@@ -197,23 +197,29 @@ public static Map<String, String> parseQueryString(URI uri) {
197197 if (idx < 0 ) {
198198 continue ;
199199 }
200- try {
201- // AWS secret key can contain + sign and URLDecoder will replace + or %20 with space
202- // which will render the access key unusable (if it wasn't encoded before)
203- // RFC2396 allows + sign in schema URI so as a workaround we will replace + with its
204- // encoded counterpart
205- queryParams .put (
206- URLDecoder .decode (pair .substring (0 , idx ), StandardCharsets .UTF_8 .name ()),
207- URLDecoder .decode (
208- pair .substring (idx + 1 ).replace ("+" , "%2B" ),
209- StandardCharsets .UTF_8 .name ()));
210- } catch (UnsupportedEncodingException e ) {
211- throw new RuntimeException (e );
212- }
200+ queryParams .put (urlDecode (pair .substring (0 , idx )), urlDecode (pair .substring (idx + 1 )));
213201 }
214202 return queryParams ;
215203 }
216204
205+ /**
206+ * {@link URLDecoder} is designed for decoding {@code application/x-www-form-urlencoded} URL's,
207+ * specifically it decodes {@code +} as space.
208+ *
209+ * <p>Form url encoding is an extension to standard RFC3986, which is not applicable for this
210+ * use case.
211+ *
212+ * <p>Encoding of {@code +} to space is undesirable, as AWS secret access keys may contain
213+ * {@code +}, and would require encoding to be correctly parsed.
214+ */
215+ private static String urlDecode (String value ) {
216+ try {
217+ return URLDecoder .decode (value .replace ("+" , "%2B" ), StandardCharsets .UTF_8 .name ());
218+ } catch (UnsupportedEncodingException e ) {
219+ throw new RuntimeException (e );
220+ }
221+ }
222+
217223 @ SuppressWarnings ("unchecked" )
218224 private static Driver resolveDriver (String driverClassName )
219225 throws ClassNotFoundException , NoSuchMethodException , IllegalAccessException ,
0 commit comments