19 package org.sleuthkit.autopsy.modules.hashdatabase;
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.beans.PropertyChangeSupport;
25 import java.io.IOException;
26 import java.util.ArrayList;
27 import java.util.HashSet;
28 import java.util.List;
29 import java.util.Objects;
31 import java.util.concurrent.ExecutionException;
32 import java.util.logging.Level;
33 import javax.swing.JFileChooser;
34 import javax.swing.JOptionPane;
35 import javax.swing.SwingWorker;
36 import javax.swing.filechooser.FileNameExtensionFilter;
37 import org.apache.commons.io.FilenameUtils;
38 import org.netbeans.api.progress.ProgressHandle;
39 import org.openide.util.NbBundle;
40 import org.openide.util.NbBundle.Messages;
67 private List<HashDb>
hashSets =
new ArrayList<>();
70 PropertyChangeSupport changeSupport =
new PropertyChangeSupport(
HashDbManager.class);
81 DB_ADDED, DB_DELETED, DB_INDEXED
90 if (instance == null) {
97 changeSupport.addPropertyChangeListener(listener);
101 changeSupport.removePropertyChangeListener(listener);
104 synchronized boolean verifyAllDatabasesLoadedCorrectly(){
117 static String getHashDatabaseFileExtension() {
130 super(message, exception);
155 hashDb = this.addExistingHashDatabaseNoSave(hashSetName, path, searchDuringIngest, sendIngestMessages, knownFilesType);
163 if (!
new File(path).exists()) {
164 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbDoesNotExistExceptionMsg", path));
167 if (hashSetPaths.contains(path)) {
168 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
171 if (hashSetNames.contains(hashSetName)) {
172 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
175 hashDb =
addHashDatabase(SleuthkitJNI.openHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
176 }
catch (TskCoreException ex) {
177 throw new HashDbManagerException(ex.getMessage());
200 public synchronized HashDb addNewHashDatabase(String hashSetName, String path,
boolean searchDuringIngest,
boolean sendIngestMessages,
215 File file =
new File(path);
217 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbFileExistsExceptionMsg", path));
219 if (!FilenameUtils.getExtension(file.getName()).equalsIgnoreCase(HASH_DATABASE_FILE_EXTENSON)) {
220 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.illegalHashDbFileNameExtensionMsg",
221 getHashDatabaseFileExtension()));
224 if (hashSetPaths.contains(path)) {
225 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
228 if (hashSetNames.contains(hashSetName)) {
229 throw new HashDbManagerException(NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
232 hashDb =
addHashDatabase(SleuthkitJNI.createHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
233 }
catch (TskCoreException ex) {
234 throw new HashDbManagerException(ex.getMessage());
239 private SleuthkitHashSet
addHashDatabase(
int handle, String hashSetName,
boolean searchDuringIngest,
boolean sendIngestMessages,
HashDb.
KnownFilesType knownFilesType) throws TskCoreException {
241 SleuthkitHashSet hashDb =
new SleuthkitHashSet(handle, hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
245 String databasePath = hashDb.getDatabasePath();
246 String indexPath = hashDb.getIndexPath();
250 hashSetNames.add(hashDb.getHashSetName());
251 if (!databasePath.equals(
"None")) {
252 hashSetPaths.add(databasePath);
254 if (!indexPath.equals(
"None")) {
255 hashSetPaths.add(indexPath);
259 hashSets.add(hashDb);
263 changeSupport.firePropertyChange(
SetEvt.
