19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import com.google.common.util.concurrent.ThreadFactoryBuilder;
22 import java.beans.PropertyChangeEvent;
23 import java.beans.PropertyChangeListener;
24 import java.util.EnumSet;
25 import java.util.List;
27 import java.util.concurrent.ExecutorService;
28 import java.util.concurrent.Executors;
29 import java.util.logging.Level;
30 import org.apache.commons.lang.StringUtils;
31 import org.openide.util.NbBundle.Messages;
64 @Messages({
"caseeventlistener.evidencetag=Evidence"})
65 final class CaseEventListener implements PropertyChangeListener {
68 private final ExecutorService jobProcessingExecutor;
69 private static final String CASE_EVENT_THREAD_NAME =
"Case-Event-Listener-%d";
71 private static final Set<
Case.
Events> CASE_EVENTS_OF_INTEREST = EnumSet.of(
81 jobProcessingExecutor = Executors.newSingleThreadExecutor(
new ThreadFactoryBuilder().setNameFormat(CASE_EVENT_THREAD_NAME).build());
89 public void propertyChange(PropertyChangeEvent evt) {
90 if (!(evt instanceof
AutopsyEvent) || (((AutopsyEvent) evt).getSourceType() != AutopsyEvent.SourceType.LOCAL)) {
98 LOGGER.log(Level.SEVERE,
"Failed to get instance of db manager.", ex);
104 switch (
Case.
Events.valueOf(evt.getPropertyName())) {
105 case CONTENT_TAG_ADDED:
106 case CONTENT_TAG_DELETED: {
107 jobProcessingExecutor.submit(
new ContentTagTask(dbManager, evt));
111 case BLACKBOARD_ARTIFACT_TAG_DELETED:
112 case BLACKBOARD_ARTIFACT_TAG_ADDED: {
113 jobProcessingExecutor.submit(
new BlackboardTagTask(dbManager, evt));
117 case DATA_SOURCE_ADDED: {
118 jobProcessingExecutor.submit(
new DataSourceAddedTask(dbManager, evt));
121 case TAG_DEFINITION_CHANGED: {
122 jobProcessingExecutor.submit(
new TagDefinitionChangeTask(evt));
126 jobProcessingExecutor.submit(
new CurrentCaseTask(dbManager, evt));
129 case DATA_SOURCE_NAME_CHANGED: {
130 jobProcessingExecutor.submit(
new DataSourceNameChangedTask(dbManager, evt));
139 void installListeners() {
146 void uninstallListeners() {
157 private static boolean isNotableTag(Tag t) {
158 return (t != null && isNotableTagName(t.getName()));
168 private static boolean isNotableTagName(TagName t) {
179 private static boolean hasNotableTag(List<? extends Tag> tags) {
185 .filter(CaseEventListener::isNotableTag)
193 private final PropertyChangeEvent
event;
208 handleTagAdded((ContentTagAddedEvent) event);
210 handleTagDeleted((ContentTagDeletedEvent) event);
212 LOGGER.log(Level.SEVERE,
213 String.format(
"Received an event %s of type %s and was expecting either CONTENT_TAG_ADDED or CONTENT_TAG_DELETED.",
214 event, curEventType));
221 LOGGER.log(Level.SEVERE,
"ContentTagDeletedEvent did not have valid content to provide a content id.");
228 if (content == null) {
229 LOGGER.log(Level.WARNING,
235 handleTagChange(content);
243 if (evt.getAddedTag() == null || evt.getAddedTag().getContent() == null) {
244 LOGGER.log(Level.SEVERE,
"ContentTagAddedEvent did not have valid content to provide a content id.");
249 handleTagChange(evt.getAddedTag().getContent());
260 AbstractFile af = null;
264 Long contentID = (content != null) ? content.getId() : null;
265 LOGGER.log(Level.WARNING,
"Error updating non-file object: " + contentID, ex);
278 setContentKnownStatus(af, TskData.FileKnown.BAD);
281 setContentKnownStatus(af, TskData.FileKnown.UNKNOWN);
284 LOGGER.log(Level.SEVERE,
"Failed to obtain tags manager for case.", ex);
300 if (eamArtifact != null) {
305 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
314 private final PropertyChangeEvent
event;
329 handleTagAdded((BlackBoardArtifactTagAddedEvent) event);
331 handleTagDeleted((BlackBoardArtifactTagDeletedEvent) event);
333 LOGGER.log(Level.WARNING,
334 String.format(
"Received an event %s of type %s and was expecting either CONTENT_TAG_ADDED or CONTENT_TAG_DELETED.",
335 event, curEventType));
342 LOGGER.log(Level.SEVERE,
"BlackBoardArtifactTagDeletedEvent did not have valid content to provide a content id.");
351 if (content == null) {
352 LOGGER.log(Level.WARNING,
359 if (bbArtifact == null) {
360 LOGGER.log(Level.WARNING,
366 handleTagChange(content, bbArtifact);
368 LOGGER.log(Level.WARNING,
"Error updating non-file object.", ex);
374 if (evt.getAddedTag() == null || evt.getAddedTag().getContent() == null || evt.getAddedTag().getArtifact() == null) {
375 LOGGER.log(Level.SEVERE,
"BlackBoardArtifactTagAddedEvent did not have valid content to provide a content id.");
380 handleTagChange(evt.getAddedTag().getContent(), evt.getAddedTag().getArtifact());
396 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
401 if (isKnownFile(content)) {
407 if (hasNotableTag(tags)) {
408 setArtifactKnownStatus(bbArtifact, TskData.FileKnown.BAD);
410 setArtifactKnownStatus(bbArtifact, TskData.FileKnown.UNKNOWN);
412 }
catch (TskCoreException ex) {
413 LOGGER.log(Level.SEVERE,
"Failed to obtain tags manager for case.", ex);
426 return ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN));
442 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
451 private final PropertyChangeEvent
