19 package org.sleuthkit.autopsy.modules.hashdatabase;
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.beans.PropertyChangeSupport;
25 import java.io.IOException;
26 import java.util.ArrayList;
27 import java.util.HashSet;
28 import java.util.List;
29 import java.util.Objects;
31 import java.util.concurrent.ExecutionException;
32 import java.util.logging.Level;
33 import java.util.stream.Stream;
34 import javax.swing.JFileChooser;
35 import javax.swing.JOptionPane;
36 import javax.swing.SwingWorker;
37 import javax.swing.filechooser.FileNameExtensionFilter;
38 import org.apache.commons.io.FilenameUtils;
39 import org.netbeans.api.progress.ProgressHandle;
40 import org.openide.util.NbBundle;
41 import org.openide.util.NbBundle.Messages;
42 import org.openide.windows.WindowManager;
71 private List<HashDb>
hashSets =
new ArrayList<>();
74 PropertyChangeSupport changeSupport =
new PropertyChangeSupport(
HashDbManager.class);
85 DB_ADDED, DB_DELETED, DB_INDEXED
94 if (instance == null) {
101 changeSupport.addPropertyChangeListener(listener);
105 changeSupport.removePropertyChangeListener(listener);
108 synchronized boolean verifyAllDatabasesLoadedCorrectly() {
121 static String getHashDatabaseFileExtension() {
134 super(message, exception);
159 hashDb = this.addExistingHashDatabaseNoSave(hashSetName, path, searchDuringIngest, sendIngestMessages, knownFilesType);
167 if (!
new File(path).exists()) {
168 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbDoesNotExistExceptionMsg", path));
171 if (hashSetPaths.contains(path)) {
172 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
175 if (hashSetNames.contains(hashSetName)) {
176 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
179 hashDb =
addHashDatabase(SleuthkitJNI.openHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
180 }
catch (TskCoreException ex) {
181 throw new HashDbManagerException(ex.getMessage());
204 public synchronized HashDb addNewHashDatabase(String hashSetName, String path,
boolean searchDuringIngest,
boolean sendIngestMessages,
219 File file =
new File(path);
221 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbFileExistsExceptionMsg", path));
223 if (!FilenameUtils.getExtension(file.getName()).equalsIgnoreCase(HASH_DATABASE_FILE_EXTENSON)) {
224 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.illegalHashDbFileNameExtensionMsg",
225 getHashDatabaseFileExtension()));
228 if (hashSetPaths.contains(path)) {
229 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
232 if (hashSetNames.contains(hashSetName)) {
233 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
236 hashDb =
addHashDatabase(SleuthkitJNI.createHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
237 }
catch (TskCoreException ex) {
238 throw new HashDbManagerException(ex.getMessage());
243 private SleuthkitHashSet
addHashDatabase(
int handle, String hashSetName,
boolean searchDuringIngest,
boolean sendIngestMessages,
HashDb.
KnownFilesType knownFilesType) throws TskCoreException {
245 SleuthkitHashSet hashDb =
new SleuthkitHashSet(handle, hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
249 String databasePath = hashDb.getDatabasePath();
250 String indexPath = hashDb.getIndexPath();
254 hashSetNames.add(hashDb.getHashSetName());
255 if (!databasePath.equals(
"None")) {
256 hashSetPaths.add(databasePath);
258 if (!indexPath.equals(
"None")) {
259 hashSetPaths.add(indexPath);
263 hashSets.add(hashDb);
267 changeSupport.firePropertyChange(
SetEvt.
