Check if certificates work with current passphrase

[widhalmt]

When changing a certificates passphrase it will be changed in the configuration using the certificate but not on the certificate itself. We need to implement a check whether the certificate works with the current passphrase or not. If not, we need to regenerate it (maybe keeping a backup of the old one).

Please refer to #41 , #40 and #35 so all the changes will work together.

[danopt]

Checking passphrases should be possible, but we can't be sure if the file is corrupted or the passphrase is wrong. I guess that wouldn't be a big problem, because in both cases the certificates should be regenerated.

Currently, if the passphrase is wrong or the certificate is corrupted, the cert_info module will fail with a ValueError exception. We can catch the exception and return the result of the check without failing the module.

Here is a test case for a wrong passphrase: https://github.com/NETWAYS/ansible-collection-elasticstack/actions/runs/4818065211/jobs/8579587032#step:6:84

@widhalmt Do you see any problems if the module can't difference between invalid PKCS12 data or a wrong passphrase?

[widhalmt]

Nope, no problem at all. Please go for it.

[danopt]

Alright 👍

[danopt]

• Feature: Certificate passphrase check #238
• Implement check to tasks and renew certificates if required, because of corrupted data or passphrase change