elnafateh commented on code in PR #5674:
URL: https://github.com/apache/fineract/pull/5674#discussion_r2972228365
##########
fineract-core/src/main/java/org/apache/fineract/commands/service/DeterministicIdempotencyKeyGenerator.java:
##########
@@ -0,0 +1,49 @@
+package org.apache.fineract.commands.service;
+
+
+import org.apache.fineract.commands.domain.CommandWrapper;
+import org.springframework.stereotype.Component;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.util.Base64;
+
+@Component
+public class DeterministicIdempotencyKeyGenerator {
+
+ private static final int BUCKET_MINUTES = 2;
+
+ public String generate(CommandWrapper wrapper) {
+ String json = wrapper.getJson();
+
+ String normalizedPayload = normalize(json);
+
+ String bucket = currentTimeBucket();
+
+ String raw = normalizedPayload + "|" + bucket;
+
+ return sha256(raw);
+ }
+
+ private String normalize(String json) {
+ // IMPORTANT: make deterministic (order, spacing, etc.)
Review Comment:
You're absolutely right — this implementation does not guarantee determinism.
I overlooked the impact of:
- attribute ordering
- null vs missing fields
- nested structures
I will revise the approach to use proper canonical JSON serialization (e.g.,
consistent ordering of attributes and nested structures) before hashing.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