DB_ADDED.toString(), null, hashSetName);
268 }
catch (Exception e) {
269 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
271 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
272 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
278 CentralRepoHashSet addExistingCentralRepoHashSet(String hashSetName, String version,
int referenceSetID,
280 boolean readOnly)
throws TskCoreException {
283 throw new TskCoreException(
"Could not load central repository hash set " + hashSetName +
" - central repository is not enabled");
286 CentralRepoHashSet db =
new CentralRepoHashSet(hashSetName, version, referenceSetID, searchDuringIngest,
287 sendIngestMessages, knownFilesType, readOnly);
290 throw new TskCoreException(
"Error finding hash set " + hashSetName +
" in central repository");
298 changeSupport.firePropertyChange(SetEvt.DB_ADDED.toString(), null, hashSetName);
299 }
catch (Exception e) {
300 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
301 MessageNotifyUtil.Notify.show(
302 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
303 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
304 MessageNotifyUtil.MessageType.ERROR);
310 synchronized void indexHashDatabase(SleuthkitHashSet hashDb) {
311 hashDb.addPropertyChangeListener(
this);
312 HashDbIndexer creator =
new HashDbIndexer(hashDb);
318 if (event.getPropertyName().equals(SleuthkitHashSet.Event.INDEXING_DONE.name())) {
319 SleuthkitHashSet hashDb = (SleuthkitHashSet) event.getNewValue();
320 if (null != hashDb) {
322 String indexPath = hashDb.getIndexPath();
323 if (!indexPath.equals(
"None")) {
324 hashSetPaths.add(indexPath);
326 }
catch (TskCoreException ex) {
327 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting index path of " + hashDb.getHashSetName() +
" hash set after indexing", ex);
349 if (ingestIsRunning) {
350 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.ingestRunningExceptionMsg"));
356 String hashSetName = hashDb.getHashSetName();
357 hashSetNames.remove(hashSetName);
358 hashSets.remove(hashDb);
362 if (hashDb instanceof SleuthkitHashSet) {
363 SleuthkitHashSet hashDatabase = (SleuthkitHashSet) hashDb;
365 if (hashDatabase.hasIndex()) {
366 hashSetPaths.remove(hashDatabase.getIndexPath());
368 }
catch (TskCoreException ex) {
369 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting index path of " + hashDatabase.getHashSetName() +
" hash set when removing the hash set", ex);
373 if (!hashDatabase.hasIndexOnly()) {
374 hashSetPaths.remove(hashDatabase.getDatabasePath());
376 }
catch (TskCoreException ex) {
377 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting hash set path of " + hashDatabase.getHashSetName() +
" hash set when removing the hash set", ex);
381 hashDatabase.close();
382 }
catch (TskCoreException ex) {
383 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error closing " + hashDb.getHashSetName() +
" hash set when removing the hash set", ex);
389 changeSupport.firePropertyChange(
SetEvt.
DB_DELETED.toString(), null, hashSetName);
390 }
catch (Exception e) {
391 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
393 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
394 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
399 void save() throws HashDbManagerException {
401 if (!HashLookupSettings.writeSettings(
new HashLookupSettings(HashLookupSettings.convertHashSetList(
this.hashSets)))) {
402 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.saveErrorExceptionMsg"));
404 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
405 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.saveErrorExceptionMsg"));
419 }
catch (TskCoreException ex) {
423 List<HashDb> hashDbs =
new ArrayList<>();
424 hashDbs.addAll(this.hashSets);
434 List<HashDb> hashDbs =
new ArrayList<>();
437 }
catch (TskCoreException ex) {
452 List<HashDb> hashDbs =
new ArrayList<>();
455 }
catch (TskCoreException ex) {
474 ArrayList<HashDb> updateableDbs =
new ArrayList<>();
477 }
catch (TskCoreException ex) {
480 for (
HashDb db : hashDbs) {
482 if (db.isUpdateable()) {
483 updateableDbs.add(db);
485 }
catch (TskCoreException ex) {
486 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error checking updateable status of " + db.getHashSetName() +
" hash set", ex);
489 return updateableDbs;
493 List<HashDbInfo> crHashSets =
new ArrayList<>();
503 crHashSets.add(
new HashDbInfo(globalSet.getSetName(), globalSet.getVersion(),
504 globalSet.getGlobalSetID(),
KnownFilesType.
fromFileKnown(globalSet.getFileKnownStatus()), globalSet.isReadOnly(),
false, sendIngestMessages));
519 hashSetNames.clear();
520 hashSetPaths.clear();
526 for (
HashDb database : hashDatabases) {
527 if (database instanceof SleuthkitHashSet) {
529 ((SleuthkitHashSet) database).close();
530 }
catch (TskCoreException ex) {
535 hashDatabases.clear();
540 HashLookupSettings settings = HashLookupSettings.readSettings();
542 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
553 @Messages({
"# {0} - hash set name",
"HashDbManager.noDbPath.message=Couldn't get valid hash set path for: {0}",
554 "HashDbManager.centralRepoLoadError.message=Error loading central repository hash sets"})
556 allDatabasesLoadedCorrectly =
true;