DB_ADDED.toString(), null, hashSetName);
264 }
catch (Exception e) {
265 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
267 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
268 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
274 CentralRepoHashSet addExistingCentralRepoHashSet(String hashSetName, String version,
int referenceSetID,
276 boolean readOnly)
throws TskCoreException{
279 throw new TskCoreException(
"Could not load central repository hash set " + hashSetName +
" - central repository is not enabled");
282 CentralRepoHashSet db =
new CentralRepoHashSet(hashSetName, version, referenceSetID, searchDuringIngest,
283 sendIngestMessages, knownFilesType, readOnly);
286 throw new TskCoreException(
"Error finding hash set " + hashSetName +
" in central repository");
294 changeSupport.firePropertyChange(SetEvt.DB_ADDED.toString(), null, hashSetName);
295 }
catch (Exception e) {
296 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
297 MessageNotifyUtil.Notify.show(
298 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
299 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
300 MessageNotifyUtil.MessageType.ERROR);
306 synchronized void indexHashDatabase(SleuthkitHashSet hashDb) {
307 hashDb.addPropertyChangeListener(
this);
308 HashDbIndexer creator =
new HashDbIndexer(hashDb);
314 if (event.getPropertyName().equals(SleuthkitHashSet.Event.INDEXING_DONE.name())) {
315 SleuthkitHashSet hashDb = (SleuthkitHashSet) event.getNewValue();
316 if (null != hashDb) {
318 String indexPath = hashDb.getIndexPath();
319 if (!indexPath.equals(
"None")) {
320 hashSetPaths.add(indexPath);
322 }
catch (TskCoreException ex) {
323 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting index path of " + hashDb.getHashSetName() +
" hash set after indexing", ex);
345 if (ingestIsRunning) {
346 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.ingestRunningExceptionMsg"));
352 String hashSetName = hashDb.getHashSetName();
353 hashSetNames.remove(hashSetName);
354 hashSets.remove(hashDb);
359 if(hashDb instanceof SleuthkitHashSet){
360 SleuthkitHashSet hashDatabase = (SleuthkitHashSet)hashDb;
362 if(hashDatabase.hasIndex()){
363 hashSetPaths.remove(hashDatabase.getIndexPath());
365 }
catch (TskCoreException ex) {
366 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting index path of " + hashDatabase.getHashSetName() +
" hash set when removing the hash set", ex);
370 if (!hashDatabase.hasIndexOnly()) {
371 hashSetPaths.remove(hashDatabase.getDatabasePath());
373 }
catch (TskCoreException ex) {
374 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error getting hash set path of " + hashDatabase.getHashSetName() +
" hash set when removing the hash set", ex);
378 hashDatabase.close();
379 }
catch (TskCoreException ex) {
380 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error closing " + hashDb.getHashSetName() +
" hash set when removing the hash set", ex);
386 changeSupport.firePropertyChange(
SetEvt.
DB_DELETED.toString(), null, hashSetName);
387 }
catch (Exception e) {
388 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
390 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
391 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
396 void save() throws HashDbManagerException {
398 if (!HashLookupSettings.writeSettings(
new HashLookupSettings(HashLookupSettings.convertHashSetList(
this.hashSets)))) {
399 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.saveErrorExceptionMsg"));
401 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
402 throw new HashDbManagerException(NbBundle.getMessage(
this.getClass(),
"HashDbManager.saveErrorExceptionMsg"));
416 }
catch (TskCoreException ex){
420 List<HashDb> hashDbs =
new ArrayList<>();
421 hashDbs.addAll(this.hashSets);
431 List<HashDb> hashDbs =
new ArrayList<>();
434 }
catch (TskCoreException ex){
449 List<HashDb> hashDbs =
new ArrayList<>();
452 }
catch (TskCoreException ex){
471 ArrayList<HashDb> updateableDbs =
new ArrayList<>();
474 }
catch (TskCoreException ex){
477 for (
HashDb db : hashDbs) {
479 if (db.isUpdateable()) {
480 updateableDbs.add(db);
482 }
catch (TskCoreException ex) {
483 Logger.
getLogger(
HashDbManager.class.getName()).log(Level.SEVERE,
"Error checking updateable status of " + db.getHashSetName() +
" hash set", ex);
486 return updateableDbs;
490 List<HashDbInfo> crHashSets =
new ArrayList<>();
500 crHashSets.add(
new HashDbInfo(globalSet.getSetName(), globalSet.getVersion(),
501 globalSet.getGlobalSetID(),
convertFileKnown(globalSet.getFileKnownStatus()), globalSet.isReadOnly(),
false, sendIngestMessages));
511 if(fileKnown.equals(TskData.FileKnown.BAD)){
523 hashSetNames.clear();
524 hashSetPaths.clear();
530 for (
HashDb database : hashDatabases) {
531 if(database instanceof SleuthkitHashSet){
533 ((SleuthkitHashSet)database).close();
534 }
catch (TskCoreException ex) {
539 hashDatabases.clear();
544 HashLookupSettings settings = HashLookupSettings.readSettings();
546 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
557 @Messages({
"# {0} - hash set name",
"HashDbManager.noDbPath.message=Couldn't get valid hash set path for: {0}",
558 "HashDbManager.centralRepoLoadError.message=Error loading central repository hash sets"})
560 allDatabasesLoadedCorrectly =
true;
