Sleuth Kit Java Bindings (JNI)  4.11.0
Java bindings for using The Sleuth Kit
HostAddressManager.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import com.google.common.cache.Cache;
22 import com.google.common.cache.CacheBuilder;
23 import java.sql.PreparedStatement;
24 import java.sql.ResultSet;
25 import java.sql.SQLException;
26 import java.sql.Statement;
27 import java.util.ArrayList;
28 import java.util.List;
29 import java.util.Objects;
30 import java.util.Optional;
31 import java.util.logging.Level;
32 import java.util.logging.Logger;
33 import java.util.regex.Pattern;
34 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection;
35 import org.sleuthkit.datamodel.HostAddress.HostAddressType;
36 
40 public class HostAddressManager {
41 
42  private static final Logger LOGGER = Logger.getLogger(HostAddressManager.class.getName());
43 
44  private final SleuthkitCase db;
45 
51  private final Cache<Long, Byte> recentHostNameAndIpMappingCache = CacheBuilder.newBuilder().maximumSize(200000).build();
52 
59  private final Cache<String, HostAddress> recentHostAddressCache = CacheBuilder.newBuilder().maximumSize(200000).build();
60 
67  private final Cache<String, Boolean> hostAddressUsageCache = CacheBuilder.newBuilder().maximumSize(200000).build();
68 
75  HostAddressManager(SleuthkitCase skCase) {
76  this.db = skCase;
77  }
78 
89  public Optional<HostAddress> getHostAddress(HostAddress.HostAddressType type, String address) throws TskCoreException {
90 
91  db.acquireSingleUserCaseReadLock();
92  try (CaseDbConnection connection = this.db.getConnection()) {
93  return HostAddressManager.this.getHostAddress(type, address, connection);
94  } finally {
95  db.releaseSingleUserCaseReadLock();
96  }
97  }
98 
110  private Optional<HostAddress> getHostAddress(HostAddress.HostAddressType type, String address, CaseDbConnection connection) throws TskCoreException {
111 
112  HostAddress hostAddress = recentHostAddressCache.getIfPresent(createRecentHostAddressKey(type, address));
113  if (Objects.nonNull(hostAddress)) {
114  return Optional.of(hostAddress);
115  }
116  HostAddress.HostAddressType addressType = type;
117  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
118  addressType = getDNSType(address);
119  }
120  String normalizedAddress = getNormalizedAddress(address);
121  String queryString = "SELECT * FROM tsk_host_addresses"
122  + " WHERE address = ? AND address_type = ?";
123  try {
124  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
125  query.clearParameters();
126  query.setString(1, normalizedAddress.toLowerCase());
127  query.setInt(2, addressType.getId());
128  try (ResultSet rs = query.executeQuery()) {
129  if (!rs.next()) {
130  return Optional.empty(); // no match found
131  } else {
132  HostAddress newHostAddress = new HostAddress(db, rs.getLong("id"), HostAddressType.fromID(rs.getInt("address_type")), rs.getString("address"));
133  recentHostAddressCache.put(createRecentHostAddressKey(newHostAddress.getAddressType(), normalizedAddress), newHostAddress);
134  return Optional.of(newHostAddress);
135  }
136  }
137  } catch (SQLException ex) {
138  throw new TskCoreException(String.format("Error getting host address with type = %s and address = %s", type.getName(), address), ex);
139  }
140  }
141 
150  private String createRecentHostAddressKey(HostAddressType type, String address) {
151  return createRecentHostAddressKey(type.getId(), address);
152  }
153 
162  private String createRecentHostAddressKey(int typeId, String address) {
163  return typeId + "#" + address.toLowerCase();
164  }
165 
177  public HostAddress newHostAddress(HostAddress.HostAddressType type, String address) throws TskCoreException {
178  db.acquireSingleUserCaseWriteLock();
179  CaseDbConnection connection = this.db.getConnection();
180  try {
181  return HostAddressManager.this.newHostAddress(type, address, connection);
182  } catch (TskCoreException ex) {
183  // The insert may have failed because the HostAddress already exists, so
184  // try loading it from the database.