557 List<HashDbInfo> hashDbInfoList = settings.getHashDbInfo();
558 for (HashDbInfo hashDbInfo : hashDbInfoList) {
560 if (hashDbInfo.isFileDatabaseType()) {
561 String dbPath = this.
getValidFilePath(hashDbInfo.getHashSetName(), hashDbInfo.getPath());
562 if (dbPath != null) {
563 addHashDatabase(SleuthkitJNI.openHashDatabase(dbPath), hashDbInfo.getHashSetName(), hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(), hashDbInfo.getKnownFilesType());
565 logger.log(Level.WARNING, Bundle.HashDbManager_noDbPath_message(hashDbInfo.getHashSetName()));
566 allDatabasesLoadedCorrectly =
false;
570 addExistingCentralRepoHashSet(hashDbInfo.getHashSetName(), hashDbInfo.getVersion(),
571 hashDbInfo.getReferenceSetID(),
572 hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(),
573 hashDbInfo.getKnownFilesType(), hashDbInfo.isReadOnly());
576 }
catch (TskCoreException ex) {
578 JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
579 NbBundle.getMessage(this.getClass(),
580 "HashDbManager.unableToOpenHashDbMsg", hashDbInfo.getHashSetName()),
581 NbBundle.getMessage(
this.getClass(),
"HashDbManager.openHashDbErr"),
582 JOptionPane.ERROR_MESSAGE);
583 allDatabasesLoadedCorrectly =
false;
590 }
catch (TskCoreException ex) {
593 JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
594 Bundle.HashDbManager_centralRepoLoadError_message(),
595 NbBundle.getMessage(this.getClass(),
"HashDbManager.openHashDbErr"),
596 JOptionPane.ERROR_MESSAGE);
597 allDatabasesLoadedCorrectly =
false;
613 HashLookupSettings.writeSettings(
new HashLookupSettings(HashLookupSettings.convertHashSetList(
this.hashSets)));
614 allDatabasesLoadedCorrectly =
true;
615 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
616 allDatabasesLoadedCorrectly =
false;
617 logger.log(Level.SEVERE,
"Could not overwrite hash set settings.", ex);
625 for (HashDbInfo hashDbInfo : crHashDbInfoList) {
627 addExistingCentralRepoHashSet(hashDbInfo.getHashSetName(), hashDbInfo.getVersion(),
628 hashDbInfo.getReferenceSetID(),
629 hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(), hashDbInfo.getKnownFilesType(),
630 hashDbInfo.isReadOnly());
637 for (
HashDb db : this.hashSets) {
638 if (dbInfo.matches(db)) {
647 File database =
new File(configuredPath);
648 if (database.exists()) {
649 return configuredPath;
653 String newPath = null;
655 && JOptionPane.showConfirmDialog(WindowManager.getDefault().getMainWindow(),
656 NbBundle.getMessage(this.getClass(),
"HashDbManager.dlgMsg.dbNotFoundAtLoc",
657 hashSetName, configuredPath),
658 NbBundle.getMessage(this.getClass(),
"HashDbManager.dlgTitle.MissingDb"),
659 JOptionPane.YES_NO_OPTION) == JOptionPane.YES_OPTION) {
661 if (null != newPath && !newPath.isEmpty()) {
662 database =
new File(newPath);
663 if (!database.exists()) {
672 String filePath = null;
673 JFileChooser fc =
new JFileChooser();
674 fc.setDragEnabled(
false);
675 fc.setFileSelectionMode(JFileChooser.FILES_ONLY);
676 String[] EXTENSION =
new String[]{
"txt",
"idx",
"hash",
"Hash",
"kdb"};
677 FileNameExtensionFilter filter =
new FileNameExtensionFilter(
678 NbBundle.getMessage(
this.getClass(),
"HashDbManager.fileNameExtensionFilter.title"), EXTENSION);
679 fc.setFileFilter(filter);
680 fc.setMultiSelectionEnabled(
false);
681 if (fc.showOpenDialog(null) == JFileChooser.APPROVE_OPTION) {
682 File f = fc.getSelectedFile();
684 filePath = f.getCanonicalPath();
685 }
catch (IOException ex) {
699 "HashDbManager.noChange.text=No Change",
700 "HashDbManager.known.text=Known",
701 "HashDbManager.knownBad.text=Notable"
705 KNOWN(Bundle.HashDbManager_known_text(), TskData.FileKnown.KNOWN,
false,
false),
706 KNOWN_BAD(Bundle.HashDbManager_knownBad_text(), TskData.FileKnown.BAD,
true,
true),
707 NO_CHANGE(Bundle.HashDbManager_noChange_text(), TskData.FileKnown.UNKNOWN,
true,
false);
714 KnownFilesType(String displayName, TskData.FileKnown fileKnown,
boolean allowSendInboxMessages,
boolean defaultSendInboxMessages) {
715 this.displayName = displayName;
716 this.fileKnown = fileKnown;
717 this.allowSendInboxMessages = allowSendInboxMessages;