561 List<HashDbInfo> hashDbInfoList = settings.getHashDbInfo();
562 for (HashDbInfo hashDbInfo : hashDbInfoList) {
564 if(hashDbInfo.isFileDatabaseType()){
565 String dbPath = this.
getValidFilePath(hashDbInfo.getHashSetName(), hashDbInfo.getPath());
566 if (dbPath != null) {
567 addHashDatabase(SleuthkitJNI.openHashDatabase(dbPath), hashDbInfo.getHashSetName(), hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(), hashDbInfo.getKnownFilesType());
569 logger.log(Level.WARNING, Bundle.HashDbManager_noDbPath_message(hashDbInfo.getHashSetName()));
570 allDatabasesLoadedCorrectly =
false;
574 addExistingCentralRepoHashSet(hashDbInfo.getHashSetName(), hashDbInfo.getVersion(),
575 hashDbInfo.getReferenceSetID(),
576 hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(),
577 hashDbInfo.getKnownFilesType(), hashDbInfo.isReadOnly());
580 }
catch (TskCoreException ex) {
582 JOptionPane.showMessageDialog(null,
583 NbBundle.getMessage(
this.getClass(),
584 "HashDbManager.unableToOpenHashDbMsg", hashDbInfo.getHashSetName()),
585 NbBundle.getMessage(
this.getClass(),
"HashDbManager.openHashDbErr"),
586 JOptionPane.ERROR_MESSAGE);
587 allDatabasesLoadedCorrectly =
false;
594 }
catch (TskCoreException ex){
597 JOptionPane.showMessageDialog(null,
598 Bundle.HashDbManager_centralRepoLoadError_message(),
599 NbBundle.getMessage(this.getClass(),
"HashDbManager.openHashDbErr"),
600 JOptionPane.ERROR_MESSAGE);
601 allDatabasesLoadedCorrectly =
false;
614 HashLookupSettings.writeSettings(
new HashLookupSettings(HashLookupSettings.convertHashSetList(
this.hashSets)));
615 allDatabasesLoadedCorrectly =
true;
616 }
catch (HashLookupSettings.HashLookupSettingsException ex) {
617 allDatabasesLoadedCorrectly =
false;
618 logger.log(Level.SEVERE,
"Could not overwrite hash set settings.", ex);
626 for(HashDbInfo hashDbInfo : crHashDbInfoList) {
628 addExistingCentralRepoHashSet(hashDbInfo.getHashSetName(), hashDbInfo.getVersion(),
629 hashDbInfo.getReferenceSetID(),
630 hashDbInfo.getSearchDuringIngest(), hashDbInfo.getSendIngestMessages(), hashDbInfo.getKnownFilesType(),
631 hashDbInfo.isReadOnly());
638 for(
HashDb db:this.hashSets){
639 if(dbInfo.matches(db)){
648 File database =
new File(configuredPath);
649 if (database.exists()) {
650 return configuredPath;
654 String newPath = null;
656 JOptionPane.showConfirmDialog(null,
657 NbBundle.getMessage(
this.getClass(),
"HashDbManager.dlgMsg.dbNotFoundAtLoc",
658 hashSetName, configuredPath),
659 NbBundle.getMessage(
this.getClass(),
"HashDbManager.dlgTitle.MissingDb"),
660 JOptionPane.YES_NO_OPTION) == JOptionPane.YES_OPTION) {
662 if (null != newPath && !newPath.isEmpty()) {
663 database =
new File(newPath);
664 if (!database.exists()) {
673 String filePath = null;
674 JFileChooser fc =
new JFileChooser();
675 fc.setDragEnabled(
false);
676 fc.setFileSelectionMode(JFileChooser.FILES_ONLY);
677 String[] EXTENSION =
new String[]{
"txt",
"idx",
"hash",
"Hash",
"kdb"};
678 FileNameExtensionFilter filter =
new FileNameExtensionFilter(
679 NbBundle.getMessage(
this.getClass(),
"HashDbManager.fileNameExtensionFilter.title"), EXTENSION);
680 fc.setFileFilter(filter);
681 fc.setMultiSelectionEnabled(
false);
682 if (fc.showOpenDialog(null) == JFileChooser.APPROVE_OPTION) {
683 File f = fc.getSelectedFile();
685 filePath = f.getCanonicalPath();
686 }
catch (IOException ex) {
706 this.displayName = displayName;
710 return this.displayName;
724 abstract String getDisplayName();
732 abstract
void setSearchDuringIngest(
boolean useForIngest);
736 abstract
void setSendIngestMessages(
boolean showInboxMessages);
745 public abstract
boolean isUpdateable() throws TskCoreException;
755 public abstract
void addHashes(Content content) throws TskCoreException;
757 public abstract
void addHashes(Content content, String comment) throws TskCoreException;
