'#1978 Reconfigure and change CertificateParser to extract certificates

as subitems if in format PKCS7 and to be used in conjunction with tika
PKCS7Parser.

iped-app/resources/config/conf/MakePreviewConfig.txt

@@ -8,6 +8,7 @@ supportedMimes = application/x-msaccess; application/x-lnk; application/x-firefo
 supportedMimes = application/x-sqlite3; application/sqlite-skype; application/x-win10-timeline; application/x-gdrive-cloud-graph; application/x-gdrive-snapshot
 supportedMimes = application/x-whatsapp-db; application/x-whatsapp-db-f; application/x-whatsapp-chatstorage; application/x-whatsapp-chatstorage-f; application/x-shareaza-searches-dat; application/x-msie-cache
 supportedMimes = application/x-prefetch; text/x-vcard; application/x-bittorrent-resume-dat; application/x-bittorrent; application/x-emule-preferences-dat
+supportedMimes = application/x-x509-cert
 
 # List of mimetypes which parsers insert links to other case items into preview
 supportedMimesWithLinks = application/x-emule; application/x-emule-part-met; application/x-ares-galaxy; application/x-shareaza-library-dat

iped-app/resources/config/conf/ParserConfig.xml

@@ -347,6 +347,20 @@
         <parser class="iped.parsers.misc.PDFTextParser"></parser>
         <parser class="iped.parsers.video.FLVParserWrapper"></parser>
         <parser class="iped.parsers.video.EmptyVideoParser"></parser>
+
+        <parser class="iped.parsers.security.CertificateParser"></parser>
+        <parser class="iped.parsers.misc.MultipleParser">
+            <mime>application/pkcs7-mime</mime>
+            <mime>application/pkcs7-signature</mime>
+            <params>
+                <param name="parserName" type="string">PKCS7Parser</param>
+                <param name="parsers" type="string">
+                    iped.parsers.security.CertificateParser;
+                    org.apache.tika.parser.crypto.Pkcs7Parser;
+                </param>
+            </params>
+        </parser>
+
         <parser class="iped.parsers.standard.RawStringParser">
             <mime>application/skype</mime>
             <mime>application/irpf</mime>

iped-parsers/iped-parsers-impl/pom.xml

@@ -28,6 +28,12 @@
     		<version>3.8.0</version>
     		<scope>test</scope>
 		</dependency>
+        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcutil-jdk18on</artifactId>
+            <version>1.76</version>
+        </dependency>
 		<dependency>
             <groupId>org.apache.tika</groupId>
             <artifactId>tika-parsers-standard-package</artifactId>

iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/security/CertificateParser.java

@@ -22,6 +22,8 @@
 import javax.xml.bind.DatatypeConverter;
 
 import org.apache.tika.exception.TikaException;
+import org.apache.tika.extractor.EmbeddedDocumentExtractor;
+import org.apache.tika.extractor.ParsingEmbeddedDocumentExtractor;
 import org.apache.tika.io.TemporaryResources;
 import org.apache.tika.io.TikaInputStream;
 import org.apache.tika.metadata.HttpHeaders;
@@ -40,6 +42,7 @@
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.xml.sax.ContentHandler;
 import org.xml.sax.SAXException;
+import org.xml.sax.helpers.DefaultHandler;
 
 import iped.parsers.util.MetadataUtil;
 
@@ -104,22 +107,23 @@ public void parse(InputStream stream, ContentHandler handler, Metadata metadata,
 
