Use SHA3-512 (#1594)

* use sha-256 and add unit test --------- Co-authored-by: jcrichlake <[email protected]>
CDCgov · Nov 25, 2024 · 3e73ebc · 3e73ebc
1 parent 90bcf6b
commit 3e73ebc
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 2 deletions.
diff --git a/app/src/main/java/gov/hhs/cdc/trustedintermediary/external/javalin/App.java b/app/src/main/java/gov/hhs/cdc/trustedintermediary/external/javalin/App.java
@@ -6,6 +6,7 @@
 import gov.hhs.cdc.trustedintermediary.domainconnector.DomainConnectorConstructionException;
 import gov.hhs.cdc.trustedintermediary.domainconnector.DomainResponseHelper;
 import gov.hhs.cdc.trustedintermediary.domainconnector.UnableToReadOpenApiSpecificationException;
+import gov.hhs.cdc.trustedintermediary.etor.utils.security.HashHelper;
 import gov.hhs.cdc.trustedintermediary.external.apache.ApacheClient;
 import gov.hhs.cdc.trustedintermediary.external.azure.AzureDatabaseCredentialsProvider;
 import gov.hhs.cdc.trustedintermediary.external.azure.AzureSecrets;
@@ -85,6 +86,7 @@ private static void registerClasses() {
         ApplicationContext.register(YamlCombiner.class, Jackson.getInstance());
         ApplicationContext.register(OpenApi.class, OpenApi.getInstance());
         ApplicationContext.register(HttpClient.class, ApacheClient.getInstance());
+        ApplicationContext.register(HashHelper.class, HashHelper.getInstance());
         ApplicationContext.register(AuthEngine.class, JjwtEngine.getInstance());
         ApplicationContext.register(Cache.class, KeyCache.getInstance());
         ApplicationContext.register(DomainResponseHelper.class, DomainResponseHelper.getInstance());

diff --git a/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/orders/SendOrderUseCase.java b/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/orders/SendOrderUseCase.java
@@ -6,6 +6,7 @@
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadata;
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataMessageType;
 import gov.hhs.cdc.trustedintermediary.etor.ruleengine.transformation.TransformationRuleEngine;
+import gov.hhs.cdc.trustedintermediary.etor.utils.security.HashHelper;
 import gov.hhs.cdc.trustedintermediary.wrappers.Logger;
 import gov.hhs.cdc.trustedintermediary.wrappers.MetricMetadata;
 import javax.inject.Inject;
@@ -18,6 +19,7 @@ public class SendOrderUseCase implements SendMessageUseCase<Order<?>> {
     @Inject MetricMetadata metadata;
     @Inject SendMessageHelper sendMessageHelper;
     @Inject Logger logger;
+    @Inject HashHelper hashHelper;
 
     private SendOrderUseCase() {}
 
@@ -29,10 +31,12 @@ public static SendOrderUseCase getInstance() {
     public void convertAndSend(final Order<?> order, String receivedSubmissionId)
             throws UnableToSendMessageException {
 
+        String hashedOrder = hashHelper.generateHash(order);
+
         PartnerMetadata partnerMetadata =
                 new PartnerMetadata(
                         receivedSubmissionId,
-                        String.valueOf(order.hashCode()),
+                        hashedOrder,
                         PartnerMetadataMessageType.ORDER,
                         order.getSendingApplicationDetails(),
                         order.getSendingFacilityDetails(),

diff --git a/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/results/SendResultUseCase.java b/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/results/SendResultUseCase.java
@@ -6,6 +6,7 @@
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadata;
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataMessageType;
 import gov.hhs.cdc.trustedintermediary.etor.ruleengine.transformation.TransformationRuleEngine;
+import gov.hhs.cdc.trustedintermediary.etor.utils.security.HashHelper;
 import gov.hhs.cdc.trustedintermediary.wrappers.Logger;
 import javax.inject.Inject;
 
@@ -20,6 +21,8 @@ public class SendResultUseCase implements SendMessageUseCase<Result<?>> {
 
     @Inject Logger logger;
 
+    @Inject HashHelper hashHelper;
+
     private SendResultUseCase() {}
 
     public static SendResultUseCase getInstance() {
@@ -30,10 +33,12 @@ public static SendResultUseCase getInstance() {
     public void convertAndSend(Result<?> result, String receivedSubmissionId)
             throws UnableToSendMessageException {
 
