ansible/test/integration/targets/openssl_pkcs12/tasks/main.yml

- block:
  - name: 'Generate privatekey'
    openssl_privatekey:
      path: "{{ output_dir }}/ansible_pkey.pem"

  - name: 'Generate CSR'
    openssl_csr:
      path: "{{ output_dir }}/ansible.csr"
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      commonName: 'www.ansible.com'

  - name: 'Generate certificate'
    openssl_certificate:
      path: "{{ output_dir }}/ansible.crt"
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      csr_path: "{{ output_dir }}/ansible.csr"
      provider: selfsigned

  - name: 'Generate PKCS#12 file'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    register: p12_standard

  - name: 'Generate PKCS#12 file (force)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
      force: True
    register: p12_force

  - name: 'Generate PKCS#12 file (force + change mode)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
      force: True
      mode: 0644
    register: p12_force_and_mode

  - name: 'Dump PKCS#12'
    openssl_pkcs12:
      src: "{{ output_dir }}/ansible.p12"
      path: "{{ output_dir }}/ansible_parse.pem"
      action: 'parse'
      state: 'present'

  - name: Generate privatekey with password
    openssl_privatekey:
      path: '{{ output_dir }}/privatekeypw.pem'
      passphrase: hunter2
      cipher: auto
      select_crypto_backend: cryptography

  - name: 'Generate PKCS#12 file (password fail 1)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw1.p12"
      friendly_name: 'abracadabra'
      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
      privatekey_passphrase: hunter2
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_1

  - name: 'Generate PKCS#12 file (password fail 2)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw2.p12"
      friendly_name: 'abracadabra'
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      privatekey_passphrase: wrong_password
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_2

  - name: 'Generate PKCS#12 file (password fail 3)'
    openssl_pkcs12:
      path: "{{ output_dir }}/ansible_pw3.p12"
      friendly_name: 'abracadabra'
      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
      certificate_path: "{{ output_dir }}/ansible.crt"
      state: present
    ignore_errors: yes
    register: passphrase_error_3

  - import_tasks: ../tests/validate.yml

  always:
  - name: 'Delete PKCS#12 file'
    openssl_pkcs12:
      state: absent
      path: '{{ output_dir }}/ansible.p12'

  # this is the pyopenssl version on my laptop.
  when: pyopenssl_version.stdout is version_compare('17.1.0', '>=')