Certificate parser update

iped-app/resources/config/conf/CategoriesConfig.json

@@ -75,6 +75,7 @@
     ]},
     {"name": "Databases", "mimes": ["application/x-edb", "application/x-edb-table", "application/irpf", "application/x-msaccess", "application/x-dbf", "application/vnd.oasis.opendocument.database", "application/x-sqlite3", "application/x-mysql-db", "application/x-berkeley-db", "application/x-mssql-data", "application/x-database-table"]},
     {"name": "Compressed Archives", "mimes": ["application/x-tika-ooxml", "application/zlib", "application/applefile", "application/vnd.ms-tnef", "application/zip", "application/x-rar-compressed", "application/x-tar", "application/gzip", "application/x-gzip", "application/x-xz", "application/x-bzip", "application/x-bzip2", "application/x-7z-compressed", "application/x-arj", "application/x-gtar", "application/x-archive", "application/x-cpio", "application/x-tika-unix-dump", "application/x-snappy-framed", "application/x-snappy", "application/x-snappy-raw", "application/x-compress", "application/x-java-pack200", "application/x-lzma", "application/x-lz4", "application/x-lz4-block", "application/x-brotli", "application/zstd", "application/deflate64", "image/x-emf-compressed", "application/x-lzfse"]},
+    {"name": "Signed Archives", "mimes": ["application/pkcs7-mime", "application/pkcs7-signature"]},
     {"name": "Contacts", "mimes": ["text/x-vcard", "application/x-vcard-html", "application/windows-adress-book", "application/outlook-contact", "application/x-livecontacts", "application/x-livecontacts-table", "contact/x-skype-contact", "application/x-whatsapp-wadb", "application/x-whatsapp-contactsv2", "contact/x-whatsapp-contact", "application/x-ufed-html-contacts", "application/x-ufed-contact", "contact/x-telegram-contact", "application/x-ios-addressbook-db", "application/x-win10-mail-contact"]},
     {"name": "Chats", "categories":[
         {"name": "WhatsApp", "mimes":["application/x-whatsapp-db", "application/x-whatsapp-chatstorage", "application/x-whatsapp-chat","application/x-ufed-chat-whatsapp","application/x-ufed-chat-preview-whatsapp"]},
@@ -89,7 +90,7 @@
         {"name": "Others Chats", "mimes":["application/x-ufed-html-chats", "application/x-ufed-chats-txt", "application/x-ufed-chat", "application/x-ufed-chat-preview"]}
     ]},
     {"name": "USN Journal", "mimes": ["application/x-usnjournal-$J", "application/x-usnjournal-report-html", "application/x-usnjournal-report-csv", "application/x-usnjournal-registry"]},
-    {"name": "Programs and Libraries", "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/pkcs7-signature", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication"]},
+    {"name": "Programs and Libraries", "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication"]},
     {"name": "Unallocated", "mimes": ["application/x-unallocated"]},
     {"name": "File Slacks", "mimes": ["application/x-fileslack"]},
     {"name": "Plain Texts", "mimes": ["text"], "categories":[

iped-app/resources/config/conf/CategoriesToExpand.txt

@@ -18,6 +18,7 @@ GDrive Synced Files
 OLE files
 Georeferenced Files
 Peer-to-peer
+Signed Archives
 #Event Files
 
 # Generates registry reports:

iped-app/resources/config/conf/MakePreviewConfig.txt

@@ -8,6 +8,7 @@ supportedMimes = application/x-msaccess; application/x-lnk; application/x-firefo
 supportedMimes = application/x-sqlite3; application/sqlite-skype; application/x-win10-timeline; application/x-gdrive-cloud-graph; application/x-gdrive-snapshot
 supportedMimes = application/x-whatsapp-db; application/x-whatsapp-db-f; application/x-whatsapp-chatstorage; application/x-whatsapp-chatstorage-f; application/x-shareaza-searches-dat; application/x-msie-cache
 supportedMimes = application/x-prefetch; text/x-vcard; application/x-bittorrent-resume-dat; application/x-bittorrent; application/x-emule-preferences-dat
+supportedMimes = application/x-x509-cert
 
