ContextViewer.java

Go to the documentation of this file.

/*
 * Autopsy Forensic Browser
 *
 * Copyright 2019 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.autopsy.contentviewers.contextviewer;

import java.awt.Component;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import org.apache.commons.lang.StringUtils;
import org.openide.nodes.Node;
import org.openide.util.NbBundle;
import org.openide.util.lookup.ServiceProvider;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;

@ServiceProvider(service = DataContentViewer.class, position = 7)
public final class ContextViewer extends javax.swing.JPanel implements DataContentViewer {

    private static final long serialVersionUID = 1L;
    private static final Logger logger = Logger.getLogger(ContextViewer.class.getName());
    private static final int ARTIFACT_STR_MAX_LEN = 1024;
    private static final int ATTRIBUTE_STR_MAX_LEN = 200;

    // defines a list of artifacts that provide context for a file
    private static final List<BlackboardArtifact.ARTIFACT_TYPE> SOURCE_CONTEXT_ARTIFACTS = new ArrayList<>();

    static {
        SOURCE_CONTEXT_ARTIFACTS.add(TSK_ASSOCIATED_OBJECT);
    }

    private BlackboardArtifact sourceContextArtifact;

    public ContextViewer() {

        initComponents();
    }

    @SuppressWarnings("unchecked")
    // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
    private void initComponents() {

        jSourceGoToResultButton = new javax.swing.JButton();
        jSourceLabel = new javax.swing.JLabel();
        jSourceNameLabel = new javax.swing.JLabel();
        jSourceTextLabel = new javax.swing.JLabel();

        setBackground(new java.awt.Color(255, 255, 255));

        org.openide.awt.Mnemonics.setLocalizedText(jSourceGoToResultButton, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jSourceGoToResultButton.text")); // NOI18N
        jSourceGoToResultButton.addActionListener(new java.awt.event.ActionListener() {
            public void actionPerformed(java.awt.event.ActionEvent evt) {
                jSourceGoToResultButtonActionPerformed(evt);
            }
        });

        jSourceLabel.setFont(new java.awt.Font("Dialog", 1, 14)); // NOI18N
        org.openide.awt.Mnemonics.setLocalizedText(jSourceLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jSourceLabel.text")); // NOI18N

        org.openide.awt.Mnemonics.setLocalizedText(jSourceNameLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jSourceNameLabel.text")); // NOI18N

        org.openide.awt.Mnemonics.setLocalizedText(jSourceTextLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jSourceTextLabel.text")); // NOI18N

        javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
        this.setLayout(layout);
        layout.setHorizontalGroup(
            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
            .addGroup(layout.createSequentialGroup()
                .addContainerGap()
                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
                    .addGroup(layout.createSequentialGroup()
                        .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
                            .addComponent(jSourceLabel)
                            .addGroup(layout.createSequentialGroup()
                                .addGap(6, 6, 6)
                                .addComponent(jSourceNameLabel)
                                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                                .addComponent(jSourceTextLabel, javax.swing.GroupLayout.DEFAULT_SIZE, 192, Short.MAX_VALUE)))
                        .addGap(36, 36, 36))
                    .addGroup(layout.createSequentialGroup()
                        .addComponent(jSourceGoToResultButton)
                        .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
        );
        layout.setVerticalGroup(
            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
            .addGroup(layout.createSequentialGroup()
                .addContainerGap()
                .addComponent(jSourceLabel)
                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
                    .addComponent(jSourceNameLabel)
                    .addComponent(jSourceTextLabel))
                .addGap(18, 18, 18)
                .addComponent(jSourceGoToResultButton)
                .addGap(0, 203, Short.MAX_VALUE))
        );
    }// </editor-fold>//GEN-END:initComponents

    private void jSourceGoToResultButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jSourceGoToResultButtonActionPerformed

        final DirectoryTreeTopComponent dtc = DirectoryTreeTopComponent.findInstance();

        // Navigate to the source context artifact.
        if (sourceContextArtifact != null) {
            dtc.viewArtifact(sourceContextArtifact);
        }

