Merge 447ff273bf into 3774ca20d2

changelogs/fragments/12151-java-cert-pkcs12-password.yml

@@ -0,0 +1,4 @@
+bugfixes:
+  - "java_cert - fix ``NullPointerException`` when importing from a PKCS12 file with a password on Java 8
+    (https://github.com/ansible-collections/community.general/issues/3023,
+    https://github.com/ansible-collections/community.general/pull/12151)."

plugins/modules/java_cert.py

@@ -279,7 +279,7 @@ def _get_digest_from_x509_file(module, pem_certificate_file, openssl_bin):
 
 def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, password, dest):
     """Runs keytools to extract the public cert from a PKCS12 archive and write it to a file."""
-    export_cmd = [executable, "-list", "-noprompt", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"]
+    export_cmd = [executable, "-list", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"]
     # Append optional alias
     if alias:
         export_cmd.extend(["-alias", alias])

tests/integration/targets/java_cert/tasks/main.yml

@@ -32,6 +32,23 @@
         that:
           - result_success is successful
 
+    - name: import pkcs12 again to verify idempotency (tests password via stdin in _export_public_cert_from_pkcs12)
+      community.general.java_cert:
+        pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"
+        pkcs12_password: changeit
+        pkcs12_alias: default
+        cert_alias: default
+        keystore_path: "{{ remote_tmp_dir }}/{{ test_keystore_path }}"
+        keystore_pass: changeme_keystore
+        keystore_create: true
+        state: present
+      register: result_idempotent
+
+    - name: verify idempotency
+      ansible.builtin.assert:
+        that:
+          - result_idempotent is not changed
+
     - name: import pkcs12 without alias params
       community.general.java_cert:
         pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"