CONAP-345422：当客户端在请求中发送编码URI字符时、签名版本v4请求失败、并出现签名不匹配错误。

问题描述

Special characters needs to URI encoded(/ as %2F) and it should be used in the URL, but still some clients sends decoded values ("/")
For example, the '/' character is a reserved character and it has a special meaning when being used in the prefix to separate the paths of a URL.
Here it is used by encoding it to '%2F'.
Below error will be seen:
[root@linux ~]$curl 'https://s3-server.local/xxxxxxxxxx-x...tool/tool/' -X GET -H "Host: s3-server.local" 
H "X-Amz-Content-Sha256: e4xsjdhbsj98fdsfdvcsdvndvfjnsjfvndfvbfaaaa"
H "X-Amz-Date: 20241126T102448Z"
H "Authorization: AWS4-HMAC-SHA256 Credential=XAAFEFHU78347328139AAA/20241126/ME2/s3/aws4_request, --cacert cert.pem
<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message></Error> 
Other clients, for example S3 browser or aws cli is not facing the issue.
Working example from aws cli:
[root@linux ~]$ s3cmd ls -d s3://xxxxxxxxxx-xxxxxxxx-xx//tool/tool/1 DEBUG: Command: ls ..... ......... DEBUG: non-proxied HTTPSConnection(s3-server.local, None) DEBUG: format_uri(): /xxxxxxxxxx-xxxxxxxx-xx/?delimiter=%2F&prefix=%2Ftool%2Ftool%2F1 DEBUG: Sending request method_string='GET', uri='/xxxxxxxxxx-xxxxxxxx-xx/?delimiter=%2F&prefix=%2Ftool%2Ftool%2F1', headers={'x-amz-date': 'Fri, 29 Nov 2024 00:36:34 +0000', 'Authorization': 'AWS xxxxxxxxxx:yyyyyyyyyyyy='}, body=(0 bytes) .... DEBUG: Response: ..... ......... 'reason': 'OK', 'status': 200} 2024-11-15 02:36 1048576 s3://xxxxxxxxxx-xxxxxxxx-xx//tool/tool/1