001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue; 004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues; 005import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints; 006import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 007import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue; 009import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 010import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 011import gov.nist.secauto.metaschema.binding.model.annotations.Index; 012import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey; 013import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique; 014import gov.nist.secauto.metaschema.binding.model.annotations.KeyField; 015import gov.nist.secauto.metaschema.binding.model.annotations.Matches; 016import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 017import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints; 018import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 019import gov.nist.secauto.metaschema.model.common.constraint.IConstraint; 020import gov.nist.secauto.metaschema.model.common.datatype.adapter.DateAdapter; 021import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriAdapter; 022import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriReferenceAdapter; 023import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 024import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine; 025import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter; 026import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline; 027import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter; 028import gov.nist.secauto.metaschema.model.common.datatype.object.Date; 029import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 030import java.lang.Override; 031import java.lang.String; 032import java.util.LinkedList; 033import java.util.List; 034import java.util.UUID; 035import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 036import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 037 038/** 039 * Provides information as to how the system is implemented. 040 */ 041@MetaschemaAssembly( 042 formalName = "System Implementation", 043 description = "Provides information as to how the system is implemented.", 044 name = "system-implementation", 045 metaschema = OscalSspMetaschema.class 046) 047@ValueConstraints( 048 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "(component | inventory-item)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='allows-authenticated-scan']/@value", values = {@AllowedValue(value = "yes", description = "The component allows an authenticated scan."), @AllowedValue(value = "no", description = "The component does not allow an authenticated scan.")}), 049 indexHasKey = { 050 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component/prop[@name='leveraged-authorization-uuid']", indexName = "index-system-implementation-leveraged-authorization-uuid", keyFields = @KeyField(target = "@value")), 051 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component/link[@rel='depends-on']", indexName = "index-system-implementation-component-uuid", keyFields = @KeyField(target = "@href")), 052 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component/link[@rel='validated-by']", indexName = "index-system-implementation-component-uuid-validation", keyFields = @KeyField(target = "@href")), 053 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component/link[@rel='proof-of-compliance']", indexName = "index-system-implementation-component-uuid-validation", keyFields = @KeyField(target = "@href")), 054 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component/link[@rel='uses-service']", indexName = "index-system-implementation-component-uuid-service", keyFields = @KeyField(target = "@href")), 055 @IndexHasKey(level = IConstraint.Level.ERROR, target = "component[@type='service']/link[@rel='provided-by']", indexName = "index-system-implementation-component-uuid-software", keyFields = @KeyField(target = "@href")) 056 } 057) 058@AssemblyConstraints( 059 index = { 060 @Index(level = IConstraint.Level.ERROR, target = "leveraged-authorization", name = "index-system-implementation-leveraged-authorization-uuid", keyFields = @KeyField(target = "@uuid")), 061 @Index(level = IConstraint.Level.ERROR, target = "component", name = "index-system-implementation-component-uuid", keyFields = @KeyField(target = "@uuid")), 062 @Index(level = IConstraint.Level.ERROR, target = "component[@type='validation']", name = "index-system-implementation-component-uuid-validation", keyFields = @KeyField(target = "@uuid")), 063 @Index(level = IConstraint.Level.ERROR, target = "component[@type='service']", name = "index-system-implementation-component-uuid-service", keyFields = @KeyField(target = "@uuid")), 064 @Index(level = IConstraint.Level.ERROR, target = "component[@type='service']", name = "index-system-implementation-component-uuid-software", keyFields = @KeyField(target = "@uuid")) 065 }, 066 isUnique = @IsUnique(id = "unique-ssp-system-implementation-user", level = IConstraint.Level.ERROR, target = "user", keyFields = @KeyField(target = "@uuid"), remarks = "A given `uuid` must be assigned only once to a user.") 067) 068public class SystemImplementation { 069 @BoundAssembly( 070 formalName = "Property", 071 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 072 useName = "prop", 073 maxOccurs = -1 074 ) 075 @GroupAs( 076 name = "props", 077 inJson = JsonGroupAsBehavior.LIST 078 ) 079 private List<Property> _props; 080 081 @BoundAssembly( 082 formalName = "Link", 083 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 084 useName = "link", 085 maxOccurs = -1 086 ) 087 @GroupAs( 088 name = "links", 089 inJson = JsonGroupAsBehavior.LIST 090 ) 091 private List<Link> _links; 092 093 /** 094 * "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a <em>common control provider</em>." 095 */ 096 @BoundAssembly( 097 formalName = "Leveraged Authorization", 098 description = "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a *common control provider*.", 099 useName = "leveraged-authorization", 100 maxOccurs = -1 101 ) 102 @GroupAs( 103 name = "leveraged-authorizations", 104 inJson = JsonGroupAsBehavior.LIST 105 ) 106 private List<LeveragedAuthorization> _leveragedAuthorizations; 107 108 @BoundAssembly( 109 formalName = "System User", 110 description = "A type of user that interacts with the system based on an associated role.", 111 useName = "user", 112 minOccurs = 1, 113 maxOccurs = -1 114 ) 115 @GroupAs( 116 name = "users", 117 inJson = JsonGroupAsBehavior.LIST 118 ) 119 private List<SystemUser> _users; 120 121 @BoundAssembly( 122 formalName = "Component", 123 description = "A defined component that can be part of an implemented system.", 124 useName = "component", 125 minOccurs = 1, 126 maxOccurs = -1 127 ) 128 @GroupAs( 129 name = "components", 130 inJson = JsonGroupAsBehavior.LIST 131 ) 132 private List<SystemComponent> _components; 133 134 @BoundAssembly( 135 formalName = "Inventory Item", 136 description = "A single managed inventory item within the system.", 137 useName = "inventory-item", 138 maxOccurs = -1, 139 remarks = "A set of `inventory-item` entries that represent the managed inventory instances of the system." 140 ) 141 @GroupAs( 142 name = "inventory-items", 143 inJson = JsonGroupAsBehavior.LIST 144 ) 145 private List<InventoryItem> _inventoryItems; 146 147 @BoundField( 148 formalName = "Remarks", 149 description = "Additional commentary about the containing object.", 150 useName = "remarks" 151 ) 152 @BoundFieldValue( 153 typeAdapter = MarkupMultilineAdapter.class 154 ) 155 private MarkupMultiline _remarks; 156 157 public SystemImplementation() { 158 } 159 160 public List<Property> getProps() { 161 return _props; 162 } 163 164 public void setProps(List<Property> value) { 165 _props = value; 166 } 167 168 /** 169 * Add a new {@link Property} item to the underlying collection. 170 * @param item the item to add 171 * @return {@code true} 172 */ 173 public boolean addProp(Property item) { 174 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 175 if (_props == null) { 176 _props = new LinkedList<>(); 177 } 178 return _props.add(value); 179 } 180 181 /** 182 * Remove the first matching {@link Property} item from the underlying collection. 183 * @param item the item to remove 184 * @return {@code true} if the item was removed or {@code false} otherwise 185 */ 186 public boolean removeProp(Property item) { 187 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 188 return _props == null ? false : _props.remove(value); 189 } 190 191 public List<Link> getLinks() { 192 return _links; 193 } 194 195 public void setLinks(List<Link> value) { 196 _links = value; 197 } 198 199 /** 200 * Add a new {@link Link} item to the underlying collection. 201 * @param item the item to add 202 * @return {@code true} 203 */ 204 public boolean addLink(Link item) { 205 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 206 if (_links == null) { 207 _links = new LinkedList<>(); 208 } 209 return _links.add(value); 210 } 211 212 /** 213 * Remove the first matching {@link Link} item from the underlying collection. 214 * @param item the item to remove 215 * @return {@code true} if the item was removed or {@code false} otherwise 216 */ 217 public boolean removeLink(Link item) { 218 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 219 return _links == null ? false : _links.remove(value); 220 } 221 222 public List<LeveragedAuthorization> getLeveragedAuthorizations() { 223 return _leveragedAuthorizations; 224 } 225 226 public void setLeveragedAuthorizations(List<LeveragedAuthorization> value) { 227 _leveragedAuthorizations = value; 228 } 229 230 /** 231 * Add a new {@link LeveragedAuthorization} item to the underlying collection. 232 * @param item the item to add 233 * @return {@code true} 234 */ 235 public boolean addLeveragedAuthorization(LeveragedAuthorization item) { 236 LeveragedAuthorization value = ObjectUtils.requireNonNull(item,"item cannot be null"); 237 if (_leveragedAuthorizations == null) { 238 _leveragedAuthorizations = new LinkedList<>(); 239 } 240 return _leveragedAuthorizations.add(value); 241 } 242 243 /** 244 * Remove the first matching {@link LeveragedAuthorization} item from the underlying collection. 