URLEncoding fails

[dtitov]

Hi,

I think I spotted a bug, but I'm a bit unsure. When I tried to connect with different clients, the signature verification failed. I started to wonder why and noticed that the URL to sign looked like this:

mc: <DEBUG> GET /bucketName/?delimiter=%2F&max-keys=1000&prefix= HTTP/1.1

As you can see, the delimiter is already URL-encoded here (originally it's just a slash). But then on the backend in your library you are encoding it again:

            builder.append(URLEncoding.encodeQueryComponent(name))
                    .append(QUERY_PARAMETER_VALUE_SEPARATOR)
                    .append(URLEncoding.encodeQueryComponent(value));

Which turns %2F to %225F or smth like that. And, obviously, validation fails.

If I just skip the encoding part in your lib, then it works.

I noticed that you have a reference to docs about URL escaping:

        /*
         * See http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
         * for the list of characters that should not be escaped
         */

But if you go to this link, there's nothing mentioned there about the necessity to encode URL parts.

Is it possible that the protocol was changed a bit since you've implemented it? And is it possible to make the URL-encoding optional in your lib?