---
- block:
  - name: Create tls folder structure
    file:
      path: "{{ item }}"
      state: directory
      owner: "{{ unifi_user }}"
      group: "{{ unifi_group }}"
      recurse: True
    with_items:
      - "{{ unifi_tls_certs_dir }}"
      - "{{ unifi_tls_key_dir }}"
  become: True
  become_user: root

- import_tasks: tls_from_file.yml
  when: unifi_tls_source_use_files
- import_tasks: tls_from_content.yml
  when: unifi_tls_source_use_content

- block:
  - set_fact:
      __unifi_pkcs12_path: /tmp/unifi.p12
      __unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore"

  - name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}'
    openssl_pkcs12:
      path: "{{ __unifi_pkcs12_path }}"
      friendly_name: ubnt
      privatekey_path: "{{ unifi_tls_key_file }}"
      cert_path: "{{ unifi_tls_cert_file }}"
      passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
      state: present

  - name: Delete current keystore file
    file:
      path: "{{ __unifi_keystore_path }}"
      state: absent

  - name: Create java keystore at '{{ __unifi_keystore_path }}'
    java_cert:
      pkcs12_path: "{{ __unifi_pkcs12_path }}"
      cert_alias: ubnt
      pkcs12_alias: ubnt
      keystore_path: "{{ __unifi_keystore_path }}"
      keystore_pass: aircontrolenterprise
      pkcs12_password: "{{ unifi_tls_pkcs12_passphrase }}"
      keystore_create: yes
      state: present
    notify: __unifi_restart

  - name: Adjust keystore filesystem permissions
    file:
      path: "{{ __unifi_keystore_path }}"
      owner: "{{ unifi_user }}"
      group: "{{ unifi_group }}"
      mode: 0600

  - name: Remove '{{ __unifi_pkcs12_path }}'
    file:
      path: "{{ __unifi_pkcs12_path }}"
      state: absent
  become: True
  become_user: "{{ unifi_user }}"
  when: __unifi_certs_file.changed or __unifi_certs_content.changed