BrightSpots · artoonie · Oct 10, 2023 · Oct 3, 2023
diff --git a/src/main/java/network/brightspots/rcv/AuditableFile.java b/src/main/java/network/brightspots/rcv/AuditableFile.java
@@ -0,0 +1,57 @@
+/*
+ * RCTab
+ * Copyright (c) 2017-2023 Bright Spots Developers.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ * Purpose: Create a file that, on close, is read-only and has its hash added to the audit log.
+ * Design: Overrides the File class
+ * Conditions: Always.
+ * Version history: see https://github.com/BrightSpots/rcv.
+ */
+
+package network.brightspots.rcv;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+
+final class AuditableFile extends File {
+  public AuditableFile(String pathname) {
+    super(pathname);
+  }
+
+  public void finalizeAndHash() {
+    String hash = FileUtils.getHash(this);
+
+    // Write hash to audit log
+    Logger.info("File %s written with hash %s".formatted(getAbsolutePath(), hash));
+
+    // Write hash to hash file
+    File hashFile = new File(getAbsolutePath() + ".hash");
+    writeStringToFile(hashFile, "sha512: " + hash);
+
+    // Make both file and its hash file read-only
+    makeReadOnlyOrLogWarning(this);
+    makeReadOnlyOrLogWarning(hashFile);
+  }
+
+  private void writeStringToFile(File file, String string) {
+    try {
+      Files.writeString(file.toPath(), string);
+    } catch (IOException e) {
+      Logger.severe("Could not write to file %s: %s", file.getAbsoluteFile(), e.getMessage());
+    }
+  }
+
+  private void makeReadOnlyOrLogWarning(File file) {
+    boolean readOnlySucceeded = file.setReadOnly();
+    if (!readOnlySucceeded) {
+      Logger.warning("Failed to set file to read-only: %s", getAbsolutePath());
+    }
+  }
+}
diff --git a/src/main/java/network/brightspots/rcv/FileUtils.java b/src/main/java/network/brightspots/rcv/FileUtils.java
@@ -20,6 +20,12 @@
 import static network.brightspots.rcv.Utils.isNullOrBlank;
 
 import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.security.DigestInputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 
 final class FileUtils {
 
@@ -51,6 +57,29 @@ static void createOutputDirectory(String dir) throws UnableToCreateDirectoryExce
     }
   }
 
+  static String getHash(File file) {
+    MessageDigest digest;
+    try {
+      digest = MessageDigest.getInstance("SHA-512");
+    } catch (NoSuchAlgorithmException e) {
+      Logger.severe("Failed to get SHA-512 algorithm");
+      return "[hash not available]";
+    }
+
+    try (InputStream is = Files.newInputStream(file.toPath())) {
+      try (DigestInputStream hashingStream = new DigestInputStream(is, digest)) {
+        while (hashingStream.readNBytes(1024).length > 0) {
+          // Read in 1kb chunks -- don't need to do anything in the body here
+        }
+      }
+    } catch (IOException e) {
+      Logger.severe("Failed to read file: %s", file.getAbsolutePath());
+      return "[hash not available]";
+    }
+
+    return Utils.bytesToHex(digest.digest());
+  }
+
   static class UnableToCreateDirectoryException extends Exception {
 
     UnableToCreateDirectoryException(String message) {

diff --git a/src/main/java/network/brightspots/rcv/Logger.java b/src/main/java/network/brightspots/rcv/Logger.java
@@ -98,15 +98,16 @@ static void addTabulationFileLogging(String outputFolder, String timestampString
     // log file name is: outputFolder + timestamp + log index
     // FileHandler requires % to be encoded as %%.  %g is the log index
     tabulationLogPattern =
-            Paths.get(outputFolder.replace("%", "%%"),
-                    String.format("%s_audit_%%g.log", timestampString))
-                    .toAbsolutePath()
-                    .toString();
-
-    tabulationHandler = new FileHandler(tabulationLogPattern,
-            LOG_FILE_MAX_SIZE_BYTES,
-            TABULATION_LOG_FILE_COUNT,
-            true);
+        Paths.get(
+                outputFolder.replace("%", "%%"),
+                String.format("%s_audit_%%g.log", timestampString))
+            .toAbsolutePath()
+            .toString();
+
+    tabulationHandler =
+        new FileHandler(
+            tabulationLogPattern,
+            LOG_FILE_MAX_SIZE_BYTES, TABULATION_LOG_FILE_COUNT, true);
     tabulationHandler.setFormatter(formatter);
     tabulationHandler.setLevel(Level.FINE);
     logger.addHandler(tabulationHandler);
@@ -119,16 +120,16 @@ static void removeTabulationFileLogging() {
     tabulationHandler.close();
     logger.removeHandler(tabulationHandler);
 
+    // Find all files we wrote to, and finalize each one
     int index = 0;
     while (true) {
-      File file = new File(tabulationLogPattern.replace("%g", String.valueOf(index)));
+      AuditableFile file = new AuditableFile(tabulationLogPattern
+              .replace("%g", String.valueOf(index)));
       if (!file.exists()) {
         break;
       }
-      boolean readOnlySucceeded = file.setReadOnly();
-      if (!readOnlySucceeded) {
-        warning("Failed to set file to read-only: %s", file.getAbsolutePath());
-      }
+
+      file.finalizeAndHash();
       index++;
     }
   }

diff --git a/src/main/java/network/brightspots/rcv/ResultsWriter.java b/src/main/java/network/brightspots/rcv/ResultsWriter.java
@@ -33,7 +33,6 @@
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.nio.file.Files;
-import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -112,14 +111,11 @@ private static void generateJsonFile(String path, Map<String, Object> json) thro
     module.addSerializer(BigDecimal.class, new ToStringSerializer());
     mapper.registerModule(module);
     ObjectWriter jsonWriter = mapper.writer(new DefaultPrettyPrinter());
-    File outFile = new File(path);
+    AuditableFile outFile = new AuditableFile(path);
 