+        String hashedResult = hashHelper.generateHash(result);
+
         PartnerMetadata partnerMetadata =
                 new PartnerMetadata(
                         receivedSubmissionId,
-                        String.valueOf(result.hashCode()),
+                        hashedResult,
                         PartnerMetadataMessageType.RESULT,
                         result.getSendingApplicationDetails(),
                         result.getSendingFacilityDetails(),

diff --git a/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/utils/security/HashHelper.java b/etor/src/main/java/gov/hhs/cdc/trustedintermediary/etor/utils/security/HashHelper.java
@@ -0,0 +1,26 @@
+package gov.hhs.cdc.trustedintermediary.etor.utils.security;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.HexFormat;
+
+public class HashHelper {
+
+    private static final HashHelper INSTANCE = new HashHelper();
+
+    public static HashHelper getInstance() {
+        return INSTANCE;
+    }
+
+    public String generateHash(Object input) {
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA3-512");
+            byte[] objBytes = input.toString().getBytes(StandardCharsets.UTF_8);
+            byte[] hashBytes = digest.digest(objBytes);
+            return HexFormat.of().formatHex(hashBytes);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("Algorithm does not exist!", e);
+        }
+    }
+}
diff --git a/etor/src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/orders/SendOrderUseCaseTest.groovy b/etor/src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/orders/SendOrderUseCaseTest.groovy
@@ -9,6 +9,7 @@ import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataExce
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataOrchestrator
 
 import gov.hhs.cdc.trustedintermediary.etor.ruleengine.transformation.TransformationRuleEngine
+import gov.hhs.cdc.trustedintermediary.etor.utils.security.HashHelper
 import gov.hhs.cdc.trustedintermediary.wrappers.Logger
 import gov.hhs.cdc.trustedintermediary.wrappers.MetricMetadata
 import spock.lang.Specification
@@ -29,6 +30,7 @@ class SendOrderUseCaseTest extends Specification {
         TestApplicationContext.register(SendMessageHelper, SendMessageHelper.getInstance())
         TestApplicationContext.register(TransformationRuleEngine, mockEngine)
         TestApplicationContext.register(OrderSender, mockSender)
+        TestApplicationContext.register(HashHelper, HashHelper.getInstance())
         TestApplicationContext.register(Logger, mockLogger)
     }
 

diff --git a/...src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/results/SendResultUseCaseTest.groovy b/...src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/results/SendResultUseCaseTest.groovy
@@ -9,6 +9,7 @@ import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadata
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataException
 import gov.hhs.cdc.trustedintermediary.etor.metadata.partner.PartnerMetadataOrchestrator
 import gov.hhs.cdc.trustedintermediary.etor.ruleengine.transformation.TransformationRuleEngine
+import gov.hhs.cdc.trustedintermediary.etor.utils.security.HashHelper
 import gov.hhs.cdc.trustedintermediary.wrappers.Logger
 import gov.hhs.cdc.trustedintermediary.wrappers.MetricMetadata
 import spock.lang.Specification
@@ -30,6 +31,7 @@ class SendResultUseCaseTest extends Specification {
         TestApplicationContext.register(TransformationRuleEngine, mockEngine)
         TestApplicationContext.register(ResultSender, mockSender)
         TestApplicationContext.register(Logger, mockLogger)
+        TestApplicationContext.register(HashHelper, HashHelper.getInstance())
         TestApplicationContext.injectRegisteredImplementations()
     }
 

diff --git a/...src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/utils/security/HashHelperTest.groovy b/...src/test/groovy/gov/hhs/cdc/trustedintermediary/etor/utils/security/HashHelperTest.groovy
@@ -0,0 +1,45 @@
+package gov.hhs.cdc.trustedintermediary.etor.utils.security
+import gov.hhs.cdc.trustedintermediary.context.TestApplicationContext
+import gov.hhs.cdc.trustedintermediary.etor.orders.Order
+import gov.hhs.cdc.trustedintermediary.etor.results.Result
+import gov.hhs.cdc.trustedintermediary.wrappers.Logger
+import spock.lang.Specification
+
+class HashHelperTest extends Specification {
+    def mockLogger = Mock(Logger)
+    def hashHelper = new HashHelper()
+
+    def setup() {
+        TestApplicationContext.reset()
+        TestApplicationContext.init()
+        TestApplicationContext.register(Logger, mockLogger)
+        TestApplicationContext.injectRegisteredImplementations()
+    }
+
+    def "generateHash generates hash for an order"() {
+        given:
+        def mockOrder = Mock(Order)
+
+        when:
+        String mockHash = hashHelper.generateHash(mockOrder)
+
+        then:
+        mockHash !== ""
+        0 * mockLogger.logError(_, _)
+    }
+
+    def "generateHash generates the same hash for the same object"() {
+        given:
+        def mockResult = Mock(Result)
+        def mockResult2 = mockResult
+
+        when:
+        String mockHash = hashHelper.generateHash(mockResult)
+        String mockHash2 = hashHelper.generateHash(mockResult2)
+
+        then:
+        mockHash !== ""
+        mockHash == mockHash2
+        0 * mockLogger.logError(_, _)
+    }
+}