718 this.defaultSendInboxMessages = defaultSendInboxMessages;
729 return allowSendInboxMessages;
740 return defaultSendInboxMessages;
744 return this.displayName;
754 return this.fileKnown;
765 if (fileKnown == null) {
770 .filter((type) -> type.getFileKnown() == fileKnown)
772 .orElseThrow(() ->
new IllegalArgumentException(
"Unknown TskData.FileKnown type: " + fileKnown));
786 abstract String getDisplayName();
794 abstract
void setSearchDuringIngest(
boolean useForIngest);
798 abstract
void setSendIngestMessages(
boolean showInboxMessages);
807 public abstract
boolean isUpdateable() throws TskCoreException;
817 public abstract
void addHashes(Content content) throws TskCoreException;
819 public abstract
void addHashes(Content content, String comment) throws TskCoreException;
821 public abstract
void addHashes(List<HashEntry> hashes) throws TskCoreException;
823 public abstract
boolean lookupMD5Quick(Content content) throws TskCoreException;
825 public abstract HashHitInfo
lookupMD5(Content content) throws TskCoreException;
835 abstract
boolean isValid() throws TskCoreException;
837 public abstract String
getIndexPath() throws TskCoreException;
839 public abstract
boolean hasIndexOnly() throws TskCoreException;
841 public abstract
void firePropertyChange(String propertyName, Object oldValue, Object newValue);
856 class SleuthkitHashSet extends
HashDb {
858 private static final long serialVersionUID = 1L;
859 private final int handle;
860 private final String hashSetName;
861 private boolean searchDuringIngest;
862 private boolean sendIngestMessages;
864 private boolean indexing;
865 private final PropertyChangeSupport propertyChangeSupport =
new PropertyChangeSupport(
this);
867 private SleuthkitHashSet(
int handle, String hashSetName,
boolean useForIngest,
boolean sendHitMessages,
KnownFilesType knownFilesType) {
868 this.handle = handle;
869 this.hashSetName = hashSetName;
870 this.searchDuringIngest = useForIngest;
871 this.sendIngestMessages = sendHitMessages;
872 this.knownFilesType = knownFilesType;
873 this.indexing =
false;
884 propertyChangeSupport.addPropertyChangeListener(pcl);
894 propertyChangeSupport.removePropertyChangeListener(pcl);
907 String getDisplayName() {
913 return SleuthkitJNI.getHashDatabasePath(handle);
916 public void setIndexing(
boolean indexing) {
917 this.indexing = indexing;
922 return SleuthkitJNI.getHashDatabaseIndexPath(handle);
927 return knownFilesType;
932 return searchDuringIngest;
936 void setSearchDuringIngest(
boolean useForIngest) {
937 this.searchDuringIngest = useForIngest;
942 return sendIngestMessages;
946 void setSendIngestMessages(
boolean showInboxMessages) {
947 this.sendIngestMessages = showInboxMessages;
959 return SleuthkitJNI.isUpdateableHashDatabase(this.handle);
971 public void addHashes(Content content)
throws TskCoreException {
986 public void addHashes(Content content, String comment)
throws TskCoreException {
988 assert content instanceof AbstractFile;
989 if (content instanceof AbstractFile) {
990 AbstractFile file = (AbstractFile) content;
991 if (null != file.getMd5Hash()) {
992 SleuthkitJNI.addToHashDatabase(null, file.getMd5Hash(), null, null, comment, handle);
1005 public void addHashes(List<HashEntry> hashes)
throws TskCoreException {
1006 SleuthkitJNI.addToHashDatabase(hashes, handle);
1019 public boolean lookupMD5Quick(Content content)
throws TskCoreException {
1020 boolean result =
false;
1021 assert content instanceof AbstractFile;
1022 if (content instanceof AbstractFile) {
1023 AbstractFile file = (AbstractFile) content;
1024 if (null != file.getMd5Hash()) {
1025 result = SleuthkitJNI.lookupInHashDatabase(file.getMd5Hash(), handle);
1041 public HashHitInfo
lookupMD5(Content content)
throws TskCoreException {
1042 HashHitInfo result = null;
1044 assert content instanceof AbstractFile;
1045 if (content instanceof AbstractFile) {
1046 AbstractFile file = (AbstractFile) content;
1047 if (null != file.getMd5Hash()) {
1048 result = SleuthkitJNI.lookupInHashDatabaseVerbose(file.getMd5Hash(), handle);
1063 boolean isValid() throws TskCoreException {
1067 boolean hasIndex() throws TskCoreException {