     try {
       jsonWriter.writeValue(outFile, json);
-      boolean readOnlySucceeded = outFile.setReadOnly();
-      if (!readOnlySucceeded) {
-        Logger.warning("Failed to set file to read-only: %s", outFile.getAbsolutePath());
-      }
+      outFile.finalizeAndHash();
     } catch (IOException exception) {
       Logger.severe(
           "Error writing to JSON file: %s\n%s\nPlease check the file path and permissions!",
@@ -291,8 +287,8 @@ private void generateSummarySpreadsheet(
       String precinct,
       String outputPath)
       throws IOException {
-    String csvPath = outputPath + ".csv";
-    Logger.info("Generating summary spreadsheet: %s...", csvPath);
+    AuditableFile csvFile = new AuditableFile(outputPath + ".csv");
+    Logger.info("Generating summary spreadsheet: %s...", csvFile.getAbsolutePath());
 
     // totalActiveVotesPerRound is a map of round to active votes in each round
     Map<Integer, BigDecimal> totalActiveVotesPerRound = new HashMap<>();
@@ -310,12 +306,12 @@ private void generateSummarySpreadsheet(
 
     CSVPrinter csvPrinter;
     try {
-      BufferedWriter writer = Files.newBufferedWriter(Paths.get(csvPath));
+      BufferedWriter writer = Files.newBufferedWriter(csvFile.toPath());
       csvPrinter = new CSVPrinter(writer, CSVFormat.DEFAULT);
     } catch (IOException exception) {
       Logger.severe(
           "Error creating CSV file: %s\n%s\nPlease check the file path and permissions!",
-          csvPath, exception);
+          csvFile.getAbsolutePath(), exception);
       throw exception;
     }
 
@@ -383,12 +379,7 @@ private void generateSummarySpreadsheet(
     try {
       csvPrinter.flush();
       csvPrinter.close();
-
-      File file = new File(csvPath);
-      boolean readOnlySucceeded = file.setReadOnly();
-      if (!readOnlySucceeded) {
-        Logger.warning("Failed to set file to read-only: %s", file.getAbsolutePath());
-      }
+      csvFile.finalizeAndHash();
     } catch (IOException exception) {
       Logger.severe("Error saving file: %s\n%s", outputPath, exception);
       throw exception;
@@ -506,17 +497,18 @@ List<String> writeGenericCvrCsv(
           // don't generate empty CSVs for them.
           continue;
         }
-        Path outputPath =
-            Paths.get(
+        AuditableFile outputFile =
+            new AuditableFile(
                 getOutputFilePath(
                     csvOutputFolder,
                     "dominion_conversion_contest",
                     timestampString,
                     contest.getId())
                     + ".csv");
-        Logger.info("Writing cast vote records in generic format to file: %s...", outputPath);
+        Logger.info("Writing cast vote records in generic format to file: %s...",
+                outputFile.getAbsolutePath());
         CSVPrinter csvPrinter;
-        BufferedWriter writer = Files.newBufferedWriter(outputPath);
+        BufferedWriter writer = Files.newBufferedWriter(outputFile.toPath());
         csvPrinter = new CSVPrinter(writer, CSVFormat.DEFAULT);
         // print header:
         // ContestId, TabulatorId, BatchId, RecordId, Precinct, Precinct Portion, rank 1 selection,
@@ -555,14 +547,10 @@ List<String> writeGenericCvrCsv(
         // finalize the file
         csvPrinter.flush();
         csvPrinter.close();
-        filesWritten.add(outputPath.toString());
-        Logger.info("Successfully wrote: %s", outputPath.toString());
+        filesWritten.add(outputFile.getAbsolutePath());
+        Logger.info("Successfully wrote: %s", outputFile.getAbsolutePath());
 
-        File file = new File(outputPath.toString());
-        boolean readOnlySucceeded = file.setReadOnly();
-        if (!readOnlySucceeded) {
-          Logger.warning("Failed to set file to read-only: %s", file.getAbsolutePath());
-        }
+        outputFile.finalizeAndHash();
       }
     } catch (IOException exception) {
       Logger.severe(

diff --git a/src/main/java/network/brightspots/rcv/Utils.java b/src/main/java/network/brightspots/rcv/Utils.java
@@ -16,7 +16,14 @@
 
 package network.brightspots.rcv;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.UnknownHostException;
+import java.nio.file.Files;
+import java.security.DigestInputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.List;
 import java.util.Map;
 
@@ -83,4 +90,16 @@ static String getUserName() {
     }
     return user;
   }
+
+  static String bytesToHex(byte[] hash) {
+    StringBuilder hexString = new StringBuilder(2 * hash.length);
+    for (byte b : hash) {
+      String hex = Integer.toHexString(0xff & b);
+      if (hex.length() == 1) {
+        hexString.append('0');
+      }
+      hexString.append(hex);
+    }
+    return hexString.toString();
+  }
 }
diff --git a/src/test/java/network/brightspots/rcv/TabulatorTests.java b/src/test/java/network/brightspots/rcv/TabulatorTests.java
@@ -143,6 +143,9 @@ private static void runTabulationTest(String stem, String expectedException) {
     File[] files = outputFolder.listFiles();
     if (files != null) {
       for (File file : files) {
+        if (file.getName().equals(".DS_Store")) {
+          continue;
+        }
         if (!file.isDirectory()) {
           try {
             // Every ephemeral file must be set to read-only on close, including audit logs