- block:
  - name: 'Generate privatekey with'
    openssl_privatekey:
      path: "{{ output_dir }}/ansible_pkey.pem"

  - name: 'Generate CSR with'
    openssl_csr:
      path: "{{ output_dir }}/ansible.csr"
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      commonName: 'www.ansible.com'

  - name: 'Generate certificate'
    openssl_certificate:
      path: "{{ output_dir }}/ansible.crt"
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      csr_path: "{{ output_dir }}/ansible.csr"
      provider: selfsigned

  - name: 'Generate PKCS#12 file'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    register: p12_standard

  - name: 'Generate PKCS#12 file (force)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
      force: True
    register: p12_force

  - name: 'Generate PKCS#12 file (force + change mode)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
      force: True
      mode: 0644
    register: p12_force_and_mode

  - name: 'Dump PKCS#12'
    openssl_pkcs12:
      src: "{{ output_dir }}/ansible.p12"
      path: "{{ output_dir }}/ansible_parse.pem"
      action: 'parse'
      state: 'present'

  - name: Generate privatekey with password
    openssl_privatekey:
      path: '{{ output_dir }}/privatekeypw.pem'
      passphrase: hunter2
      cipher: auto
      select_crypto_backend: cryptography

  - name: 'Generate PKCS#12 file (password fail 1)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw1.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      privatekey_passphrase: hunter2
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_1

  - name: 'Generate PKCS#12 file (password fail 2)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw2.p12"
      friendly_name: 'abracadabra'
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      privatekey_passphrase: wrong_password
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_2

  - name: 'Generate PKCS#12 file (password fail 3)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw3.p12"
      friendly_name: 'abracadabra'
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_3

  - name: 'Generate PKCS#12 file, no privatekey'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_no_pkey.p12"
      friendly_name: 'abracadabra'
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    register: p12_no_pkey

  - import_tasks: ../tests/validate.yml

  always:
  - name: 'Delete PKCS#12 file'
    openssl_pkcs12:
      state: absent
      path: '{{ output_dir }}/ansible.p12'
    loop:
      - 'ansible'
      - 'ansible_no_pkey'
      - 'ansible_pw1'
      - 'ansible_pw2'
      - 'ansible_pw3'