 # List of mimetypes which parsers insert links to other case items into preview
 supportedMimesWithLinks = application/x-emule; application/x-emule-part-met; application/x-ares-galaxy; application/x-shareaza-library-dat

iped-app/resources/config/conf/ParserConfig.xml

@@ -347,6 +347,20 @@
         <parser class="iped.parsers.misc.PDFTextParser"></parser>
         <parser class="iped.parsers.video.FLVParserWrapper"></parser>
         <parser class="iped.parsers.video.EmptyVideoParser"></parser>
+
+        <parser class="iped.parsers.security.CertificateParser"></parser>
+        <parser class="iped.parsers.misc.MultipleParser">
+            <mime>application/pkcs7-mime</mime>
+            <mime>application/pkcs7-signature</mime>
+            <params>
+                <param name="parserName" type="string">PKCS7Parser</param>
+                <param name="parsers" type="string">
+                    iped.parsers.security.CertificateParser;
+                    org.apache.tika.parser.crypto.Pkcs7Parser;
+                </param>
+            </params>
+        </parser>
+
         <parser class="iped.parsers.standard.RawStringParser">
             <mime>application/skype</mime>
             <mime>application/irpf</mime>

iped-app/resources/localization/iped-parsers-messages.properties

@@ -318,4 +318,17 @@ TelegramReport.joinedByRequest=User joined by Request
 TelegramReport.ChannelMigratedFromGroup=This channel migrated from a group
 TelegramReport.RecoveredGroup=Recovered deleted group
 P2P.FoundInPedoHashDB=* Red lines mean the hashes were found in child porn alert hash databases.
-Win10Mail.NotFound=Not Found
+Win10Mail.NotFound=Not Found
+CertificateParser.SubjectX500=Subject(X500)
+CertificateParser.Subject=Subject
+CertificateParser.Version=Version
+CertificateParser.SerialNumber=Serial Number
+CertificateParser.SignatureAlgorithm=Signature Algorithm
+CertificateParser.IssuerX500=Issuer(X500)
+CertificateParser.Issuer=Issuer
+CertificateParser.ValidFrom=Valid from
+CertificateParser.ValidTo=Valit to
+CertificateParser.AlternativeNames=Alternative names
+CertificateParser.Details=Details
+CertificateParser.Certificate=Certificate
+CertificateParser.NOALTNAMES=This certificate has no alternative names.

iped-app/resources/localization/iped-parsers-messages_de_DE.properties

@@ -319,3 +319,16 @@ TelegramReport.ChannelMigratedFromGroup=Dieser Kanal ist aus einer Gruppe hervor
 TelegramReport.RecoveredGroup=wiederhergestellte gelöschte Gruppe
 P2P.FoundInPedoHashDB=* Rote Zeile bedeutet, dass der Hash in der KiPo Hash-Datenbank gefunden wurde.
 Win10Mail.NotFound=Nicht gefunden
+CertificateParser.SubjectX500=Subject(X500)(TBT)
+CertificateParser.Subject=Subject(TBT)
+CertificateParser.Version=Version(TBT)
+CertificateParser.SerialNumber=Serial Number(TBT)
+CertificateParser.SignatureAlgorithm=Signature Algorithm(TBT)
+CertificateParser.IssuerX500=Issuer(X500)(TBT)
+CertificateParser.Issuer=Issuer(TBT)
+CertificateParser.ValidFrom=Valid from(TBT)
+CertificateParser.ValidTo=Valit to(TBT)
+CertificateParser.AlternativeNames=Alternative names(TBT)
+CertificateParser.Details=Details(TBT)
+CertificateParser.Certificate=Certificate(TBT)
+CertificateParser.NOALTNAMES=This certificate has no alternative names.(TBT)

