View Javadoc
1   /*
2    * Portions of this software was developed by employees of the National Institute
3    * of Standards and Technology (NIST), an agency of the Federal Government and is
4    * being made available as a public service. Pursuant to title 17 United States
5    * Code Section 105, works of NIST employees are not subject to copyright
6    * protection in the United States. This software may be subject to foreign
7    * copyright. Permission in the United States and in foreign countries, to the
8    * extent that NIST may hold copyright, to use, copy, modify, create derivative
9    * works, and distribute this software and its documentation without fee is hereby
10   * granted on a non-exclusive basis, provided that this notice and disclaimer
11   * of warranty appears in all copies.
12   *
13   * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
14   * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
15   * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
16   * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
17   * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
18   * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
19   * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
20   * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
21   * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
22   * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
23   * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
24   * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
25   */
26  
27  package gov.nist.secauto.oscal.lib;
28  
29  import com.fasterxml.jackson.databind.util.ByteBufferBackedInputStream;
30  
31  import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
32  import gov.nist.secauto.oscal.lib.model.BackMatter.Resource;
33  import gov.nist.secauto.oscal.lib.model.BackMatter.Resource.Base64;
34  import gov.nist.secauto.oscal.lib.model.BackMatter.Resource.Rlink;
35  
36  import org.xml.sax.EntityResolver;
37  import org.xml.sax.InputSource;
38  import org.xml.sax.SAXException;
39  
40  import java.io.IOException;
41  import java.net.URI;
42  import java.nio.ByteBuffer;
43  import java.util.List;
44  import java.util.UUID;
45  import java.util.regex.Matcher;
46  import java.util.regex.Pattern;
47  
48  import edu.umd.cs.findbugs.annotations.NonNull;
49  import edu.umd.cs.findbugs.annotations.Nullable;
50  
51  public final class OscalUtils {
52    public static final String OSCAL_VERSION = "1.0.4";
53    private static final Pattern INTERNAL_REFERENCE_FRAGMENT_PATTERN = Pattern.compile("^#(.+)$");
54  
55    private OscalUtils() {
56      // disable construction
57    }
58  
59    @SuppressWarnings("PMD.OnlyOneReturn") // readability
60    public static boolean isInternalReference(@NonNull URI uri) {
61      if (uri.isAbsolute()) {
62        return false;
63      }
64  
65      String schemeSpecificPart = uri.getSchemeSpecificPart();
66      return uri.getScheme() == null && (schemeSpecificPart == null || schemeSpecificPart.isEmpty())
67          && uri.getFragment() != null;
68    }
69  
70    /**
71     * Get the id based on a URI's fragment.
72     *
73     * @param fragment
74     *          the URI to extract the identifier from
75     * @return the identifier
76     * @throws IllegalArgumentException
77     *           if the fragment does not contain an identifier
78     */
79    @NonNull
80    public static String internalReferenceFragmentToId(@NonNull URI fragment) {
81      return internalReferenceFragmentToId(ObjectUtils.notNull(fragment.toString()));
82    }
83  
84    /**
85     * Get the id based on a URI's fragment.
86     *
87     * @param fragment
88     *          the URI to extract the identifier from
89     * @return the identifier
90     * @throws IllegalArgumentException
91     *           if the fragment does not contain an identifier
92     */
93    @NonNull
94    public static String internalReferenceFragmentToId(@NonNull String fragment) {
95      Matcher matcher = INTERNAL_REFERENCE_FRAGMENT_PATTERN.matcher(fragment);
96      String retval;
97      if (matcher.matches()) {
98        retval = ObjectUtils.notNull(matcher.group(1));
99      } else {
100       throw new IllegalArgumentException(String.format("The fragment '%s' does not match the pattern '%s'", fragment,
101           INTERNAL_REFERENCE_FRAGMENT_PATTERN.pattern()));
102     }
103     return retval;
104   }
105 
106   public static boolean hasBase64Data(@NonNull Resource resource) {
107     return resource.getBase64() != null;
108   }
109 
110   @Nullable
111   public static ByteBuffer getBase64Data(@NonNull Resource resource) {
112     Base64 base64 = resource.getBase64();
113 
114     ByteBuffer retval = null;
115     if (base64 != null) {
116       retval = base64.getValue();
117     }
118     return retval;
119   }
120 
121   @Nullable
122   public static URI getResourceURI(@NonNull Resource resource, @Nullable String preferredMediaType) {
123     URI retval;
124     if (hasBase64Data(resource)) {
125       UUID uuid = resource.getUuid();
126       if (uuid == null) {
127         throw new IllegalArgumentException("resource has a null UUID");
128       }
129       retval = ObjectUtils.notNull(URI.create("#" + uuid));
130     } else {
131       Rlink rlink = findMatchingRLink(resource, preferredMediaType);
132       retval = rlink == null ? null : rlink.getHref();
133     }
134     return retval;
135   }
136 
137   @Nullable
138   public static Rlink findMatchingRLink(@NonNull Resource resource, @Nullable String preferredMediaType) {
139     // find a suitable rlink reference
140     List<Rlink> rlinks = resource.getRlinks();
141 
142     Rlink retval = null;
143     if (rlinks != null) {
144       // check if there is a matching rlink for the mime type
145       if (preferredMediaType != null) {
146         // find preferred mime type first
147         retval = rlinks.stream().filter(rlink -> preferredMediaType.equals(rlink.getMediaType())).findFirst()
148             .orElse(null);
149       } else {
150         // use the first one instead
151         retval = rlinks.stream().findFirst().orElse(null);
152       }
153     }
154     return retval;
155   }
156 
157   @Nullable
158   public static InputSource newInputSource(@NonNull Resource resource, @NonNull EntityResolver resolver,
159       @Nullable String preferredMediaType) throws IOException {
160     URI uri = getResourceURI(resource, preferredMediaType);
161     if (uri == null) {
162       throw new IOException(String.format("unable to determine URI for resource '%s'", resource.getUuid()));
163     }
164 
165     InputSource retval;
166     try {
167       retval = resolver.resolveEntity(null, uri.toASCIIString());
168     } catch (SAXException ex) {
169       throw new IOException(ex);
170     }
171 
172     if (hasBase64Data(resource)) {
173       // handle base64 encoded data
174       ByteBuffer buffer = getBase64Data(resource);
175       if (buffer == null) {
176         throw new IOException(String.format("null base64 value for resource '%s'", resource.getUuid()));
177       }
178       retval.setByteStream(new ByteBufferBackedInputStream(buffer));
179     }
180     return retval;
181   }
182 }