1068 return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
1072 public boolean hasIndexOnly() throws TskCoreException {
1073 return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
1076 boolean canBeReIndexed() throws TskCoreException {
1077 return SleuthkitJNI.hashDatabaseCanBeReindexed(handle);
1080 boolean isIndexing() {
1085 public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
1086 this.propertyChangeSupport.firePropertyChange(propertyName, oldValue, newValue);
1089 private void close() throws TskCoreException {
1090 SleuthkitJNI.closeHashDatabase(handle);
1099 public int hashCode() {
1101 code = 47 * code + Integer.hashCode(handle);
1102 code = 47 * code + Objects.hashCode(this.hashSetName);
1103 code = 47 * code + Objects.hashCode(this.propertyChangeSupport);
1104 code = 47 * code + Objects.hashCode(this.knownFilesType);
1109 public boolean equals(Object obj) {
1113 if (getClass() != obj.getClass()) {
1116 final SleuthkitHashSet other = (SleuthkitHashSet) obj;
1117 if (!Objects.equals(
this.hashSetName, other.hashSetName)) {
1120 if (this.knownFilesType != other.knownFilesType) {
1131 class CentralRepoHashSet
extends HashDb {
1133 private static final long serialVersionUID = 1L;
1134 private final String hashSetName;
1135 private boolean searchDuringIngest;
1136 private boolean sendIngestMessages;
1137 private final HashDb.KnownFilesType knownFilesType;
1138 private final int referenceSetID;
1139 private final String version;
1140 private String orgName;
1141 private final boolean readOnly;
1142 private final PropertyChangeSupport propertyChangeSupport =
new PropertyChangeSupport(
this);
1144 @Messages({
"HashDbManager.CentralRepoHashDb.orgError=Error loading organization"})
1145 private CentralRepoHashSet(String hashSetName, String version,
int referenceSetID,
1146 boolean useForIngest,
boolean sendHitMessages, HashDb.KnownFilesType knownFilesType,
1148 throws TskCoreException {
1149 this.hashSetName = hashSetName;
1150 this.version = version;
1151 this.referenceSetID = referenceSetID;
1152 this.searchDuringIngest = useForIngest;
1153 this.sendIngestMessages = sendHitMessages;
1154 this.knownFilesType = knownFilesType;
1155 this.readOnly = readOnly;
1158 orgName = CentralRepository.getInstance().getReferenceSetOrganization(referenceSetID).getName();
1159 }
catch (CentralRepoException ex) {
1160 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error looking up central repository organization for reference set " + referenceSetID, ex);
1161 orgName = Bundle.HashDbManager_CentralRepoHashDb_orgError();
1173 propertyChangeSupport.addPropertyChangeListener(pcl);
1183 propertyChangeSupport.removePropertyChangeListener(pcl);
1187 public boolean hasIndexOnly() throws TskCoreException {
1197 public String getDisplayName() {
1198 if (!getVersion().isEmpty()) {
1205 String getVersion() {
1209 String getOrgName() {
1213 int getReferenceSetID() {
1214 return referenceSetID;
1229 return knownFilesType;
1234 return searchDuringIngest;
1238 void setSearchDuringIngest(
boolean useForIngest) {
1239 this.searchDuringIngest = useForIngest;
1244 return sendIngestMessages;
1248 void setSendIngestMessages(
boolean showInboxMessages) {
1249 this.sendIngestMessages = showInboxMessages;
1260 public boolean isUpdateable() throws TskCoreException {
1273 public void addHashes(Content content)
throws TskCoreException {
1288 public void addHashes(Content content, String comment)
throws TskCoreException {
1290 assert content instanceof AbstractFile;
1291 if (content instanceof AbstractFile) {
1292 AbstractFile file = (AbstractFile) content;
1293 if (null != file.getMd5Hash()) {
1294 TskData.FileKnown type = knownFilesType.getFileKnown();
1297 CentralRepoFileInstance fileInstance =
new CentralRepoFileInstance(referenceSetID, file.getMd5Hash(),
1299 CentralRepository.getInstance().addReferenceInstance(fileInstance, CentralRepository.getInstance().getCorrelationTypeById(CorrelationAttributeInstance.FILES_TYPE_ID));
1300 }
catch (CentralRepoException | CorrelationAttributeNormalizationException ex) {
