- name: 'Validate PKCS#12' command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''" register: p12 - name: 'Validate PKCS#12 with no private key' command: "openssl pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''" register: p12_validate_no_pkey - name: 'Validate PKCS#12 with multiple certs' shell: "openssl pkcs12 -info -in {{ output_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'' | grep subject" register: p12_validate_multi_certs - name: 'Validate PKCS#12 (assert)' assert: that: - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra' - p12_standard.mode == '0400' - p12_no_pkey.changed - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----' - p12_force.changed - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed - not p12_standard_idempotency.changed - not p12_multiple_certs_idempotency.changed - "'www.' in p12_validate_multi_certs.stdout" - "'www2.' in p12_validate_multi_certs.stdout" - "'www3.' in p12_validate_multi_certs.stdout" - name: Check passphrase on private key assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" - passphrase_error_2 is failed - "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg" - passphrase_error_3 is failed - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" - name: "Verify that broken PKCS#12 will be regenerated" assert: that: - output_broken is changed - name: Check backup assert: that: - p12_backup_1 is changed - p12_backup_1.backup_file is undefined - p12_backup_2 is not changed - p12_backup_2.backup_file is undefined - p12_backup_3 is changed - p12_backup_3.backup_file is string - p12_backup_4 is changed - p12_backup_4.backup_file is string - p12_backup_5 is not changed - p12_backup_5.backup_file is undefined