Update Metadata Flow to use secure more Hash

[jcrichlake]

DevEx/OpEx

The metadata flow is currently using the built in Java hashing, but this can be reversed and isn't a secure way to have the message stored at rest. Need to make a small code update to implement a secure, non-reversible hash

Tasks

• [x] Update code to use a secure hash (SHA-512).
• [x] Add tests

Additional Context

Add any other context or screenshots about the work here.

[basiliskus]

Is this for the order hash? It was left like that on purpose because we don't have the original order hash and the one we're creating can't be use to verify the message integrity. So it's more of a placeholder for now until we can get the actual order hash from RS (created from the original order coming in)

[halprin]

Today, in our order and result usecase, we call order.hashCode() or result.hashCode(). This is not a cryptographically secure hash. Instead we should use SHA2-256, SHA2-512, or even better, a SHA3-256 or SHA3-512 hashing algorithms.

Unsure if there is built-in support to generate these hashes in Java. If not, then we'll need to make a "humble object" that wraps the third-party library.

[jcrichlake]

Looks like there is support in Java since 11

https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#messagedigest-algorithms

[basiliskus]

I added a comment on Jan 31st about why it doesn't make sense to make this hash code more cryptographically secure. How are we planning to use this hash? Is RS going to use it to verify the message coming from us?