api-docs/4.19.1/_message_artifact_worker_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2021 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.contentviewers.artifactviewers;


 import java.util.Collection;

 import java.util.HashMap;

 import java.util.HashSet;

 import java.util.Map;

 import java.util.Optional;

 import java.util.Set;

 import java.util.logging.Level;

 import javax.swing.SwingWorker;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT;

 import org.sleuthkit.datamodel.Content;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;

 import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;


 class MessageArtifactWorker extends SwingWorker<MessageArtifactWorker.MesssageArtifactData, Void> {


     private BlackboardArtifact artifact;

     private static final Logger logger = Logger.getLogger(MessageArtifactWorker.class.getName());


     private static final BlackboardAttribute.Type TSK_ASSOCIATED_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT);


     MessageArtifactWorker(BlackboardArtifact artifact) {

         this.artifact = artifact;

     }


     @Override

     protected MesssageArtifactData doInBackground() throws Exception {

         /*

          * If the artifact is a keyword hit, use the associated artifact as the

          * one to show in this viewer

          */

         if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) {

             try {

                 getAssociatedArtifact(artifact).ifPresent(associatedArtifact -> {

                     this.artifact = associatedArtifact;

                 });

             } catch (TskCoreException ex) {

                 logger.log(Level.SEVERE, "error getting associated artifact", ex);

             }

         }


         Map<BlackboardAttribute.Type, BlackboardAttribute> map = getAttributesForArtifact(artifact);

         Set<MessageAttachments.Attachment> attachements = getAttachments(artifact);


         if (isCancelled()) {

             return null;

         }


         return new MesssageArtifactData(artifact, map, attachements);

     }


     static private Map<BlackboardAttribute.Type, BlackboardAttribute> getAttributesForArtifact(BlackboardArtifact artifact) throws TskCoreException {

         Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap = new HashMap<>();

         for (BlackboardAttribute attribute : artifact.getAttributes()) {

             attributeMap.put(attribute.getAttributeType(), attribute);

         }


         return attributeMap;

     }


     private Set<MessageAttachments.Attachment> getAttachments(BlackboardArtifact art) throws TskCoreException {


         final Set<MessageAttachments.Attachment> attachments = new HashSet<>();


         //  Attachments are specified in an attribute TSK_ATTACHMENTS as JSON attribute

         BlackboardAttribute attachmentsAttr = art.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS));

         if (attachmentsAttr != null) {

             try {

                 MessageAttachments msgAttachments = BlackboardJsonAttrUtil.fromAttribute(attachmentsAttr, MessageAttachments.class);

                 Collection<MessageAttachments.FileAttachment> fileAttachments = msgAttachments.getFileAttachments();

                 for (MessageAttachments.FileAttachment fileAttachment : fileAttachments) {

                     attachments.add(fileAttachment);

                 }

                 Collection<MessageAttachments.URLAttachment> urlAttachments = msgAttachments.getUrlAttachments();

                 for (MessageAttachments.URLAttachment urlAttachment : urlAttachments) {

                     attachments.add(urlAttachment);

                 }

             } catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {

                 logger.log(Level.WARNING, String.format("Unable to parse json for MessageAttachments object in artifact: %s", art.getName()), ex);

             }

         } else {    // For backward compatibility - email attachements are derived files and children of the email message artifact

             for (Content child : art.getChildren()) {

                 if (child instanceof AbstractFile) {

                     attachments.add(new MessageAttachments.FileAttachment((AbstractFile) child));

                 }

             }

         }


         return attachments;

     }


     static Optional<BlackboardArtifact> getAssociatedArtifact(final BlackboardArtifact artifact) throws TskCoreException {

         BlackboardAttribute attribute = artifact.getAttribute(TSK_ASSOCIATED_TYPE);

         if (attribute != null) {

             return Optional.of(artifact.getSleuthkitCase().getArtifactByArtifactId(attribute.getValueLong()));

         }

         return Optional.empty();

     }


     static class MesssageArtifactData {


         private final BlackboardArtifact artifact;

         private final Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap;

         private final Set<MessageAttachments.Attachment> attachements;


         MesssageArtifactData(BlackboardArtifact artifact, Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap, Set<MessageAttachments.Attachment> attachements) {

             this.artifact = artifact;

             this.attributeMap = attributeMap;

             this.attachements = attachements;

         }


         BlackboardArtifact getArtifact() {

             return artifact;

         }


         Map<BlackboardAttribute.Type, BlackboardAttribute> getAttributeMap() {

             return attributeMap;

         }


         Set<MessageAttachments.Attachment> getAttachements() {

             return attachements;

         }


         String getAttributeDisplayString(BlackboardAttribute.ATTRIBUTE_TYPE attributeType) {

             BlackboardAttribute attribute = attributeMap.get(new BlackboardAttribute.Type(attributeType));

             if (attribute != null) {

                 return attribute.getDisplayString();

             }


             return "";

         }

     }

 }

org.sleuthkit

org

org.sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy