From 6527fb1e1d1adc6a8cbbf8716b117ef3591ae67a Mon Sep 17 00:00:00 2001
From: ptorres-prowide <90214684+ptorres-prowide@users.noreply.github.com>
Date: Thu, 28 Nov 2024 16:06:27 -0300
Subject: [PATCH] Rolling back from SHA-256 to MD5 (#214)

* Rolling back from SHA-256 to MD5

* changelog

---------

Co-authored-by: zubri <sebastian@prowidesoftware.com>
---
 CHANGELOG.md                                       |  3 +++
 .../swift/model/SwiftMessageUtils.java             | 14 +++++++-------
 .../swift/model/SwiftMessageUtilsTest.java         |  8 ++++++++
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f133b27f3..5fbca5092 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Prowide Core - CHANGELOG
 
+#### 9.5.4 - November 2024
+  * Rolling back SHA-256 checksum algorithm to MD5 in the MT message model
+
 #### 9.5.3 - November 2024
   * (PW-2040) Updated the BBAN validation data file to the IBAN REGISTRY Jul 2024 release 
   * (PW-2006) Fixed `getMUR` and `setMUR` in `SwiftMessage` to prioritize field 108 in block 4 over block 3 for system messages (category 0)
diff --git a/src/main/java/com/prowidesoftware/swift/model/SwiftMessageUtils.java b/src/main/java/com/prowidesoftware/swift/model/SwiftMessageUtils.java
index bd675e147..87950cc48 100644
--- a/src/main/java/com/prowidesoftware/swift/model/SwiftMessageUtils.java
+++ b/src/main/java/com/prowidesoftware/swift/model/SwiftMessageUtils.java
@@ -332,7 +332,7 @@ public static String identifier(final SwiftMessage m) {
     /**
      * Proprietary checksum for message integrity verification or duplicates detection.
      * <p>Please notice <strong>this is not the SWIFT trailer CHK field</strong>.
-     * <p>The implementation computes an SHA-256 on the complete message in FIN format. The result hash
+     * <p>The implementation computes an MD5 on the complete message in FIN format. The result hash
      * is a 32 character string, you may consider encoding it with base64 on top to have the same
      * information stored in 22 characters.
      *
@@ -344,7 +344,7 @@ public static String calculateChecksum(final SwiftMessage model) {
             final StringWriter writer = new StringWriter();
             SwiftWriter.writeMessage(model, writer, true);
             final String fin = writer.getBuffer().toString();
-            return sha256(fin);
+            return md5(fin);
         } else {
             return null;
         }
@@ -353,7 +353,7 @@ public static String calculateChecksum(final SwiftMessage model) {
     /**
      * Proprietary checksum for message text block (block 4) integrity verification or duplicates detection
      * <p>Please notice <strong>this is not the SWIFT trailer CHK field</strong>.
-     * <p>The implementation computes an SHA-256 on the complete message in FIN format. The result hash
+     * <p>The implementation computes an MD5 on the complete message in FIN format. The result hash
      * is a 32 character string, you may consider encoding it with base64 on top to have the same
      * information stored in 22 characters.
      *
@@ -366,22 +366,22 @@ public static String calculateChecksum(final SwiftBlock4 b4) {
             final StringWriter writer = new StringWriter();
             SwiftWriter.writeBlock4(b4, writer);
             final String fin = writer.getBuffer().toString();
-            return sha256(fin);
+            return md5(fin);
         } else {
             return null;
         }
     }
 
     /**
-     * Computes a SHA-256 hash on the parameter text
+     * Computes an MD5 hash on the parameter text
      *
      * @param text the text to hash
      * @return computed hash or null if exceptions are thrown reading bytes or processing the digest
      */
-    private static String sha256(final String text) {
+    private static String md5(final String text) {
         try {
             byte[] bytesOfMessage = text.getBytes(StandardCharsets.UTF_8);
-            MessageDigest md = MessageDigest.getInstance("SHA-256");
+            MessageDigest md = MessageDigest.getInstance("MD5");
             byte[] thedigest = md.digest(bytesOfMessage);
 
             // Converting the bytes to a Hex string
diff --git a/src/test/java/com/prowidesoftware/swift/model/SwiftMessageUtilsTest.java b/src/test/java/com/prowidesoftware/swift/model/SwiftMessageUtilsTest.java
index 3df077064..85c800bd0 100644
--- a/src/test/java/com/prowidesoftware/swift/model/SwiftMessageUtilsTest.java
+++ b/src/test/java/com/prowidesoftware/swift/model/SwiftMessageUtilsTest.java
@@ -15,6 +15,7 @@
  */
 package com.prowidesoftware.swift.model;
 
+import static com.prowidesoftware.swift.model.SwiftMessageUtils.calculateChecksum;
 import static org.junit.jupiter.api.Assertions.*;
 
 import com.prowidesoftware.swift.model.field.*;
@@ -302,4 +303,11 @@ public void testReference() {
         mt3.append(Field20C.tag(":SEME//REF3"));
         assertEquals("REF3", SwiftMessageUtils.reference(mt3.getSwiftMessage()));
     }
+
+    @Test
+    void testCalculateChecksumLength() throws IOException {
+        SwiftMessage msg = SwiftMessage.parse(Lib.readResource("MT362.fin"));
+        String s = calculateChecksum(msg);
+        assertEquals(s.length(), 32);
+    }
 }