185  Optional<HostAddress> hostAddress = HostAddressManager.this.getHostAddress(type, address, connection);
186  if (hostAddress.isPresent()) {
187  return hostAddress.get();
188  }
189  throw ex;
190  } finally {
191  connection.close();
192  db.releaseSingleUserCaseWriteLock();
193  }
194  }
195 
207  private HostAddress newHostAddress(HostAddress.HostAddressType type, String address, CaseDbConnection connection) throws TskCoreException {
208  HostAddress.HostAddressType addressType = type;
209  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
210  addressType = getDNSType(address);
211  }
212 
213  String normalizedAddress = getNormalizedAddress(address);
214  try {
215 
216  // TODO: need to get the correct parent obj id.
217  long parentObjId = 0;
218  int objTypeId = TskData.ObjectType.HOST_ADDRESS.getObjectType();
219 
220  long objId = db.addObject(parentObjId, objTypeId, connection);
221 
222  String hostAddressInsertSQL = "INSERT INTO tsk_host_addresses(id, address_type, address) VALUES (?, ?, ?)"; // NON-NLS
223  PreparedStatement preparedStatement = connection.getPreparedStatement(hostAddressInsertSQL, Statement.RETURN_GENERATED_KEYS);
224 
225  preparedStatement.clearParameters();
226  preparedStatement.setLong(1, objId);
227  preparedStatement.setInt(2, addressType.getId());
228  preparedStatement.setString(3, normalizedAddress.toLowerCase());
229 
230  connection.executeUpdate(preparedStatement);
231  HostAddress hostAddress = new HostAddress(db, objId, addressType, normalizedAddress);
232  recentHostAddressCache.put(createRecentHostAddressKey(addressType, normalizedAddress), hostAddress);
233  return hostAddress;
234  } catch (SQLException ex) {
235  throw new TskCoreException(String.format("Error adding host address of type = %s, with address = %s", type.getName(), address), ex);
236  }
237  }
238 
249  public void assignHostToAddress(Host host, HostAddress hostAddress, Long time, Content source) throws TskCoreException {
250 
251  String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_map(host_id, addr_obj_id, source_obj_id, time) "
252  + " VALUES(?, ?, ?, ?) ");
253 
254  db.acquireSingleUserCaseWriteLock();
255  try (CaseDbConnection connection = this.db.getConnection()) {
256 
257  PreparedStatement preparedStatement = connection.getPreparedStatement(insertSQL, Statement.NO_GENERATED_KEYS);
258 
259  preparedStatement.clearParameters();
260  preparedStatement.setLong(1, host.getHostId());
261  preparedStatement.setLong(2, hostAddress.getId());
262  preparedStatement.setLong(3, source.getId());
263  if (time != null) {
264  preparedStatement.setLong(4, time);
265  } else {
266  preparedStatement.setNull(4, java.sql.Types.BIGINT);
267  }
268 
269  connection.executeUpdate(preparedStatement);
270  } catch (SQLException ex) {
271  LOGGER.log(Level.SEVERE, null, ex);
272  throw new TskCoreException(String.format("Error adding host address mapping for host name = %s, with address = %s", host.getName(), hostAddress.getAddress()), ex);
273  } finally {
274  db.releaseSingleUserCaseWriteLock();
275  }
276  }
277 
285  List<HostAddress> getHostAddressesAssignedTo(Host host) throws TskCoreException {
286 
287  String queryString = "SELECT addr_obj_id FROM tsk_host_address_map "
288  + " WHERE host_id = " + host.getHostId();
289 
290  List<HostAddress> addresses = new ArrayList<>();
291 
292  db.acquireSingleUserCaseReadLock();
293  try (CaseDbConnection connection = this.db.getConnection();
294  Statement s = connection.createStatement();
295  ResultSet rs = connection.executeQuery(s, queryString)) {
296 
297  while (rs.next()) {
298  addresses.add(HostAddressManager.this.getHostAddress(rs.getLong("addr_obj_id"), connection));
299  }
300 
301  return addresses;
302  } catch (SQLException ex) {
303  throw new TskCoreException(String.format("Error getting host addresses for host " + host.getName()), ex);
304  } finally {
305  db.releaseSingleUserCaseReadLock();
306  }
307  }
308 
318  public HostAddress getHostAddress(long id) throws TskCoreException {
319  db.acquireSingleUserCaseReadLock();
320  try (CaseDbConnection connection = this.db.getConnection()) {