iped-app/resources/localization/iped-parsers-messages_es_AR.properties

@@ -319,3 +319,16 @@ TelegramReport.ChannelMigratedFromGroup=Este canal ha migrado desde un grupo
 TelegramReport.RecoveredGroup=Grupo borrado recuperado
 P2P.FoundInPedoHashDB=* Las líneas rojas significan que los hashtags se encontraron en bases de datos de hashtags de alertas de pornografía infantil.
 Win10Mail.NotFound=No encontrado
+CertificateParser.SubjectX500=Subject(X500)(TBT)
+CertificateParser.Subject=Subject(TBT)
+CertificateParser.Version=Version(TBT)
+CertificateParser.SerialNumber=Serial Number(TBT)
+CertificateParser.SignatureAlgorithm=Signature Algorithm(TBT)
+CertificateParser.IssuerX500=Issuer(X500)(TBT)
+CertificateParser.Issuer=Issuer(TBT)
+CertificateParser.ValidFrom=Valid from(TBT)
+CertificateParser.ValidTo=Valit to(TBT)
+CertificateParser.AlternativeNames=Alternative names(TBT)
+CertificateParser.Details=Details(TBT)
+CertificateParser.Certificate=Certificate(TBT)
+CertificateParser.NOALTNAMES=This certificate has no alternative names.(TBT)

iped-app/resources/localization/iped-parsers-messages_it_IT.properties

@@ -319,3 +319,16 @@ TelegramReport.ChannelMigratedFromGroup=Questo canale è migrato da un gruppo
 TelegramReport.RecoveredGroup=Gruppo cancellato recuperato
 P2P.FoundInPedoHashDB=* Le linee rosse indicano che gli hash sono stati trovati nel child porn alert hash databases.
 Win10Mail.NotFound=Non trovato
+CertificateParser.SubjectX500=Subject(X500)(TBT)
+CertificateParser.Subject=Subject(TBT)
+CertificateParser.Version=Version(TBT)
+CertificateParser.SerialNumber=Serial Number(TBT)
+CertificateParser.SignatureAlgorithm=Signature Algorithm(TBT)
+CertificateParser.IssuerX500=Issuer(X500)(TBT)
+CertificateParser.Issuer=Issuer(TBT)
+CertificateParser.ValidFrom=Valid from(TBT)
+CertificateParser.ValidTo=Valit to(TBT)
+CertificateParser.AlternativeNames=Alternative names(TBT)
+CertificateParser.Details=Details(TBT)
+CertificateParser.Certificate=Certificate(TBT)
+CertificateParser.NOALTNAMES=This certificate has no alternative names.(TBT)

iped-app/resources/localization/iped-parsers-messages_pt_BR.properties

@@ -319,3 +319,17 @@ TelegramReport.ChannelMigratedFromGroup=Este canal migrou de um grupo
 TelegramReport.RecoveredGroup=Grupo apagado recuperado
 P2P.FoundInPedoHashDB=* Linhas em vermelho indicam que os hashes foram encontrados em bases de hashes de alerta de pornografia infantil
 Win10Mail.NotFound=Não Encontrado
+CertificateParser.SubjectX500=Sujeito(X500)
+CertificateParser.Subject=Sujeito
+CertificateParser.Version=Versão
+CertificateParser.SerialNumber=Número de série
+CertificateParser.SignatureAlgorithm=Algoritmo da assinature
+CertificateParser.IssuerX500=Emissor(X500)
+CertificateParser.Issuer=Emissor
+CertificateParser.ValidFrom=Válido desde
+CertificateParser.ValidTo=Válido até
+CertificateParser.AlternativeNames=Nomes alternativos
+CertificateParser.Details=Detalhes
+CertificateParser.Certificate=Certificado
+CertificateParser.NOALTNAMES=Este certificado não contém nomes alternativos.
+

iped-parsers/iped-parsers-impl/pom.xml

@@ -28,6 +28,12 @@
     		<version>3.8.0</version>
     		<scope>test</scope>
 		</dependency>
+        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcutil-jdk18on</artifactId>
+            <version>1.76</version>
+        </dependency>
 		<dependency>
             <groupId>org.apache.tika</groupId>
             <artifactId>tika-parsers-standard-package</artifactId>