---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

####################################################################
# WARNING: These are designed specifically for Ansible tests       #
# and should not be used as examples of how to write Ansible roles #
####################################################################

- name: Find out which elliptic curves are supported by installed OpenSSL
  ansible.builtin.command: "{{ openssl_binary }} ecparam -list_curves"
  register: openssl_ecc

- name: Compile list of elliptic curves supported by OpenSSL
  ansible.builtin.set_fact:
    openssl_ecc_list: |
      {{
        openssl_ecc.stdout_lines
        | map('regex_search', '^ *([a-zA-Z0-9_-]+) *: .*$')
        | select()
        | map('regex_replace', '^ *([a-zA-Z0-9_-]+) *: .*$', '\1')
        | list
      }}
  when: ansible_facts.distribution != 'CentOS' or ansible_facts.distribution_major_version != '6'
  # CentOS comes with a very old jinja2 which does not include the map() filter...
- name: Compile list of elliptic curves supported by OpenSSL (CentOS 6)
  ansible.builtin.set_fact:
    openssl_ecc_list:
      - secp384r1
      - secp521r1
      - prime256v1
  when: ansible_facts.distribution == 'CentOS' and ansible_facts.distribution_major_version == '6'

- name: List of elliptic curves supported by OpenSSL
  ansible.builtin.debug: var=openssl_ecc_list

- name: Run module with backend autodetection
  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
    size: '{{ default_rsa_key_size }}'

- block:
    - name: Running tests with cryptography backend
      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography

    - ansible.builtin.import_tasks: ../tests/validate.yml
      vars:
        select_crypto_backend: cryptography

  when: cryptography_version is version('3.3', '>=')