event;
463 String modifiedTagName = (String) event.getOldValue();
474 for (BlackboardArtifactTag bbTag : artifactTags) {
476 boolean hasTagWithConflictingKnownStatus =
false;
480 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
481 Content content = bbTag.getContent();
484 if ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN)) {
488 BlackboardArtifact bbArtifact = bbTag.getArtifact();
492 for (BlackboardArtifactTag t : tags) {
494 if (t.getName().equals(tagName)) {
498 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
500 hasTagWithConflictingKnownStatus =
true;
506 if (!hasTagWithConflictingKnownStatus) {
519 for (ContentTag contentTag : fileTags) {
521 boolean hasTagWithConflictingKnownStatus =
false;
525 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
526 Content content = contentTag.getContent();
530 for (ContentTag t : tags) {
532 if (t.getName().equals(tagName)) {
536 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
538 hasTagWithConflictingKnownStatus =
true;
544 if (!hasTagWithConflictingKnownStatus) {
545 Content taggedContent = contentTag.getContent();
546 if (taggedContent instanceof AbstractFile) {
548 if (eamArtifact != null) {
554 }
catch (TskCoreException ex) {
555 LOGGER.log(Level.SEVERE,
"Cannot update known status in central repository for tag: " + modifiedTagName, ex);
557 LOGGER.log(Level.SEVERE,
"Cannot get central repository for tag: " + modifiedTagName, ex);
559 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
567 private final PropertyChangeEvent
event;
583 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
588 Content newDataSource = dataSourceAddedEvent.
getDataSource();
592 if (null == dbManager.
getDataSource(correlationCase, newDataSource.getId())) {
596 LOGGER.log(Level.SEVERE,
"Error adding new data source to the central repository", ex);
604 private final PropertyChangeEvent
event;
617 if ((null == event.getOldValue()) && (event.getNewValue() instanceof
Case)) {
618 Case curCase = (
Case) event.getNewValue();
628 if (dbManager.
getCase(curCase) == null) {
632 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
641 private final PropertyChangeEvent
event;
652 Content dataSource = dataSourceNameChangedEvent.
getDataSource();
653 String newName = (String) event.getNewValue();
655 if (!StringUtils.isEmpty(newName)) {
666 LOGGER.log(Level.SEVERE,
"Error updating data source with ID " + dataSource.getId() +
" to " + newName, ex);
668 LOGGER.log(Level.SEVERE,
"No open case", ex);
final PropertyChangeEvent event
final CentralRepository dbManager
ContentTagTask(CentralRepository db, PropertyChangeEvent evt)
DataSourceAddedTask(CentralRepository db, PropertyChangeEvent evt)
final PropertyChangeEvent event
void handleTagAdded(BlackBoardArtifactTagAddedEvent evt)
final CentralRepository dbManager
DeletedBlackboardArtifactTagInfo getDeletedTagInfo()
static CorrelationDataSource fromTSKDataSource(CorrelationCase correlationCase, Content dataSource)
static CorrelationAttributeInstance makeCorrAttrFromFile(AbstractFile file)
CorrelationCase getCase(Case autopsyCase)
void setAttributeInstanceKnownStatus(CorrelationAttributeInstance eamArtifact, TskData.FileKnown knownStatus)
void handleTagDeleted(BlackBoardArtifactTagDeletedEvent evt)
CurrentCaseTask(CentralRepository db, PropertyChangeEvent evt)
static List< CorrelationAttributeInstance > makeCorrAttrsForCorrelation(BlackboardArtifact artifact)
TskData.FileKnown getKnownStatus()
TagDefinitionChangeTask(PropertyChangeEvent evt)
static void shutDownTaskExecutor(ExecutorService executor)
final CentralRepository dbManager
boolean isKnownFile(Content content)
TagsManager getTagsManager()
void handleTagChange(Content content, BlackboardArtifact bbArtifact)
final CentralRepository dbManager
CorrelationCase newCase(CorrelationCase eamCase)
final CentralRepository dbManager
SleuthkitCase getSleuthkitCase()
void handleTagChange(Content content)
DataSourceNameChangedTask(CentralRepository db, PropertyChangeEvent evt)
void updateDataSourceName(CorrelationDataSource eamDataSource, String newName)
BLACKBOARD_ARTIFACT_TAG_ADDED
BlackboardTagTask(CentralRepository db, PropertyChangeEvent evt)
void handleTagDeleted(ContentTagDeletedEvent evt)
void setArtifactKnownStatus(BlackboardArtifact bbArtifact, TskData.FileKnown knownStatus)
CorrelationDataSource getDataSource(CorrelationCase correlationCase, Long caseDbDataSourceId)
synchronized static Logger getLogger(String name)
void setContentKnownStatus(AbstractFile af, TskData.FileKnown knownStatus)
static Case getCurrentCaseThrows()
static void addEventTypeSubscriber(Set< Events > eventTypes, PropertyChangeListener subscriber)
final PropertyChangeEvent event
final PropertyChangeEvent event
DeletedContentTagInfo getDeletedTagInfo()
void handleTagAdded(ContentTagAddedEvent evt)
final PropertyChangeEvent event
static void removeEventTypeSubscriber(Set< Events > eventTypes, PropertyChangeListener subscriber)
static CentralRepository getInstance()
final PropertyChangeEvent event
BLACKBOARD_ARTIFACT_TAG_DELETED
static boolean isEnabled()