crypto: Add new module openssl_pkcs12 (#27320)

[module] Create new module to handle PKCS#12 file.
2026-05-06 21:32:49 +00:00 · 2018-08-23 17:15:22 +02:00
parent 9c4ed4dfc1
commit 23e44319ce
5 changed files with 457 additions and 0 deletions
--- a/test/integration/targets/openssl_pkcs12/aliases
+++ b/test/integration/targets/openssl_pkcs12/aliases
@@ -0,0 +1,3 @@
+destructive
+needs/root
+shippable/posix/group1
--- a/test/integration/targets/openssl_pkcs12/meta/main.yml
+++ b/test/integration/targets/openssl_pkcs12/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - setup_openssl
--- a/test/integration/targets/openssl_pkcs12/tasks/main.yml
+++ b/test/integration/targets/openssl_pkcs12/tasks/main.yml
@@ -0,0 +1,65 @@
+- block:
+  - name: 'Generate privatekey'
+    openssl_privatekey:
+      path: "{{ output_dir }}/ansible_pkey.pem"
+
+  - name: 'Generate CSR'
+    openssl_csr:
+      path: "{{ output_dir }}/ansible.csr"
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      commonName: 'www.ansible.com'
+
+  - name: 'Generate certificate'
+    openssl_certificate:
+      path: "{{ output_dir }}/ansible.crt"
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      csr_path: "{{ output_dir }}/ansible.csr"
+      provider: selfsigned
+
+  - name: 'Generate PKCS#12 file'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    register: p12_standard
+
+  - name: 'Generate PKCS#12 file (force)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+      force: True
+    register: p12_force
+
+  - name: 'Generate PKCS#12 file (force + change mode)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+      force: True
+      mode: 0644
+    register: p12_force_and_mode
+
+  - name: 'Dump PKCS#12'
+    openssl_pkcs12:
+      src: "{{ output_dir }}/ansible.p12"
+      path: "{{ output_dir }}/ansible_parse.pem"
+      action: 'parse'
+      state: 'present'
+
+  - import_tasks: ../tests/validate.yml
+
+  always:
+  - name: 'Delete PKCS#12 file'
+    openssl_pkcs12:
+      state: absent
+      path: '{{ output_dir }}/ansible.p12'
+
+  # this is the pyopenssl version on my laptop.
+  when: pyopenssl_version.stdout is version_compare('17.1.0', '>=')
--- a/test/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/test/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -0,0 +1,16 @@
+- name: 'Install pexpect'
+  pip:
+    name: 'pexpect'
+    state: 'present'
+
+- name: 'Validate PKCS#12'
+  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''"
+  register: p12
+
+- name: 'Validate PKCS#12 (assert)'
+  assert:
+    that:
+      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
+      - p12_standard.mode == '0400'
+      - p12_force.changed
+      - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed