From a38f079e1a8e4e7424d720785a08e6d447612e55 Mon Sep 17 00:00:00 2001
From: Hassan Sahibzada <hsahibza@amazon.com>
Date: Wed, 17 Jan 2024 16:50:22 -0500
Subject: [PATCH] handle aws special regions

---
 .github/workflows/ci.yml                      |  2 -
 CMake/Dependencies/libopenssl-CMakeLists.txt  |  8 ++-
 .../amazonaws/kinesis/video/common/Include.h  | 18 +++++++
 src/source/CurlApiCallbacks.c                 | 23 ++++++---
 tst/ProducerCallbackProviderApiTest.cpp       | 51 ++++++++++++++++++-
 5 files changed, 92 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5ce565edb..c3970541f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -58,8 +58,6 @@ jobs:
     runs-on: macos-11
     env:
       AWS_KVS_LOG_LEVEL: 2
-      LDFLAGS: -L/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib
-      CPATH: /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/
     permissions:
       id-token: write
       contents: read
diff --git a/CMake/Dependencies/libopenssl-CMakeLists.txt b/CMake/Dependencies/libopenssl-CMakeLists.txt
index c97037a84..fbe3d41a2 100644
--- a/CMake/Dependencies/libopenssl-CMakeLists.txt
+++ b/CMake/Dependencies/libopenssl-CMakeLists.txt
@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.6.3)
 
-project(libopenssl-download NONE)
+project(libopenssl-download LANGUAGES C)
 
 if (WIN32)
   find_program(MAKE_EXE NAMES nmake)
@@ -11,6 +11,12 @@ else()
     SET(OPENSSL_EXTRA ${OPENSSL_EXTRA} no-shared no-dso)
   endif()
 
+  if (DEFINED CMAKE_OSX_SYSROOT AND NOT CMAKE_OSX_SYSROOT STREQUAL "")
+      if ("${CMAKE_C_COMPILER_ID}" MATCHES "Clang")
+        SET(OPENSSL_EXTRA ${OPENSSL_EXTRA} -I${CMAKE_OSX_SYSROOT}/usr/include -L${CMAKE_OSX_SYSROOT}/usr/lib)
+      endif()
+  endif()
+
   if (DEFINED BUILD_OPENSSL_PLATFORM AND NOT BUILD_OPENSSL_PLATFORM STREQUAL OFF)
     SET(CONFIGURE_COMMAND ${CMAKE_CURRENT_BINARY_DIR}/build/src/project_libopenssl/Configure ${OPENSSL_EXTRA} --prefix=${OPEN_SRC_INSTALL_PREFIX} --openssldir=${OPEN_SRC_INSTALL_PREFIX} ${BUILD_OPENSSL_PLATFORM} -Wno-nullability-completeness -Wno-expansion-to-defined)
   else()
diff --git a/src/include/com/amazonaws/kinesis/video/common/Include.h b/src/include/com/amazonaws/kinesis/video/common/Include.h
index 045d43cd1..a8d540c82 100644
--- a/src/include/com/amazonaws/kinesis/video/common/Include.h
+++ b/src/include/com/amazonaws/kinesis/video/common/Include.h
@@ -314,11 +314,29 @@ extern "C" {
  */
 #define KINESIS_VIDEO_SERVICE_NAME "kinesisvideo"
 
+#define AWS_KVS_FIPS_ENDPOINT_POSTFIX "-fips"
+
 /**
  * Control plane postfix
  */
 #define CONTROL_PLANE_URI_POSTFIX ".amazonaws.com"
 
