---
- name: Generate account key
  command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem

- name: Generate second account key
  command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey2.pem

- name: Parse account key (to ease debugging some test failures)
  command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text

- name: Check that account does not exist
  acme_account_facts:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
  register: account_not_created

- name: Create it now
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    state: present
    allow_creation: yes
    terms_agreed: yes
    contact:
    - mailto:example@example.org

- name: Check that account exists
  acme_account_facts:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
  register: account_created

- name: Clear email address
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    state: present
    allow_creation: no
    contact: []

- name: Check that account was modified
  acme_account_facts:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_uri: "{{ account_created.account_uri }}"
  register: account_modified

- name: Check with wrong account URI
  acme_account_facts:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
  register: account_not_exist

- name: Check with wrong account key
  acme_account_facts:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ output_dir }}/accountkey2.pem"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_uri: "{{ account_created.account_uri }}"
  ignore_errors: yes
  register: account_wrong_key