in src/main/java/com/amazonaws/encryptionsdk/kmssdkv2/AwsKmsMrkAwareMasterKeyProvider.java [566:599]
static Region extractRegion(
final Region defaultRegion,
final Region discoveryMrkRegion,
final Optional<String> matchedArn,
final AwsKmsCmkArnInfo requestedKeyArnInfo,
final boolean isDiscovery) {
// = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.7
// # If the requested AWS KMS key identifier is not a well formed ARN the
// # AWS Region MUST be the configured default region this SHOULD be
// # obtained from the AWS SDK.
if (requestedKeyArnInfo == null) return defaultRegion;
// = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.7
// # Otherwise if the requested AWS KMS key
// # identifier is identified as a multi-Region key (aws-kms-key-
// # arn.md#identifying-an-aws-kms-multi-region-key), then AWS Region MUST
// # be the region from the AWS KMS key ARN stored in the provider info
// # from the encrypted data key.
if (!isMRK(requestedKeyArnInfo.getResource())
|| !requestedKeyArnInfo.getResourceType().equals("key")) {
return Region.of(requestedKeyArnInfo.getRegion());
}
// = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.7
// # Otherwise if the mode is discovery then
// # the AWS Region MUST be the discovery MRK region.
if (isDiscovery) return discoveryMrkRegion;
// = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.7
// # Finally if the
// # provider info is identified as a multi-Region key (aws-kms-key-
// # arn.md#identifying-an-aws-kms-multi-region-key) the AWS Region MUST
// # be the region from the AWS KMS key in the configured key ids matched
// # to the requested AWS KMS key by using AWS KMS MRK Match for Decrypt
// # (aws-kms-mrk-match-for-decrypt.md#implementation).
return Region.of(parseInfoFromKeyArn(matchedArn.get()).getRegion());
}