Sleuth Kit Java Bindings (JNI)  4.12.1
Java bindings for using The Sleuth Kit
HostAddressManager.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import com.google.common.cache.Cache;
22 import com.google.common.cache.CacheBuilder;
23 import java.sql.PreparedStatement;
24 import java.sql.ResultSet;
25 import java.sql.SQLException;
26 import java.sql.Statement;
27 import java.util.ArrayList;
28 import java.util.List;
29 import java.util.Objects;
30 import java.util.Optional;
31 import java.util.logging.Level;
32 import java.util.logging.Logger;
33 import java.util.regex.Pattern;
34 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection;
35 import org.sleuthkit.datamodel.HostAddress.HostAddressType;
36 
40 public class HostAddressManager {
41 
42  private static final Logger LOGGER = Logger.getLogger(HostAddressManager.class.getName());
43 
44  private final SleuthkitCase db;
45  private final static byte DEFAULT_MAPPING_CACHE_VALUE = 1;
46 
52  private final Cache<Long, Byte> recentHostNameAndIpMappingCache = CacheBuilder.newBuilder().maximumSize(200000).build();
53 
60  private final Cache<String, HostAddress> recentHostAddressCache = CacheBuilder.newBuilder().maximumSize(200000).build();
61 
68  private final Cache<String, Boolean> hostAddressUsageCache = CacheBuilder.newBuilder().maximumSize(200000).build();
69 
76  HostAddressManager(SleuthkitCase skCase) {
77  this.db = skCase;
78  }
79 
90  public Optional<HostAddress> getHostAddress(HostAddress.HostAddressType type, String address) throws TskCoreException {
91 
92  db.acquireSingleUserCaseReadLock();
93  try (CaseDbConnection connection = this.db.getConnection()) {
94  return HostAddressManager.this.getHostAddress(type, address, connection);
95  } finally {
96  db.releaseSingleUserCaseReadLock();
97  }
98  }
99 
111  private Optional<HostAddress> getHostAddress(HostAddress.HostAddressType type, String address, CaseDbConnection connection) throws TskCoreException {
112 
113  HostAddress hostAddress = recentHostAddressCache.getIfPresent(createRecentHostAddressKey(type, address));
114  if (Objects.nonNull(hostAddress)) {
115  return Optional.of(hostAddress);
116  }
117  HostAddress.HostAddressType addressType = type;
118  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
119  addressType = getDNSType(address);
120  }
121  String normalizedAddress = getNormalizedAddress(address);
122  String queryString = "SELECT * FROM tsk_host_addresses"
123  + " WHERE address = ? AND address_type = ?";
124  try {
125  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
126  query.clearParameters();
127  query.setString(1, normalizedAddress.toLowerCase());
128  query.setInt(2, addressType.getId());
129  try (ResultSet rs = query.executeQuery()) {
130  if (!rs.next()) {
131  return Optional.empty(); // no match found
132  } else {
133  HostAddress newHostAddress = new HostAddress(db, rs.getLong("id"), HostAddressType.fromID(rs.getInt("address_type")), rs.getString("address"));
134  recentHostAddressCache.put(createRecentHostAddressKey(newHostAddress.getAddressType(), normalizedAddress), newHostAddress);
135  return Optional.of(newHostAddress);
136  }
137  }
138  } catch (SQLException ex) {
139  throw new TskCoreException(String.format("Error getting host address with type = %s and address = %s", type.getName(), address), ex);
140  }
141  }
142 
151  private String createRecentHostAddressKey(HostAddressType type, String address) {
152  return createRecentHostAddressKey(type.getId(), address);
153  }
154 
163  private String createRecentHostAddressKey(int typeId, String address) {
164  return typeId + "#" + address.toLowerCase();
165  }
166 
178  public HostAddress newHostAddress(HostAddress.HostAddressType type, String address) throws TskCoreException {
179  db.acquireSingleUserCaseWriteLock();
180  CaseDbConnection connection = this.db.getConnection();
181  try {
182  return HostAddressManager.this.newHostAddress(type, address, connection);
183  } catch (TskCoreException ex) {
184  // The insert may have failed because the HostAddress already exists, so
185  // try loading it from the database.