1301 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1315 public void addHashes(List<HashEntry> hashes)
throws TskCoreException {
1316 Set<CentralRepoFileInstance> globalFileInstances =
new HashSet<>();
1317 for (HashEntry hashEntry : hashes) {
1318 TskData.FileKnown type = knownFilesType.getFileKnown();
1321 globalFileInstances.add(
new CentralRepoFileInstance(referenceSetID, hashEntry.getMd5Hash(), type, hashEntry.getComment()));
1322 }
catch (CentralRepoException | CorrelationAttributeNormalizationException ex) {
1323 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1328 CentralRepository.getInstance().bulkInsertReferenceTypeEntries(globalFileInstances,
1329 CentralRepository.getInstance().getCorrelationTypeById(CorrelationAttributeInstance.FILES_TYPE_ID));
1330 }
catch (CentralRepoException ex) {
1331 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1345 public boolean lookupMD5Quick(Content content)
throws TskCoreException {
1347 assert content instanceof AbstractFile;
1348 if (content instanceof AbstractFile) {
1349 AbstractFile file = (AbstractFile) content;
1350 if (null != file.getMd5Hash()) {
1352 return CentralRepository.getInstance().isFileHashInReferenceSet(file.getMd5Hash(), this.referenceSetID);
1353 }
catch (CentralRepoException | CorrelationAttributeNormalizationException ex) {
1354 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error performing central reposiotry hash lookup for hash "
1355 + file.getMd5Hash() +
" in reference set " + referenceSetID, ex);
1356 throw new TskCoreException(
"Error performing central reposiotry hash lookup", ex);
1373 public HashHitInfo
lookupMD5(Content content)
throws TskCoreException {
1374 HashHitInfo result = null;
1376 assert content instanceof AbstractFile;
1377 if (content instanceof AbstractFile) {
1378 AbstractFile file = (AbstractFile) content;
1379 if (null != file.getMd5Hash()) {
1381 return CentralRepository.getInstance().lookupHash(file.getMd5Hash(), referenceSetID);
1382 }
catch (CentralRepoException | CorrelationAttributeNormalizationException ex) {
1383 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error performing central reposiotry hash lookup for hash "
1384 + file.getMd5Hash() +
" in reference set " + referenceSetID, ex);
1385 throw new TskCoreException(
"Error performing central reposiotry hash lookup", ex);
1399 if (!CentralRepository.isEnabled()) {
1403 return CentralRepository.getInstance().referenceSetIsValid(this.referenceSetID, this.hashSetName, this.version);
1404 }
catch (CentralRepoException ex) {
1405 Logger.getLogger(CentralRepoHashSet.class.getName()).log(Level.SEVERE,
"Error validating hash set " + hashSetName, ex);
1411 public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
1412 this.propertyChangeSupport.firePropertyChange(propertyName, oldValue, newValue);
1417 return getDisplayName();
1421 public int hashCode() {
1423 code = 47 * code + Objects.hashCode(this.hashSetName);
1424 code = 47 * code + Objects.hashCode(this.version);
1425 code = 47 * code + Integer.hashCode(this.referenceSetID);
1426 code = 47 * code + Objects.hashCode(this.knownFilesType);
1431 public boolean equals(Object obj) {
1435 if (getClass() != obj.getClass()) {
1438 final CentralRepoHashSet other = (CentralRepoHashSet) obj;
1439 if (!Objects.equals(
this.hashSetName, other.hashSetName)) {
1442 if (!Objects.equals(
this.version, other.version)) {
1445 if (this.knownFilesType != other.knownFilesType) {
1457 private ProgressHandle progress = null;
1458 private SleuthkitHashSet hashDb = null;
1461 this.hashDb = hashDb;
1466 hashDb.setIndexing(
true);
1467 progress = ProgressHandle.createHandle(
1468 NbBundle.getMessage(
this.getClass(),
"HashDbManager.progress.indexingHashSet", hashDb.getHashSetName()));
1470 progress.switchToIndeterminate();
1472 SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.getHandle());
1473 }
catch (TskCoreException ex) {
1475 JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
1476 NbBundle.getMessage(this.getClass(),
1477 "HashDbManager.dlgMsg.errorIndexingHashSet",
1478 hashDb.getHashSetName()),
1479 NbBundle.getMessage(