    }//GEN-LAST:event_jSourceGoToResultButtonActionPerformed

    @Override
    public void setNode(Node selectedNode) {
        if ((selectedNode == null) || (!isSupported(selectedNode))) {
            resetComponent();
            return;
        }

        AbstractFile file = selectedNode.getLookup().lookup(AbstractFile.class);
        try {
            populateSourceContextData(file);
        } catch (NoCurrentCaseException | TskCoreException ex) {
            logger.log(Level.SEVERE, String.format("Exception displaying context for file %s", file.getName()), ex); //NON-NLS
        }
    }

    @NbBundle.Messages({
        "ContextViewer.title=Context",
        "ContextViewer.toolTip=Displays context for selected file."
    })

    @Override
    public String getTitle() {
        return Bundle.ContextViewer_title();
    }

    @Override
    public String getToolTip() {
        return Bundle.ContextViewer_toolTip();
    }

    @Override
    public DataContentViewer createInstance() {
        return new ContextViewer();
    }

    @Override
    public Component getComponent() {
        return this;
    }

    @Override
    public void resetComponent() {
        jSourceGoToResultButton.setVisible(false);
        setSourceName("");
        setSourceText("");
    }

    @Override
    public boolean isSupported(Node node) {

        // check if the node has an abstract file and the file has any context defining artifacts.
        if (node.getLookup().lookup(AbstractFile.class) != null) {
            AbstractFile abstractFile = node.getLookup().lookup(AbstractFile.class);
            for (BlackboardArtifact.ARTIFACT_TYPE artifactType : SOURCE_CONTEXT_ARTIFACTS) {
                List<BlackboardArtifact> artifactsList;
                try {
                    artifactsList = abstractFile.getArtifacts(artifactType);
                    if (!artifactsList.isEmpty()) {
                        return true;
                    }
                } catch (TskCoreException ex) {
                    logger.log(Level.SEVERE, String.format("Exception while looking up context artifacts for file %s", abstractFile), ex); //NON-NLS
                }
            }

        }

        return false;
    }

    @Override
    public int isPreferred(Node node) {
        // this is a low preference viewer.
        return 1;
    }

    private void populateSourceContextData(AbstractFile sourceFile) throws NoCurrentCaseException, TskCoreException {

        SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();

        // Check for all context artifacts
        boolean foundASource = false;
        for (BlackboardArtifact.ARTIFACT_TYPE artifactType : SOURCE_CONTEXT_ARTIFACTS) {
            List<BlackboardArtifact> artifactsList = tskCase.getBlackboardArtifacts(artifactType, sourceFile.getId());

            foundASource = !artifactsList.isEmpty();
            for (BlackboardArtifact contextArtifact : artifactsList) {
                addSourceEntry(contextArtifact);
            }
        }
        jSourceGoToResultButton.setVisible(true);
        if (foundASource == false) {
            setSourceName("Unknown");
            showSourceText(false);
        }

    }

    private void addSourceEntry(BlackboardArtifact artifact) throws TskCoreException {
        if (BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID() == artifact.getArtifactTypeID()) {
            BlackboardAttribute associatedArtifactAttribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT));
            if (associatedArtifactAttribute != null) {
                long artifactId = associatedArtifactAttribute.getValueLong();
                BlackboardArtifact associatedArtifact = artifact.getSleuthkitCase().getBlackboardArtifact(artifactId);

                //save the artifact for "Go to Result" button
                sourceContextArtifact = associatedArtifact;

                setSourceFields(associatedArtifact);
            }
        }
    }

    @NbBundle.Messages({
        "ContextViewer.attachmentSource=Attached to: ",
        "ContextViewer.downloadSource=Downloaded from: "
    })
    private void setSourceFields(BlackboardArtifact associatedArtifact) throws TskCoreException {
        if (BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID() == associatedArtifact.getArtifactTypeID()
                || BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID() == associatedArtifact.getArtifactTypeID()) {

            setSourceName(Bundle.ContextViewer_attachmentSource());
            setSourceText(msgArtifactToAbbreviatedString(associatedArtifact));

        } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID() == associatedArtifact.getArtifactTypeID()
                || BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE.getTypeID() == associatedArtifact.getArtifactTypeID()) {

            setSourceName(Bundle.ContextViewer_downloadSource());
            setSourceText(webDownloadArtifactToString(associatedArtifact));
        }
    }

    private void setSourceName(String nameLabel) {
        jSourceNameLabel.setText(nameLabel);
    }

    private void setSourceText(String text) {
        jSourceTextLabel.setText(text);
        showSourceText(!text.isEmpty());
    }

    private void showSourceText(boolean show) {
        jSourceTextLabel.setVisible(show);
        jSourceGoToResultButton.setEnabled(show);
        jSourceLabel.setVisible(show);
    }

    @NbBundle.Messages({
        "ContextViewer.downloadURL=URL",
        "ContextViewer.downloadedOn=On"
    })
    private String webDownloadArtifactToString(BlackboardArtifact artifact) throws TskCoreException {
        StringBuilder sb = new StringBuilder(ARTIFACT_STR_MAX_LEN);
        Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap = getAttributesMap(artifact);

        if (BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID() == artifact.getArtifactTypeID()
                || BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE.getTypeID() == artifact.getArtifactTypeID()) {
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, attributesMap, Bundle.ContextViewer_downloadURL());
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, attributesMap, Bundle.ContextViewer_downloadedOn());
        }
        return sb.toString();
    }

    @NbBundle.Messages({
        "ContextViewer.message=Message",
        "ContextViewer.email=Email",
        "ContextViewer.messageFrom=From",
        "ContextViewer.messageTo=To",
        "ContextViewer.messageOn=On",})
    private String msgArtifactToAbbreviatedString(BlackboardArtifact artifact) throws TskCoreException {

        StringBuilder sb = new StringBuilder(ARTIFACT_STR_MAX_LEN);
        Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap = getAttributesMap(artifact);

        if (BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID() == artifact.getArtifactTypeID()) {
            sb.append(Bundle.ContextViewer_message()).append(' ');
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, attributesMap, Bundle.ContextViewer_messageFrom());
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, attributesMap, Bundle.ContextViewer_messageTo());
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, attributesMap, Bundle.ContextViewer_messageOn());
        } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID() == artifact.getArtifactTypeID()) {
            sb.append(Bundle.ContextViewer_email()).append(' ');
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM, attributesMap, Bundle.ContextViewer_messageFrom());
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO, attributesMap, Bundle.ContextViewer_messageTo());
            appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT, attributesMap, Bundle.ContextViewer_messageOn());
        }
        return sb.toString();
    }

    private void appendAttributeString(StringBuilder sb, BlackboardAttribute.ATTRIBUTE_TYPE attribType,
            Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap, String prependStr) {

        BlackboardAttribute attribute = attributesMap.get(attribType);
        if (attribute != null) {
            String attrVal = attribute.getDisplayString();
            if (!StringUtils.isEmpty(attrVal)) {
                if (!StringUtils.isEmpty(prependStr)) {
                    sb.append(prependStr).append(' ');
                }
                sb.append(StringUtils.abbreviate(attrVal, ATTRIBUTE_STR_MAX_LEN)).append(' ');
            }
        }
    }

    private Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> getAttributesMap(BlackboardArtifact artifact) throws TskCoreException {
        Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributeMap = new HashMap<>();

        List<BlackboardAttribute> attributeList = artifact.getAttributes();
        for (BlackboardAttribute attribute : attributeList) {
            BlackboardAttribute.ATTRIBUTE_TYPE type = BlackboardAttribute.ATTRIBUTE_TYPE.fromID(attribute.getAttributeType().getTypeID());
            attributeMap.put(type, attribute);
        }

        return attributeMap;
    }


    // Variables declaration - do not modify//GEN-BEGIN:variables
    private javax.swing.JButton jSourceGoToResultButton;
    private javax.swing.JLabel jSourceLabel;
    private javax.swing.JLabel jSourceNameLabel;
    private javax.swing.JLabel jSourceTextLabel;
    // End of variables declaration//GEN-END:variables
}