186  Optional<HostAddress> hostAddress = HostAddressManager.this.getHostAddress(type, address, connection);
187  if (hostAddress.isPresent()) {
188  return hostAddress.get();
189  }
190  throw ex;
191  } finally {
192  connection.close();
193  db.releaseSingleUserCaseWriteLock();
194  }
195  }
196 
208  private HostAddress newHostAddress(HostAddress.HostAddressType type, String address, CaseDbConnection connection) throws TskCoreException {
209  HostAddress.HostAddressType addressType = type;
210  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
211  addressType = getDNSType(address);
212  }
213 
214  String normalizedAddress = getNormalizedAddress(address);
215  try {
216 
217  // TODO: need to get the correct parent obj id.
218  long parentObjId = 0;
219  int objTypeId = TskData.ObjectType.HOST_ADDRESS.getObjectType();
220 
221  long objId = db.addObject(parentObjId, objTypeId, connection);
222 
223  String hostAddressInsertSQL = "INSERT INTO tsk_host_addresses(id, address_type, address) VALUES (?, ?, ?)"; // NON-NLS
224  PreparedStatement preparedStatement = connection.getPreparedStatement(hostAddressInsertSQL, Statement.RETURN_GENERATED_KEYS);
225 
226  preparedStatement.clearParameters();
227  preparedStatement.setLong(1, objId);
228  preparedStatement.setInt(2, addressType.getId());
229  preparedStatement.setString(3, normalizedAddress.toLowerCase());
230 
231  connection.executeUpdate(preparedStatement);
232  HostAddress hostAddress = new HostAddress(db, objId, addressType, normalizedAddress);
233  recentHostAddressCache.put(createRecentHostAddressKey(addressType, normalizedAddress), hostAddress);
234  return hostAddress;
235  } catch (SQLException ex) {
236  throw new TskCoreException(String.format("Error adding host address of type = %s, with address = %s", type.getName(), address), ex);
237  }
238  }
239 
250  public void assignHostToAddress(Host host, HostAddress hostAddress, Long time, Content source) throws TskCoreException {
251 
252  String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_map(host_id, addr_obj_id, source_obj_id, time) "
253  + " VALUES(?, ?, ?, ?) ");
254 
255  db.acquireSingleUserCaseWriteLock();
256  try (CaseDbConnection connection = this.db.getConnection()) {
257 
258  PreparedStatement preparedStatement = connection.getPreparedStatement(insertSQL, Statement.NO_GENERATED_KEYS);
259 
260  preparedStatement.clearParameters();
261  preparedStatement.setLong(1, host.getHostId());
262  preparedStatement.setLong(2, hostAddress.getId());
263  preparedStatement.setLong(3, source.getId());
264  if (time != null) {
265  preparedStatement.setLong(4, time);
266  } else {
267  preparedStatement.setNull(4, java.sql.Types.BIGINT);
268  }
269 
270  connection.executeUpdate(preparedStatement);
271  } catch (SQLException ex) {
272  LOGGER.log(Level.SEVERE, null, ex);
273  throw new TskCoreException(String.format("Error adding host address mapping for host name = %s, with address = %s", host.getName(), hostAddress.getAddress()), ex);
274  } finally {
275  db.releaseSingleUserCaseWriteLock();
276  }
277  }
278 
286  public List<HostAddress> getHostAddressesAssignedTo(Host host) throws TskCoreException {
287 
288  String queryString = "SELECT addr_obj_id FROM tsk_host_address_map "
289  + " WHERE host_id = " + host.getHostId();
290 
291  List<HostAddress> addresses = new ArrayList<>();
292 
293  db.acquireSingleUserCaseReadLock();
294  try (CaseDbConnection connection = this.db.getConnection();
295  Statement s = connection.createStatement();
296  ResultSet rs = connection.executeQuery(s, queryString)) {
297 
298  while (rs.next()) {
299  addresses.add(HostAddressManager.this.getHostAddress(rs.getLong("addr_obj_id"), connection));
300  }
301 
302  return addresses;
303  } catch (SQLException ex) {
304  throw new TskCoreException(String.format("Error getting host addresses for host " + host.getName()), ex);
305  } finally {
306  db.releaseSingleUserCaseReadLock();
307  }
308  }
309 
319  public HostAddress getHostAddress(long id) throws TskCoreException {
320  db.acquireSingleUserCaseReadLock();
321  try (CaseDbConnection connection = this.db.getConnection()) {
