community.general/test/integration/targets/openssl_pkcs12/tests/validate.yml

---
- name: 'Install pexpect'
  pip:
    name: 'pexpect'
    state: 'present'

- name: 'Validate PKCS#12'
  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''"
  register: p12

- name: 'Validate PKCS#12 with no private key'
  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''"
  register: p12_validate_no_pkey

- name: 'Validate PKCS#12 (assert)'
  assert:
    that:
      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
      - p12_standard.mode == '0400'
      - p12_no_pkey.changed
      - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
      - p12_force.changed
      - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed

- name:
  assert:
    that:
      - passphrase_error_1 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
      - passphrase_error_2 is failed
      - "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
      - passphrase_error_3 is failed
      - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"

- name: "Verify that broken PKCS#12 will be regenerated"
  assert:
    that:
      - output_broken is changed