Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
CustomFileTypesManager.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.io.File;
22 import java.io.FileInputStream;
23 import java.io.FileOutputStream;
24 import java.io.IOException;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 import java.util.ArrayList;
28 import java.util.List;
29 import javax.xml.bind.DatatypeConverter;
30 import javax.xml.parsers.ParserConfigurationException;
31 import org.openide.util.io.NbObjectInputStream;
32 import org.openide.util.io.NbObjectOutputStream;
36 import org.w3c.dom.Document;
37 import org.w3c.dom.Element;
38 import org.w3c.dom.Node;
39 import org.w3c.dom.NodeList;
40 import org.xml.sax.SAXException;
41 
46 final class CustomFileTypesManager {
47 
48  private static final String SERIALIZED_SETTINGS_FILE = "UserFileTypeDefinitions.settings"; //NON-NLS
49  private static final String XML_SETTINGS_FILE = "UserFileTypeDefinitions.xml"; //NON-NLS
50  private static final String FILE_TYPES_TAG_NAME = "FileTypes"; //NON-NLS
51  private static final String FILE_TYPE_TAG_NAME = "FileType"; //NON-NLS
52  private static final String MIME_TYPE_TAG_NAME = "MimeType"; //NON-NLS
53  private static final String SIGNATURE_TAG_NAME = "Signature"; //NON-NLS
54  private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS
55  private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS
56  private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS
57  private static final String RELATIVE_ATTRIBUTE = "RelativeToStart"; //NON-NLS
58  private static CustomFileTypesManager instance;
59  private final List<FileType> autopsyDefinedFileTypes = new ArrayList<>();
60  private List<FileType> userDefinedFileTypes = new ArrayList<>();
61 
71  synchronized static CustomFileTypesManager getInstance() throws CustomFileTypesException {
72  if (null == instance) {
73  instance = new CustomFileTypesManager();
74  try {
75  instance.loadUserDefinedFileTypes();
76  instance.createAutopsyDefinedFileTypes();
77  } catch (CustomFileTypesException ex) {
78  instance = null;
79  throw ex;
80  }
81  }
82  return instance;
83  }
84 
89  private CustomFileTypesManager() {
90  }
91 
97  synchronized List<FileType> getFileTypes() {
102  List<FileType> customTypes = new ArrayList<>(userDefinedFileTypes);
103  customTypes.addAll(autopsyDefinedFileTypes);
104  return customTypes;
105  }
106 
112  synchronized List<FileType> getAutopsyDefinedFileTypes() {
117  return new ArrayList<>(autopsyDefinedFileTypes);
118  }
119 
125  synchronized List<FileType> getUserDefinedFileTypes() {
130  return new ArrayList<>(userDefinedFileTypes);
131  }
132 
141  synchronized void setUserDefinedFileTypes(List<FileType> newFileTypes) throws CustomFileTypesException {
142  String filePath = getFileTypeDefinitionsFilePath(SERIALIZED_SETTINGS_FILE);
143  writeSerializedFileTypes(newFileTypes, filePath);
144  userDefinedFileTypes = newFileTypes;
145  }
146 
153  private void createAutopsyDefinedFileTypes() throws CustomFileTypesException {
154  byte[] byteArray;
155  FileType fileType;
156  try {
157  /*
158  * Add type for xml.
159  */
160  List<Signature> signatureList;
161  signatureList = new ArrayList<>();
162  signatureList.add(new Signature("<?xml", 0L)); //NON-NLS
163  fileType = new FileType("text/xml", signatureList); //NON-NLS
164  autopsyDefinedFileTypes.add(fileType);
165 
166  /*
167  * Add type for gzip.
168  */
169  byteArray = DatatypeConverter.parseHexBinary("1F8B"); //NON-NLS
170  signatureList.clear();
171  signatureList.add(new Signature(byteArray, 0L));
172  fileType = new FileType("application/x-gzip", signatureList); //NON-NLS
173  autopsyDefinedFileTypes.add(fileType);
174 
175  /*
176  * Add type for wk1.
