fix: could not reuse a signing key otherwise it would create in accou…

…nts & orders and fail the OIDC challenge. The OIDC challenge was not retryable
wireapp · Sep 12, 2023 · 52b2396 · 52b2396
1 parent c0bde61
commit 52b2396
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/acme/challenge.go b/acme/challenge.go
@@ -443,11 +443,13 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
 		return WrapErrorISE(err, "Could not find current order by account id")
 	}
 
-	if len(orders) != 1 {
-		return WrapErrorISE(err, "There are too many orders for this account for this custom OIDC challenge")
+	if len(orders) == 0 {
+		return WrapErrorISE(err, "There are not enough orders for this account for this custom OIDC challenge")
 	}
 
-	if err := db.CreateOidcToken(ctx, orders[0], oidcToken); err != nil {
+	order := orders[len(orders)]
+
+	if err := db.CreateOidcToken(ctx, order, oidcToken); err != nil {
 		return WrapErrorISE(err, "Failed storing OIDC id token")
 	}