759 public abstract
void addHashes(List<HashEntry> hashes) throws TskCoreException;
761 public abstract
boolean lookupMD5Quick(Content content) throws TskCoreException;
763 public abstract HashHitInfo
lookupMD5(Content content) throws TskCoreException;
771 abstract
boolean isValid() throws TskCoreException;
773 public abstract String
getIndexPath() throws TskCoreException;
775 public abstract
boolean hasIndexOnly() throws TskCoreException;
777 public abstract
void firePropertyChange(String propertyName, Object oldValue, Object newValue);
792 class SleuthkitHashSet extends
HashDb{
794 private static final long serialVersionUID = 1L;
795 private final int handle;
796 private final String hashSetName;
797 private boolean searchDuringIngest;
798 private boolean sendIngestMessages;
800 private boolean indexing;
801 private final PropertyChangeSupport propertyChangeSupport =
new PropertyChangeSupport(
this);
803 private SleuthkitHashSet(
int handle, String hashSetName,
boolean useForIngest,
boolean sendHitMessages,
KnownFilesType knownFilesType) {
804 this.handle = handle;
805 this.hashSetName = hashSetName;
806 this.searchDuringIngest = useForIngest;
807 this.sendIngestMessages = sendHitMessages;
808 this.knownFilesType = knownFilesType;
809 this.indexing =
false;
820 propertyChangeSupport.addPropertyChangeListener(pcl);
830 propertyChangeSupport.removePropertyChangeListener(pcl);
843 String getDisplayName(){
849 return SleuthkitJNI.getHashDatabasePath(handle);
852 public void setIndexing(
boolean indexing){
853 this.indexing = indexing;
858 return SleuthkitJNI.getHashDatabaseIndexPath(handle);
863 return knownFilesType;
868 return searchDuringIngest;
872 void setSearchDuringIngest(
boolean useForIngest) {
873 this.searchDuringIngest = useForIngest;
878 return sendIngestMessages;
882 void setSendIngestMessages(
boolean showInboxMessages) {
883 this.sendIngestMessages = showInboxMessages;
895 return SleuthkitJNI.isUpdateableHashDatabase(this.handle);
907 public void addHashes(Content content)
throws TskCoreException {
922 public void addHashes(Content content, String comment)
throws TskCoreException {
924 assert content instanceof AbstractFile;
925 if (content instanceof AbstractFile) {
926 AbstractFile file = (AbstractFile) content;
927 if (null != file.getMd5Hash()) {
928 SleuthkitJNI.addToHashDatabase(null, file.getMd5Hash(), null, null, comment, handle);
941 public void addHashes(List<HashEntry> hashes)
throws TskCoreException {
942 SleuthkitJNI.addToHashDatabase(hashes, handle);
955 public boolean lookupMD5Quick(Content content)
throws TskCoreException {
956 boolean result =
false;
957 assert content instanceof AbstractFile;
958 if (content instanceof AbstractFile) {
959 AbstractFile file = (AbstractFile) content;
960 if (null != file.getMd5Hash()) {
961 result = SleuthkitJNI.lookupInHashDatabase(file.getMd5Hash(), handle);
977 public HashHitInfo
lookupMD5(Content content)
throws TskCoreException {
978 HashHitInfo result = null;
980 assert content instanceof AbstractFile;
981 if (content instanceof AbstractFile) {
982 AbstractFile file = (AbstractFile) content;
983 if (null != file.getMd5Hash()) {
984 result = SleuthkitJNI.lookupInHashDatabaseVerbose(file.getMd5Hash(), handle);
997 boolean isValid() throws TskCoreException {
1001 boolean hasIndex() throws TskCoreException {
1002 return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
1006 public boolean hasIndexOnly() throws TskCoreException {
1007 return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
1010 boolean canBeReIndexed() throws TskCoreException {
1011 return SleuthkitJNI.hashDatabaseCanBeReindexed(handle);
1014 boolean isIndexing() {
1019 public void firePropertyChange(String propertyName, Object oldValue, Object newValue){
1020 this.propertyChangeSupport.firePropertyChange(propertyName, oldValue, newValue);
