From 01b7b327bd8ed4d8cd0f23b5dabb2bed16af16c5 Mon Sep 17 00:00:00 2001
From: Andrew Ziehl <aziehl@ciphertechsolutions.com>
Date: Tue, 26 Jun 2018 14:33:14 -0700
Subject: [PATCH] Create implementation of InstanceCallback interface for new
 common files search query.

---
 .../datamodel/AbstractSqlEamDb.java           | 49 +++++++++++++++++++
 .../centralrepository/datamodel/EamDb.java    |  9 ++++
 .../datamodel/SqliteEamDb.java                | 17 +++++++
 .../EamDbAttributeInstanceValuesCallback.java | 40 +++++++++++++++
 4 files changed, 115 insertions(+)
 create mode 100644 Core/src/org/sleuthkit/autopsy/commonfilesearch/EamDbAttributeInstanceValuesCallback.java

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
index 59df6b7bbc..02d426149a 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
@@ -1777,6 +1777,55 @@ abstract class AbstractSqlEamDb implements EamDb {
             EamDbUtil.closeConnection(conn);
         }
     }
+    
+    /**
+     * Process the Artifact instance in the EamDb
+     *
+     * @param type EamArtifact.Type to search for
+     * @param correlationCase  CorrelationCase to filter by
+     * @param instanceTableCallback callback to process the instance
+     * @throws EamDbException
+     */
+    @Override
+    public void processCaseInstancesTable(CorrelationAttribute.Type type, CorrelationCase correlationCase, InstanceTableCallback instanceTableCallback) throws EamDbException {
+        if (type == null) {
+            throw new EamDbException("Correlation type is null");
+        }
+
+        if (instanceTableCallback == null) {
+            throw new EamDbException("Callback interface is null");
+        }
+        
+        if(correlationCase == null) {
+            throw new EamDbException("Correlation Case is null");
+        }
+
+        Connection conn = connect();
+        PreparedStatement preparedStatement = null;
+        ResultSet resultSet = null;
+        String tableName = EamDbUtil.correlationTypeToInstanceTableName(type);
+        StringBuilder sql = new StringBuilder();
+        sql.append("SELECT value FROM "); 
+        sql.append(tableName);
+        sql.append(" WHERE value IN (SELECT value FROM ");
+        sql.append(tableName);
+        sql.append(" WHERE case_id=? AND known_status !=?) GROUP BY value HAVING COUNT(DISTINCT case_id) > 1 ORDER BY value");
+
+        try {
+            preparedStatement = conn.prepareStatement(sql.toString());
+            preparedStatement.setString(1, correlationCase.getCaseUUID());
+            preparedStatement.setByte(2, TskData.FileKnown.KNOWN.getFileKnownValue());
+            resultSet = preparedStatement.executeQuery();
+            instanceTableCallback.process(resultSet);
+        } catch (SQLException ex) {
+            throw new EamDbException("Error getting all artifact instances from instances table", ex);
+        } finally {
+            EamDbUtil.closeStatement(preparedStatement);
+            EamDbUtil.closeResultSet(resultSet);
+            EamDbUtil.closeConnection(conn);
+        }
+    }
+    
 
     @Override
     public EamOrganization newOrganization(EamOrganization eamOrg) throws EamDbException {
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java
index 7ced4a1d7d..59e87ab023 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java
@@ -685,4 +685,13 @@ public interface EamDb {
      * @throws EamDbException
      */
     void processInstanceTable(CorrelationAttribute.Type type, InstanceTableCallback instanceTableCallback) throws EamDbException;
+    
+    /**
+     * Process the Artifact md5s in the EamDb for matches of case files which are not known
+     * @param type EamArtifact.Type to search for
+     * @param correlationCase  CorrelationCase to filter by
+     * @param instanceTableCallback callback to process the instance
+     * @throws EamDbException
+     */
+    public void processCaseInstancesTable(CorrelationAttribute.Type type, CorrelationCase correlationCase, InstanceTableCallback instanceTableCallback) throws EamDbException;
 }
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java
index 4a3ef36530..e9852f2d34 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java
@@ -695,6 +695,23 @@ final class SqliteEamDb extends AbstractSqlEamDb {
             releaseSharedLock();
         }
     }
+    /**
+     * Process the Artifact md5s in the EamDb for matches of case files which are not known
+     * @param type EamArtifact.Type to search for
+     * @param correlationCase  CorrelationCase to filter by
+     * @param instanceTableCallback callback to process the instance
+     * @throws EamDbException
+     */
+    @Override
+    public void processCaseInstancesTable(CorrelationAttribute.Type type, CorrelationCase correlationCase, InstanceTableCallback instanceTableCallback) throws EamDbException {
+        try {
+            acquireSharedLock();
+            super.processCaseInstancesTable(type, correlationCase, instanceTableCallback);
+        } finally {
+            releaseSharedLock();
+        }
+    }
+      
     /**
      * Check whether a reference set with the given name/version is in the central repo.
      * Used to check for name collisions when creating reference sets.
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/EamDbAttributeInstanceValuesCallback.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/EamDbAttributeInstanceValuesCallback.java
new file mode 100644
index 0000000000..ab258695c6
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/EamDbAttributeInstanceValuesCallback.java
@@ -0,0 +1,40 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.sleuthkit.autopsy.commonfilesearch;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import org.openide.util.Exceptions;
+import org.sleuthkit.autopsy.centralrepository.datamodel.InstanceTableCallback;
+
+/**
+ *
+ * @author Andrrew
+ */
+public class EamDbAttributeInstanceValuesCallback implements InstanceTableCallback {
+
+        List<String> correlationValues = new ArrayList<>();
+        
+        @Override
+        public void process(ResultSet resultSet) {
+            try {
+                while(resultSet.next()){
+                    correlationValues.add(InstanceTableCallback.getValue(resultSet));
+                }
+            } catch (SQLException ex) {
+                Exceptions.printStackTrace(ex);
+            }
+        }
+
+        public List<String> getCorrelationValues() {
+            return Collections.unmodifiableList(correlationValues);
+        }
+
+
+    }
\ No newline at end of file