             if (mimeType.equals(PKCS7_SIGNATURE.toString())) {
                 try (InputStream certStream = new FileInputStream(file)) {
+                    EmbeddedDocumentExtractor extractor = context.get(EmbeddedDocumentExtractor.class,
+                            new ParsingEmbeddedDocumentExtractor(context));
+
                     CertPath p = cf.generateCertPath(certStream, "PKCS7");
                     List certs = p.getCertificates();
-                    XHTMLContentHandler xhtml = new XHTMLContentHandler(handler, metadata);
-                    xhtml.startDocument();
-                    xhtml.startElement("head"); //$NON-NLS-1$
-                    xhtml.startElement("style"); //$NON-NLS-1$
-                    xhtml.characters("table {border-collapse: collapse;} table, td, th {border: 1px solid black;}"); //$NON-NLS-1$
-                    xhtml.endElement("style"); //$NON-NLS-1$
-                    xhtml.endElement("head"); //$NON-NLS-1$
+
                     for (Iterator iterator = certs.iterator(); iterator.hasNext();) {
                         cert = (X509Certificate) iterator.next();
-                        generateCertificateHtml(cert, xhtml);
+
+                        Metadata certMetadata = new Metadata();
+                        certMetadata.add(TikaCoreProperties.RESOURCE_NAME_KEY,
+                                cert.getSubjectX500Principal().getName());
+
+                        extractor.parseEmbedded(new ByteArrayInputStream(cert.getEncoded()), new DefaultHandler(),
+                                certMetadata,
+                                true);
                     }
-                    xhtml.endDocument();
-                    cert = (X509Certificate) certs.iterator().next();// gets the first certificate as this is more
-                                                                     // specific
                 }
             } else {
                 InputStream certStream = null;
@@ -140,19 +144,20 @@ public void parse(InputStream stream, ContentHandler handler, Metadata metadata,
                 xhtml.endElement("head"); //$NON-NLS-1$
                 generateCertificateHtml(cert, xhtml);
                 xhtml.endDocument();
-            }
 
-            metadata.set(NOTBEFORE, cert.getNotBefore());
-            metadata.set(NOTAFTER, cert.getNotAfter());
-            metadata.set(ISSUER, cert.getIssuerX500Principal().getName());
-            metadata.set(SUBJECT, cert.getSubjectX500Principal().getName());
-            if (cert.getBasicConstraints() <= -1) {
-                metadata.set(ISSUBJECTAUTHORITY, Boolean.FALSE.toString());
-            } else {
-                metadata.set(ISSUBJECTAUTHORITY, Boolean.TRUE.toString());
+                metadata.set(NOTBEFORE, cert.getNotBefore());
+                metadata.set(NOTAFTER, cert.getNotAfter());
+                metadata.set(ISSUER, cert.getIssuerX500Principal().getName());
+                metadata.set(SUBJECT, cert.getSubjectX500Principal().getName());
+                if (cert.getBasicConstraints() <= -1) {
+                    metadata.set(ISSUBJECTAUTHORITY, Boolean.FALSE.toString());
+                } else {
+                    metadata.set(ISSUBJECTAUTHORITY, Boolean.TRUE.toString());
+                }
+                metadata.set(HttpHeaders.CONTENT_TYPE, "text/plain");
+                metadata.set(TikaCoreProperties.TITLE, "Certificado:" + cert.getSubjectX500Principal().getName());
             }
-            metadata.set(HttpHeaders.CONTENT_TYPE, "text/plain");
-            metadata.set(TikaCoreProperties.TITLE, "Certificado:" + cert.getSubjectX500Principal().getName());
+
 
         } catch (Exception e) {
             throw new TikaException("Invalid or unkown certificate format.", e);
@@ -270,10 +275,10 @@ private List<String> getAltNames(X509Certificate cert) {
                     ASN1Sequence altNameSeq = getAltnameSequence(altNameBytes);
                     final ASN1TaggedObject obj = (ASN1TaggedObject) altNameSeq.getObjectAt(1);
                     if (obj != null) {
-                        ASN1Primitive prim = obj.getObject();
+                        ASN1Primitive prim = obj.getLoadedObject();
                         // can be tagged one more time
                         if (prim instanceof ASN1TaggedObject) {
-                            prim = ASN1TaggedObject.getInstance(((ASN1TaggedObject) prim)).getObject();
+                            prim = ASN1TaggedObject.getInstance(((ASN1TaggedObject) prim)).getLoadedObject();
                         }
 
                         if (prim instanceof ASN1OctetString) {