1023 private void close() throws TskCoreException {
1024 SleuthkitJNI.closeHashDatabase(handle);
1034 public int hashCode() {
1036 code = 47 * code + Integer.hashCode(handle);
1037 code = 47 * code + Objects.hashCode(this.hashSetName);
1038 code = 47 * code + Objects.hashCode(this.propertyChangeSupport);
1039 code = 47 * code + Objects.hashCode(this.knownFilesType);
1044 public boolean equals(Object obj) {
1048 if (getClass() != obj.getClass()) {
1051 final SleuthkitHashSet other = (SleuthkitHashSet) obj;
1052 if (!Objects.equals(
this.hashSetName, other.hashSetName)) {
1055 if (this.knownFilesType != other.knownFilesType) {
1066 class CentralRepoHashSet
extends HashDb{
1068 private static final long serialVersionUID = 1L;
1069 private final String hashSetName;
1070 private boolean searchDuringIngest;
1071 private boolean sendIngestMessages;
1072 private final HashDb.KnownFilesType knownFilesType;
1073 private final int referenceSetID;
1074 private final String version;
1075 private String orgName;
1076 private final boolean readOnly;
1077 private final PropertyChangeSupport propertyChangeSupport =
new PropertyChangeSupport(
this);
1079 @Messages({
"HashDbManager.CentralRepoHashDb.orgError=Error loading organization"})
1080 private CentralRepoHashSet(String hashSetName, String version,
int referenceSetID,
1081 boolean useForIngest,
boolean sendHitMessages, HashDb.KnownFilesType knownFilesType,
1083 throws TskCoreException{
1084 this.hashSetName = hashSetName;
1085 this.version = version;
1086 this.referenceSetID = referenceSetID;
1087 this.searchDuringIngest = useForIngest;
1088 this.sendIngestMessages = sendHitMessages;
1089 this.knownFilesType = knownFilesType;
1090 this.readOnly = readOnly;
1093 orgName = EamDb.getInstance().getReferenceSetOrganization(referenceSetID).getName();
1094 }
catch (EamDbException ex){
1095 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error looking up central repository organization for reference set " + referenceSetID, ex);
1096 orgName = Bundle.HashDbManager_CentralRepoHashDb_orgError();
1108 propertyChangeSupport.addPropertyChangeListener(pcl);
1118 propertyChangeSupport.removePropertyChangeListener(pcl);
1132 public String getDisplayName(){
1133 if(! getVersion().isEmpty()){
1140 String getVersion(){
1144 String getOrgName(){
1148 int getReferenceSetID(){
1149 return referenceSetID;
1164 return knownFilesType;
1169 return searchDuringIngest;
1173 void setSearchDuringIngest(
boolean useForIngest) {
1174 this.searchDuringIngest = useForIngest;
1179 return sendIngestMessages;
1183 void setSendIngestMessages(
boolean showInboxMessages) {
1184 this.sendIngestMessages = showInboxMessages;
1195 public boolean isUpdateable() throws TskCoreException {
1196 return (! readOnly);
1208 public void addHashes(Content content)
throws TskCoreException {
1223 public void addHashes(Content content, String comment)
throws TskCoreException {
1225 assert content instanceof AbstractFile;
1226 if (content instanceof AbstractFile) {
1227 AbstractFile file = (AbstractFile) content;
1228 if (null != file.getMd5Hash()) {
1229 TskData.FileKnown type;
1230 if(knownFilesType.equals(HashDb.KnownFilesType.KNOWN_BAD)){
1231 type = TskData.FileKnown.BAD;
1233 type = TskData.FileKnown.KNOWN;
1237 EamGlobalFileInstance fileInstance =
new EamGlobalFileInstance(referenceSetID, file.getMd5Hash(),
1239 EamDb.getInstance().addReferenceInstance(fileInstance,EamDb.getInstance().getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID));
1240 }
catch (EamDbException ex){
1241 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1255 public void addHashes(List<HashEntry> hashes)
throws TskCoreException {
1256 Set<EamGlobalFileInstance> globalFileInstances =
new HashSet<>();
1257 for(HashEntry hashEntry:hashes){
