001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue; 004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues; 005import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints; 006import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 007import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue; 009import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 010import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 011import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique; 012import gov.nist.secauto.metaschema.binding.model.annotations.KeyField; 013import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 014import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints; 015import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 016import gov.nist.secauto.metaschema.model.common.constraint.IConstraint; 017import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter; 018import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 019import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline; 020import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter; 021import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 022import java.lang.Override; 023import java.lang.String; 024import java.util.LinkedList; 025import java.util.List; 026import java.util.UUID; 027import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 028import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 029 030/** 031 * Identifies which statements within a control are addressed. 032 */ 033@MetaschemaAssembly( 034 formalName = "Specific Control Statement", 035 description = "Identifies which statements within a control are addressed.", 036 name = "statement", 037 metaschema = OscalSspMetaschema.class 038) 039@ValueConstraints( 040 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")}) 041) 042@AssemblyConstraints( 043 isUnique = { 044 @IsUnique(id = "unique-ssp-statement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."), 045 @IsUnique(id = "unique-ssp-implemented-requirement-statement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.") 046 } 047) 048public class Statement { 049 @BoundFlag( 050 formalName = "Control Statement Reference", 051 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a `control statement`.", 052 useName = "statement-id", 053 required = true, 054 typeAdapter = TokenAdapter.class, 055 remarks = "A reference to the specific implemented statement associated with a control." 056 ) 057 private String _statementId; 058 059 @BoundFlag( 060 formalName = "Control Statement Reference Universally Unique Identifier", 061 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control statement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The *UUID* of the `control statement` in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).", 062 useName = "uuid", 063 required = true, 064 typeAdapter = UuidAdapter.class 065 ) 066 private UUID _uuid; 067 068 @BoundAssembly( 069 formalName = "Property", 070 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 071 useName = "prop", 072 maxOccurs = -1 073 ) 074 @GroupAs( 075 name = "props", 076 inJson = JsonGroupAsBehavior.LIST 077 ) 078 private List<Property> _props; 079 080 @BoundAssembly( 081 formalName = "Link", 082 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 083 useName = "link", 084 maxOccurs = -1 085 ) 086 @GroupAs( 087 name = "links", 088 inJson = JsonGroupAsBehavior.LIST 089 ) 090 private List<Link> _links; 091 092 @BoundAssembly( 093 formalName = "Responsible Role", 094 description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", 095 useName = "responsible-role", 096 maxOccurs = -1 097 ) 098 @GroupAs( 099 name = "responsible-roles", 100 inJson = JsonGroupAsBehavior.LIST 101 ) 102 private List<ResponsibleRole> _responsibleRoles; 103 104 @BoundAssembly( 105 formalName = "Component Control Implementation", 106 description = "Defines how the referenced component implements a set of controls.", 107 useName = "by-component", 108 maxOccurs = -1 109 ) 110 @GroupAs( 111 name = "by-components", 112 inJson = JsonGroupAsBehavior.LIST 113 ) 114 private List<ByComponent> _byComponents; 115 116 @BoundField( 117 formalName = "Remarks", 118 description = "Additional commentary about the containing object.", 119 useName = "remarks" 120 ) 121 @BoundFieldValue( 122 typeAdapter = MarkupMultilineAdapter.class 123 ) 124 private MarkupMultiline _remarks; 125 126 public Statement() { 127 } 128 129 public String getStatementId() { 130 return _statementId; 131 } 132 133 public void setStatementId(String value) { 134 _statementId = value; 135 } 136 137 public UUID getUuid() { 138 return _uuid; 139 } 140 141 public void setUuid(UUID value) { 142 _uuid = value; 143 } 144 145 public List<Property> getProps() { 146 return _props; 147 } 148 149 public void setProps(List<Property> value) { 150 _props = value; 151 } 152 153 /** 154 * Add a new {@link Property} item to the underlying collection. 155 * @param item the item to add 156 * @return {@code true} 157 */ 158 public boolean addProp(Property item) { 159 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 160 if (_props == null) { 161 _props = new LinkedList<>(); 162 } 163 return _props.add(value); 164 } 165 166 /** 167 * Remove the first matching {@link Property} item from the underlying collection. 168 * @param item the item to remove 169 * @return {@code true} if the item was removed or {@code false} otherwise 170 */ 171 public boolean removeProp(Property item) { 172 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 173 return _props == null ? false : _props.remove(value); 174 } 175 176 public List<Link> getLinks() { 177 return _links; 178 } 179 180 public void setLinks(List<Link> value) { 181 _links = value; 182 } 183 184 /** 185 * Add a new {@link Link} item to the underlying collection. 186 * @param item the item to add 187 * @return {@code true} 188 */ 189 public boolean addLink(Link item) { 190 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 191 if (_links == null) { 192 _links = new LinkedList<>(); 193 } 194 return _links.add(value); 195 } 196 197 /** 198 * Remove the first matching {@link Link} item from the underlying collection. 199 * @param item the item to remove 200 * @return {@code true} if the item was removed or {@code false} otherwise 201 */ 202 public boolean removeLink(Link item) { 203 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 204 return _links == null ? false : _links.remove(value); 205 } 206 207 public List<ResponsibleRole> getResponsibleRoles() { 208 return _responsibleRoles; 209 } 210 211 public void setResponsibleRoles(List<ResponsibleRole> value) { 212 _responsibleRoles = value; 213 } 214 215 /** 216 * Add a new {@link ResponsibleRole} item to the underlying collection. 217 * @param item the item to add 218 * @return {@code true} 219 */ 220 public boolean addResponsibleRole(ResponsibleRole item) { 221 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 222 if (_responsibleRoles == null) { 223 _responsibleRoles = new LinkedList<>(); 224 } 225 return _responsibleRoles.add(value); 226 } 227 228 /** 229 * Remove the first matching {@link ResponsibleRole} item from the underlying collection. 230 * @param item the item to remove 231 * @return {@code true} if the item was removed or {@code false} otherwise 232 */ 233 public boolean removeResponsibleRole(ResponsibleRole item) { 234 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 235 return _responsibleRoles == null ? false : _responsibleRoles.remove(value); 236 } 237 238 public List<ByComponent> getByComponents() { 239 return _byComponents; 240 } 241 242 public void setByComponents(List<ByComponent> value) { 243 _byComponents = value; 244 } 245 246 /** 247 * Add a new {@link ByComponent} item to the underlying collection. 248 * @param item the item to add 249 * @return {@code true} 250 */ 251 public boolean addByComponent(ByComponent item) { 252 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 253 if (_byComponents == null) { 254 _byComponents = new LinkedList<>(); 255 } 256 return _byComponents.add(value); 257 } 258 259 /** 260 * Remove the first matching {@link ByComponent} item from the underlying collection. 261 * @param item the item to remove 262 * @return {@code true} if the item was removed or {@code false} otherwise 263 */ 264 public boolean removeByComponent(ByComponent item) { 265 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 266 return _byComponents == null ? false : _byComponents.remove(value); 267 } 268 269 public MarkupMultiline getRemarks() { 270 return _remarks; 271 } 272 273 public void setRemarks(MarkupMultiline value) { 274 _remarks = value; 275 } 276 277 @Override 278 public String toString() { 279 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 280 } 281}