webServiceRequest function escapes parameters before signing request
mark-fisher opened this issue · 1 comments
The webServiceRequest function in the ewdChildProcess module is escaping the parameters in requests before the message is signed. This means that any parameters values with special characters will get escaped and the signature check will fail.
For example, I have a routine that takes two value separated by a semi-colon. If I pass "first;last" as a parameter on the query string, it gets changed to "first%3Blast" before the signature is checked. The result is a HTTP 400 Bad Request "Signatures do not match" message.
Please allow special characters to be passed in parameter values.
EWD.js is processing correctly. The rules are defined according to the AWS scheme defined here:
http://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html
Specifically:
Sort the UTF-8 query string components by parameter name with natural byte ordering.
The parameters can come from the GET URI or from the POST body (when Content-Type is application/x-www-form-urlencoded).
URL encode the parameter name and values according to the following rules:
Do not URL encode any of the unreserved characters that RFC 3986 defines.
These unreserved characters are A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
Percent encode all other characters with %XY, where X and Y are hex characters 0-9 and uppercase A-F.
Percent encode extended UTF-8 characters in the form %XY%ZA....
Percent encode the space character as %20 (and not +, as common encoding schemes do).
Note
Currently all AWS service parameter names use unreserved characters, so you don't need to encode them. However, you might want to include code to handle parameter names that use reserved characters, for possible future use.
Separate the encoded parameter names from their encoded values with the equals sign ( = ) (ASCII character 61), even if the parameter value is empty.
Separate the name-value pairs with an ampersand ( & ) (ASCII character 38).
So the conversion of ; to %3B in the query parameter before signing is correct