321  return HostAddressManager.this.getHostAddress(id, connection);
322  } finally {
323  db.releaseSingleUserCaseReadLock();
324  }
325  }
326 
337  private HostAddress getHostAddress(long id, CaseDbConnection connection) throws TskCoreException {
338  String queryString = "SELECT * FROM tsk_host_addresses"
339  + " WHERE id = " + id;
340 
341  try (Statement s = connection.createStatement();
342  ResultSet rs = connection.executeQuery(s, queryString)) {
343 
344  if (!rs.next()) {
345  throw new TskCoreException(String.format("No address found with id = %d", id));
346  } else {
347  long objId = rs.getLong("id");
348  int type = rs.getInt("address_type");
349  String address = rs.getString("address");
350  HostAddress hostAddress = new HostAddress(db, objId, HostAddress.HostAddressType.fromID(type), address);
351  recentHostAddressCache.put(createRecentHostAddressKey(type, address), hostAddress);
352  return hostAddress;
353  }
354  } catch (SQLException ex) {
355  throw new TskCoreException(String.format("Error getting host address with id = %d", id), ex);
356  }
357  }
358 
369  public void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source) throws TskCoreException {
370 
371  db.acquireSingleUserCaseWriteLock();
372  try (CaseDbConnection connection = this.db.getConnection()) {
373  addHostNameAndIpMapping(dnsNameAddress, ipAddress, time, source, connection);
374  } catch (SQLException ex) {
375  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s", dnsNameAddress.getAddress(), ipAddress.getAddress()), ex);
376  } finally {
377  db.releaseSingleUserCaseWriteLock();
378  }
379  }
380 
394  public void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException {
395 
396  if (Objects.isNull(caseDbTransaction)) {
397  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s, null caseDbTransaction passed to addHostNameAndIpMapping", dnsNameAddress.getAddress(), ipAddress.getAddress()));
398  }
399  try {
400  addHostNameAndIpMapping(dnsNameAddress, ipAddress, time, source, caseDbTransaction.getConnection());
401  } catch (SQLException ex) {
402  throw new TskCoreException(String.format("Error adding host DNS address mapping for DNS name = %s, and IP address = %s", dnsNameAddress.getAddress(), ipAddress.getAddress()), ex);
403  }
404  }
405 
417  private void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final CaseDbConnection connection) throws SQLException, TskCoreException {
418 
419  if (dnsNameAddress.getAddressType() != HostAddress.HostAddressType.HOSTNAME) {
420  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping: A host name address is expected.");
421  }
422  if ((ipAddress.getAddressType() != HostAddress.HostAddressType.IPV4) && (ipAddress.getAddressType() != HostAddress.HostAddressType.IPV6)) {
423  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping:An IPv4/IPv6 address is expected.");
424  }
425  if (Objects.isNull(connection)) {
426  throw new TskCoreException("IllegalArguments passed to addHostNameAndIpMapping: null connection passed to addHostNameAndIpMapping");
427  }
428 
429  String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_dns_ip_map(dns_address_id, ip_address_id, source_obj_id, time) "
430  + " VALUES(?, ?, ?, ?) ");
431 
432  PreparedStatement preparedStatement = connection.getPreparedStatement(insertSQL, Statement.NO_GENERATED_KEYS);
433 
434  preparedStatement.clearParameters();
435  preparedStatement.setLong(1, dnsNameAddress.getId());
436  preparedStatement.setLong(2, ipAddress.getId());
437  preparedStatement.setLong(3, source.getId());
438  if (time != null) {
439  preparedStatement.setLong(4, time);
440  } else {
441  preparedStatement.setNull(4, java.sql.Types.BIGINT);
442  }
443  connection.executeUpdate(preparedStatement);
444  recentHostNameAndIpMappingCache.put(ipAddress.getId(), new Byte((byte) 1));
445  recentHostNameAndIpMappingCache.put(dnsNameAddress.getId(), new Byte((byte) 1));
446  }
447 
460  public boolean hostNameAndIpMappingExists(long addressObjectId) throws TskCoreException {
461 
462  Byte isPresent = recentHostNameAndIpMappingCache.getIfPresent(addressObjectId);
463 
464  if (Objects.nonNull(isPresent)) {
465  return true;
466  }
467 
