From 60b0546760cff796dcdb4c01b8b26c9973ebb5e7 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Mon, 4 Dec 2017 13:51:29 -0600
Subject: [PATCH] Use struct key for TLS cache

Kubernetes-commit: 5c8fe23722db05dda25a54d4275737af329227eb
---
 transport/cache.go | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/transport/cache.go b/transport/cache.go
index da22cdee..7c40848c 100644
--- a/transport/cache.go
+++ b/transport/cache.go
@@ -31,12 +31,28 @@ import (
 // the config has no custom TLS options, http.DefaultTransport is returned.
 type tlsTransportCache struct {
 	mu         sync.Mutex
-	transports map[string]*http.Transport
+	transports map[tlsCacheKey]*http.Transport
 }
 
 const idleConnsPerHost = 25
 
-var tlsCache = &tlsTransportCache{transports: make(map[string]*http.Transport)}
+var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)}
+
+type tlsCacheKey struct {
+	insecure   bool
+	caData     string
+	certData   string
+	keyData    string
+	serverName string
+}
+
+func (t tlsCacheKey) String() string {
+	keyText := "<none>"
+	if len(t.keyData) > 0 {
+		keyText = "<redacted>"
+	}
+	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s", t.insecure, t.caData, t.certData, keyText, t.serverName)
+}
 
 func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 	key, err := tlsConfigKey(config)
@@ -82,11 +98,16 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 }
 
 // tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor
-func tlsConfigKey(c *Config) (string, error) {
+func tlsConfigKey(c *Config) (tlsCacheKey, error) {
 	// Make sure ca/key/cert content is loaded
 	if err := loadTLSFiles(c); err != nil {
-		return "", err
+		return tlsCacheKey{}, err
 	}
-	// Only include the things that actually affect the tls.Config
-	return fmt.Sprintf("%v/%x/%x/%x/%v", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData, c.TLS.ServerName), nil
+	return tlsCacheKey{
+		insecure:   c.TLS.Insecure,
+		caData:     string(c.TLS.CAData),
+		certData:   string(c.TLS.CertData),
+		keyData:    string(c.TLS.KeyData),
+		serverName: c.TLS.ServerName,
+	}, nil
 }