+#define CONTROL_PLANE_URI_POSTFIX_CN ".amazonaws.com.cn"
+
+#define CONTROL_PLANE_URI_POSTFIX_ISO ".c2s.ic.gov"
+
+#define CONTROL_PLANE_URI_POSTFIX_ISO_B ".sc2s.sgov.gov"
+
+
+#define AWS_ISO_B_REGION_PREFIX "us-isob-"
+
+#define AWS_ISO_REGION_PREFIX "us-iso-"
+
+#define AWS_GOV_CLOUD_REGION_PREFIX "us-gov-"
+
+#define AWS_CN_REGION_PREFIX "cn-"
+
+
 /**
  * Default user agent name
  */
diff --git a/src/source/CurlApiCallbacks.c b/src/source/CurlApiCallbacks.c
index 66b71a063..92a351e38 100644
--- a/src/source/CurlApiCallbacks.c
+++ b/src/source/CurlApiCallbacks.c
@@ -79,12 +79,23 @@ STATUS createCurlApiCallbacks(PCallbacksProvider pCallbacksProvider, PCHAR regio
 
     // Set the control plane URL
     if (controlPlaneUrl == NULL || controlPlaneUrl[0] == '\0') {
-        // Create a fully qualified URI
-        SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
-                 pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX);
-        // If region is in CN, add CN region uri postfix
-        if (STRSTR(pCurlApiCallbacks->region, "cn-")) {
-            STRCAT(pCurlApiCallbacks->controlPlaneUrl, ".cn");
+        if (0 == STRNCMP(pCurlApiCallbacks->region, AWS_ISO_B_REGION_PREFIX, STRLEN(AWS_ISO_B_REGION_PREFIX))) {
+            SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
+                     AWS_KVS_FIPS_ENDPOINT_POSTFIX, pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX_ISO_B);
+            // Region is in "aws-iso" partition
+        } else if (0 == STRNCMP(pCurlApiCallbacks->region, AWS_ISO_REGION_PREFIX, STRLEN(AWS_ISO_REGION_PREFIX))) {
+            SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
+                     AWS_KVS_FIPS_ENDPOINT_POSTFIX, pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX_ISO);
+        } else if (0 == STRNCMP(pCurlApiCallbacks->region, AWS_GOV_CLOUD_REGION_PREFIX, STRLEN(AWS_GOV_CLOUD_REGION_PREFIX))) {
+            SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
+                     AWS_KVS_FIPS_ENDPOINT_POSTFIX, pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX);
+        } else if (0 == STRNCMP(pCurlApiCallbacks->region, AWS_CN_REGION_PREFIX, STRLEN(AWS_CN_REGION_PREFIX))) {
+            SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
+                     pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX_CN);
+        } else {
+            // Create a fully qualified URI
+            SNPRINTF(pCurlApiCallbacks->controlPlaneUrl, MAX_URI_CHAR_LEN, "%s%s.%s%s", CONTROL_PLANE_URI_PREFIX, KINESIS_VIDEO_SERVICE_NAME,
+                     pCurlApiCallbacks->region, CONTROL_PLANE_URI_POSTFIX);
         }
     } else {
         STRNCPY(pCurlApiCallbacks->controlPlaneUrl, controlPlaneUrl, MAX_URI_CHAR_LEN);
diff --git a/tst/ProducerCallbackProviderApiTest.cpp b/tst/ProducerCallbackProviderApiTest.cpp
index 844f8af42..aeca444aa 100644
--- a/tst/ProducerCallbackProviderApiTest.cpp
+++ b/tst/ProducerCallbackProviderApiTest.cpp
@@ -1,5 +1,5 @@
-
 #include "ProducerTestFixture.h"
+#include <map>
 
 namespace com { namespace amazonaws { namespace kinesis { namespace video {
 
@@ -58,6 +58,55 @@ namespace com { namespace amazonaws { namespace kinesis { namespace video {
 
