From 3a1aad81458e692d8cbc223a502491dd7e1cfd25 Mon Sep 17 00:00:00 2001
From: Lyas Spiehler <lspiehler@gmail.com>
Date: Sun, 13 Oct 2024 21:37:26 +0000
Subject: [PATCH] use new normalize_combined_identifier function to normalize
 identifiers

---
 plugins/module_utils/acme/challenges.py |  3 +++
 plugins/module_utils/acme/orders.py     |  3 ++-
 plugins/modules/acme_certificate.py     | 13 +++++++------
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/plugins/module_utils/acme/challenges.py b/plugins/module_utils/acme/challenges.py
index 116ca4206..d217a9b9d 100644
--- a/plugins/module_utils/acme/challenges.py
+++ b/plugins/module_utils/acme/challenges.py
@@ -46,6 +46,9 @@ def create_key_authorization(client, token):
 def combine_identifier(identifier_type, identifier):
     return '{type}:{identifier}'.format(type=identifier_type, identifier=identifier)
 
+def normalize_combined_identifier(identifier):
+    parts = split_identifier(identifier)
+    return '{type}:{identifier}'.format(type=parts[0], identifier=parts[1].lower())
 
 def split_identifier(identifier):
     parts = identifier.split(':', 1)
diff --git a/plugins/module_utils/acme/orders.py b/plugins/module_utils/acme/orders.py
index d60a7d95b..0724615c6 100644
--- a/plugins/module_utils/acme/orders.py
+++ b/plugins/module_utils/acme/orders.py
@@ -21,6 +21,7 @@
 
 from ansible_collections.community.crypto.plugins.module_utils.acme.challenges import (
     Authorization,
+    normalize_combined_identifier,
 )
 
 
@@ -93,7 +94,7 @@ def refresh(self, client):
     def load_authorizations(self, client):
         for auth_uri in self.authorization_uris:
             authz = Authorization.from_url(client, auth_uri)
-            self.authorizations[authz.combined_identifier.lower()] = authz
+            self.authorizations[normalize_combined_identifier(authz.combined_identifier)] = authz
 
     def wait_for_finalization(self, client):
         while True:
diff --git a/plugins/modules/acme_certificate.py b/plugins/modules/acme_certificate.py
index eba0742b9..228090ae3 100644
--- a/plugins/modules/acme_certificate.py
+++ b/plugins/modules/acme_certificate.py
@@ -580,6 +580,7 @@
 )
 
 from ansible_collections.community.crypto.plugins.module_utils.acme.challenges import (
+    normalize_combined_identifier,
     combine_identifier,
     split_identifier,
     wait_for_validation,
@@ -721,7 +722,7 @@ def start_challenges(self):
                     raise ModuleFailException('ACME v1 only supports DNS identifiers!')
             for identifier_type, identifier in self.identifiers:
                 authz = Authorization.create(self.client, identifier_type, identifier)
-                self.authorizations[authz.combined_identifier.lower()] = authz
+                self.authorizations[normalize_combined_identifier(authz.combined_identifier)] = authz
         else:
             replaces_cert_id = None
             if (
@@ -755,8 +756,8 @@ def get_challenges_data(self, first_step):
             if authz.status == 'valid':
                 continue
             # We drop the type from the key to preserve backwards compatibility
-            data[identifier] = authz.get_challenge_data(self.client)
-            if first_step and self.challenge is not None and self.challenge not in data[identifier]:
+            data[authz.identifier] = authz.get_challenge_data(self.client)
+            if first_step and self.challenge is not None and self.challenge not in data[authz.identifier]:
                 raise ModuleFailException("Found no challenge of type '{0}' for identifier {1}!".format(
                     self.challenge, type_identifier))
         # Get DNS challenge data
@@ -835,10 +836,10 @@ def get_certificate(self):
         with an error.
         '''
         for identifier_type, identifier in self.identifiers:
-            authz = self.authorizations.get(combine_identifier(identifier_type, identifier.lower()))
+            authz = self.authorizations.get(normalize_combined_identifier(combine_identifier(identifier_type, identifier)))
             if authz is None:
                 raise ModuleFailException('Found no authorization information for "{identifier}"!'.format(
-                    identifier=combine_identifier(identifier_type, identifier.lower())))
+                    identifier=combine_identifier(identifier_type, identifier)))
             if authz.status != 'valid':
                 authz.raise_error('Status is "{status}" and not "valid"'.format(status=authz.status), module=self.module)
 
@@ -965,7 +966,7 @@ def main():
                 auths = dict()
                 for k, v in client.authorizations.items():
                     # Remove "type:" from key
-                    auths[split_identifier(k)[1]] = v.to_json()
+                    auths[v.identifier] = v.to_json()
                 module.exit_json(
                     changed=client.changed,
                     authorizations=auths,