19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import com.google.common.util.concurrent.ThreadFactoryBuilder;
22 import java.beans.PropertyChangeEvent;
23 import java.beans.PropertyChangeListener;
24 import java.util.List;
25 import java.util.concurrent.ExecutorService;
26 import java.util.concurrent.Executors;
27 import java.util.logging.Level;
28 import java.util.stream.Collectors;
29 import org.openide.util.NbBundle.Messages;
61 @Messages({
"caseeventlistener.evidencetag=Evidence"})
62 final class CaseEventListener implements PropertyChangeListener {
65 private final ExecutorService jobProcessingExecutor;
66 private static final String CASE_EVENT_THREAD_NAME =
"Case-Event-Listener-%d";
69 jobProcessingExecutor = Executors.newSingleThreadExecutor(
new ThreadFactoryBuilder().setNameFormat(CASE_EVENT_THREAD_NAME).build());
77 public void propertyChange(PropertyChangeEvent evt) {
82 LOGGER.log(Level.SEVERE,
"Failed to get instance of db manager.", ex);
85 switch (
Case.
Events.valueOf(evt.getPropertyName())) {
86 case CONTENT_TAG_ADDED:
87 case CONTENT_TAG_DELETED: {
88 jobProcessingExecutor.submit(
new ContentTagTask(dbManager, evt));
92 case BLACKBOARD_ARTIFACT_TAG_DELETED:
93 case BLACKBOARD_ARTIFACT_TAG_ADDED: {
94 jobProcessingExecutor.submit(
new BlackboardTagTask(dbManager, evt));
98 case DATA_SOURCE_ADDED: {
99 jobProcessingExecutor.submit(
new DataSourceAddedTask(dbManager, evt));
102 case TAG_DEFINITION_CHANGED: {
103 jobProcessingExecutor.submit(
new TagDefinitionChangeTask(evt));
107 jobProcessingExecutor.submit(
new CurrentCaseTask(dbManager, evt));
116 private final PropertyChangeEvent
event;
130 TskData.FileKnown knownStatus;
136 final ContentTag tagAdded = tagAddedEvent.getAddedTag();
139 if (tagAdded.getContent() instanceof AbstractFile) {
140 af = (AbstractFile) tagAdded.getContent();
141 knownStatus = TskData.FileKnown.BAD;
142 comment = tagAdded.getComment();
144 LOGGER.log(Level.WARNING,
"Error updating non-file object");
171 .map(tag -> tag.getName().getDisplayName())
173 .collect(Collectors.toList())
177 if (content instanceof AbstractFile) {
178 af = (AbstractFile) content;
179 knownStatus = TskData.FileKnown.UNKNOWN;
182 LOGGER.log(Level.WARNING,
"Error updating non-file object");
190 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
197 if (eamArtifact != null) {
202 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
211 private final PropertyChangeEvent
event;
225 BlackboardArtifact bbArtifact;
226 TskData.FileKnown knownStatus;
232 final BlackboardArtifactTag tagAdded = tagAddedEvent.getAddedTag();
235 content = tagAdded.getContent();
236 bbArtifact = tagAdded.getArtifact();
237 knownStatus = TskData.FileKnown.BAD;
238 comment = tagAdded.getComment();
248 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
272 .map(tag -> tag.getName().getDisplayName())
274 .collect(Collectors.toList())
278 knownStatus = TskData.FileKnown.UNKNOWN;
285 }
catch (TskCoreException ex) {
286 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
291 if ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN)) {
297 eamArtifact.getInstances().get(0).setComment(comment);
301 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
310 private final PropertyChangeEvent
event;
322 String modifiedTagName = (String) event.getOldValue();
333 for (BlackboardArtifactTag bbTag : artifactTags) {
335 boolean hasTagWithConflictingKnownStatus =
false;
339 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
340 Content content = bbTag.getContent();
343 if ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN)) {
347 BlackboardArtifact bbArtifact = bbTag.getArtifact();
351 for (BlackboardArtifactTag t : tags) {
353 if (t.getName().equals(tagName)) {
357 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
359 hasTagWithConflictingKnownStatus =
true;
365 if (!hasTagWithConflictingKnownStatus) {
378 for (ContentTag contentTag : fileTags) {
380 boolean hasTagWithConflictingKnownStatus =
false;
384 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
385 Content content = contentTag.getContent();
389 for (ContentTag t : tags) {
391 if (t.getName().equals(tagName)) {
395 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
397 hasTagWithConflictingKnownStatus =
true;
403 if (!hasTagWithConflictingKnownStatus) {
405 if (eamArtifact != null) {
410 }
catch (TskCoreException ex) {
411 LOGGER.log(Level.SEVERE,
"Cannot update known status in central repository for tag: " + modifiedTagName, ex);
413 LOGGER.log(Level.SEVERE,
"Cannot get central repository for tag: " + modifiedTagName, ex);
415 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
423 private final PropertyChangeEvent
event;
439 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
444 Content newDataSource = dataSourceAddedEvent.
getDataSource();
447 String deviceId = openCase.
getSleuthkitCase().getDataSource(newDataSource.getId()).getDeviceId();
449 if (null == correlationCase) {
450 correlationCase = dbManager.
newCase(openCase);
452 if (null == dbManager.
getDataSource(correlationCase, deviceId)) {
456 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
457 }
catch (TskCoreException | TskDataException ex) {
458 LOGGER.log(Level.SEVERE,
"Error getting data source from DATA_SOURCE_ADDED event content.", ex);
466 private final PropertyChangeEvent
event;
479 if ((null == event.getOldValue()) && (event.getNewValue() instanceof
Case)) {
480 Case curCase = (
Case) event.getNewValue();
490 if (dbManager.
getCase(curCase) == null) {
494 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
CorrelationDataSource getDataSource(CorrelationCase correlationCase, String dataSourceDeviceId)
final PropertyChangeEvent event
DataSourceAddedTask(EamDb db, PropertyChangeEvent evt)
CorrelationCase newCase(CorrelationCase eamCase)
DeletedBlackboardArtifactTagInfo getDeletedTagInfo()
static CorrelationDataSource fromTSKDataSource(CorrelationCase correlationCase, Content dataSource)
TagDefinitionChangeTask(PropertyChangeEvent evt)
static void shutDownTaskExecutor(ExecutorService executor)
ContentTagTask(EamDb db, PropertyChangeEvent evt)
TagsManager getTagsManager()
void setArtifactInstanceKnownStatus(CorrelationAttribute eamArtifact, TskData.FileKnown knownStatus)
static EamDb getInstance()
CurrentCaseTask(EamDb db, PropertyChangeEvent evt)
static CorrelationAttribute makeCorrelationAttributeFromContent(Content content)
static boolean isEnabled()
SleuthkitCase getSleuthkitCase()
BLACKBOARD_ARTIFACT_TAG_ADDED
CorrelationCase getCase(Case autopsyCase)
BlackboardTagTask(EamDb db, PropertyChangeEvent evt)
synchronized static Logger getLogger(String name)
static Case getCurrentCaseThrows()
final PropertyChangeEvent event
final PropertyChangeEvent event
DeletedContentTagInfo getDeletedTagInfo()
final PropertyChangeEvent event
void newDataSource(CorrelationDataSource eamDataSource)
static List< CorrelationAttribute > getCorrelationAttributeFromBlackboardArtifact(BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
final PropertyChangeEvent event