---
# The tests for this module generate unsafe parameters for testing purposes;
# otherwise tests would be too slow. Use sizes of at least 2048 in production!
- name: "[{{ select_crypto_backend }}] Generate parameter"
  openssl_dhparam:
    size: 768
    path: '{{ output_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"

- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change"
  openssl_dhparam:
    size: 768
    path: '{{ output_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed

- name: "[{{ select_crypto_backend }}] Generate parameters with size option"
  openssl_dhparam:
    path: '{{ output_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"

- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change"
  openssl_dhparam:
    path: '{{ output_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed_512

- copy:
    src: '{{ output_dir }}/dh768.pem'
    remote_src: yes
    dest: '{{ output_dir }}/dh512.pem'

- name: "[{{ select_crypto_backend }}] Re-generate if size is different"
  openssl_dhparam:
    path: '{{ output_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed_to_512

- name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option"
  openssl_dhparam:
    path: '{{ output_dir }}/dh512.pem'
    size: 512
    force: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed_force

- name: "[{{ select_crypto_backend }}] Create broken params"
  copy:
    dest: "{{ output_dir }}/dhbroken.pem"
    content: "broken"
- name: "[{{ select_crypto_backend }}] Regenerate broken params"
  openssl_dhparam:
    path: '{{ output_dir }}/dhbroken.pem'
    size: 512
    force: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: output_broken

- name: "[{{ select_crypto_backend }}] Generate params"
  openssl_dhparam:
    path: '{{ output_dir }}/dh_backup.pem'
    size: 512
    backup: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_1
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
  openssl_dhparam:
    path: '{{ output_dir }}/dh_backup.pem'
    size: 512
    backup: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_2
- name: "[{{ select_crypto_backend }}] Generate params (change)"
  openssl_dhparam:
    path: '{{ output_dir }}/dh_backup.pem'
    size: 512
    force: yes
    backup: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_3
- name: "[{{ select_crypto_backend }}] Generate params (remove)"
  openssl_dhparam:
    path: '{{ output_dir }}/dh_backup.pem'
    state: absent
    backup: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_4
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
  openssl_dhparam:
    path: '{{ output_dir }}/dh_backup.pem'
    state: absent
    backup: yes
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_5