From a857c45847f986c17c9c4b7f30b7eec721b5cb45 Mon Sep 17 00:00:00 2001
From: David Cowden <dcow@smallstep.com>
Date: Mon, 11 May 2020 21:23:55 -0700
Subject: [PATCH] acme/authority: Polymorph the challenge type

Prior to validation, we must wrap the base challenge in the correct
concrete challenge type so that we dispatch the correct validation
method.
---
 acme/authority.go |  2 +-
 acme/challenge.go | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/acme/authority.go b/acme/authority.go
index edd4e171..b1d13c5b 100644
--- a/acme/authority.go
+++ b/acme/authority.go
@@ -372,7 +372,7 @@ func (a *Authority) validate(ch challenge, jwk *jose.JSONWebKey) (challenge, err
 	dialer := &net.Dialer{
 		Timeout: 30 * time.Second,
 	}
-	return ch.validate(jwk, validateOptions{
+	return ch.clone().morph().validate(jwk, validateOptions{
 		httpGet:   client.Get,
 		lookupTxt: net.LookupTXT,
 		tlsDial: func(network, addr string, config *tls.Config) (*tls.Conn, error) {
diff --git a/acme/challenge.go b/acme/challenge.go
index 8af68328..e2e9b16d 100644
--- a/acme/challenge.go
+++ b/acme/challenge.go
@@ -291,6 +291,19 @@ func unmarshalChallenge(data []byte) (challenge, error) {
 	}
 }
 
+func (bc *baseChallenge) morph() challenge {
+	switch bc.getType() {
+	case "dns-01":
+		return &dns01Challenge{bc}
+	case "http-01":
+		return &http01Challenge{bc}
+	case "tls-alpn-01":
+		return &tlsALPN01Challenge{bc}
+	default:
+		panic("unrecognized challenge type: " + bc.getType())
+	}
+}
+
 // Challenge retry information is internally relevant and needs to be stored in the DB, but should not be part
 // of the public challenge API apart from the Retry-After header.
 type Retry struct {