search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
893 stars 214 forks source link

Certificate parser update #1981

Open patrickdalla opened 8 months ago

patrickdalla commented 8 months ago

Closes #1978 CertificateParser was refactored to extract certificates as subitems. So it can be used in conjunction with tika PKCS7Parser.

Tika PKCS7Parser ignores any certificate information, extracting only the content of the signed PKCS7 file to be parser. So, CertificateParser would be responsible for internal certificates information extraction when configured in conjunction with Tika PKCS7Parser.

To test: 1)User certificates can be exported as p7b files from Windows with full certificate chain. These kind of files will have each certificate extracted as subitem. Though PKCS7Parser will throw an exception as it does not have any content. This exception will be registered in metadata X-TIKA:EXCEPTION:embedded_exception.

2) Real signed files formated as PKCS7 have the certificates and its corresponding signed content. These kind of files will have its certificates used to sign parsed as subitems, and the content parsed by Tika PKCS7Parser.

patrickdalla commented 8 months ago

For testing: ARQUIVOS_PROCESSO_202311161041346480.zip