1258 TskData.FileKnown type;
1259 if(knownFilesType.equals(HashDb.KnownFilesType.KNOWN_BAD)){
1260 type = TskData.FileKnown.BAD;
1262 type = TskData.FileKnown.KNOWN;
1265 globalFileInstances.add(
new EamGlobalFileInstance(referenceSetID, hashEntry.getMd5Hash(), type, hashEntry.getComment()));
1266 }
catch (EamDbException ex){
1267 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1272 EamDb.getInstance().bulkInsertReferenceTypeEntries(globalFileInstances,
1273 EamDb.getInstance().getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID));
1274 }
catch (EamDbException ex){
1275 throw new TskCoreException(
"Error adding hashes to " + getDisplayName(), ex);
1289 public boolean lookupMD5Quick(Content content)
throws TskCoreException {
1291 assert content instanceof AbstractFile;
1292 if (content instanceof AbstractFile) {
1293 AbstractFile file = (AbstractFile) content;
1294 if (null != file.getMd5Hash()) {
1296 return EamDb.getInstance().isFileHashInReferenceSet(file.getMd5Hash(), this.referenceSetID);
1297 }
catch (EamDbException ex){
1298 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error performing central reposiotry hash lookup for hash "
1299 + file.getMd5Hash() +
" in reference set " + referenceSetID, ex);
1300 throw new TskCoreException(
"Error performing central reposiotry hash lookup", ex);
1317 public HashHitInfo
lookupMD5(Content content)
throws TskCoreException {
1318 HashHitInfo result = null;
1320 assert content instanceof AbstractFile;
1321 if (content instanceof AbstractFile) {
1322 AbstractFile file = (AbstractFile) content;
1323 if (null != file.getMd5Hash()) {
1325 if(EamDb.getInstance().isFileHashInReferenceSet(file.getMd5Hash(), this.referenceSetID)){
1327 result =
new HashHitInfo(file.getMd5Hash(),
"",
"");
1329 }
catch (EamDbException ex){
1330 Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE,
"Error performing central reposiotry hash lookup for hash "
1331 + file.getMd5Hash() +
" in reference set " + referenceSetID, ex);
1332 throw new TskCoreException(
"Error performing central reposiotry hash lookup", ex);
1346 if(! EamDb.isEnabled()) {
1350 return EamDb.getInstance().referenceSetIsValid(this.referenceSetID, this.hashSetName, this.version);
1351 }
catch (EamDbException ex){
1352 Logger.getLogger(CentralRepoHashSet.class.getName()).log(Level.SEVERE,
"Error validating hash set " + hashSetName, ex);
1358 public void firePropertyChange(String propertyName, Object oldValue, Object newValue){
1359 this.propertyChangeSupport.firePropertyChange(propertyName, oldValue, newValue);
1364 return getDisplayName();
1369 public int hashCode() {
1371 code = 47 * code + Objects.hashCode(this.hashSetName);
1372 code = 47 * code + Objects.hashCode(this.version);
1373 code = 47 * code + Integer.hashCode(this.referenceSetID);
1374 code = 47 * code + Objects.hashCode(this.knownFilesType);
1379 public boolean equals(Object obj) {
1383 if (getClass() != obj.getClass()) {
1386 final CentralRepoHashSet other = (CentralRepoHashSet) obj;
1387 if (!Objects.equals(
this.hashSetName, other.hashSetName)) {
1390 if (!Objects.equals(
this.version, other.version)) {
1393 if (this.knownFilesType != other.knownFilesType) {
1405 private ProgressHandle progress = null;
1406 private SleuthkitHashSet hashDb = null;
1409 this.hashDb = hashDb;
1414 hashDb.setIndexing(
true);
1415 progress = ProgressHandle.createHandle(
1416 NbBundle.getMessage(
this.getClass(),
"HashDbManager.progress.indexingHashSet", hashDb.getHashSetName()));
1418 progress.switchToIndeterminate();
1420 SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.getHandle());
1421 }
catch (TskCoreException ex) {
1423 JOptionPane.showMessageDialog(null,
1424 NbBundle.getMessage(
this.getClass(),
1425 "HashDbManager.dlgMsg.errorIndexingHashSet",
1426 hashDb.getHashSetName()),
1427 NbBundle.getMessage(