468  String queryString = "SELECT count(*) as mappingCount FROM tsk_host_address_dns_ip_map WHERE ip_address_id = ? OR dns_address_id = ? ";
469 
470  db.acquireSingleUserCaseReadLock();
471  try (CaseDbConnection connection = this.db.getConnection();
472  PreparedStatement ps = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);) {
473  ps.clearParameters();
474  ps.setLong(1, addressObjectId);
475  ps.setLong(2, addressObjectId);
476  try (ResultSet rs = ps.executeQuery()) {
477  if (!rs.next()) {
478  return false;
479  } else {
480  boolean status = rs.getLong("mappingCount") > 0;
481  if (status) {
482  recentHostNameAndIpMappingCache.put(addressObjectId, new Byte((byte) 1));
483  }
484  return status;
485  }
486  }
487  } catch (SQLException ex) {
488  throw new TskCoreException("Error looking up host address / Ip mapping for address = " + addressObjectId, ex);
489  } finally {
490  db.releaseSingleUserCaseReadLock();
491  }
492  }
493 
507  public Optional<Long> hostAddressExists(HostAddress.HostAddressType type, String address) throws TskCoreException {
508 
509  HostAddress hostAddress = recentHostAddressCache.getIfPresent(createRecentHostAddressKey(type, address));
510  if (Objects.nonNull(hostAddress)) {
511  return Optional.of(hostAddress.getId());
512  }
513 
514  HostAddress.HostAddressType addressType = type;
515  if (type.equals(HostAddress.HostAddressType.DNS_AUTO)) {
516  addressType = getDNSType(address);
517  }
518  String normalizedAddress = getNormalizedAddress(address);
519 
520  String queryString = "SELECT id, address_type, address FROM tsk_host_addresses"
521  + " WHERE address = ? AND address_type = ?";
522 
523  db.acquireSingleUserCaseReadLock();
524  try (CaseDbConnection connection = this.db.getConnection();
525  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);) {
526  query.clearParameters();
527  query.setString(1, normalizedAddress.toLowerCase());
528  query.setInt(2, addressType.getId());
529  try (ResultSet rs = query.executeQuery()) {
530  if (!rs.next()) {
531  return Optional.empty(); // no match found
532  } else {
533  long objId = rs.getLong("id");
534  int addrType = rs.getInt("address_type");
535  String addr = rs.getString("address");
536  HostAddress hostAddr = new HostAddress(db, objId, HostAddress.HostAddressType.fromID(addrType), addr);
537  recentHostAddressCache.put(createRecentHostAddressKey(addrType, normalizedAddress), hostAddr);
538  return Optional.of(objId);
539  }
540  }
541  } catch (SQLException ex) {
542  throw new TskCoreException(String.format("Error getting host address with type = %s and address = %s", type.getName(), address), ex);
543  } finally {
544  db.releaseSingleUserCaseReadLock();
545  }
546  }
547 
557  public List<HostAddress> getIpAddress(String hostname) throws TskCoreException {
558  String queryString = "SELECT ip_address_id FROM tsk_host_address_dns_ip_map as map "
559  + " JOIN tsk_host_addresses as addresses "
560  + " ON map.dns_address_id = addresses.id "
561  + " WHERE addresses.address_type = " + HostAddress.HostAddressType.HOSTNAME.getId()
562  + " AND addresses.address = ?";
563 
564  db.acquireSingleUserCaseReadLock();
565  try (CaseDbConnection connection = this.db.getConnection()) {
566  List<HostAddress> IpAddresses = new ArrayList<>();
567  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
568  query.clearParameters();
569  query.setString(1, hostname.toLowerCase());
570  try (ResultSet rs = query.executeQuery()) {
571  while (rs.next()) {
572  long ipAddressObjId = rs.getLong("ip_address_id");
573  IpAddresses.add(HostAddressManager.this.getHostAddress(ipAddressObjId, connection));
574  recentHostNameAndIpMappingCache.put(ipAddressObjId, new Byte((byte) 1));
575  }
576  return IpAddresses;
577  }
578  } catch (SQLException ex) {
579  throw new TskCoreException(String.format("Error getting host addresses for host name: " + hostname), ex);
580  } finally {
581  db.releaseSingleUserCaseReadLock();
582  }
583  }
584 
594  List<HostAddress> getHostNameByIp(String ipAddress) throws TskCoreException {
595  String queryString = "SELECT dns_address_id FROM tsk_host_address_dns_ip_map as map "
