fix(signature-v4): uri escape path (#1224) (#1226)

* fix: 1224 uri escape

* changeset

* formatting

* linting

---------

Co-authored-by: George Fu <kuhe@users.noreply.github.com>

.changeset/little-otters-complain.md

@@ -0,0 +1,5 @@
+---
+"@smithy/signature-v4": minor
+---
+
+Escape non-standard characters in URI paths according to RFC 3986

packages/signature-v4/src/SignatureV4.spec.ts

@@ -631,6 +631,13 @@ describe("SignatureV4", () => {
         );
       });
 
+      it("should normalize path with non-standard characters by default", async () => {
+        const { headers } = await signer.sign({ ...minimalRequest, path: "/foo/!'()*" }, signingOptions);
+        expect(headers[AUTH_HEADER]).toEqual(
+          expect.stringContaining("Signature=698b237cc68fe34535e57f374fa81f63219314b5a877742f889f6222c9ecab7b")
+        );
+      });
+
       it("should not URI-encode the path if URI path escaping was disabled on the signer", async () => {
         // Setting `uriEscapePath` to `false` creates an
         // S3-compatible signer. The expected authorization header

packages/signature-v4/src/SignatureV4.ts

@@ -21,6 +21,7 @@ import {
 } from "@smithy/types";
 import { toHex } from "@smithy/util-hex-encoding";
 import { normalizeProvider } from "@smithy/util-middleware";
+import { escapeUri } from "@smithy/util-uri-escape";
 import { toUint8Array } from "@smithy/util-utf8";
 
 import {
@@ -331,7 +332,8 @@ ${toHex(hashedRequest)}`;
         normalizedPathSegments.length > 0 && path?.endsWith("/") ? "/" : ""
       }`;
 
-      const doubleEncoded = encodeURIComponent(normalizedPath);
+      // Double encode and replace non-standard characters !'()* according to RFC 3986
+      const doubleEncoded = escapeUri(normalizedPath);
       return doubleEncoded.replace(/%2F/g, "/");
     }