this.getClass(),
"HashDbManager.hashDbIndexingErr"),
1480 JOptionPane.ERROR_MESSAGE);
1487 hashDb.setIndexing(
false);
1493 }
catch (InterruptedException | ExecutionException ex) {
1494 logger.log(Level.SEVERE,
"Error creating index", ex);
1496 NbBundle.getMessage(
this.getClass(),
"HashDbManager.errCreatingIndex.title"),
1497 NbBundle.getMessage(
this.getClass(),
"HashDbManager.errCreatingIndex.msg", ex.getMessage()),
1500 catch (java.util.concurrent.CancellationException ex) {
1504 hashDb.firePropertyChange(SleuthkitHashSet.Event.INDEXING_DONE.toString(), null, hashDb);
1506 }
catch (Exception e) {
1507 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
1509 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
1510 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
abstract boolean getSendIngestMessages()
Set< String > hashSetPaths
abstract String getIndexPath()
void configureSettings(HashLookupSettings settings)
static final Logger logger
static final String HASH_DATABASE_FILE_EXTENSON
void loadHashsetsConfiguration()
static synchronized IngestManager getInstance()
static boolean runningWithGUI
synchronized void addPropertyChangeListener(PropertyChangeListener listener)
HashDbManagerException(String message)
List< CentralRepoFileSet > getAllReferenceSets(CorrelationAttributeInstance.Type correlationType)
static KnownFilesType fromFileKnown(TskData.FileKnown fileKnown)
abstract String getHashSetName()
List< HashDbInfo > getCentralRepoHashSetsFromDatabase()
boolean isIngestRunning()
static final long serialVersionUID
final TskData.FileKnown fileKnown
List< HashDb > getUpdateableHashSets(List< HashDb > hashDbs)
abstract String toString()
synchronized HashDb addNewHashDatabaseNoSave(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
HashDbManagerException(String message, Throwable exception)
synchronized void removeHashDatabase(HashDb hashDb)
final boolean allowSendInboxMessages
boolean allDatabasesLoadedCorrectly
abstract void firePropertyChange(String propertyName, Object oldValue, Object newValue)
synchronized List< HashDb > getKnownBadFileHashSets()
boolean hashDbInfoIsNew(HashDbInfo dbInfo)
TskData.FileKnown getFileKnown()
synchronized void removeHashDatabaseNoSave(HashDb hashDb)
static HashDbManager instance
Set< String > hashSetNames
static synchronized HashDbManager getInstance()
String getValidFilePath(String hashSetName, String configuredPath)
abstract HashDb.KnownFilesType getKnownFilesType()
synchronized HashDb addNewHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
boolean isDefaultInboxMessages()
synchronized void removePropertyChangeListener(PropertyChangeListener listener)
abstract HashHitInfo lookupMD5(Content content)
synchronized List< HashDb > getUpdateableHashSets()
synchronized List< HashDb > getAllHashSets()
abstract boolean isUpdateable()
abstract boolean lookupMD5Quick(Content content)
abstract String getDatabasePath()
void propertyChange(PropertyChangeEvent event)
void closeHashDatabases(List< HashDb > hashDatabases)
synchronized void loadLastSavedConfiguration()
abstract void addPropertyChangeListener(PropertyChangeListener pcl)
synchronized static Logger getLogger(String name)
final boolean defaultSendInboxMessages
static void show(String title, String message, MessageType type, ActionListener actionListener)
CorrelationAttributeInstance.Type getCorrelationTypeById(int typeId)
boolean isInboxMessagesAllowed()
abstract boolean hasIndexOnly()
KnownFilesType(String displayName, TskData.FileKnown fileKnown, boolean allowSendInboxMessages, boolean defaultSendInboxMessages)
SleuthkitHashSet addHashDatabase(int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
abstract boolean getSearchDuringIngest()
static CentralRepository getInstance()
void updateHashSetsFromCentralRepository()
synchronized List< HashDb > getKnownFileHashSets()
synchronized HashDb addExistingHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
static final int FILES_TYPE_ID
static boolean isEnabled()
abstract void addHashes(Content content)
abstract void removePropertyChangeListener(PropertyChangeListener pcl)