---
- name: Validate public key (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
  register: privatekey_modulus

- name: Validate public key (test - publickey modulus)
  shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub'
  register: publickey_modulus

- name: Validate public key (assert)
  assert:
    that:
      - publickey_modulus.stdout == privatekey_modulus.stdout

- name: Validate public key - OpenSSH format (test - privatekey's publickey)
  shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
  register: privatekey_publickey
  when: cryptography_version.stdout is version('1.4.0', '>=')

- name: Validate public key - OpenSSH format  (test - publickey)
  slurp:
    src: '{{ output_dir }}/publickey-ssh.pub'
  register: publickey
  when: cryptography_version.stdout is version('1.4.0', '>=')

- name: Validate public key - OpenSSH format (assert)
  assert:
    that:
      - privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
  when: cryptography_version.stdout is version('1.4.0', '>=')

- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
  assert:
    that:
      - publickey_ssh_idempotence is not changed
  when: cryptography_version.stdout is version('1.4.0', '>=')

- name: Validate publickey2 (test - Ensure key has been removed)
  stat:
    path: '{{ output_dir }}/publickey2.pub'
  register: publickey2

- name: Validate publickey2 (assert - Ensure key has been removed)
  assert:
    that:
      - publickey2.stat.exists == False


- name: Validate publickey3 (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible'
  register: privatekey3_modulus
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate publickey3 (test - publickey modulus)
  shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub'
  register: publickey3_modulus
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate publickey3 (assert)
  assert:
    that:
      - publickey3_modulus.stdout == privatekey3_modulus.stdout
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate publickey3 idempotence (assert)
  assert:
    that:
      - publickey3_idempotence is not changed

- name: Validate publickey4 (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
  register: privatekey4_modulus
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate publickey4 (test - publickey modulus)
  shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub'
  register: publickey4_modulus
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate publickey4 (assert)
  assert:
    that:
      - publickey4_modulus.stdout == privatekey4_modulus.stdout
  when: openssl_version.stdout is version('0.9.8zh', '>=')

- name: Validate public key 5 (test - privatekey's pubkey)
  command: 'openssl ec -in {{ output_dir }}/privatekey5.pem -pubout'
  register: privatekey5_pubkey

- name: Validate public key 5 (test - publickey pubkey)
  # Fancy way of writing "cat {{ output_dir }}/publickey5.pub"
  command: 'openssl ec -pubin -in {{ output_dir }}/publickey5.pub -pubout'
  register: publickey5_pubkey

- name: Validate public key 5 (assert)
  assert:
    that:
      - publickey5_pubkey.stdout == privatekey5_pubkey.stdout