_created.account_uri }}"
  register: account_modified

- name: Check with wrong account URI
  acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
    account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
  register: account_not_exist

- name: Check with wrong account key
  acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
    validate_certs: false
    account_uri: "{{ account_created.account_uri }}"
  ignore_errors: true
  register: account_wrong_key