596  + " JOIN tsk_host_addresses as addresses "
597  + " ON map.ip_address_id = addresses.id "
598  + " WHERE ( addresses.address_type = " + HostAddress.HostAddressType.IPV4.getId()
599  + " OR addresses.address_type = " + HostAddress.HostAddressType.IPV6.getId() + ")"
600  + " AND addresses.address = ?";
601 
602  db.acquireSingleUserCaseReadLock();
603  try (CaseDbConnection connection = this.db.getConnection()) {
604  List<HostAddress> dnsNames = new ArrayList<>();
605  PreparedStatement query = connection.getPreparedStatement(queryString, Statement.NO_GENERATED_KEYS);
606  query.clearParameters();
607  query.setString(1, ipAddress.toLowerCase());
608  try (ResultSet rs = query.executeQuery()) {
609  while (rs.next()) {
610  long dnsAddressId = rs.getLong("dns_address_id");
611  dnsNames.add(HostAddressManager.this.getHostAddress(dnsAddressId, connection));
612  recentHostNameAndIpMappingCache.put(dnsAddressId, new Byte((byte) 1));
613  }
614  return dnsNames;
615  }
616  } catch (SQLException ex) {
617  throw new TskCoreException(String.format("Error getting host addresses for IP address: " + ipAddress), ex);
618  } finally {
619  db.releaseSingleUserCaseReadLock();
620  }
621  }
622 
629  public void addUsage(Content content, HostAddress hostAddress) throws TskCoreException {
630 
631  String key = content.getDataSource().getId() + "#" + hostAddress.getId() + "#" + content.getId();
632  Boolean cachedValue = hostAddressUsageCache.getIfPresent(key);
633  if (null != cachedValue) {
634  return;
635  }
636 
637  final String insertSQL = db.getInsertOrIgnoreSQL(" INTO tsk_host_address_usage(addr_obj_id, obj_id, data_source_obj_id) "
638  + " VALUES(" + hostAddress.getId() + ", " + content.getId() + ", " + content.getDataSource().getId() + ") ");
639 
640  db.acquireSingleUserCaseWriteLock();
641  try (CaseDbConnection connection = this.db.getConnection();
642  Statement s = connection.createStatement()) {
643  connection.executeUpdate(s, insertSQL);
644  hostAddressUsageCache.put(key, true);
645  } catch (SQLException ex) {
646  throw new TskCoreException(String.format("Error associating host address %s with artifact with id %d", hostAddress.getAddress(), content.getId()), ex);
647  } finally {
648  db.releaseSingleUserCaseWriteLock();
649  }
650  }
651 
652  private final String ADDRESS_USAGE_QUERY = "SELECT addresses.id as id, addresses.address_type as address_type, addresses.address as address "
653  + " FROM tsk_host_address_usage as usage "
654  + " JOIN tsk_host_addresses as addresses "
655  + " ON usage.addr_obj_id = addresses.id ";
656 
666  public List<HostAddress> getHostAddressesUsedByContent(Content content) throws TskCoreException {
667  String queryString = ADDRESS_USAGE_QUERY
668  + " WHERE usage.obj_id = " + content.getId();
669 
670  return getHostAddressesUsed(queryString);
671  }
672 
682  public List<HostAddress> getHostAddressesUsedOnDataSource(Content dataSource) throws TskCoreException {
683  String queryString = ADDRESS_USAGE_QUERY
684  + " WHERE usage.data_source_obj_id = " + dataSource.getId();
685 
686  return getHostAddressesUsed(queryString);
687  }
688 
698  private List<HostAddress> getHostAddressesUsed(String addressesUsedSQL) throws TskCoreException {
699 
700  List<HostAddress> addressesUsed = new ArrayList<>();
701 
702  db.acquireSingleUserCaseReadLock();
703  try (CaseDbConnection connection = this.db.getConnection();
704  Statement s = connection.createStatement();
705  ResultSet rs = connection.executeQuery(s, addressesUsedSQL)) {
706 
707  while (rs.next()) {
708  addressesUsed.add(new HostAddress(db, rs.getLong("id"), HostAddress.HostAddressType.fromID(rs.getInt("address_type")), rs.getString("address")));
709  }
710  return addressesUsed;
711  } catch (SQLException ex) {
712  throw new TskCoreException(String.format("Error getting host addresses used with query string = %s", addressesUsedSQL), ex);
713  } finally {
714  db.releaseSingleUserCaseReadLock();
715  }
716  }
717 
725  private HostAddress.HostAddressType getDNSType(String address) {
726  if (isIPv4(address)) {
727  return HostAddress.HostAddressType.IPV4;
728  } else if (isIPv6(address)) {
729  return HostAddress.HostAddressType.IPV6;
