RequestValidator.validate incorrectly decodes query string when removing port

[alexcchan]

Issue Summary

When removing the port RequestValidator.validate incorrectly decodes the path, query, and fragment.

e.g.

https://someurl.com:443/somepath?param1=client%3AAnonymous

is converted to

https://someurl.com/somepath?param1=client:Anonymous

https://github.com/twilio/twilio-java/blob/main/src/main/java/com/twilio/security/RequestValidator.java#L145-L147

A suggestion is to consider using getRawPath, getRawQuery, and getRawFragment instead.

Steps to Reproduce

1. The snippet below demonstrates the issue. The validate output should be the same for both URLs.

Code Snippet

import java.net.URI;
import java.util.HashMap;
import com.twilio.security.RequestValidator;
...
        String url1 = "https://someurl.com/somepath?param1=client%3AAnonymous";
        String url2 = "https://someurl.com:443/somepath?param1=client%3AAnonymous";
        String signature = "PM+bjB+ITJ9a3LIYStKWOTMZMlU=";
        RequestValidator r= new RequestValidator("1234567890");
        System.out.println("valid without port?: " + r.validate(url1, new HashMap<>(), signature));
        System.out.println("valid with port?: " + r.validate(url2, new HashMap<>(), signature));

Exception/Log

valid without port?: true
valid with port?: false

Technical details:

• twilio-java version: 7.55.3 (latest as of submission)
• java version: 1.8.0_161

[eshanholtz]

This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.