api-docs/4.9.0/_correlation_attribute_normalizer_8java_source.html

 /*

  *

  * Autopsy Forensic Browser

  *

  * Copyright 2018 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.centralrepository.datamodel;


 import java.util.List;

 import java.util.Optional;

 import org.apache.commons.validator.routines.DomainValidator;

 import org.apache.commons.validator.routines.EmailValidator;


 final public class CorrelationAttributeNormalizer {


     //common seperators that may be removed for normalizing

     private static final String SEPERATORS_REGEX = "[\\s-:]";


     private CorrelationAttributeNormalizer() {

     }


     public static String normalize(CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException {


         if (attributeType == null) {

             throw new CorrelationAttributeNormalizationException("Attribute type was null.");

         }

         if (data == null) {

             throw new CorrelationAttributeNormalizationException("Data was null.");

         }


         String trimmedData = data.trim();


         switch (attributeType.getId()) {

             case CorrelationAttributeInstance.FILES_TYPE_ID:

                 return normalizeMd5(trimmedData);

             case CorrelationAttributeInstance.DOMAIN_TYPE_ID:

                 return normalizeDomain(trimmedData);

             case CorrelationAttributeInstance.EMAIL_TYPE_ID:

                 return normalizeEmail(trimmedData);

             case CorrelationAttributeInstance.PHONE_TYPE_ID:

                 return normalizePhone(trimmedData);

             case CorrelationAttributeInstance.USBID_TYPE_ID:

                 return normalizeUsbId(trimmedData);

             case CorrelationAttributeInstance.SSID_TYPE_ID:

                 return verifySsid(trimmedData);

             case CorrelationAttributeInstance.MAC_TYPE_ID:

                 return normalizeMac(trimmedData);

             case CorrelationAttributeInstance.IMEI_TYPE_ID:

                 return normalizeImei(trimmedData);

             case CorrelationAttributeInstance.IMSI_TYPE_ID:

                 return normalizeImsi(trimmedData);

             case CorrelationAttributeInstance.ICCID_TYPE_ID:

                 return normalizeIccid(trimmedData);


             default:

                 final String errorMessage = String.format(

                         "Validator function not found for attribute type: %s",

                         attributeType.getDisplayName());

                 throw new CorrelationAttributeNormalizationException(errorMessage);

         }

     }


     public static String normalize(int attributeTypeId, String data) throws CorrelationAttributeNormalizationException {

         try {

             List<CorrelationAttributeInstance.Type> defaultTypes = CorrelationAttributeInstance.getDefaultCorrelationTypes();

             Optional<CorrelationAttributeInstance.Type> typeOption = defaultTypes.stream().filter(attributeType -> attributeType.getId() == attributeTypeId).findAny();


             if (typeOption.isPresent()) {

                 CorrelationAttributeInstance.Type type = typeOption.get();

                 return CorrelationAttributeNormalizer.normalize(type, data);

             } else {

                 throw new CorrelationAttributeNormalizationException(String.format("Given attributeTypeId did not correspond to any known Attribute: %s", attributeTypeId));

             }

         } catch (EamDbException ex) {

             throw new CorrelationAttributeNormalizationException(ex);

         }

     }


     private static String normalizeMd5(String data) throws CorrelationAttributeNormalizationException {

         final String validMd5Regex = "^[a-f0-9]{32}$";

         final String dataLowered = data.toLowerCase();

         if (dataLowered.matches(validMd5Regex)) {

             return dataLowered;

         } else {

             throw new CorrelationAttributeNormalizationException(String.format("Data purporting to be an MD5 was found not to comform to expected format: %s", data));

         }

     }


     private static String normalizeDomain(String data) throws CorrelationAttributeNormalizationException {

         DomainValidator validator = DomainValidator.getInstance(true);

         if (validator.isValid(data)) {

             return data.toLowerCase();

         } else {

             final String validIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";

             if (data.matches(validIpAddressRegex)) {

                 return data;

             } else {

                 throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid domain: %s", data));

             }

         }

     }


     private static String normalizeEmail(String data) throws CorrelationAttributeNormalizationException {

         EmailValidator validator = EmailValidator.getInstance(true, true);

         if (validator.isValid(data)) {

             return data.toLowerCase();

         } else {

             throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid email address: %s", data));

         }

     }


     private static String normalizePhone(String data) throws CorrelationAttributeNormalizationException {

         if (data.matches("\\+?[0-9()\\-\\s]+")) {

             String phoneNumber = data.replaceAll("[^0-9\\+]", "");

             return phoneNumber;

         } else {

             throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid phone number: %s", data));

         }

     }


     private static String normalizeUsbId(String data) throws CorrelationAttributeNormalizationException {

         //TODO replace with correct usb id validation at a later date

         return data;

     }


     private static String verifySsid(String data) throws CorrelationAttributeNormalizationException {

         if (data.length() <= 32) {

             return data;

