ansible/test/integration/targets/openssl_pkcs12/tests/validate.yml

- name: 'Validate PKCS#12'
  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''"
  register: p12

- name: 'Validate PKCS#12 with no private key'
  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''"
  register: p12_validate_no_pkey

- name: 'Validate PKCS#12 with multiple certs'
  shell: "openssl pkcs12 -info -in {{ output_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'' | grep subject"
  register: p12_validate_multi_certs

- name: 'Validate PKCS#12 (assert)'
  assert:
    that:
      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
      - p12_standard.mode == '0400'
      - p12_no_pkey.changed
      - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
      - p12_force.changed
      - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed
      - not p12_standard_idempotency.changed
      - not p12_multiple_certs_idempotency.changed
      - "'www.' in p12_validate_multi_certs.stdout"
      - "'www2.' in p12_validate_multi_certs.stdout"
      - "'www3.' in p12_validate_multi_certs.stdout"

- name: Check passphrase on private key
  assert:
    that:
      - passphrase_error_1 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
      - passphrase_error_2 is failed
      - "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
      - passphrase_error_3 is failed
      - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"

- name: "Verify that broken PKCS#12 will be regenerated"
  assert:
    that:
      - output_broken is changed

- name: Check backup
  assert:
    that:
      - p12_backup_1 is changed
      - p12_backup_1.backup_file is undefined
      - p12_backup_2 is not changed
      - p12_backup_2.backup_file is undefined
      - p12_backup_3 is changed
      - p12_backup_3.backup_file is string
      - p12_backup_4 is changed
      - p12_backup_4.backup_file is string
      - p12_backup_5 is not changed
      - p12_backup_5.backup_file is undefined