[MONGOCRYPT-181] Support non amazon hosted AWS KMS endpoints Created: 21/Sep/19  Updated: 28/Oct/23  Resolved: 15/Oct/19

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: fle-ga
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
is duplicated by MONGOCRYPT-123 Expose API for setting a custom data ... Closed
Related
is related to MONGOCRYPT-194 Creating AWS data key with endpoint d... Closed

 Description   

The server's AWS KMS code assumes that any AWS KMS instance it needs to talk to is at kms.<region>.amazonaws.com. Some AWS KMS providers may be hosted at alternate domains.

For testing purposes, we support alternate URLs but we do not generate the signature correctly in these cases since our local mock kms does not validate the signature. The mock_kms server needs to updated to optionally verify the signature to ensure we have correctly implemented support for alternate kms. We can use local.10gen.cc or kms.local.10gen.cc as target hosts.

 

Python Auth Header Calculation:

https://github.com/boto/boto/blob/develop/boto/auth.py



 Comments   
Comment by Githook User [ 15/Oct/19 ]

Author:

{'username': 'kevinAlbs', 'email': 'kevin.albertson@mongodb.com', 'name': 'Kevin Albertson'}

Message: MONGOCRYPT-181 support custom datakey endpoint
Branch: master
https://github.com/mongodb/libmongocrypt/commit/49552e4e47b503495be65e21a0e8dbd393668c46

Generated at Thu Feb 08 09:08:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.