- block:
    - name: Generate privatekey
      openssl_privatekey:
        path: '{{ output_dir }}/privatekey.pem'

    - name: Generate publickey - PEM format
      openssl_publickey:
        path: '{{ output_dir }}/publickey.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'

    - name: Generate publickey - OpenSSH format
      openssl_publickey:
        path: '{{ output_dir }}/publickey-ssh.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'
        format: OpenSSH
      # cryptography.hazmat.primitives import serialization.Encoding.OpenSSH and
      # cryptography.hazmat.primitives import serialization.PublicFormat.OpenSSH constants
      # appeared in version 1.4 of cryptography
      when: cryptography_version.stdout is version('1.4.0', '>=')

    - name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
      openssl_publickey:
        path: '{{ output_dir }}/publickey-ssh.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'
        format: OpenSSH
      when: cryptography_version.stdout is version('1.4.0', '>=')
      register: publickey_ssh_idempotence

    - name: Generate publickey2 - standard
      openssl_publickey:
        path: '{{ output_dir }}/publickey2.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'

    - name: Delete publickey2 - standard
      openssl_publickey:
        state: absent
        path: '{{ output_dir }}/publickey2.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'

    - name: Generate privatekey3 - with passphrase
      openssl_privatekey:
        path: '{{ output_dir }}/privatekey3.pem'
        passphrase: ansible
        cipher: aes256

    - name: Generate publickey3 - with passphrase protected privatekey
      openssl_publickey:
        path: '{{ output_dir }}/publickey3.pub'
        privatekey_path: '{{ output_dir }}/privatekey3.pem'
        privatekey_passphrase: ansible

    - name: Generate publickey3 - with passphrase protected privatekey - idempotence
      openssl_publickey:
        path: '{{ output_dir }}/publickey3.pub'
        privatekey_path: '{{ output_dir }}/privatekey3.pem'
        privatekey_passphrase: ansible
      register: publickey3_idempotence

    - name: Generate empty file that will hold a public key (issue 33072)
      file:
        path: '{{ output_dir }}/publickey4.pub'
        state: touch

    - name: Generate publickey in empty existing file (issue 33072)
      openssl_publickey:
        path: '{{ output_dir }}/publickey4.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'

    - import_tasks: ../tests/validate.yml

  when: pyopenssl_version.stdout is version('16.0.0', '>=')