245 * @param item the item to remove 246 * @return {@code true} if the item was removed or {@code false} otherwise 247 */ 248 public boolean removeLeveragedAuthorization(LeveragedAuthorization item) { 249 LeveragedAuthorization value = ObjectUtils.requireNonNull(item,"item cannot be null"); 250 return _leveragedAuthorizations == null ? false : _leveragedAuthorizations.remove(value); 251 } 252 253 public List<SystemUser> getUsers() { 254 return _users; 255 } 256 257 public void setUsers(List<SystemUser> value) { 258 _users = value; 259 } 260 261 /** 262 * Add a new {@link SystemUser} item to the underlying collection. 263 * @param item the item to add 264 * @return {@code true} 265 */ 266 public boolean addUser(SystemUser item) { 267 SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null"); 268 if (_users == null) { 269 _users = new LinkedList<>(); 270 } 271 return _users.add(value); 272 } 273 274 /** 275 * Remove the first matching {@link SystemUser} item from the underlying collection. 276 * @param item the item to remove 277 * @return {@code true} if the item was removed or {@code false} otherwise 278 */ 279 public boolean removeUser(SystemUser item) { 280 SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null"); 281 return _users == null ? false : _users.remove(value); 282 } 283 284 public List<SystemComponent> getComponents() { 285 return _components; 286 } 287 288 public void setComponents(List<SystemComponent> value) { 289 _components = value; 290 } 291 292 /** 293 * Add a new {@link SystemComponent} item to the underlying collection. 294 * @param item the item to add 295 * @return {@code true} 296 */ 297 public boolean addComponent(SystemComponent item) { 298 SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 299 if (_components == null) { 300 _components = new LinkedList<>(); 301 } 302 return _components.add(value); 303 } 304 305 /** 306 * Remove the first matching {@link SystemComponent} item from the underlying collection. 307 * @param item the item to remove 308 * @return {@code true} if the item was removed or {@code false} otherwise 309 */ 310 public boolean removeComponent(SystemComponent item) { 311 SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 312 return _components == null ? false : _components.remove(value); 313 } 314 315 public List<InventoryItem> getInventoryItems() { 316 return _inventoryItems; 317 } 318 319 public void setInventoryItems(List<InventoryItem> value) { 320 _inventoryItems = value; 321 } 322 323 /** 324 * Add a new {@link InventoryItem} item to the underlying collection. 325 * @param item the item to add 326 * @return {@code true} 327 */ 328 public boolean addInventoryItem(InventoryItem item) { 329 InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 330 if (_inventoryItems == null) { 331 _inventoryItems = new LinkedList<>(); 332 } 333 return _inventoryItems.add(value); 334 } 335 336 /** 337 * Remove the first matching {@link InventoryItem} item from the underlying collection. 338 * @param item the item to remove 339 * @return {@code true} if the item was removed or {@code false} otherwise 340 */ 341 public boolean removeInventoryItem(InventoryItem item) { 342 InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 343 return _inventoryItems == null ? false : _inventoryItems.remove(value); 344 } 345 346 public MarkupMultiline getRemarks() { 347 return _remarks; 348 } 349 350 public void setRemarks(MarkupMultiline value) { 351 _remarks = value; 352 } 353 354 @Override 355 public String toString() { 356 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 357 } 358 359 /** 360 * A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a <em>common control provider</em>. 361 */ 362 @MetaschemaAssembly( 363 formalName = "Leveraged Authorization", 364 description = "A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a *common control provider*.", 365 name = "leveraged-authorization", 366 metaschema = OscalSspMetaschema.class 367 ) 368 @ValueConstraints( 369 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "link/@rel", allowOthers = true, values = @AllowedValue(value = "system-security-plan", description = "A reference to the system security plan for the leveraged authorization.")), 370 indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, target = "link[@rel='system-security-plan' and starts-with(@href,'#')]", indexName = "index-back-matter-resource", keyFields = @KeyField(target = "@href", pattern = "#(.