Include query params in signed URL (#3678)

Author: davidh44

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.java

@@ -146,7 +146,7 @@ public SignedUrl getSignedUrlWithCannedPolicy(CannedSignerRequest request) {
             String protocol = uri.getScheme();
             String domain = uri.getHost();
             String encodedPath = uri.getPath()
-                                 + (request.resourceUrl().indexOf('?') >= 0 ? "&" : "?")
+                                 + (uri.getQuery() != null ? "?" + uri.getQuery() + "&" : "?")
                                  + "Expires=" + request.expirationDate().getEpochSecond()
                                  + "&Signature=" + urlSafeSignature
                                  + "&Key-Pair-Id=" + request.keyPairId();
@@ -255,7 +255,7 @@ public SignedUrl getSignedUrlWithCustomPolicy(CustomSignerRequest request) {
             String protocol = uri.getScheme();
             String domain = uri.getHost();
             String encodedPath = uri.getPath()
-                                 + (request.resourceUrl().indexOf('?') >= 0 ? "&" : "?")
+                                 + (uri.getQuery() != null ? "?" + uri.getQuery() + "&" : "?")
                                  + "Policy=" + urlSafePolicy
                                  + "&Signature=" + urlSafeSignature
                                  + "&Key-Pair-Id=" + request.keyPairId();

services/cloudfront/src/test/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilitiesTest.java

@@ -89,6 +89,25 @@ void getSignedURLWithCannedPolicy_producesValidUrl() {
         assertThat(expected).isEqualTo(url);
     }
 
+    @Test
+    void getSignedURLWithCannedPolicy_withQueryParams_producesValidUrl() {
+        Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
+        String resourceUrlWithQueryParams = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey?a=b&c=d";
+        SignedUrl signedUrl =
+            cloudFrontUtilities.getSignedUrlWithCannedPolicy(r -> r
+                .resourceUrl(resourceUrlWithQueryParams)
+                .privateKey(keyPair.getPrivate())
+                .keyPairId("keyPairId")
+                .expirationDate(expirationDate));
+        String url = signedUrl.url();
+
+        String signature = url.substring(url.indexOf("&Signature"), url.indexOf("&Key-Pair-Id"));
+        String expected = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey?a=b&c=d&Expires=1704067200"
+                          + signature
+                          + "&Key-Pair-Id=keyPairId";
+        assertThat(expected).isEqualTo(url);
+    }
+
     @Test
     void getSignedURLWithCustomPolicy_producesValidUrl() throws Exception {
         Instant activeDate = LocalDate.of(2022, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
@@ -116,6 +135,30 @@ void getSignedURLWithCustomPolicy_producesValidUrl() throws Exception {
         assertThat(expected).isEqualTo(url);
     }
 
+    @Test
+    void getSignedURLWithCustomPolicy_withQueryParams_producesValidUrl() {
+        Instant activeDate = LocalDate.of(2022, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
+        Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
+        String ipRange = "1.2.3.4";
+        String resourceUrlWithQueryParams = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey?a=b&c=d";
+        SignedUrl signedUrl =
+            cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> r
+                .resourceUrl(resourceUrlWithQueryParams)
+                .privateKey(keyPair.getPrivate())
+                .keyPairId("keyPairId")
+                .expirationDate(expirationDate)
+                .activeDate(activeDate)
+                .ipRange(ipRange));
+        String url = signedUrl.url();
+        String policy = url.substring(url.indexOf("Policy=") + 7, url.indexOf("&Signature"));
+        String signature = url.substring(url.indexOf("&Signature"), url.indexOf("&Key-Pair-Id"));
+        String expected = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey?a=b&c=d&Policy="
+                          + policy
+                          + signature
+                          + "&Key-Pair-Id=keyPairId";
+        assertThat(expected).isEqualTo(url);
+    }
+
     @Test
     void getSignedURLWithCustomPolicy_withIpRangeOmitted_producesValidUrl() throws Exception {
         Instant activeDate = LocalDate.of(2022, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));