19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import com.google.common.util.concurrent.ThreadFactoryBuilder;
22 import java.beans.PropertyChangeEvent;
23 import java.beans.PropertyChangeListener;
24 import java.util.List;
25 import java.util.concurrent.ExecutorService;
26 import java.util.concurrent.Executors;
27 import java.util.logging.Level;
28 import java.util.stream.Collectors;
29 import org.openide.util.NbBundle.Messages;
61 @Messages({
"caseeventlistener.evidencetag=Evidence"})
62 final class CaseEventListener implements PropertyChangeListener {
65 private final ExecutorService jobProcessingExecutor;
66 private static final String CASE_EVENT_THREAD_NAME =
"Case-Event-Listener-%d";
69 jobProcessingExecutor = Executors.newSingleThreadExecutor(
new ThreadFactoryBuilder().setNameFormat(CASE_EVENT_THREAD_NAME).build());
77 public void propertyChange(PropertyChangeEvent evt) {
82 LOGGER.log(Level.SEVERE,
"Failed to get instance of db manager.", ex);
85 switch (
Case.
Events.valueOf(evt.getPropertyName())) {
86 case CONTENT_TAG_ADDED:
87 case CONTENT_TAG_DELETED: {
88 jobProcessingExecutor.submit(
new ContentTagTask(dbManager, evt));
92 case BLACKBOARD_ARTIFACT_TAG_DELETED:
93 case BLACKBOARD_ARTIFACT_TAG_ADDED: {
94 jobProcessingExecutor.submit(
new BlackboardTagTask(dbManager, evt));
98 case DATA_SOURCE_ADDED: {
99 jobProcessingExecutor.submit(
new DataSourceAddedTask(dbManager, evt));
102 case TAG_DEFINITION_CHANGED: {
103 jobProcessingExecutor.submit(
new TagDefinitionChangeTask(evt));
107 jobProcessingExecutor.submit(
new CurrentCaseTask(dbManager, evt));
116 private final PropertyChangeEvent
event;
130 TskData.FileKnown knownStatus;
136 final ContentTag tagAdded = tagAddedEvent.getAddedTag();
139 if (tagAdded.getContent() instanceof AbstractFile) {
140 af = (AbstractFile) tagAdded.getContent();
141 knownStatus = TskData.FileKnown.BAD;
142 comment = tagAdded.getComment();
144 LOGGER.log(Level.WARNING,
"Error updating non-file object");
171 .map(tag -> tag.getName().getDisplayName())
173 .collect(Collectors.toList())
177 if (content instanceof AbstractFile) {
178 af = (AbstractFile) content;
179 knownStatus = TskData.FileKnown.UNKNOWN;
182 LOGGER.log(Level.WARNING,
"Error updating non-file object");
190 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
196 knownStatus, comment);
198 if (eamArtifact != null) {
203 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
212 private final PropertyChangeEvent
event;
226 BlackboardArtifact bbArtifact;
227 TskData.FileKnown knownStatus;
233 final BlackboardArtifactTag tagAdded = tagAddedEvent.getAddedTag();
236 content = tagAdded.getContent();
237 bbArtifact = tagAdded.getArtifact();
238 knownStatus = TskData.FileKnown.BAD;
239 comment = tagAdded.getComment();
249 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
273 .map(tag -> tag.getName().getDisplayName())
275 .collect(Collectors.toList())
279 knownStatus = TskData.FileKnown.UNKNOWN;
286 }
catch (TskCoreException ex) {
287 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
292 if ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN)) {
298 eamArtifact.getInstances().get(0).setComment(comment);
302 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database while setting artifact known status.", ex);
311 private final PropertyChangeEvent
event;
323 String modifiedTagName = (String) event.getOldValue();
334 for (BlackboardArtifactTag bbTag : artifactTags) {
336 boolean hasTagWithConflictingKnownStatus =
false;
340 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
341 Content content = bbTag.getContent();