     }
 
+    TEST_F(ProducerCallbackProviderApiTest, TestCorrectControlPlaneUriForSpecifiedRegion)
+    {
+        PClientCallbacks pClientCallbacks = NULL;
+        // Map region to control plane url
+        std::map<std::string, std::string> regionToControlPlaneUrlMap = {
+                                    {"us-east-1", "https://kinesisvideo.us-east-1.amazonaws.com"},
+                                    {"us-west-2", "https://kinesisvideo.us-west-2.amazonaws.com"},
+                                    {"ap-northeast-1", "https://kinesisvideo.ap-northeast-1.amazonaws.com"},
+                                    {"ap-southeast-2", "https://kinesisvideo.ap-southeast-2.amazonaws.com"},
+                                    {"eu-central-1", "https://kinesisvideo.eu-central-1.amazonaws.com"},
+                                    {"eu-west-1", "https://kinesisvideo.eu-west-1.amazonaws.com"},
+                                    {"ap-northeast-2", "https://kinesisvideo.ap-northeast-2.amazonaws.com"},
+                                    {"ap-south-1", "https://kinesisvideo.ap-south-1.amazonaws.com"},
+                                    {"ap-southeast-1", "https://kinesisvideo.ap-southeast-1.amazonaws.com"},
+                                    {"ca-central-1", "https://kinesisvideo.ca-central-1.amazonaws.com"},
+                                    {"eu-north-1", "https://kinesisvideo.eu-north-1.amazonaws.com"},
+                                    {"eu-west-2", "https://kinesisvideo.eu-west-2.amazonaws.com"},
+                                    {"sa-east-1", "https://kinesisvideo.sa-east-1.amazonaws.com"},
+                                    {"us-east-2", "https://kinesisvideo.us-east-2.amazonaws.com"},
+                                    {"ap-east-1", "https://kinesisvideo.ap-east-1.amazonaws.com"},
+                                    {"af-south-1", "https://kinesisvideo.af-south-1.amazonaws.com"},
+                                    {"us-iso-east-1", "https://kinesisvideo-fips.us-iso-east-1.c2s.ic.gov"},
+                                    {"us-iso-west-1", "https://kinesisvideo-fips.us-iso-west-1.c2s.ic.gov"},
+                                    {"us-isob-east-1", "https://kinesisvideo-fips.us-isob-east-1.sc2s.sgov.gov"},
+                                    {"us-gov-west-1", "https://kinesisvideo-fips.us-gov-west-1.amazonaws.com"},
+                                    {"us-gov-east-1", "https://kinesisvideo-fips.us-gov-east-1.amazonaws.com"},
+                                    {"cn-north-1", "https://kinesisvideo.cn-north-1.amazonaws.com.cn"},
+                                    {"cn-northwest-1", "https://kinesisvideo.cn-northwest-1.amazonaws.com.cn"},
+                                };
+
+        for (auto it : regionToControlPlaneUrlMap) {
+            EXPECT_EQ(STATUS_SUCCESS,
+                      createDefaultCallbacksProvider(TEST_DEFAULT_CHAIN_COUNT, TEST_ACCESS_KEY, TEST_SECRET_KEY, TEST_SESSION_TOKEN,
+                                                     TEST_STREAMING_TOKEN_DURATION, (PCHAR) it.first.c_str(), TEST_CONTROL_PLANE_URI, mCaCertPath, NULL,
+                                                     TEST_USER_AGENT, API_CALL_CACHE_TYPE_NONE, TEST_CACHING_ENDPOINT_PERIOD, TRUE,
+                                                     &pClientCallbacks));
+
+            PCallbacksProvider pCallbacksProvider = (PCallbacksProvider) pClientCallbacks;
+            PCurlApiCallbacks pCurlApiCallbacks = (PCurlApiCallbacks) pCallbacksProvider->pApiCallbacks[0].customData;
+
+            EXPECT_EQ(0, STRNCMP(pCurlApiCallbacks->controlPlaneUrl, (PCHAR) it.second.c_str(), MAX_URI_CHAR_LEN));
+
+            EXPECT_EQ(STATUS_SUCCESS, freeCallbacksProvider(&pClientCallbacks));
+
+            EXPECT_EQ(STATUS_NULL_ARG, freeCallbacksProvider(NULL));
+        }
+
+    }
+
 }  // namespace video
 }  // namespace kinesis
 }  // namespace amazonaws