this.getClass(),
"HashDbManager.hashDbIndexingErr"),
1428 JOptionPane.ERROR_MESSAGE);
1435 hashDb.setIndexing(
false);
1441 }
catch (InterruptedException | ExecutionException ex) {
1442 logger.log(Level.SEVERE,
"Error creating index", ex);
1444 NbBundle.getMessage(
this.getClass(),
"HashDbManager.errCreatingIndex.title"),
1445 NbBundle.getMessage(
this.getClass(),
"HashDbManager.errCreatingIndex.msg", ex.getMessage()),
1448 catch (java.util.concurrent.CancellationException ex) {
1452 hashDb.firePropertyChange(SleuthkitHashSet.Event.INDEXING_DONE.toString(), null, hashDb);
1454 }
catch (Exception e) {
1455 logger.log(Level.SEVERE,
"HashDbManager listener threw exception", e);
1457 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErr"),
1458 NbBundle.getMessage(
this.getClass(),
"HashDbManager.moduleErrorListeningToUpdatesMsg"),
CorrelationAttribute.Type getCorrelationTypeById(int typeId)
abstract boolean getSendIngestMessages()
Set< String > hashSetPaths
abstract String getIndexPath()
void configureSettings(HashLookupSettings settings)
static final Logger logger
static final String HASH_DATABASE_FILE_EXTENSON
void loadHashsetsConfiguration()
static synchronized IngestManager getInstance()
static boolean runningWithGUI
synchronized void addPropertyChangeListener(PropertyChangeListener listener)
HashDbManagerException(String message)
static final int FILES_TYPE_ID
abstract String getHashSetName()
List< HashDbInfo > getCentralRepoHashSetsFromDatabase()
boolean isIngestRunning()
static final long serialVersionUID
List< HashDb > getUpdateableHashSets(List< HashDb > hashDbs)
abstract String toString()
synchronized HashDb addNewHashDatabaseNoSave(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
HashDbManagerException(String message, Throwable exception)
synchronized void removeHashDatabase(HashDb hashDb)
KnownFilesType(String displayName)
boolean allDatabasesLoadedCorrectly
abstract void firePropertyChange(String propertyName, Object oldValue, Object newValue)
synchronized List< HashDb > getKnownBadFileHashSets()
static EamDb getInstance()
boolean hashDbInfoIsNew(HashDbInfo dbInfo)
synchronized void removeHashDatabaseNoSave(HashDb hashDb)
static HashDbManager instance
Set< String > hashSetNames
static synchronized HashDbManager getInstance()
String getValidFilePath(String hashSetName, String configuredPath)
static HashDb.KnownFilesType convertFileKnown(TskData.FileKnown fileKnown)
abstract HashDb.KnownFilesType getKnownFilesType()
List< EamGlobalSet > getAllReferenceSets(CorrelationAttribute.Type correlationType)
synchronized HashDb addNewHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
synchronized void removePropertyChangeListener(PropertyChangeListener listener)
static boolean isEnabled()
abstract HashHitInfo lookupMD5(Content content)
synchronized List< HashDb > getUpdateableHashSets()
synchronized List< HashDb > getAllHashSets()
abstract boolean isUpdateable()
abstract boolean lookupMD5Quick(Content content)
abstract String getDatabasePath()
void propertyChange(PropertyChangeEvent event)
void closeHashDatabases(List< HashDb > hashDatabases)
synchronized void loadLastSavedConfiguration()
abstract void addPropertyChangeListener(PropertyChangeListener pcl)
synchronized static Logger getLogger(String name)
static void show(String title, String message, MessageType type, ActionListener actionListener)
abstract boolean hasIndexOnly()
SleuthkitHashSet addHashDatabase(int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
abstract boolean getSearchDuringIngest()
void updateHashSetsFromCentralRepository()
synchronized List< HashDb > getKnownFileHashSets()
synchronized HashDb addExistingHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
abstract void addHashes(Content content)
abstract void removePropertyChangeListener(PropertyChangeListener pcl)