         } else {

             throw new CorrelationAttributeNormalizationException("Name provided was longer than the maximum valid SSID (32 characters). Name: " + data);

         }

     }


     private static String normalizeIccid(String data) throws CorrelationAttributeNormalizationException {

         final String validIccidRegex = "^89[f0-9]{17,22}$";

         final String iccidWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");

         if (iccidWithoutSeperators.matches(validIccidRegex)) {

             return iccidWithoutSeperators;

         } else {

             throw new CorrelationAttributeNormalizationException("Data provided was not a valid ICCID. : " + data);

         }

     }


     private static String normalizeImsi(String data) throws CorrelationAttributeNormalizationException {

         final String validImsiRegex = "^[0-9]{14,15}$";

         final String imsiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");

         if (imsiWithoutSeperators.matches(validImsiRegex)) {

             return imsiWithoutSeperators;

         } else {

             throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);

         }

     }


     private static String normalizeMac(String data) throws CorrelationAttributeNormalizationException {

         final String validMacRegex = "^([a-f0-9]{12}|[a-f0-9]{16})$";

         final String macWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");

         if (macWithoutSeperators.matches(validMacRegex)) {

             return macWithoutSeperators;

         } else {

             throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);

         }

     }


     private static String normalizeImei(String data) throws CorrelationAttributeNormalizationException {

         final String validImeiRegex = "^[0-9]{14,16}$";

         final String imeiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");

         if (imeiWithoutSeperators.matches(validImeiRegex)) {

             return imeiWithoutSeperators;

         } else {

             throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);

         }

     }

 }

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.SEPERATORS_REGEX
static final String SEPERATORS_REGEX
Definition: CorrelationAttributeNormalizer.java:34

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.EMAIL_TYPE_ID
static final int EMAIL_TYPE_ID
Definition: CorrelationAttributeInstance.java:215

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type
Definition: CorrelationAttributeInstance.java:259

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.USBID_TYPE_ID
static final int USBID_TYPE_ID
Definition: CorrelationAttributeInstance.java:217

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizePhone
static String normalizePhone(String data)
Definition: CorrelationAttributeNormalizer.java:164

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImsi
static String normalizeImsi(String data)
Definition: CorrelationAttributeNormalizer.java:251

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImei
static String normalizeImei(String data)
Definition: CorrelationAttributeNormalizer.java:304

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.ICCID_TYPE_ID
static final int ICCID_TYPE_ID
Definition: CorrelationAttributeInstance.java:222

org

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize
static String normalize(int attributeTypeId, String data)
Definition: CorrelationAttributeNormalizer.java:101

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes
static List< CorrelationAttributeInstance.Type > getDefaultCorrelationTypes()
Definition: CorrelationAttributeInstance.java:240

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMd5
static String normalizeMd5(String data)
Definition: CorrelationAttributeNormalizer.java:120

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMEI_TYPE_ID
static final int IMEI_TYPE_ID
Definition: CorrelationAttributeInstance.java:220

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMac
static String normalizeMac(String data)
Definition: CorrelationAttributeNormalizer.java:275

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer
Definition: CorrelationAttributeNormalizer.java:31

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize
static String normalize(CorrelationAttributeInstance.Type attributeType, String data)
Definition: CorrelationAttributeNormalizer.java:51

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeIccid
static String normalizeIccid(String data)
Definition: CorrelationAttributeNormalizer.java:224

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.DOMAIN_TYPE_ID
static final int DOMAIN_TYPE_ID
Definition: CorrelationAttributeInstance.java:214

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeDomain
static String normalizeDomain(String data)
Definition: CorrelationAttributeNormalizer.java:134

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.PHONE_TYPE_ID
static final int PHONE_TYPE_ID
Definition: CorrelationAttributeInstance.java:216

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.MAC_TYPE_ID
static final int MAC_TYPE_ID
Definition: CorrelationAttributeInstance.java:219

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMSI_TYPE_ID
static final int IMSI_TYPE_ID
Definition: CorrelationAttributeInstance.java:221

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.verifySsid
static String verifySsid(String data)
Definition: CorrelationAttributeNormalizer.java:194

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.CorrelationAttributeNormalizer
CorrelationAttributeNormalizer()
Definition: CorrelationAttributeNormalizer.java:39

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeEmail
static String normalizeEmail(String data)
Definition: CorrelationAttributeNormalizer.java:152

org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException
Definition: EamDbException.java:24

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.SSID_TYPE_ID
static final int SSID_TYPE_ID
Definition: CorrelationAttributeInstance.java:218

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeUsbId
static String normalizeUsbId(String data)
Definition: CorrelationAttributeNormalizer.java:176

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID
static final int FILES_TYPE_ID
Definition: CorrelationAttributeInstance.java:213

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance
Definition: CorrelationAttributeInstance.java:39

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException
Definition: CorrelationAttributeNormalizationException.java:25