322  return HostAddressManager.this.getHostAddress(id, connection);
323  } finally {
324  db.releaseSingleUserCaseReadLock();
325  }
326  }
327 
338  private HostAddress getHostAddress(long id, CaseDbConnection connection) throws TskCoreException {
339  String queryString = "SELECT * FROM tsk_host_addresses"
340  + " WHERE id = " + id;
341 
342  try (Statement s = connection.createStatement();
343  ResultSet rs = connection.executeQuery(s, queryString)) {
344 
345  if (!rs.next()) {
346  throw new TskCoreException(String.format("No address found with id = %d", id));
347  } else {
348  long objId = rs.getLong("id");
349  int type = rs.getInt("address_type");
350  String address = rs.getString("address");
351  HostAddress hostAddress = new HostAddress(db, objId, HostAddress.HostAddressType.fromID(type), address);
352  recentHostAddressCache.put(createRecentHostAddressKey(type, address), hostAddress);
353  return hostAddress;
354  }
355  } catch (SQLException ex) {
356  throw new TskCoreException(String.format("Error getting host address with id = %d", id), ex);
357  }
358  }
359 
370  public void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source) throws TskCoreException {
371 
372  db.acquireSingleUserCaseWriteLock();
373  try (CaseDbConnection connection = this.db.getConnection()) {
374  addHostNameAndIpMapping(dnsNameAddress, ipAddress, time, source, connection);
375  } catch (SQLException ex) {
376  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s", dnsNameAddress.getAddress(), ipAddress.getAddress()), ex);
377  } finally {
378  db.releaseSingleUserCaseWriteLock();
379  }
380  }
381 
395  public void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException {
396 
397  if (Objects.isNull(caseDbTransaction)) {
398  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s, null caseDbTransaction passed to addHostNameAndIpMapping", dnsNameAddress.getAddress(), ipAddress.getAddress()));
399  }
400  try {
401  addHostNameAndIpMapping(dnsNameAddress, ipAddress, time, source, caseDbTransaction.getConnection());
402  } catch (SQLException ex) {
403  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s", dnsNameAddress.getAddress(), ipAddress.getAddress()), ex);
404  }
405  }
406 
418  private void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final CaseDbConnection connection) throws SQLException, TskCoreException {
419 
420  if (dnsNameAddress.getAddressType() != HostAddress.HostAddressType.HOSTNAME) {
421  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping: A host name address is expected.");
422  }
423  if ((ipAddress.getAddressType() != HostAddress.HostAddressType.IPV4) && (ipAddress.getAddressType() != HostAddress.HostAddressType.IPV6)) {
424  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping:An IPv4/IPv6 address is expected.");
425  }
426  if (Objects.isNull(connection)) {
427  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping: null connection passed to addHostNameAndIpMapping");
428  }
429 
430  String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_dns_ip_map(dns_address_id, ip_address_id, source_obj_id, time) "
431  + " VALUES(?, ?, ?, ?) ");
432 
433  PreparedStatement preparedStatement = connection.getPreparedStatement(insertSQL, Statement.NO_GENERATED_KEYS);
434 
435  preparedStatement.clearParameters();
436  preparedStatement.setLong(1, dnsNameAddress.getId());
437  preparedStatement.setLong(2, ipAddress.getId());
438  preparedStatement.setLong(3, source.getId());
439  if (time != null) {
440  preparedStatement.setLong(4, time);
441  } else {
442  preparedStatement.setNull(4, java.sql.Types.BIGINT);
443  }
444  connection.executeUpdate(preparedStatement);
445  recentHostNameAndIpMappingCache.put(ipAddress.getId(), DEFAULT_MAPPING_CACHE_VALUE);
446  recentHostNameAndIpMappingCache.put(dnsNameAddress.getId(), DEFAULT_MAPPING_CACHE_VALUE);
447  }
448 
461  public boolean hostNameAndIpMappingExists(long addressObjectId) throws TskCoreException {
462 
463  Byte isPresent = recentHostNameAndIpMappingCache.getIfPresent(addressObjectId);
464 
465  if (Objects.nonNull(isPresent)) {
466  return true;
467  }
468 
