2018-01-08 20:44:24 +01:00
---
- name : fail with invalid store location
win_certificate_store :
state : present
path : '{{win_cert_dir}}\subj-cert.pem'
store_location : FakeLocation
register : fail_fake_location
2018-11-07 01:53:17 +01:00
failed_when : "fail_fake_location.msg != 'value of store_location must be one of: CurrentUser, LocalMachine, got: FakeLocation'"
2018-01-08 20:44:24 +01:00
- name : fail with invalid store name
win_certificate_store :
state : present
path : '{{win_cert_dir}}\subj-cert.pem'
store_name : FakeName
register : fail_fake_name
2018-11-07 01:53:17 +01:00
failed_when : "fail_fake_name.msg != 'value of store_name must be one of: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, TrustedPublisher, got: FakeName'"
2018-01-08 20:44:24 +01:00
- name : fail when state=present and no path is set
win_certificate_store :
state : present
register : fail_present_no_path
2018-11-07 01:53:17 +01:00
failed_when : "fail_present_no_path.msg != 'state is present but all of the following are missing: path'"
2018-01-08 20:44:24 +01:00
- name : fail when state=exported and no path is set
win_certificate_store :
state : exported
thumbprint : ABC
register : fail_export_no_path
2018-11-07 01:53:17 +01:00
failed_when : "fail_export_no_path.msg != 'state is exported but all of the following are missing: path'"
2018-01-08 20:44:24 +01:00
- name : fail when state=exported and no thumbprint is set
win_certificate_store :
state : exported
path : '{{win_cert_dir}}'
register : fail_export_no_thumbprint
2018-11-07 01:53:17 +01:00
failed_when : "fail_export_no_thumbprint.msg != 'state is exported but all of the following are missing: thumbprint'"
2018-01-08 20:44:24 +01:00
- name : fail to export thumbprint when path is a dir
win_certificate_store :
state : exported
thumbprint : '{{subj_thumbprint}}'
path : '{{win_cert_dir}}'
register : fail_export_path_is_dir
failed_when : fail_export_path_is_dir.msg != "Cannot export cert to path '" + win_cert_dir + "' as it is a directory"
- name : fail when state=absent and not path or thumbprint is set
win_certificate_store :
state : absent
register : fail_absent_no_path_or_thumbprint
2018-11-07 01:53:17 +01:00
failed_when : "fail_absent_no_path_or_thumbprint.msg != 'state is absent but any of the following are missing: path, thumbprint'"
2018-01-08 20:44:24 +01:00
- name : import pem certificate (check)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.pem'
state : present
register : import_pem_check
check_mode : yes
- name : get result of import pem certificate (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pem_result_check
- name : assert results of import pem certificate (check)
assert :
that :
- import_pem_check is changed
- import_pem_check.thumbprints == [subj_thumbprint]
- import_pem_result_check.stdout_lines[0] == "False"
- name : import pem certificate
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.pem'
state : present
register : import_pem
- name : get result of import pem certificate
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pem_result
- name : assert results of import pem certificate
assert :
that :
- import_pem is changed
- import_pem.thumbprints == [subj_thumbprint]
- import_pem_result.stdout_lines[0] == "True"
- name : import pem certificate (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.pem'
state : present
register : import_pem_again
- name : assert results of import pem certificate (idempotent)
assert :
that :
- not import_pem_again is changed
- name : remove certificate based on thumbprint (check)
win_certificate_store :
thumbprint : '{{subj_thumbprint}}'
state : absent
register : remove_thumbprint_check
check_mode : yes
- name : get result of remove certificate based on thumbprint (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : remove_thumbprint_result_check
- name : assert results of remove certificate based on thumbprint (check)
assert :
that :
- remove_thumbprint_check is changed
- remove_thumbprint_check.thumbprints == [subj_thumbprint]
- remove_thumbprint_result_check.stdout_lines[0] == "True"
- name : remove certificate based on thumbprint
win_certificate_store :
thumbprint : '{{subj_thumbprint}}'
state : absent
register : remove_thumbprint
- name : get result of remove certificate based on thumbprint
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : remove_thumbprint_result
- name : assert results of remove certificate based on thumbprint
assert :
that :
- remove_thumbprint is changed
- remove_thumbprint.thumbprints == [subj_thumbprint]
- remove_thumbprint_result.stdout_lines[0] == "False"
- name : remove certificate based on thumbprint (idempotent)
win_certificate_store :
thumbprint : '{{subj_thumbprint}}'
state : absent
register : remove_thumbprint_again
- name : assert results of remove certificate based on thumbprint (idempotent)