*)")), 371 matches = { 372 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='system-security-plan']/@href[starts-with(.,'#')]", typeAdapter = UriReferenceAdapter.class), 373 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='system-security-plan']/@href[not(starts-with(.,'#'))]", typeAdapter = UriAdapter.class) 374 } 375 ) 376 public static class LeveragedAuthorization { 377 @BoundFlag( 378 formalName = "Leveraged Authorization Universally Unique Identifier", 379 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope and can be used to reference this leveraged authorization elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `leveraged authorization` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 380 useName = "uuid", 381 required = true, 382 typeAdapter = UuidAdapter.class 383 ) 384 private UUID _uuid; 385 386 /** 387 * "A human readable name for the leveraged authorization in the context of the system." 388 */ 389 @BoundField( 390 formalName = "title field", 391 description = "A human readable name for the leveraged authorization in the context of the system.", 392 useName = "title", 393 minOccurs = 1 394 ) 395 @BoundFieldValue( 396 typeAdapter = MarkupLineAdapter.class 397 ) 398 private MarkupLine _title; 399 400 @BoundAssembly( 401 formalName = "Property", 402 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 403 useName = "prop", 404 maxOccurs = -1 405 ) 406 @GroupAs( 407 name = "props", 408 inJson = JsonGroupAsBehavior.LIST 409 ) 410 private List<Property> _props; 411 412 @BoundAssembly( 413 formalName = "Link", 414 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 415 useName = "link", 416 maxOccurs = -1 417 ) 418 @GroupAs( 419 name = "links", 420 inJson = JsonGroupAsBehavior.LIST 421 ) 422 private List<Link> _links; 423 424 /** 425 * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a> identifier reference to the <code>party</code> that manages the leveraged system." 426 */ 427 @BoundField( 428 formalName = "party-uuid field", 429 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented) identifier reference to the `party` that manages the leveraged system.", 430 useName = "party-uuid", 431 minOccurs = 1 432 ) 433 @BoundFieldValue( 434 typeAdapter = UuidAdapter.class 435 ) 436 private UUID _partyUuid; 437 438 @BoundField( 439 formalName = "System Authorization Date", 440 description = "The date the system received its authorization.", 441 useName = "date-authorized", 442 minOccurs = 1 443 ) 444 @BoundFieldValue( 445 typeAdapter = DateAdapter.class 446 ) 447 private Date _dateAuthorized; 448 449 @BoundField( 450 formalName = "Remarks", 451 description = "Additional commentary about the containing object.", 452 useName = "remarks" 453 ) 454 @BoundFieldValue( 455 typeAdapter = MarkupMultilineAdapter.class 456 ) 457 private MarkupMultiline _remarks; 458 459 public LeveragedAuthorization() { 460 } 461 462 public UUID getUuid() { 463 return _uuid; 464 } 465 466 public void setUuid(UUID value) { 467 _uuid = value; 468 } 469 470 public MarkupLine getTitle() { 471 return _title; 472 } 473 474 public void setTitle(MarkupLine value) { 475 _title = value; 476 } 477 478 public List<Property> getProps() { 479 return _props; 480 } 481 482 public void setProps(List<Property> value) { 483 _props = value; 484 } 485 486 /** 487 * Add a new {@link Property} item to the underlying collection. 488 * @param item the item to add 489 * @return {@code true} 490 */ 491 public boolean addProp(Property item) { 492 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 493 if (_props == null) { 494 _props = new LinkedList<>(); 495 } 496 return _props.add(value); 497 } 498 499 /** 500 * Remove the first matching {@link Property} item from the underlying collection. 501 * @param item the item to remove 502 * @return {@code true} if the item was removed or {@code false} otherwise 503 */ 504 public boolean removeProp(Property item) { 505 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 506 return _props == null ? false : _props.remove(value); 507 } 508 509 public List<Link> getLinks() { 510 return _links; 511 } 512 513 public void setLinks(List<Link> value) { 514 _links = value; 515 } 516 517 /** 518 * Add a new {@link Link} item to the underlying collection. 519 * @param item the item to add 520 * @return {@code true} 521 */ 522 public boolean addLink(Link item) { 523 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 524 if (_links == null) { 525 _links = new LinkedList<>(); 526 } 527 return _links.add(value); 528 } 529 530 /** 531 * Remove the first matching {@link Link} item from the underlying collection. 532 * @param item the item to remove 533 * @return {@code true} if the item was removed or {@code false} otherwise 534 */ 535 public boolean removeLink(Link item) { 536 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 537 return _links == null ? false : _links.remove(value); 538 } 539 540 public UUID getPartyUuid() { 541 return _partyUuid; 542 } 543 544 public void setPartyUuid(UUID value) { 545 _partyUuid = value; 546 } 547 548 public Date getDateAuthorized() { 549 return _dateAuthorized; 550 } 551 552 public void setDateAuthorized(Date value) { 553 _dateAuthorized = value; 554 } 555 556 public MarkupMultiline getRemarks() { 557 return _remarks; 558 } 559 560 public void setRemarks(MarkupMultiline value) { 561 _remarks = value; 562 } 563 564 @Override 565 public String toString() { 566 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 567 } 568 } 569}