469  String queryString = "SELECT count(*) as mappingCount FROM tsk_host_address_dns_ip_map WHERE ip_address_id = ? OR dns_address_id = ? ";
470 
471  db.acquireSingleUserCaseReadLock();
472  try (CaseDbConnection connection = this.db.getConnection();
473  PreparedStatement ps = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);) {
474  ps.clearParameters();
475  ps.setLong(1, addressObjectId);
476  ps.setLong(2, addressObjectId);
477  try (ResultSet rs = ps.executeQuery()) {
478  if (!rs.next()) {
479  return false;
480  } else {
481  boolean status = rs.getLong("mappingCount") > 0;
482  if (status) {
483  recentHostNameAndIpMappingCache.put(addressObjectId, DEFAULT_MAPPING_CACHE_VALUE);
484  }
485  return status;
486  }
487  }
488  } catch (SQLException ex) {
489  throw new TskCoreException("Error looking up host address / Ip mapping for address = " + addressObjectId, ex);
490  } finally {
491  db.releaseSingleUserCaseReadLock();
492  }
493  }
494 
508  public Optional<Long> hostAddressExists(HostAddress.HostAddressType type, String address) throws TskCoreException {
509 
510  HostAddress hostAddress = recentHostAddressCache.getIfPresent(createRecentHostAddressKey(type, address));
511  if (Objects.nonNull(hostAddress)) {
512  return Optional.of(hostAddress.getId());
513  }
514 
515  HostAddress.HostAddressType addressType = type;
516  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
517  addressType = getDNSType(address);
518  }
519  String normalizedAddress = getNormalizedAddress(address);
520 
521  String queryString = "SELECT id, address_type, address FROM tsk_host_addresses"
522  + " WHERE address = ? AND address_type = ?";
523 
524  db.acquireSingleUserCaseReadLock();
525  try (CaseDbConnection connection = this.db.getConnection();
526  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);) {
527  query.clearParameters();
528  query.setString(1, normalizedAddress.toLowerCase());
529  query.setInt(2, addressType.getId());
530  try (ResultSet rs = query.executeQuery()) {
531  if (!rs.next()) {
532  return Optional.empty(); // no match found
533  } else {
534  long objId = rs.getLong("id");
535  int addrType = rs.getInt("address_type");
536  String addr = rs.getString("address");
537  HostAddress hostAddr = new HostAddress(db, objId, HostAddress.HostAddressType.fromID(addrType), addr);
538  recentHostAddressCache.put(createRecentHostAddressKey(addrType, normalizedAddress), hostAddr);
539  return Optional.of(objId);
540  }
541  }
542  } catch (SQLException ex) {
543  throw new TskCoreException(String.format("Error getting host address with type = %s and address = %s", type.getName(), address), ex);
544  } finally {
545  db.releaseSingleUserCaseReadLock();
546  }
547  }
548 
558  public List<HostAddress> getIpAddress(String hostname) throws TskCoreException {
559  String queryString = "SELECT ip_address_id FROM tsk_host_address_dns_ip_map as map "
560  + " JOIN tsk_host_addresses as addresses "
561  + " ON map.dns_address_id = addresses.id "
562  + " WHERE addresses.address_type = " + HostAddress.HostAddressType.HOSTNAME.getId()
563  + " AND addresses.address = ?";
564 
565  db.acquireSingleUserCaseReadLock();
566  try (CaseDbConnection connection = this.db.getConnection()) {
567  List<HostAddress> IpAddresses = new ArrayList<>();
568  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
569  query.clearParameters();
570  query.setString(1, hostname.toLowerCase());
571  try (ResultSet rs = query.executeQuery()) {
572  while (rs.next()) {
573  long ipAddressObjId = rs.getLong("ip_address_id");
574  IpAddresses.add(HostAddressManager.this.getHostAddress(ipAddressObjId, connection));
575  recentHostNameAndIpMappingCache.put(ipAddressObjId, DEFAULT_MAPPING_CACHE_VALUE);
576  }
577  return IpAddresses;
578  }
579  } catch (SQLException ex) {
580  throw new TskCoreException(String.format("Error getting host addresses for host name: " + hostname), ex);
581  } finally {
582  db.releaseSingleUserCaseReadLock();
583  }
584  }
585 
595  List<HostAddress> getHostNameByIp(String ipAddress) throws TskCoreException {
596  String queryString = "SELECT dns_address_id FROM tsk_host_address_dns_ip_map as map "
597  + " JOIN tsk_host_addresses as addresses "
