--- - name: Generate privatekey1 - standard openssl_privatekey: path: '{{ output_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: Generate privatekey2 - size 2048 openssl_privatekey: path: '{{ output_dir }}/privatekey2.pem' size: 2048 select_crypto_backend: '{{ select_crypto_backend }}' - name: Generate privatekey3 - type DSA openssl_privatekey: path: '{{ output_dir }}/privatekey3.pem' type: DSA size: 3072 select_crypto_backend: '{{ select_crypto_backend }}' - name: Generate privatekey4 - standard openssl_privatekey: path: '{{ output_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: Delete privatekey4 - standard openssl_privatekey: state: absent path: '{{ output_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: Generate privatekey5 - standard - with passphrase openssl_privatekey: path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' - name: Generate privatekey5 - standard - idempotence openssl_privatekey: path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_idempotence - name: Generate privatekey6 - standard - with non-ASCII passphrase openssl_privatekey: path: '{{ output_dir }}/privatekey6.pem' passphrase: ànsïblé cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' - set_fact: ecc_types: [] when: select_crypto_backend == 'pyopenssl' - set_fact: ecc_types: # - curve: X448 # min_cryptography_version: "2.5" # - curve: X25519 # min_cryptography_version: "2.0" - curve: secp384r1 openssl_name: secp384r1 min_cryptography_version: "0.5" - curve: secp521r1 openssl_name: secp521r1 min_cryptography_version: "0.5" - curve: secp224r1 openssl_name: secp224r1 min_cryptography_version: "0.5" - curve: secp192r1 openssl_name: prime192v1 min_cryptography_version: "0.5" - curve: secp256k1 openssl_name: secp256k1 min_cryptography_version: "0.9" - curve: brainpoolP256r1 openssl_name: brainpoolP256r1 min_cryptography_version: "2.2" - curve: brainpoolP384r1 openssl_name: brainpoolP384r1 min_cryptography_version: "2.2" - curve: brainpoolP512r1 openssl_name: brainpoolP512r1 min_cryptography_version: "2.2" - curve: sect571k1 openssl_name: sect571k1 min_cryptography_version: "0.5" - curve: sect409k1 openssl_name: sect409k1 min_cryptography_version: "0.5" - curve: sect283k1 openssl_name: sect283k1 min_cryptography_version: "0.5" - curve: sect233k1 openssl_name: sect233k1 min_cryptography_version: "0.5" - curve: sect163k1 openssl_name: sect163k1 min_cryptography_version: "0.5" - curve: sect571r1 openssl_name: sect571r1 min_cryptography_version: "0.5" - curve: sect409r1 openssl_name: sect409r1 min_cryptography_version: "0.5" - curve: sect283r1 openssl_name: sect283r1 min_cryptography_version: "0.5" - curve: sect233r1 openssl_name: sect233r1 min_cryptography_version: "0.5" - curve: sect163r2 openssl_name: sect163r2 min_cryptography_version: "0.5" when: select_crypto_backend == 'cryptography' - name: Test ECC key generation openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" select_crypto_backend: '{{ select_crypto_backend }}' when: | cryptography_version.stdout is version(item.min_cryptography_version, '>=') and item.openssl_name in openssl_ecc_list loop: "{{ ecc_types }}" loop_control: label: "{{ item.curve }}" register: privatekey_ecc_generate - name: Test ECC key generation (idempotency) openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" select_crypto_backend: '{{ select_crypto_backend }}' when: | cryptography_version.stdout is version(item.min_cryptography_version, '>=') and item.openssl_name in openssl_ecc_list loop: "{{ ecc_types }}" loop_control: label: "{{ item.curve }}" register: privatekey_ecc_idempotency