private void validateIntersections(
      final PreparedUpdate update,
      final UpdateContext updateContext,
      final IpInterval ipInterval,
      final IpTree ipTree) {
    final List<IpEntry> parent = ipTree.findFirstLessSpecific(ipInterval);
    Validate.notEmpty(parent, "Should always have a parent");

    Interval firstIntersecting = null;
    final List<IpEntry> childEntries =
        ipTree.findFirstMoreSpecific((IpInterval) parent.get(0).getKey());
    for (final IpEntry childEntry : childEntries) {
      final Interval child = childEntry.getKey();

      if (child.intersects(ipInterval)
          && !(child.contains(ipInterval) || ipInterval.contains(child))) {
        if (firstIntersecting == null
            || firstIntersecting
                    .singletonIntervalAtLowerBound()
                    .compareUpperBound(child.singletonIntervalAtLowerBound())
                > 0) {
          firstIntersecting = child;
        }
      }
    }

    if (firstIntersecting != null) {
      updateContext.addMessage(update, UpdateMessages.intersectingRange(firstIntersecting));
    }
  }
 @Override
 public void validate(final PreparedUpdate update, final UpdateContext updateContext) {
   final IpInterval ipInterval = IpInterval.parse(update.getReferenceObject().getKey());
   if (ipInterval instanceof Ipv4Resource) {
     validateIntersections(update, updateContext, ipInterval, ipv4Tree);
   } else {
     validateIntersections(update, updateContext, ipInterval, ipv6Tree);
   }
 }
Example #3
0
  private Response doSyncUpdate(final Request request) {
    loggerContext.init(getRequestId(request.getRemoteAddress()));

    try {
      if (!sourceMatchesContext(request.getSource())) {
        return Response.status(Response.Status.BAD_REQUEST)
            .entity("Invalid source specified: " + request.getSource())
            .build();
      }

      boolean notificationsEnabled = true;
      if (request.isParam(Command.REDIRECT)) {
        if (!ipRanges.isTrusted(IpInterval.parse(request.getRemoteAddress()))) {
          return Response.status(Response.Status.FORBIDDEN)
              .entity("Not allowed to disable notifications: " + request.getRemoteAddress())
              .build();
        }

        notificationsEnabled = false;
      }

      if (!request.hasParam(Command.DATA) && request.isParam(Command.NEW)) {
        return Response.status(Response.Status.BAD_REQUEST)
            .entity("DATA parameter is missing")
            .build();
      }

      if (!request.hasParam(Command.DATA) && !request.isParam(Command.HELP)) {
        return Response.status(Response.Status.BAD_REQUEST).entity("Invalid request").build();
      }

      loggerContext.log("msg-in.txt", new SyncUpdateLogCallback(request.toString()));

      final UpdateContext updateContext = new UpdateContext(loggerContext);

      final String content = request.hasParam("DATA") ? request.getParam("DATA") : "";

      final UpdateRequest updateRequest =
          new UpdateRequest(
              new SyncUpdate(dateTimeProvider, request.getRemoteAddress()),
              getKeyword(request),
              content,
              updatesParser.parse(
                  updateContext, Lists.newArrayList(new ContentWithCredentials(content))),
              notificationsEnabled);

      final UpdateResponse updateResponse =
          updateRequestHandler.handle(updateRequest, updateContext);
      loggerContext.log("msg-out.txt", new SyncUpdateLogCallback(updateResponse.getResponse()));
      return getResponse(updateResponse);

    } finally {
      loggerContext.remove();
    }
  }
  @Override
  public List<RpslObject> authenticate(
      final PreparedUpdate update, final UpdateContext updateContext) {
    final RpslObject updatedObject = update.getUpdatedObject();
    final RpslAttribute typeAttribute = updatedObject.getTypeAttribute();
    final IpInterval addressPrefix = IpInterval.parse(typeAttribute.getCleanValue());

    final List<RpslObject> ipObjects = getIpObjects(addressPrefix);
    if (ipObjects.isEmpty()) {
      throw new AuthenticationFailedException(
          UpdateMessages.authenticationFailed(
              updatedObject, typeAttribute.getType(), Collections.<RpslObject>emptyList()),
          Collections.<RpslObject>emptyList());
    }

    final Set<RpslObject> allCandidates = Sets.newLinkedHashSet();
    final List<Message> authenticationMessages = Lists.newArrayList();

    for (final RpslObject ipObject : ipObjects) {
      if (ipObject.containsAttribute(AttributeType.MNT_ROUTES)) {
        final List<RpslObject> candidates =
            getCandidatesForMntRoutesAuthentication(ipObject, update);
        allCandidates.addAll(candidates);

        final List<RpslObject> authenticated =
            authenticationModule.authenticate(update, updateContext, candidates);
        if (authenticated.isEmpty()) {
          authenticationMessages.add(
              UpdateMessages.authenticationFailed(ipObject, AttributeType.MNT_ROUTES, candidates));
        } else {
          return authenticated;
        }
      }
    }

    if (!authenticationMessages.isEmpty()) {
      throw new AuthenticationFailedException(authenticationMessages, allCandidates);
    }

    for (final RpslObject ipObject : ipObjects) {
      final IpInterval ipInterval = IpInterval.parse(ipObject.getTypeAttribute().getCleanValue());
      if (!addressPrefix.equals(ipInterval)
          && ipObject.containsAttribute(AttributeType.MNT_LOWER)) {
        final List<RpslObject> candidates =
            objectDao.getByKeys(
                ObjectType.MNTNER, ipObject.getValuesForAttribute(AttributeType.MNT_LOWER));
        allCandidates.addAll(candidates);

        final List<RpslObject> authenticated =
            authenticationModule.authenticate(update, updateContext, candidates);
        if (authenticated.isEmpty()) {
          authenticationMessages.add(
              UpdateMessages.authenticationFailed(ipObject, AttributeType.MNT_LOWER, candidates));
        } else {
          return authenticated;
        }
      }
    }

    if (!authenticationMessages.isEmpty()) {
      throw new AuthenticationFailedException(authenticationMessages, allCandidates);
    }

    for (final RpslObject ipObject : ipObjects) {
      if (ipObject.containsAttribute(AttributeType.MNT_BY)) {
        final List<RpslObject> candidates =
            objectDao.getByKeys(
                ObjectType.MNTNER, ipObject.getValuesForAttribute(AttributeType.MNT_BY));
        allCandidates.addAll(candidates);

        final List<RpslObject> authenticated =
            authenticationModule.authenticate(update, updateContext, candidates);
        if (authenticated.isEmpty()) {
          authenticationMessages.add(
              UpdateMessages.authenticationFailed(ipObject, AttributeType.MNT_BY, candidates));
        } else {
          return authenticated;
        }
      }
    }

    if (!authenticationMessages.isEmpty()) {
      throw new AuthenticationFailedException(authenticationMessages, allCandidates);
    }

    throw new AuthenticationFailedException(
        UpdateMessages.authenticationFailed(
            updatedObject, typeAttribute.getType(), Collections.<RpslObject>emptyList()),
        allCandidates);
  }