@Override
public boolean isPreferred(Node node, boolean isSupported) {
BlackboardArtifact art = node.getLookup().lookup(BlackboardArtifact.class);
return isSupported
&& (art == null
|| art.getArtifactTypeID()
== BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID());
}
/**
* Get the artifact for a result tag.
*
* @param tagArtifactId artifact id of the tag
* @return the tag's artifact
*/
static BlackboardArtifact getArtifactFromTag(long tagArtifactId) {
try {
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
BlackboardArtifact artifact = skCase.getBlackboardArtifact(tagArtifactId);
if (artifact.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
|| artifact.getArtifactTypeID()
== BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID()) {
List<BlackboardAttribute> attributes = artifact.getAttributes();
for (BlackboardAttribute att : attributes) {
if (att.getAttributeTypeID()
== BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID()) {
return skCase.getBlackboardArtifact(att.getValueLong());
}
}
}
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to get artifact " + tagArtifactId + " from case.");
}
return null;
}
/**
* Looks up the tag names associated with either a tagged artifact or a tag artifact.
*
* @param artifact The artifact
* @return A set of unique tag names
*/
public static HashSet<String> getUniqueTagNames(BlackboardArtifact artifact) {
return getUniqueTagNames(artifact.getArtifactID(), artifact.getArtifactTypeID());
}
@Override
protected Node createNodeForKey(final BlackboardArtifact artifact) {
// create node with action
BlackboardArtifactNode tagNode = null;
String iconPath;
if (tagName.equals(BOOKMARK_TAG_NAME)) {
iconPath = BOOKMARK_ICON_PATH;
} else {
iconPath = TAG_ICON_PATH;
}
// create actions here where Tag logic belongs
// instead of DataResultFilterNode w/visitors, which is much less pluggable and cluttered
if (tagType.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT)) {
// in case of result tag, add a action by sublcassing bb art node
// this action will be merged with other actions set DataResultFIlterNode
// otherwise in case of
tagNode =
new BlackboardArtifactNode(artifact, iconPath) {
@Override
public Action[] getActions(boolean bln) {
// Action [] actions = super.getActions(bln); //To change body of generated methods,
// choose Tools | Templates.
Action[] actions = new Action[1];
actions[0] =
new AbstractAction("View Source Result") {
@Override
public void actionPerformed(ActionEvent e) {
// open the source artifact in dir tree
BlackboardArtifact sourceArt =
Tags.getArtifactFromTag(artifact.getArtifactID());
if (sourceArt != null) {
BlackboardResultViewer v =
Lookup.getDefault().lookup(BlackboardResultViewer.class);
v.viewArtifact(sourceArt);
}
}
};
return actions;
}
};
} else {
// for file tag, don't subclass to add the additional actions
tagNode = new BlackboardArtifactNode(artifact, iconPath);
}
// add some additional node properties
int artifactTypeID = artifact.getArtifactTypeID();
final String NO_DESCR = "no description";
if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID()) {
BlackboardArtifact sourceResult = Tags.getArtifactFromTag(artifact.getArtifactID());
String resultType = sourceResult.getDisplayName();
NodeProperty resultTypeProp =
new NodeProperty("Source Result Type", "Result Type", NO_DESCR, resultType);
tagNode.addNodeProperty(resultTypeProp);
}
try {
// add source path property
final AbstractFile sourceFile = skCase.getAbstractFileById(artifact.getObjectID());
final String sourcePath = sourceFile.getUniquePath();
NodeProperty sourcePathProp =
new NodeProperty("Source File Path", "Source File Path", NO_DESCR, sourcePath);
tagNode.addNodeProperty(sourcePathProp);
} catch (TskCoreException ex) {
logger.log(
Level.SEVERE,
"Error getting a file from artifact to get source file path for a tag, ",
ex);
}
return tagNode;
}
@Override
public void viewArtifact(final BlackboardArtifact art) {
BlackboardArtifact.ARTIFACT_TYPE type =
BlackboardArtifact.ARTIFACT_TYPE.fromID(art.getArtifactTypeID());
Children rootChilds = em.getRootContext().getChildren();
Node treeNode = null;
Node resultsNode = rootChilds.findChild(ResultsNode.NAME);
Children resultsChilds = resultsNode.getChildren();
if (type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT)) {
Node hashsetRootNode = resultsChilds.findChild(type.getLabel());
Children hashsetRootChilds = hashsetRootNode.getChildren();
try {
String setName = null;
List<BlackboardAttribute> attributes = art.getAttributes();
for (BlackboardAttribute att : attributes) {
int typeId = att.getAttributeTypeID();
if (typeId == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) {
setName = att.getValueString();
}
}
treeNode = hashsetRootChilds.findChild(setName);
} catch (TskException ex) {
logger.log(Level.WARNING, "Error retrieving attributes", ex); // NON-NLS
}
} else if (type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT)) {
Node keywordRootNode = resultsChilds.findChild(type.getLabel());
Children keywordRootChilds = keywordRootNode.getChildren();
try {
String listName = null;
String keywordName = null;
List<BlackboardAttribute> attributes = art.getAttributes();
for (BlackboardAttribute att : attributes) {
int typeId = att.getAttributeTypeID();
if (typeId == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) {
listName = att.getValueString();
} else if (typeId == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID()) {
keywordName = att.getValueString();
}
}
Node listNode = keywordRootChilds.findChild(listName);
Children listChildren = listNode.getChildren();
treeNode = listChildren.findChild(keywordName);
} catch (TskException ex) {
logger.log(Level.WARNING, "Error retrieving attributes", ex); // NON-NLS
}
} else if (type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
|| type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT)) {
Node interestingItemsRootNode = resultsChilds.findChild(type.getLabel());
Children interestingItemsRootChildren = interestingItemsRootNode.getChildren();
try {
String setName = null;
List<BlackboardAttribute> attributes = art.getAttributes();
for (BlackboardAttribute att : attributes) {
int typeId = att.getAttributeTypeID();
if (typeId == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) {
setName = att.getValueString();
}
}
treeNode = interestingItemsRootChildren.findChild(setName);
} catch (TskException ex) {
logger.log(Level.WARNING, "Error retrieving attributes", ex); // NON-NLS
}
} else {
Node extractedContent = resultsChilds.findChild(ExtractedContent.NAME);
Children extractedChilds = extractedContent.getChildren();
treeNode = extractedChilds.findChild(type.getLabel());
}
try {
em.setExploredContextAndSelection(treeNode, new Node[] {treeNode});
} catch (PropertyVetoException ex) {
logger.log(Level.WARNING, "Property Veto: ", ex); // NON-NLS
}
// Another thread is needed because we have to wait for dataResult to populate
EventQueue.invokeLater(
new Runnable() {
@Override
public void run() {
Children resultChilds = dataResult.getRootNode().getChildren();
Node select = resultChilds.findChild(Long.toString(art.getArtifactID()));
if (select != null) {
dataResult.requestActive();
dataResult.setSelectedNodes(new Node[] {select});
fireViewerComplete();
}
}
});
}