assert :
that :
- not remove_thumbprint_again is changed
- name : import der certificate (check)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : present
register : import_der_check
check_mode : yes
- name : get result of import der certificate (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_der_result_check
- name : assert results of import der certificate (check)
assert :
that :
- import_der_check is changed
- import_der_check.thumbprints == [subj_thumbprint]
- import_der_result_check.stdout_lines[0] == "False"
- name : import der certificate
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : present
register : import_der
- name : get result of import der certificate
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_der_result
- name : assert results of import der certificate
assert :
that :
- import_der is changed
- import_der.thumbprints == [subj_thumbprint]
- import_der_result.stdout_lines[0] == "True"
- name : import der certificate (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : present
register : import_der_again
- name : assert results of import der certificate (idempotent)
assert :
that :
- not import_der_again is changed
- name : remove certificate based on path (check)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : absent
register : remove_path_check
check_mode : yes
- name : get result of remove certificate based on path (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : remove_path_result_check
- name : assert results of remove certificate based on path (check)
assert :
that :
- remove_path_check is changed
- remove_path_check.thumbprints == [subj_thumbprint]
- remove_path_result_check.stdout_lines[0] == "True"
- name : remove certificate based on path
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : absent
register : remove_path
- name : get result of remove certificate based on path
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : remove_path_result
- name : assert results of remove certificate based on path
assert :
that :
- remove_path is changed
- remove_path.thumbprints == [subj_thumbprint]
- remove_path_result.stdout_lines[0] == "False"
- name : remove certificate based on path (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert.cer'
state : absent
register : remove_path_again
- name : assert results of remove certificate based on path (idempotent)
assert :
that :
- not remove_path_again is changed
- name : import PEM encoded p7b chain (check)
win_certificate_store :
path : '{{win_cert_dir}}\chain.pem'
state : present
register : import_pem_p7b_check
check_mode : yes
- name : get result of subj in p7b chain (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pem_p7b_subj_result_check
- name : get result of root in p7b chain (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{root_thumbprint}}" }) { $true } else { $false }
register : import_pem_p7b_root_result_check
- name : assert results of import PEM encoded p7b chain (check)
assert :
that :
- import_pem_p7b_check is changed
- import_pem_p7b_check.thumbprints|count == 2
- subj_thumbprint in import_pem_p7b_check.thumbprints
- root_thumbprint in import_pem_p7b_check.thumbprints
- import_pem_p7b_subj_result_check.stdout_lines[0] == "False"
- import_pem_p7b_root_result_check.stdout_lines[0] == "False"
- name : import PEM encoded p7b chain
win_certificate_store :
path : '{{win_cert_dir}}\chain.pem'
state : present
register : import_pem_p7b
- name : get result of subj in p7b chain
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pem_p7b_subj_result
- name : get result of root in p7b chain
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{root_thumbprint}}" }) { $true } else { $false }
register : import_pem_p7b_root_result
- name : assert results of import PEM encoded p7b chain
assert :
that :
- import_pem_p7b is changed
- import_pem_p7b.thumbprints|count == 2
- subj_thumbprint in import_pem_p7b.thumbprints
- root_thumbprint in import_pem_p7b.thumbprints
- import_pem_p7b_subj_result.stdout_lines[0] == "True"
- import_pem_p7b_root_result.stdout_lines[0] == "True"
- name : import PEM encoded p7b chain (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\chain.pem'
state : present
register : import_pem_p7b_again
- name : assert results of import PEM encoded p7b chain (idempotent)
assert :
that :
- not import_pem_p7b_again is changed
- name : remove p7b chain certs
win_certificate_store :
thumbprint : '{{item}}'
state : absent
with_items :
- '{{subj_thumbprint}}'
- '{{root_thumbprint}}'
- name : import DER encoded p7b chain into custom store (check)
win_certificate_store :
path : '{{win_cert_dir}}\chain.p7b'
state : present
store_name : TrustedPeople
store_location : CurrentUser
register : import_der_p7b_check
check_mode : yes
- name : get result of subj in p7b chain in custom store (check)