344 if ((content instanceof AbstractFile) && (((AbstractFile) content).getKnown() == TskData.FileKnown.KNOWN)) {
348 BlackboardArtifact bbArtifact = bbTag.getArtifact();
352 for (BlackboardArtifactTag t : tags) {
354 if (t.getName().equals(tagName)) {
358 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
360 hasTagWithConflictingKnownStatus =
true;
366 if (!hasTagWithConflictingKnownStatus) {
379 for (ContentTag contentTag : fileTags) {
381 boolean hasTagWithConflictingKnownStatus =
false;
385 if (tagName.getKnownStatus() == TskData.FileKnown.UNKNOWN) {
386 Content content = contentTag.getContent();
390 for (ContentTag t : tags) {
392 if (t.getName().equals(tagName)) {
396 if (TskData.FileKnown.BAD == t.getName().getKnownStatus()) {
398 hasTagWithConflictingKnownStatus =
true;
404 if (!hasTagWithConflictingKnownStatus) {
406 tagName.getKnownStatus(),
"");
407 if (eamArtifact != null) {
412 }
catch (TskCoreException ex) {
413 LOGGER.log(Level.SEVERE,
"Cannot update known status in central repository for tag: " + modifiedTagName, ex);
415 LOGGER.log(Level.SEVERE,
"Cannot get central repository for tag: " + modifiedTagName, ex);
417 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
425 private final PropertyChangeEvent
event;
441 LOGGER.log(Level.SEVERE,
"Exception while getting open case.", ex);
446 Content newDataSource = dataSourceAddedEvent.
getDataSource();
449 String deviceId = openCase.
getSleuthkitCase().getDataSource(newDataSource.getId()).getDeviceId();
451 if (null == correlationCase) {
452 correlationCase = dbManager.
newCase(openCase);
454 if (null == dbManager.
getDataSource(correlationCase, deviceId)) {
458 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
459 }
catch (TskCoreException | TskDataException ex) {
460 LOGGER.log(Level.SEVERE,
"Error getting data source from DATA_SOURCE_ADDED event content.", ex);
468 private final PropertyChangeEvent
event;
481 if ((null == event.getOldValue()) && (event.getNewValue() instanceof
Case)) {
482 Case curCase = (
Case) event.getNewValue();
492 if (dbManager.
getCase(curCase) == null) {
496 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
CorrelationDataSource getDataSource(CorrelationCase correlationCase, String dataSourceDeviceId)
static CorrelationAttribute getCorrelationAttributeFromContent(Content content, TskData.FileKnown knownStatus, String comment)
final PropertyChangeEvent event
DataSourceAddedTask(EamDb db, PropertyChangeEvent evt)
CorrelationCase newCase(CorrelationCase eamCase)
static Case getOpenCase()
DeletedBlackboardArtifactTagInfo getDeletedTagInfo()
static CorrelationDataSource fromTSKDataSource(CorrelationCase correlationCase, Content dataSource)
TagDefinitionChangeTask(PropertyChangeEvent evt)
static void shutDownTaskExecutor(ExecutorService executor)
ContentTagTask(EamDb db, PropertyChangeEvent evt)
TagsManager getTagsManager()
void setArtifactInstanceKnownStatus(CorrelationAttribute eamArtifact, TskData.FileKnown knownStatus)
static EamDb getInstance()
CurrentCaseTask(EamDb db, PropertyChangeEvent evt)
static boolean isEnabled()
SleuthkitCase getSleuthkitCase()
BLACKBOARD_ARTIFACT_TAG_ADDED
CorrelationCase getCase(Case autopsyCase)
BlackboardTagTask(EamDb db, PropertyChangeEvent evt)
synchronized static Logger getLogger(String name)
final PropertyChangeEvent event
final PropertyChangeEvent event
DeletedContentTagInfo getDeletedTagInfo()
final PropertyChangeEvent event
void newDataSource(CorrelationDataSource eamDataSource)
static List< CorrelationAttribute > getCorrelationAttributeFromBlackboardArtifact(BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
final PropertyChangeEvent event