XIVY-15609 Improve path encoding for signing request

Using UrlEncoder which is not especially designed for this. It's hard to find out, how the calling end url is, because this relies on the underlying technology jersey -> connectory -> apache http connector. Tried a lot of stuff and this implementation was the best. It specially handles the characters which are also specially handled in UrlEncoder. The main problem is that we should not allow to create such documents. We should difference between a display name and a technical file name.
axonivy-market · Dec 6, 2024 · 5ab5ec2 · 5ab5ec2
1 parent 583a8c1
commit 5ab5ec2
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ This is a zero-dependency Java library to sign Jersey requests with a AWS4 signa
   <dependency>
     <groupId>com.axonivy.connector.aws</groupId>
     <artifactId>amazon-aws4-authenticator</artifactId>
-    <version>0.0.5</version>
+    <version>0.0.6</version>
   </dependency>
 </dependencies>
 ```

diff --git a/pom.xml b/pom.xml
@@ -41,13 +41,13 @@
     <dependency>
       <groupId>org.glassfish.jersey.core</groupId>
       <artifactId>jersey-client</artifactId>
-      <version>2.34</version>
+      <version>2.45</version>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.glassfish.jersey.inject</groupId>
       <artifactId>jersey-hk2</artifactId>
-      <version>2.34</version>
+      <version>2.45</version>
       <scope>test</scope>
     </dependency>
   </dependencies>

diff --git a/src/main/java/com/axonivy/connector/aws/authentication/Aws4AuthenticationRequestFilter.java b/src/main/java/com/axonivy/connector/aws/authentication/Aws4AuthenticationRequestFilter.java
@@ -33,7 +33,7 @@ public void filter(ClientRequestContext context) throws IOException {
       headers.add(X_AMZ_DATE, signer.getTimeStamp());
       headers.add(AUTHORIZATION, signer.sign());
     } catch (NoSuchAlgorithmException | InvalidKeyException ex) {
-      throw new IOException("Could not sign Amazon AWS request", ex);
+      throw new IOException("Could not sign request", ex);
     }
   }
 }
diff --git a/src/main/java/com/axonivy/connector/aws/authentication/CanonicalRequest.java b/src/main/java/com/axonivy/connector/aws/authentication/CanonicalRequest.java
@@ -3,6 +3,9 @@
 import static com.axonivy.connector.aws.authentication.Constants.SIGNED_HEADERS;
 import static com.axonivy.connector.aws.authentication.Constants.X_AMZ_DATE;
 
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+
 import javax.ws.rs.client.ClientRequestContext;
 
 class CanonicalRequest {
@@ -38,8 +41,18 @@ private void appendPath() {
     if (path == null || path.isEmpty()) {
       path = "/";
     }
-    builder.append(path);
-    builder.append('\n');
+    try {
+      System.out.println(path);
+      var encodedPath = URLEncoder.encode(path, StandardCharsets.UTF_8.toString())
+                .replace("%2F", "/")
+                .replace("%7E", "~")
+                .replace("*", "%2A")
+                .replace("+", "%20");
+      builder.append(encodedPath);
+      builder.append('\n');
+    } catch (Exception ex) {
+      throw new RuntimeException("Could not encode path " + path, ex);
+    }
   }
 
   private void appendQuery() {