splitting-ca.yml

---
- name: Create SSL Certificate Generation Directory
  file:
    path: /var/ssl/private/generation/trustCAs
    state: directory
    mode: 0755

- name: Split CA Certificate Bundle into Cert Files
  shell: |
    cat {{ssl_ca_cert_filepath}} | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > ("/var/ssl/private/generation/trustCAs/ca" n ".pem")}'

- name: Create Truststore with Certificates
  shell: |
    for file in /var/ssl/private/generation/trustCAs/*; do
        fileName="${file##*/}"
        keytool -noprompt -keystore {{truststore_path}} \
            -alias "$fileName" \
            -trustcacerts -import -file "$file" \
            -deststorepass {{truststore_storepass}}
    done

- name: Put Key and Signed Cert into pkcs12 Format
  shell: |
    openssl pkcs12 -export \
      -in {{ssl_signed_cert_filepath}} \
      -inkey {{ssl_key_filepath}} \
      -out /var/ssl/private/generation/client.p12 \
      -name kafkassl \
      -passout pass:{{keystore_keypass}}

- name: Create Keystore
  shell: |
    keytool -importkeystore \
      -srckeystore /var/ssl/private/generation/client.p12 \
      -srcstoretype pkcs12 \
      -srcstorepass {{keystore_keypass}} \
      -destkeystore {{keystore_path}} \
      -deststoretype pkcs12 \
      -deststorepass {{keystore_storepass}} \
      -destkeypass {{keystore_storepass}}

- name: Import the CA Cert into Keystore
  shell: |
    keytool -noprompt -keystore {{keystore_path}} \
      -storetype pkcs12 \
      -keyalg RSA \
      -alias CARoot \
      -import -file {{ssl_ca_cert_filepath}} \
      -storepass {{keystore_storepass}} \
      -keypass {{keystore_storepass}}