730  } else {
731  return HostAddress.HostAddressType.HOSTNAME;
732  }
733  }
734 
735  private static final Pattern IPV4_PATTERN =
736  Pattern.compile("^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\\.(?!$)|$)){4}$");
744  private static boolean isIPv4(String ipAddress) {
745  if (ipAddress != null) {
746  return IPV4_PATTERN.matcher(ipAddress).matches();
747  }
748  return false;
749  }
750 
751 
752  // IPV6 address examples:
753  // Standard: 684D:1111:222:3333:4444:5555:6:77
754  // Compressed: 1234:fd2:5621:1:89::4500
755  // With zone/interface specifier: fe80::1ff:fe23:4567:890a%eth2
756  // fe80::1ff:fe23:4567:890a%3
757  private static final Pattern IPV6_STD_PATTERN =
758  Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}(%.+)?$");
759  private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
760  Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)(%.+)?$");
761 
762 
763  private static boolean isIPv6StdAddress(final String input) {
764  return IPV6_STD_PATTERN.matcher(input).matches();
765  }
766  private static boolean isIPv6HexCompressedAddress(final String input) {
767  return IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
768  }
769 
777  private static boolean isIPv6(String ipAddress) {
778 
779  if (ipAddress != null) {
780  return isIPv6StdAddress(ipAddress) || isIPv6HexCompressedAddress(ipAddress);
781  }
782 
783  return false;
784  }
785 
796  private static String getNormalizedAddress(String address) {
797 
798  String normalizedAddress = address;
799 
800  if (isIPv6(address)) {
801  normalizedAddress = getNormalizedIPV6Address(address);
802  }
803 
804  return normalizedAddress;
805  }
806 
818  private static String getNormalizedIPV6Address(String address) {
819 
820  String normalizedAddress = address;
821  if ( normalizedAddress.contains("%") ) {
822  normalizedAddress = normalizedAddress.substring(0, normalizedAddress.indexOf("%"));
823  }
824 
825  return normalizedAddress;
826  }
827 }
828 
org.sleuthkit.datamodel.HostAddressManager.getHostAddressesUsedOnDataSource
List< HostAddress > getHostAddressesUsedOnDataSource(Content dataSource)
Definition: HostAddressManager.java:682
org.sleuthkit.datamodel.HostAddressManager.getHostAddress
Optional< HostAddress > getHostAddress(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:89
org.sleuthkit.datamodel.HostAddressManager.getHostAddressesUsedByContent
List< HostAddress > getHostAddressesUsedByContent(Content content)
Definition: HostAddressManager.java:666
org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping
void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source, final SleuthkitCase.CaseDbTransaction caseDbTransaction)
Definition: HostAddressManager.java:394
org.sleuthkit.datamodel.HostAddressManager.addUsage
void addUsage(Content content, HostAddress hostAddress)
Definition: HostAddressManager.java:629
org.sleuthkit.datamodel.HostAddress.HostAddressType.fromID
static HostAddressType fromID(int typeId)
Definition: HostAddress.java:165
org.sleuthkit.datamodel.HostAddressManager.hostAddressExists
Optional< Long > hostAddressExists(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:507
org.sleuthkit.datamodel.HostAddressManager.newHostAddress
HostAddress newHostAddress(HostAddress.HostAddressType type, String address)
Definition: HostAddressManager.java:177
org.sleuthkit.datamodel.Content
Definition: Content.java:33
org.sleuthkit.datamodel.HostAddressManager.getIpAddress
List< HostAddress > getIpAddress(String hostname)
Definition: HostAddressManager.java:557
org.sleuthkit.datamodel.HostAddressManager.assignHostToAddress
void assignHostToAddress(Host host, HostAddress hostAddress, Long time, Content source)
Definition: HostAddressManager.java:249
org.sleuthkit.datamodel.HostAddressManager.hostNameAndIpMappingExists
boolean hostNameAndIpMappingExists(long addressObjectId)
Definition: HostAddressManager.java:460
org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping
void addHostNameAndIpMapping(HostAddress dnsNameAddress, HostAddress ipAddress, Long time, Content source)
Definition: HostAddressManager.java:369

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.