598  + " ON map.ip_address_id = addresses.id "
599  + " WHERE ( addresses.address_type = " + HostAddress.HostAddressType.IPV4.getId()
600  + " OR addresses.address_type = " + HostAddress.HostAddressType.IPV6.getId() + ")"
601  + " AND addresses.address = ?";
602 
603  db.acquireSingleUserCaseReadLock();
604  try (CaseDbConnection connection = this.db.getConnection()) {
605  List<HostAddress> dnsNames = new ArrayList<>();
606  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
607  query.clearParameters();
608  query.setString(1, ipAddress.toLowerCase());
609  try (ResultSet rs = query.executeQuery()) {
610  while (rs.next()) {
611  long dnsAddressId = rs.getLong("dns_address_id");
612  dnsNames.add(HostAddressManager.this.getHostAddress(dnsAddressId, connection));
613  recentHostNameAndIpMappingCache.put(dnsAddressId, DEFAULT_MAPPING_CACHE_VALUE);
614  }
615  return dnsNames;
616  }
617  } catch (SQLException ex) {
618  throw new TskCoreException(String.format("Error getting host addresses for IP address: " + ipAddress), ex);
619  } finally {
620  db.releaseSingleUserCaseReadLock();
621  }
622  }
623 
630  public void addUsage(Content content, HostAddress hostAddress) throws TskCoreException {
631 
632  String key = content.getDataSource().getId() + "#" + hostAddress.getId() + "#" + content.getId();
633  Boolean cachedValue = hostAddressUsageCache.getIfPresent(key);
634  if (null != cachedValue) {
635  return;
636  }
637 
638  final String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_usage(addr_obj_id, obj_id, data_source_obj_id) "
639  + " VALUES(" + hostAddress.getId() + ", " + content.getId() + ", " + content.getDataSource().getId() + ") ");
640 
641  db.acquireSingleUserCaseWriteLock();
642  try (CaseDbConnection connection = this.db.getConnection();
643  Statement s = connection.createStatement()) {
644  connection.executeUpdate(s, insertSQL);
645  hostAddressUsageCache.put(key, true);
646  } catch (SQLException ex) {
647  throw new TskCoreException(String.format("Error associating host address %s with artifact with id %d", hostAddress.getAddress(), content.getId()), ex);
648  } finally {
649  db.releaseSingleUserCaseWriteLock();
650  }
651  }
652 
653  private final String ADDRESS_USAGE_QUERY = "SELECT addresses.id as id, addresses.address_type as address_type, addresses.address as address "
654  + " FROM tsk_host_address_usage as usage "
655  + " JOIN tsk_host_addresses as addresses "
656  + " ON usage.addr_obj_id = addresses.id ";
657 
667  public List<HostAddress> getHostAddressesUsedByContent(Content content) throws TskCoreException {
668  String queryString = ADDRESS_USAGE_QUERY
669  + " WHERE usage.obj_id = " + content.getId();
670 
671  return getHostAddressesUsed(queryString);
672  }
673 
683  public List<HostAddress> getHostAddressesUsedOnDataSource(Content dataSource) throws TskCoreException {
684  String queryString = ADDRESS_USAGE_QUERY
685  + " WHERE usage.data_source_obj_id = " + dataSource.getId();
686 
687  return getHostAddressesUsed(queryString);
688  }
689 
699  private List<HostAddress> getHostAddressesUsed(String addressesUsedSQL) throws TskCoreException {
700 
701  List<HostAddress> addressesUsed = new ArrayList<>();
702 
703  db.acquireSingleUserCaseReadLock();
704  try (CaseDbConnection connection = this.db.getConnection();
705  Statement s = connection.createStatement();
706  ResultSet rs = connection.executeQuery(s, addressesUsedSQL)) {
707 
708  while (rs.next()) {
709  addressesUsed.add(new HostAddress(db, rs.getLong("id"), HostAddress.HostAddressType.fromID(rs.getInt("address_type")), rs.getString("address")));
710  }
711  return addressesUsed;
712  } catch (SQLException ex) {
713  throw new TskCoreException(String.format("Error getting host addresses used with query string = %s", addressesUsedSQL), ex);
714  } finally {
715  db.releaseSingleUserCaseReadLock();
716  }
717  }
718 
726  private HostAddress.HostAddressType getDNSType(String address) {
727  if (isIPv4(address)) {
728  return HostAddress.HostAddressType.IPV4;
729  } else if (isIPv6(address)) {
730  return HostAddress.HostAddressType.IPV6;
731  } else {
732  return HostAddress.HostAddressType.HOSTNAME;
733  }
