#
# Copyright 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

---

- name: Remove old dir
  command: rm -rf /tmp/.mep_tmp_cer
  args:
    chdir: /tmp/

- name: Make dir
  command: mkdir -p /tmp/.mep_tmp_cer
  args:
    chdir: /tmp/

- name: Openssl genrsa
  command: openssl genrsa -out ca.key 2048
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Opnessl req
  # yamllint disable rule:line-length
  command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
  # yamllint disable rule:line-length
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Sing key with ca key and ca crt
  command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl genrsa
  command: openssl genrsa -out server_tls.key 2048
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl rsa mep tls
  command: openssl rsa -in server_tls.key -aes256 -passout pass:{{ vardata.certspass.name}} -out server_encryptedtls.key
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl req new key mepserver tls key
  # yamllint disable rule:line-length
  command: openssl req -new -key server_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out server_tls.csr
  # yamllint disable rule:line-length
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl mepserver tls csr
  # yamllint disable rule:line-length
  command: openssl x509 -req -in server_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out server_tls.crt
  # yamllint disable rule:line-length
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl genrsa out
  command: openssl genrsa -out jwt_privatekey 2048
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl rsa jwt privatekey
  command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl rsa jwt privatekey
  command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
  args:
    chdir: /tmp/.mep_tmp_cer/

- name: Openssl rsa in jwt
  command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.certspass.name}} -out jwt_encrypted_privatekey
  args:
    chdir: /tmp/.mep_tmp_cer/