win_shell : if (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_der_p7b_subj_result_check
- name : get result of root in p7b chain in custom store (check)
win_shell : if (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{root_thumbprint}}" }) { $true } else { $false }
register : import_der_p7b_root_result_check
- name : assert results of import DER encoded p7b chain into custom store (check)
assert :
that :
- import_der_p7b_check is changed
- import_der_p7b_check.thumbprints|count == 2
- subj_thumbprint in import_der_p7b_check.thumbprints
- root_thumbprint in import_der_p7b_check.thumbprints
- import_der_p7b_subj_result_check.stdout_lines[0] == "False"
- import_der_p7b_root_result_check.stdout_lines[0] == "False"
- name : import DER encoded p7b chain into custom store
win_certificate_store :
path : '{{win_cert_dir}}\chain.p7b'
state : present
store_name : TrustedPeople
store_location : CurrentUser
register : import_der_p7b
- name : get result of subj in p7b chain in custom store
win_shell : if (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_der_p7b_subj_result
- name : get result of root in p7b chain in custom store
win_shell : if (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{root_thumbprint}}" }) { $true } else { $false }
register : import_der_p7b_root_result
- name : assert results of import DER encoded p7b chain into custom store
assert :
that :
- import_der_p7b is changed
- import_der_p7b.thumbprints|count == 2
- subj_thumbprint in import_der_p7b.thumbprints
- root_thumbprint in import_der_p7b.thumbprints
- import_der_p7b_root_result.stdout_lines[0] == "True"
- import_der_p7b_root_result.stdout_lines[0] == "True"
- name : import DER encoded p7b chain into custom store (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\chain.p7b'
state : present
store_name : TrustedPeople
store_location : CurrentUser
register : import_der_p7b_again
- name : assert results of import DER encoded p7b chain into custom store (idempotent)
assert :
that :
- not import_der_p7b_again is changed
- name : remove p7b chain certs from custom store
win_certificate_store :
thumbprint : '{{item}}'
state : absent
store_name : TrustedPeople
store_location : CurrentUser
with_items :
- '{{subj_thumbprint}}'
- '{{root_thumbprint}}'
- name : import pfx without password and non exportable (check)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-without-pass.pfx'
state : present
key_exportable : no
vars : &become_vars
ansible_become : yes
ansible_become_method : runas
ansible_become_user : '{{ansible_user}}'
ansible_become_pass : '{{ansible_password}}'
register : import_pfx_without_pass_check
check_mode : yes
- name : get results of import pfx without password and non exportable (check)
win_shell : if (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pfx_without_pass_result_check
- name : assert results of import pfx without password and non exportable (check)
assert :
that :
- import_pfx_without_pass_check is changed
- import_pfx_without_pass_check.thumbprints == [subj_thumbprint]
- import_pfx_without_pass_result_check.stdout_lines[0] == "False"
- name : import pfx without password and non exportable
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-without-pass.pfx'
state : present
key_exportable : no
vars : *become_vars
register : import_pfx_without_pass
- name : get results of import pfx without password and non exportable
win_shell : (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }).PrivateKey.CspKeyContainerInfo.Exportable
vars : *become_vars
register : import_pfx_without_pass_result
- name : assert results of import pfx without password and non exportable
assert :
that :
- import_pfx_without_pass is changed
- import_pfx_without_pass.thumbprints == [subj_thumbprint]
- import_pfx_without_pass_result.stdout_lines[0] == "False"
- name : import pfx without password and non exportable (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-without-pass.pfx'
state : present
key_exportable : no
vars : *become_vars
register : import_pfx_without_pass_again
- name : assert results of import pfx without password and non exportable (idempotent)
assert :
that :
- not import_pfx_without_pass_again is changed
- name : fail import pfx with password and none set
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-with-pass.pfx'
state : present
store_location : CurrentUser
store_name : TrustedPeople
register : fail_import_pfx_with_password
failed_when : "'Failed to load cert from file' not in fail_import_pfx_with_password.msg and 'The specified network password is not correct' not in fail_import_pfx_with_password.msg"
- name : import pfx with password (check)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-with-pass.pfx'
state : present
password : '{{key_password}}'
store_location : CurrentUser
store_name : TrustedPeople
