From 3060f5ba5d00125ec2fe8a5f391df603f883f8dc Mon Sep 17 00:00:00 2001
From: John Kjell <john@testifysec.com>
Date: Tue, 11 Jun 2024 11:32:13 -0500
Subject: [PATCH] Move from deprecated API

Signed-off-by: John Kjell <john@testifysec.com>
---
 go.mod                   |  2 +-
 signer/kms/aws/client.go | 20 +++++++++-----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 4a35a26e..d627fff3 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,6 @@ go 1.21
 
 require (
 	cloud.google.com/go/kms v1.15.9
-	github.com/aws/aws-sdk-go-v2 v1.27.2
 	github.com/aws/aws-sdk-go-v2/config v1.27.18
 	github.com/aws/aws-sdk-go-v2/service/kms v1.31.3
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352
@@ -41,6 +40,7 @@ require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.27.2 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.18 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect
diff --git a/signer/kms/aws/client.go b/signer/kms/aws/client.go
index f67ac5ec..620b3e98 100644
--- a/signer/kms/aws/client.go
+++ b/signer/kms/aws/client.go
@@ -27,10 +27,10 @@ import (
 	"strings"
 	"time"
 
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	akms "github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/in-toto/go-witness/cryptoutil"
 	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/go-witness/registry"
@@ -303,15 +303,6 @@ func (a *awsClient) setupClient(ctx context.Context, ksp *kms.KMSSignerProvider)
 	}
 
 	opts := []func(*config.LoadOptions) error{}
-	if a.endpoint != "" {
-		opts = append(opts, config.WithEndpointResolverWithOptions(
-			aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
-				return aws.Endpoint{
-					URL: "https://" + a.endpoint,
-				}, nil
-			}),
-		))
-	}
 
 	if a.options.insecureSkipVerify {
 		log.Warn("InsecureSkipVerify is enabled for AWS KMS attestor")
@@ -352,7 +343,14 @@ func (a *awsClient) setupClient(ctx context.Context, ksp *kms.KMSSignerProvider)
 		return fmt.Errorf("loading AWS config: %w", err)
 	}
 
-	a.client = akms.NewFromConfig(cfg)
+	if a.endpoint != "" {
+		a.client = akms.NewFromConfig(cfg, func(o *akms.Options) {
+			o.BaseEndpoint = aws.String("https://" + a.endpoint)
+		})
+	} else {
+		a.client = akms.NewFromConfig(cfg)
+	}
+
 	return
 }