---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

# This file is intended to be included in a loop statement
- name: Sign statement with {{ item.type }} key - {{ item.passwd }} using {{ item.backend }}
  community.crypto.openssl_signature:
    privatekey_path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem'
    privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}'
    path: '{{ remote_tmp_dir }}/statement.txt'
    select_crypto_backend: '{{ item.backend }}'
  register: sign_result

- ansible.builtin.debug:
    var: sign_result

- name: Verify {{ item.type }} signature - {{ item.passwd }} using {{ item.backend }}
  community.crypto.openssl_signature_info:
    certificate_path: '{{ remote_tmp_dir }}/{{ item.backend }}_certificate_{{ item.type }}_{{ item.passwd }}.pem'
    path: '{{ remote_tmp_dir }}/statement.txt'
    signature: '{{ sign_result.signature }}'
    select_crypto_backend: '{{ item.backend }}'
  register: verify_result

- name: Make sure the signature is valid
  ansible.builtin.assert:
    that:
      - verify_result.valid

- ansible.builtin.debug:
    var: verify_result