register : import_pfx_with_pass_check
vars : *become_vars
check_mode : yes
- name : get results of import pfx with password (check)
win_shell : if (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }) { $true } else { $false }
register : import_pfx_with_pass_result_check
- name : assert results of import pfx with password (check)
assert :
that :
- import_pfx_with_pass_check is changed
- import_pfx_with_pass_check.thumbprints == [subj_thumbprint]
- import_pfx_with_pass_result_check.stdout_lines[0] == "False"
- name : import pfx with password
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-with-pass.pfx'
state : present
password : '{{key_password}}'
store_location : CurrentUser
store_name : TrustedPeople
vars : *become_vars
register : import_pfx_with_pass
- name : get results of import pfx with password
win_shell : (Get-ChildItem -Path Cert:\CurrentUser\TrustedPeople | Where-Object { $_.Thumbprint -eq "{{subj_thumbprint}}" }).PrivateKey.CspKeyContainerInfo.Exportable
vars : *become_vars
register : import_pfx_with_pass_result
- name : assert results of import pfx with password
assert :
that :
- import_pfx_with_pass is changed
- import_pfx_with_pass.thumbprints == [subj_thumbprint]
- import_pfx_with_pass_result.stdout_lines[0] == "True"
- name : import pfx with password (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\subj-cert-with-pass.pfx'
state : present
password : '{{key_password}}'
store_location : CurrentUser
store_name : TrustedPeople
vars : *become_vars
register : import_pfx_with_pass_again
- name : assert results of import pfx with password (idempotent)
assert :
that :
- not import_pfx_with_pass_again is changed
- name : import root cert for export tests
win_certificate_store :
path : '{{win_cert_dir}}\root-cert.pem'
state : present
- name : export cert as pem (check)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.pem'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pem
register : export_pem_check
check_mode : yes
- name : get result of export cert as pem (check)
win_stat :
path : '{{win_cert_dir}}\exported\cert.pem'
register : export_pem_result_check
- name : assert results of export cert as pem (check)
assert :
that :
- export_pem_check is changed
- export_pem_check.thumbprints == [subj_thumbprint]
- export_pem_result_check.stat.exists == False
- name : export cert as pem
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.pem'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pem
register : export_pem
- name : get result of export cert as pem
win_stat :
path : '{{win_cert_dir}}\exported\cert.pem'
register : export_pem_result
- name : assert results of export cert as pem
assert :
that :
- export_pem is changed
- export_pem.thumbprints == [subj_thumbprint]
- export_pem_result.stat.checksum == '1ebf5467d18230e9f611940a74d12f1d0bc819b7'
- name : export cert as pem (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.pem'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pem
register : export_pem_again
- name : assert results of export cert as pem
assert :
that :
- not export_pem_again is changed
- name : export cert as der (check)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.cer'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : der
register : export_der_check
check_mode : yes
- name : get result of export cert as der (check)
win_stat :
path : '{{win_cert_dir}}\exported\cert.cer'
register : export_der_result_check
- name : assert results of export cert as der (check)
assert :
that :
- export_der_check is changed
- export_der_check.thumbprints == [subj_thumbprint]
- export_der_result_check.stat.exists == False
- name : export cert as der
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.cer'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : der
register : export_der
- name : get result of export cert as der
win_stat :
path : '{{win_cert_dir}}\exported\cert.cer'
register : export_der_result
- name : assert results of export cert as der
assert :
that :
- export_der is changed
- export_der.thumbprints == [subj_thumbprint]
- export_der_result.stat.checksum == 'bd7af104cf1872bdb518d95c9534ea941665fd27'
- name : export cert as der (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.cer'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : der
register : export_der_again
- name : assert results of export cert as der
assert :
that :
- not export_der_again is changed
- name : export cert as der replacing pem
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.pem'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : der
register : export_der_over_pem
- name : get result of export cert as der replacing pem
win_stat :
path : '{{win_cert_dir}}\exported\cert.pem'
register : export_der_over_pem_result
- name : assert results of export cert as der replacing pem
assert :
