Merge pull request #336 from TingDaoK/fix-signing-config

fix the signing config
boto · Feb 26, 2025 · 1cf8b4d · 1cf8b4d
2 parents 9b1b8e1 + 01c1b56
commit 1cf8b4d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/.changes/next-release/bugfix-awscrt-11663.json b/.changes/next-release/bugfix-awscrt-11663.json
@@ -0,0 +1,5 @@
+{
+  "type": "bugfix",
+  "category": "``awscrt``",
+  "description": "Fix urlencoding issues for request signing with the awscrt."
+}
diff --git a/s3transfer/crt.py b/s3transfer/crt.py
@@ -895,14 +895,22 @@ def _default_get_make_request_args(
         ) and accesspoint_arn_details['region'] == "":
             # Configure our region to `*` to propogate in `x-amz-region-set`
             # for multi-region support in MRAP accesspoints.
+            # use_double_uri_encode and should_normalize_uri_path are defaulted to be True
+            # But SDK already encoded the URI, and it's for S3, so set both to False
             make_request_args['signing_config'] = AwsSigningConfig(
                 algorithm=AwsSigningAlgorithm.V4_ASYMMETRIC,
                 region="*",
+                use_double_uri_encode=False,
+                should_normalize_uri_path=False,
             )
             call_args.bucket = accesspoint_arn_details['resource_name']
         elif is_s3express_bucket(call_args.bucket):
+            # use_double_uri_encode and should_normalize_uri_path are defaulted to be True
+            # But SDK already encoded the URI, and it's for S3, so set both to False
             make_request_args['signing_config'] = AwsSigningConfig(
-                algorithm=AwsSigningAlgorithm.V4_S3EXPRESS
+                algorithm=AwsSigningAlgorithm.V4_S3EXPRESS,
+                use_double_uri_encode=False,
+                should_normalize_uri_path=False,
             )
         return make_request_args
 

diff --git a/tests/functional/test_crt.py b/tests/functional/test_crt.py
@@ -163,6 +163,12 @@ def _assert_expected_s3express_request(
             make_request_kwargs['signing_config'].algorithm,
             awscrt.auth.AwsSigningAlgorithm.V4_S3EXPRESS,
         )
+        self.assertFalse(
+            make_request_kwargs['signing_config'].use_double_uri_encode,
+        )
+        self.assertFalse(
+            make_request_kwargs['signing_config'].should_normalize_uri_path,
+        )
 
     def _assert_expected_mrap_request(
         self, make_request_kwargs, expected_http_method='GET'
@@ -179,6 +185,12 @@ def _assert_expected_mrap_request(
             awscrt.auth.AwsSigningAlgorithm.V4_ASYMMETRIC,
         )
         self.assertEqual(make_request_kwargs['signing_config'].region, "*")
+        self.assertFalse(
+            make_request_kwargs['signing_config'].use_double_uri_encode,
+        )
+        self.assertFalse(
+            make_request_kwargs['signing_config'].should_normalize_uri_path,
+        )
 
     def _assert_subscribers_called(self, expected_future=None):
         self.assertTrue(self.record_subscriber.on_queued_called)