From 263da6e7abcceb31957eb00d25d031ceab32c446 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Tue, 26 Sep 2023 22:46:33 +0200
Subject: [PATCH] handle non pem input when openssl does not autodetect
 certificate inform

---
 tasks/import.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/tasks/import.yml b/tasks/import.yml
index e5a0484..2e4269f 100644
--- a/tasks/import.yml
+++ b/tasks/import.yml
@@ -8,11 +8,22 @@
     dest: "/tmp/{{ item.cert_name }}.tmp"
     mode: '0644'
   loop: "{{ import_vault_root_ca_certificate_list }}"
+  register: download_results
+
+- name: "Check certificate format"
+  ansible.builtin.command: >
+    openssl x509 -inform PEM -noout -in {{ item.dest }}
+  loop: "{{ download_results.results }}"
+  register: cert_format_results
+  changed_when: false
+  failed_when: false
 
 - name: "Make sure certificate is in PEM format"
   ansible.builtin.command:
-    cmd: "openssl x509 -in /tmp/{{ item.cert_name }}.tmp -out {{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt -outform pem"
-    creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt"
-  loop: "{{ import_vault_root_ca_certificate_list }}"
+    cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
+    creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
+  loop: "{{ cert_format_results.results }}"
   notify:
     - update-ca-certificates
+  # loop_control:
+  #   loop_var: item