Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
005import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
006import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
007import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
009import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
010import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
011import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
012import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
013import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
014import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
015import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
016import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
017import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
018import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
019import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
020import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
021import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
022import java.lang.Override;
023import java.lang.String;
024import java.util.LinkedList;
025import java.util.List;
026import java.util.UUID;
027import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
028import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
029
030/**
031 * Identifies which statements within a control are addressed.
032 */
033@MetaschemaAssembly(
034    formalName = "Specific Control Statement",
035    description = "Identifies which statements within a control are addressed.",
036    name = "statement",
037    metaschema = OscalSspMetaschema.class
038)
039@ValueConstraints(
040    allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")})
041)
042@AssemblyConstraints(
043    isUnique = {
044        @IsUnique(id = "unique-ssp-statement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."),
045        @IsUnique(id = "unique-ssp-implemented-requirement-statement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.")
046    }
047)
048public class Statement {
049  @BoundFlag(
050      formalName = "Control Statement Reference",
051      description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a `control statement`.",
052      useName = "statement-id",
053      required = true,
054      typeAdapter = TokenAdapter.class,
055      remarks = "A reference to the specific implemented statement associated with a control."
056  )
057  private String _statementId;
058
059  @BoundFlag(
060      formalName = "Control Statement Reference Universally Unique Identifier",
061      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control statement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The *UUID* of the `control statement` in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).",
062      useName = "uuid",
063      required = true,
064      typeAdapter = UuidAdapter.class
065  )
066  private UUID _uuid;
067
068  @BoundAssembly(
069      formalName = "Property",
070      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
071      useName = "prop",
072      maxOccurs = -1
073  )
074  @GroupAs(
075      name = "props",
076      inJson = JsonGroupAsBehavior.LIST
077  )
078  private List<Property> _props;
079
080  @BoundAssembly(
081      formalName = "Link",
082      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
083      useName = "link",
084      maxOccurs = -1
085  )
086  @GroupAs(
087      name = "links",
088      inJson = JsonGroupAsBehavior.LIST
089  )
090  private List<Link> _links;
091
092  @BoundAssembly(
093      formalName = "Responsible Role",
094      description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.",
095      useName = "responsible-role",
096      maxOccurs = -1
097  )
098  @GroupAs(
099      name = "responsible-roles",
100      inJson = JsonGroupAsBehavior.LIST
101  )
102  private List<ResponsibleRole> _responsibleRoles;
103
104  @BoundAssembly(
105      formalName = "Component Control Implementation",
106      description = "Defines how the referenced component implements a set of controls.",
107      useName = "by-component",
108      maxOccurs = -1
109  )
110  @GroupAs(
111      name = "by-components",
112      inJson = JsonGroupAsBehavior.LIST
113  )
114  private List<ByComponent> _byComponents;
115
116  @BoundField(
117      formalName = "Remarks",
118      description = "Additional commentary about the containing object.",
119      useName = "remarks"
120  )
121  @BoundFieldValue(
122      typeAdapter = MarkupMultilineAdapter.class
123  )
124  private MarkupMultiline _remarks;
125
126  public Statement() {
127  }
128
129  public String getStatementId() {
130    return _statementId;
131  }
132
133  public void setStatementId(String value) {
134    _statementId = value;
135  }
136
137  public UUID getUuid() {
138    return _uuid;
139  }
140
141  public void setUuid(UUID value) {
142    _uuid = value;
143  }
144
145  public List<Property> getProps() {
146    return _props;
147  }
148
149  public void setProps(List<Property> value) {
150    _props = value;
151  }
152
153  /**
154   * Add a new {@link Property} item to the underlying collection.
155   * @param item the item to add
156   * @return {@code true}
157   */
158  public boolean addProp(Property item) {
159    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
160    if (_props == null) {
161      _props = new LinkedList<>();
162    }
163    return _props.add(value);
164  }
165
166  /**
167   * Remove the first matching {@link Property} item from the underlying collection.
168   * @param item the item to remove
169   * @return {@code true} if the item was removed or {@code false} otherwise
170   */
171  public boolean removeProp(Property item) {
172    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
173    return _props == null ? false : _props.remove(value);
174  }
175
176  public List<Link> getLinks() {
177    return _links;
178  }
179
180  public void setLinks(List<Link> value) {
181    _links = value;
182  }
183
184  /**
185   * Add a new {@link Link} item to the underlying collection.
186   * @param item the item to add
187   * @return {@code true}
188   */
189  public boolean addLink(Link item) {
190    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
191    if (_links == null) {
192      _links = new LinkedList<>();
193    }
194    return _links.add(value);
195  }
196
197  /**
198   * Remove the first matching {@link Link} item from the underlying collection.
199   * @param item the item to remove
200   * @return {@code true} if the item was removed or {@code false} otherwise
201   */
202  public boolean removeLink(Link item) {
203    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
204    return _links == null ? false : _links.remove(value);
205  }
206
207  public List<ResponsibleRole> getResponsibleRoles() {
208    return _responsibleRoles;
209  }
210
211  public void setResponsibleRoles(List<ResponsibleRole> value) {
212    _responsibleRoles = value;
213  }
214
215  /**
216   * Add a new {@link ResponsibleRole} item to the underlying collection.
217   * @param item the item to add
218   * @return {@code true}
219   */
220  public boolean addResponsibleRole(ResponsibleRole item) {
221    ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
222    if (_responsibleRoles == null) {
223      _responsibleRoles = new LinkedList<>();
224    }
225    return _responsibleRoles.add(value);
226  }
227
228  /**
229   * Remove the first matching {@link ResponsibleRole} item from the underlying collection.
230   * @param item the item to remove
231   * @return {@code true} if the item was removed or {@code false} otherwise
232   */
233  public boolean removeResponsibleRole(ResponsibleRole item) {
234    ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
235    return _responsibleRoles == null ? false : _responsibleRoles.remove(value);
236  }
237
238  public List<ByComponent> getByComponents() {
239    return _byComponents;
240  }
241
242  public void setByComponents(List<ByComponent> value) {
243    _byComponents = value;
244  }
245
246  /**
247   * Add a new {@link ByComponent} item to the underlying collection.
248   * @param item the item to add
249   * @return {@code true}
250   */
251  public boolean addByComponent(ByComponent item) {
252    ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
253    if (_byComponents == null) {
254      _byComponents = new LinkedList<>();
255    }
256    return _byComponents.add(value);
257  }
258
259  /**
260   * Remove the first matching {@link ByComponent} item from the underlying collection.
261   * @param item the item to remove
262   * @return {@code true} if the item was removed or {@code false} otherwise
263   */
264  public boolean removeByComponent(ByComponent item) {
265    ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
266    return _byComponents == null ? false : _byComponents.remove(value);
267  }
268
269  public MarkupMultiline getRemarks() {
270    return _remarks;
271  }
272
273  public void setRemarks(MarkupMultiline value) {
274    _remarks = value;
275  }
276
277  @Override
278  public String toString() {
279    return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
280  }
281}