that :
- export_der_over_pem is changed
- export_der_over_pem.thumbprints == [subj_thumbprint]
- export_der_over_pem_result.stat.checksum == 'bd7af104cf1872bdb518d95c9534ea941665fd27'
- name : export cert as pem replacing der
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert.cer'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pem
register : export_pem_over_der
- name : get result of export cert as pem replacing der
win_stat :
path : '{{win_cert_dir}}\exported\cert.cer'
register : export_pem_over_der_result
- name : assert results of export cert as pem replacing der
assert :
that :
- export_pem_over_der is changed
- export_pem_over_der.thumbprints == [subj_thumbprint]
- export_pem_over_der_result.stat.checksum == '1ebf5467d18230e9f611940a74d12f1d0bc819b7'
- name : export cert with key and password as pfx (check)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
password : '{{key_password}}'
register : export_pfx_with_pass_check
vars : *become_vars
check_mode : yes
- name : get result of export cert with key and password as pfx (check)
win_stat :
path : '{{win_cert_dir}}\exported\cert-pass.pfx'
register : export_pfx_with_pass_result_check
- name : assert results of export cert with key and password as pfx (check)
assert :
that :
- export_pfx_with_pass_check is changed
- export_pfx_with_pass_check.thumbprints == [subj_thumbprint]
- export_pfx_with_pass_result_check.stat.exists == False
- name : export cert with key and password as pfx
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
password : '{{key_password}}'
vars : *become_vars
register : export_pfx_with_pass
- name : get result of export cert with key and password as pfx
win_shell : |
$cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import("{{win_cert_dir}}\exported\cert-pass.pfx", "{{key_password}}", 0)
$cert.HasPrivateKey
vars : *become_vars
register : export_pfx_with_pass_result
- name : assert results of export cert with key and password as pfx
assert :
that :
- export_pfx_with_pass is changed
- export_pfx_with_pass.thumbprints == [subj_thumbprint]
- export_pfx_with_pass_result.stdout_lines[0] == "True"
- name : export cert with key and password as pfx (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
password : '{{key_password}}'
vars : *become_vars
register : export_pfx_with_pass_again
- name : assert results of export cert with key and password as pfx (idempotent)
assert :
that :
- not export_pfx_with_pass_again is changed
- name : export cert with key without password as pfx (check)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-without-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
vars : *become_vars
register : export_pfx_without_pass_check
check_mode : yes
- name : get result of export cert with key without password as pfx (check)
win_stat :
path : '{{win_cert_dir}}\exported\cert-without-pass.pfx'
register : export_pfx_without_pass_result_check
- name : assert results of export cert with key without password as pfx (check)
assert :
that :
- export_pfx_without_pass_check is changed
- export_pfx_without_pass_check.thumbprints == [subj_thumbprint]
- export_pfx_without_pass_result_check.stat.exists == False
- name : export cert with key without password as pfx
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-without-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
vars : *become_vars
register : export_pfx_without_pass
- name : get result of export cert with key without password as pfx
win_shell : |
$cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import("{{win_cert_dir}}\exported\cert-without-pass.pfx", $null, 0)
$cert.HasPrivateKey
vars : *become_vars
register : export_pfx_without_pass_result
- name : assert results of export cert with key without password as pfx
assert :
that :
- export_pfx_without_pass is changed
- export_pfx_without_pass.thumbprints == [subj_thumbprint]
- export_pfx_without_pass_result.stdout_lines[0] == "True"
- name : export cert with key without password as pfx (idempotent)
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-without-pass.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
store_location : CurrentUser
store_name : TrustedPeople
vars : *become_vars
register : export_pfx_without_pass_again
- name : assert results of export cert with key without password as pfx (idempotent)
assert :
that :
- not export_pfx_without_pass_again is changed
- name : fail to export cert with key as pfx when not marked as exportable
win_certificate_store :
path : '{{win_cert_dir}}\exported\cert-fail.pfx'
thumbprint : '{{subj_thumbprint}}'
state : exported
file_type : pkcs12
vars : *become_vars
register : fail_export_non_exportable
failed_when : fail_export_non_exportable.msg != 'Cannot export cert with key as PKCS12 when the key is not marked as exportable or not accesible by the current user'