177  */
178  byteArray = DatatypeConverter.parseHexBinary("0000020006040600080000000000"); //NON-NLS
179  signatureList.clear();
180  signatureList.add(new Signature(byteArray, 0L));
181  fileType = new FileType("application/x-123", signatureList); //NON-NLS
182  autopsyDefinedFileTypes.add(fileType);
183 
184  /*
185  * Add type for Radiance images.
186  */
187  byteArray = DatatypeConverter.parseHexBinary("233F52414449414E43450A");//NON-NLS
188  signatureList.clear();
189  signatureList.add(new Signature(byteArray, 0L));
190  fileType = new FileType("image/vnd.radiance", signatureList); //NON-NLS
191  autopsyDefinedFileTypes.add(fileType);
192 
193  /*
194  * Add type for dcx images.
195  */
196  byteArray = DatatypeConverter.parseHexBinary("B168DE3A"); //NON-NLS
197  signatureList.clear();
198  signatureList.add(new Signature(byteArray, 0L));
199  fileType = new FileType("image/x-dcx", signatureList); //NON-NLS
200  autopsyDefinedFileTypes.add(fileType);
201 
202  /*
203  * Add type for ics images.
204  */
205  signatureList.clear();
206  signatureList.add(new Signature("icns", 0L)); //NON-NLS
207  fileType = new FileType("image/x-icns", signatureList); //NON-NLS
208  autopsyDefinedFileTypes.add(fileType);
209 
210  /*
211  * Add type for pict images.
212  */
213  byteArray = DatatypeConverter.parseHexBinary("001102FF"); //NON-NLS
214  signatureList.clear();
215  signatureList.add(new Signature(byteArray, 522L));
216  fileType = new FileType("image/x-pict", signatureList); //NON-NLS
217  autopsyDefinedFileTypes.add(fileType);
218  byteArray = DatatypeConverter.parseHexBinary("1100"); //NON-NLS
219  signatureList.clear();
220  signatureList.add(new Signature(byteArray, 522L));
221  fileType = new FileType("image/x-pict", signatureList); //NON-NLS
222  autopsyDefinedFileTypes.add(fileType);
223 
224  /*
225  * Add type for pam.
226  */
227  signatureList.clear();
228  signatureList.add(new Signature("P7", 0L)); //NON-NLS
229  fileType = new FileType("image/x-portable-arbitrarymap", signatureList); //NON-NLS
230  autopsyDefinedFileTypes.add(fileType);
231 
232  /*
233  * Add type for pfm.
234  */
235  signatureList.clear();
236  signatureList.add(new Signature("PF", 0L)); //NON-NLS
237  fileType = new FileType("image/x-portable-floatmap", signatureList); //NON-NLS
238  autopsyDefinedFileTypes.add(fileType);
239  signatureList.clear();
240  signatureList.add(new Signature("Pf", 0L)); //NON-NLS
241  fileType = new FileType("image/x-portable-floatmap", signatureList); //NON-NLS
242  autopsyDefinedFileTypes.add(fileType);
243 
244  /*
245  * Add type for tga.
246  */
247  byteArray = DatatypeConverter.parseHexBinary("54525545564953494F4E2D5846494C452E00"); //NON-NLS
248  signatureList.clear();
249  signatureList.add(new Signature(byteArray, 17, false));
250  fileType = new FileType("image/x-tga", signatureList); //NON-NLS
251  autopsyDefinedFileTypes.add(fileType);
252 
253  /*
254  * Add type for ilbm.
255  */
256  signatureList.clear();
257  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
258  signatureList.add(new Signature("ILBM", 8L)); //NON-NLS
259  fileType = new FileType("image/x-ilbm", signatureList); //NON-NLS
260  autopsyDefinedFileTypes.add(fileType);
261  signatureList.clear();
262  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
263  signatureList.add(new Signature("PBM", 8L)); //NON-NLS
264  fileType = new FileType("image/x-ilbm", signatureList); //NON-NLS
265  autopsyDefinedFileTypes.add(fileType);
266 
267  /*
268  * Add type for webp.