734  }
735 
736  private static final Pattern IPV4_PATTERN =
737  Pattern.compile("^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\\.(?!$)|$)){4}$");
745  private static boolean isIPv4(String ipAddress) {
746  if (ipAddress != null) {
747  return IPV4_PATTERN.matcher(ipAddress).matches();
748  }
749  return false;
750  }
751 
752 
753  // IPV6 address examples:
754  // Standard: 684D:1111:222:3333:4444:5555:6:77
755  // Compressed: 1234:fd2:5621:1:89::4500
756  // With zone/interface specifier: fe80::1ff:fe23:4567:890a%eth2
757  // fe80::1ff:fe23:4567:890a%3
758  private static final Pattern IPV6_STD_PATTERN =
759  Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}(%.+)?$");
760  private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
761  Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)(%.+)?$");
762 
763 
764  private static boolean isIPv6StdAddress(final String input) {
765  return IPV6_STD_PATTERN.matcher(input).matches();
766  }
767  private static boolean isIPv6HexCompressedAddress(final String input) {
768  return IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
769  }
770 
778  private static boolean isIPv6(String ipAddress) {
779 
780  if (ipAddress != null) {
781  return isIPv6StdAddress(ipAddress) || isIPv6HexCompressedAddress(ipAddress);
782  }
783 
784  return false;
785  }
786 
797  private static String getNormalizedAddress(String address) {
798 
799  String normalizedAddress = address;
800 
801  if (isIPv6(address)) {
802  normalizedAddress = getNormalizedIPV6Address(address);
803  }
804 
805  return normalizedAddress;
806  }
807 
819  private static String getNormalizedIPV6Address(String address) {
820 
821  String normalizedAddress = address;
822  if ( normalizedAddress.contains("%") ) {
823  normalizedAddress = normalizedAddress.substring(0, normalizedAddress.indexOf("%"));
824  }
825 
826  return normalizedAddress;
827  }
828 }
829 
org.sleuthkit.datamodel.HostAddressManager.getHostAddressesUsedOnDataSource
List< HostAddress > getHostAddressesUsedOnDataSource(Content dataSource)
Definition: HostAddressManager.java:683
org.sleuthkit.datamodel.HostAddressManager.getHostAddress
Optional< HostAddress > getHostAddress(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:90
org.sleuthkit.datamodel.HostAddressManager.getHostAddressesUsedByContent
List< HostAddress > getHostAddressesUsedByContent(Content content)
Definition: HostAddressManager.java:667
org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping
void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final SleuthkitCase.CaseDbTransaction caseDbTransaction)
Definition: HostAddressManager.java:395
org.sleuthkit.datamodel.HostAddressManager.addUsage
void addUsage(Content content, HostAddress hostAddress)
Definition: HostAddressManager.java:630
org.sleuthkit.datamodel.HostAddress.HostAddressType.fromID
static HostAddressType fromID(int typeId)
Definition: HostAddress.java:165
org.sleuthkit.datamodel.HostAddressManager.getHostAddressesAssignedTo
List< HostAddress > getHostAddressesAssignedTo(Host host)
Definition: HostAddressManager.java:286
org.sleuthkit.datamodel.HostAddressManager.hostAddressExists
Optional< Long > hostAddressExists(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:508
org.sleuthkit.datamodel.HostAddressManager.newHostAddress
HostAddress newHostAddress(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:178
org.sleuthkit.datamodel.Content
Definition: Content.java:33
org.sleuthkit.datamodel.HostAddressManager.getIpAddress
List< HostAddress > getIpAddress(String hostname)
Definition: HostAddressManager.java:558
org.sleuthkit.datamodel.HostAddressManager.assignHostToAddress
void assignHostToAddress(Host host, HostAddress hostAddress, Long time, Content source)
Definition: HostAddressManager.java:250
org.sleuthkit.datamodel.HostAddressManager.hostNameAndIpMappingExists
boolean hostNameAndIpMappingExists(long addressObjectId)
Definition: HostAddressManager.java:461
org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping
void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source)
Definition: HostAddressManager.java:370

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.