openssl_pkcs12: Add support for certificate_content and other_certificates_content (#848)

* openssl_pkcs12: Add support for `certificate_content` and `other_certificates_content` Co-authored-by: Felix Fontein <felix@fontein.de> * Added minimal tests. The tests are minimal because internally it always ends up with the _content variants, so even when supplying a file most of the internal code paths then use the content. --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2026-05-08 14:22:56 +00:00 · 2025-03-10 21:44:31 +01:00
parent 260bdb1572
commit ba55ba7381
4 changed files with 83 additions and 12 deletions
--- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
@@ -67,13 +67,18 @@
      src: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
    register: ansible_pkey_content

+  - name: "({{ select_crypto_backend }}) Read ansible1.crt"
+    slurp:
+      src: '{{ remote_tmp_dir }}/ansible1.crt'
+    register: ansible_crt_content
+
  - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (private key from file)"
    openssl_pkcs12:
      select_crypto_backend: '{{ select_crypto_backend }}'
      path: '{{ remote_tmp_dir }}/ansible.p12'
      friendly_name: abracadabra
      privatekey_content: '{{ ansible_pkey_content.content | b64decode }}'
-      certificate_path: '{{ remote_tmp_dir }}/ansible1.crt'
+      certificate_content: '{{ ansible_crt_content.content | b64decode }}'
      state: present
      return_content: true
    register: p12_standard_idempotency_2
@@ -154,6 +159,14 @@
      state: present
    register: p12_multiple_certs

+  - name: "({{ select_crypto_backend }}) Read ansible2.crt / ansible3.crt.crt"
+    slurp:
+      src: "{{ item }}"
+    loop:
+      - "{{ remote_tmp_dir ~ '/ansible2.crt' }}"
+      - "{{ remote_tmp_dir ~ '/ansible3.crt' }}"
+    register: ansible_other_content
+
  - name: "({{ select_crypto_backend }}) Generate PKCS#12 file with multiple certs and passphrase, again (idempotency)"
    openssl_pkcs12:
      select_crypto_backend: '{{ select_crypto_backend }}'
@@ -162,9 +175,9 @@
      passphrase: hunter3
      privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
      certificate_path: '{{ remote_tmp_dir }}/ansible1.crt'
-      other_certificates:
-      - '{{ remote_tmp_dir }}/ansible2.crt'
-      - '{{ remote_tmp_dir }}/ansible3.crt'
+      other_certificates_content:
+      - "{{ ansible_other_content.results[0].content | b64decode }}"
+      - "{{ ansible_other_content.results[1].content | b64decode }}"
      state: present
    register: p12_multiple_certs_idempotency

@@ -323,6 +336,22 @@
      state: present
    register: p12_empty_concat_idem

+  - name: "({{ select_crypto_backend }}) Read ansible23.crt"
+    slurp:
+      src: "{{ remote_tmp_dir ~ '/ansible23.crt' }}"
+    register: ansible_other_content_concat
+
+  - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent, concatenated other certificates)"
+    openssl_pkcs12:
+      select_crypto_backend: '{{ select_crypto_backend }}'
+      path: '{{ remote_tmp_dir }}/ansible_empty.p12'
+      friendly_name: abracadabra
+      other_certificates_content:
+      - "{{ ansible_other_content_concat.content | b64decode }}"
+      other_certificates_parse_all: true
+      state: present
+    register: p12_empty_concat_content_idem
+
  - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (parse)"
    openssl_pkcs12:
      select_crypto_backend: '{{ select_crypto_backend }}'
--- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -90,6 +90,7 @@
      - p12_empty is changed
      - p12_empty_idem is not changed
      - p12_empty_concat_idem is not changed
+      - p12_empty_concat_content_idem is not changed
      - (empty_contents == empty_expected_cryptography) or (empty_contents == empty_expected_pyopenssl and select_crypto_backend == 'pyopenssl')

 - name: '({{ select_crypto_backend }}) PKCS#12 with compatibility2022 settings'