269  */
270  signatureList.clear();
271  signatureList.add(new Signature("RIFF", 0L)); //NON-NLS
272  signatureList.add(new Signature("WEBP", 8L)); //NON-NLS
273  fileType = new FileType("image/webp", signatureList); //NON-NLS
274  autopsyDefinedFileTypes.add(fileType);
275 
276  /*
277  * Add type for aiff.
278  */
279  signatureList.clear();
280  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
281  signatureList.add(new Signature("AIFF", 8L)); //NON-NLS
282  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
283  autopsyDefinedFileTypes.add(fileType);
284  signatureList.clear();
285  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
286  signatureList.add(new Signature("AIFC", 8L)); //NON-NLS
287  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
288  autopsyDefinedFileTypes.add(fileType);
289  signatureList.clear();
290  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
291  signatureList.add(new Signature("8SVX", 8L)); //NON-NLS
292  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
293  autopsyDefinedFileTypes.add(fileType);
294 
295  /*
296  * Add type for iff.
297  */
298  signatureList.clear();
299  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
300  fileType = new FileType("application/x-iff", signatureList); //NON-NLS
301  autopsyDefinedFileTypes.add(fileType);
302 
303  /*
304  * Add type for .tec files with leading End Of Image marker (JFIF JPEG)
305  */
306  byteArray = DatatypeConverter.parseHexBinary("FFD9FFD8"); //NON-NLS
307  signatureList.clear();
308  signatureList.add(new Signature(byteArray, 0L));
309  fileType = new FileType("image/jpeg", signatureList); //NON-NLS
310  autopsyDefinedFileTypes.add(fileType);
311 
312  } catch (IllegalArgumentException ex) {
313  /*
314  * parseHexBinary() throws this if the argument passed in is not hex
315  */
316  throw new CustomFileTypesException("Error creating Autopsy defined custom file types", ex); //NON-NLS
317  }
318  }
319 
326  private void loadUserDefinedFileTypes() throws CustomFileTypesException {
327  userDefinedFileTypes.clear();
328  String filePath = getFileTypeDefinitionsFilePath(SERIALIZED_SETTINGS_FILE);
329  if (new File(filePath).exists()) {
330  userDefinedFileTypes = readSerializedFileTypes(filePath);
331  } else {
332  filePath = getFileTypeDefinitionsFilePath(XML_SETTINGS_FILE);
333  if (new File(filePath).exists()) {
334  userDefinedFileTypes = readFileTypesXML(filePath);
335  }
336  }
337  }
338 
348  private static void writeSerializedFileTypes(List<FileType> fileTypes, String filePath) throws CustomFileTypesException {
349  try (NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(filePath))) {
350  UserDefinedFileTypesSettings settings = new UserDefinedFileTypesSettings(fileTypes);
351  out.writeObject(settings);
352  } catch (IOException ex) {
353  throw new CustomFileTypesException(String.format("Failed to write settings to %s", filePath), ex); //NON-NLS
354  }
355  }
356 
367  private static List<FileType> readSerializedFileTypes(String filePath) throws CustomFileTypesException {
368  File serializedDefs = new File(filePath);
369  try {
370  try (NbObjectInputStream in = new NbObjectInputStream(new FileInputStream(serializedDefs))) {
371  UserDefinedFileTypesSettings filesSetsSettings = (UserDefinedFileTypesSettings) in.readObject();
372  return filesSetsSettings.getUserDefinedFileTypes();
373  }
374  } catch (IOException | ClassNotFoundException ex) {
375  throw new CustomFileTypesException(String.format("Failed to read settings from %s", filePath), ex); //NON-NLS
376  }
377  }
378 
393  private static List<FileType> readFileTypesXML(String filePath) throws CustomFileTypesException {
394  try {
395  List<FileType> fileTypes = new ArrayList<>();
396  Document doc = XMLUtil.loadDocument(filePath);
397  if (doc != null) {
398  Element fileTypesElem = doc.getDocumentElement();
399  if (fileTypesElem != null && fileTypesElem.getNodeName().equals(FILE_TYPES_TAG_NAME)) {
400  NodeList fileTypeElems = fileTypesElem.getElementsByTagName(FILE_TYPE_TAG_NAME);
401  for (int i = 0; i < fileTypeElems.getLength(); ++i) {
402  Element fileTypeElem = (Element) fileTypeElems.item(i);
403  FileType fileType = parseFileType(fileTypeElem);
404  fileTypes.add(fileType);
405  }
406  }
407  }
408  return fileTypes;
409  } catch (IOException | ParserConfigurationException | SAXException ex) {
410  throw new CustomFileTypesException(String.format("Failed to read ssettings from %s", filePath), ex); //NON-NLS
411  }
412  }
413 
426  private static FileType parseFileType(Element fileTypeElem) throws IllegalArgumentException, NumberFormatException {
427  String mimeType = parseMimeType(fileTypeElem);
428  Signature signature = parseSignature(fileTypeElem);
429  // File type definitions in the XML file were written prior to the
430  // implementation of multiple signatures per type.
431  List<Signature> sigList = new ArrayList<>();
432  sigList.add(signature);
433  return new FileType(mimeType, sigList);
434  }
435 
443  private static String parseMimeType(Element fileTypeElem) {
444  return getChildElementTextContent(fileTypeElem, MIME_TYPE_TAG_NAME);
445  }
446 
454  private static Signature parseSignature(Element fileTypeElem) throws IllegalArgumentException, NumberFormatException {
455  NodeList signatureElems = fileTypeElem.getElementsByTagName(SIGNATURE_TAG_NAME);
456  Element signatureElem = (Element) signatureElems.item(0);
457 
458  String sigTypeAttribute = signatureElem.getAttribute(SIGNATURE_TYPE_ATTRIBUTE);
459  Signature.Type signatureType = Signature.Type.valueOf(sigTypeAttribute);
460 
461  String sigBytesString = getChildElementTextContent(signatureElem, BYTES_TAG_NAME);
462  byte[] signatureBytes = DatatypeConverter.parseHexBinary(sigBytesString);
463 
464  Element offsetElem = (Element) signatureElem.getElementsByTagName(OFFSET_TAG_NAME).item(0);
465  String offsetString = offsetElem.getTextContent();
466  long offset = DatatypeConverter.parseLong(offsetString);
467 
468  boolean isRelativeToStart;
469  String relativeString = offsetElem.getAttribute(RELATIVE_ATTRIBUTE);
470  if (null == relativeString || relativeString.equals("")) {
471  isRelativeToStart = true;
472  } else {
473  isRelativeToStart = DatatypeConverter.parseBoolean(relativeString);
474  }
475 
476  return new Signature(signatureBytes, offset, signatureType, isRelativeToStart);
477  }
478 
487  private static String getChildElementTextContent(Element elem, String tagName) {
488  NodeList childElems = elem.getElementsByTagName(tagName);
489  Node childNode = childElems.item(0);
490  if (childNode == null) {
491  return null;
492  }
493  Element childElem = (Element) childNode;
494  return childElem.getTextContent();
495  }
496 
504  private static String getFileTypeDefinitionsFilePath(String fileName) {
505  Path filePath = Paths.get(PlatformUtil.getUserConfigDirectory(), fileName);
506  return filePath.toAbsolutePath().toString();
507  }
508 
512  static class CustomFileTypesException extends Exception {
513 
514  private static final long serialVersionUID = 1L;
515 
516  CustomFileTypesException(String message) {
517  super(message);
518  }
519 
520  CustomFileTypesException(String message, Throwable throwable) {
521  super(message, throwable);
522  }
523  }
524 
525 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.