1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
9 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
10 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
11 import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
12 import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
13 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
14 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
15 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
16 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
17 import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
18 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
19 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
20 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
21 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
22 import java.lang.Override;
23 import java.lang.String;
24 import java.util.LinkedList;
25 import java.util.List;
26 import java.util.UUID;
27 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
28 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
29
30
31
32
33 @MetaschemaAssembly(
34 formalName = "Specific Control Statement",
35 description = "Identifies which statements within a control are addressed.",
36 name = "statement",
37 metaschema = OscalSspMetaschema.class
38 )
39 @ValueConstraints(
40 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")})
41 )
42 @AssemblyConstraints(
43 isUnique = {
44 @IsUnique(id = "unique-ssp-statement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."),
45 @IsUnique(id = "unique-ssp-implemented-requirement-statement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.")
46 }
47 )
48 public class Statement {
49 @BoundFlag(
50 formalName = "Control Statement Reference",
51 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a `control statement`.",
52 useName = "statement-id",
53 required = true,
54 typeAdapter = TokenAdapter.class,
55 remarks = "A reference to the specific implemented statement associated with a control."
56 )
57 private String _statementId;
58
59 @BoundFlag(
60 formalName = "Control Statement Reference Universally Unique Identifier",
61 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control statement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The *UUID* of the `control statement` in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).",
62 useName = "uuid",
63 required = true,
64 typeAdapter = UuidAdapter.class
65 )
66 private UUID _uuid;
67
68 @BoundAssembly(
69 formalName = "Property",
70 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
71 useName = "prop",
72 maxOccurs = -1
73 )
74 @GroupAs(
75 name = "props",
76 inJson = JsonGroupAsBehavior.LIST
77 )
78 private List<Property> _props;
79
80 @BoundAssembly(
81 formalName = "Link",
82 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
83 useName = "link",
84 maxOccurs = -1
85 )
86 @GroupAs(
87 name = "links",
88 inJson = JsonGroupAsBehavior.LIST
89 )
90 private List<Link> _links;
91
92 @BoundAssembly(
93 formalName = "Responsible Role",
94 description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.",
95 useName = "responsible-role",
96 maxOccurs = -1
97 )
98 @GroupAs(
99 name = "responsible-roles",
100 inJson = JsonGroupAsBehavior.LIST
101 )
102 private List<ResponsibleRole> _responsibleRoles;
103
104 @BoundAssembly(
105 formalName = "Component Control Implementation",
106 description = "Defines how the referenced component implements a set of controls.",
107 useName = "by-component",
108 maxOccurs = -1
109 )
110 @GroupAs(
111 name = "by-components",
112 inJson = JsonGroupAsBehavior.LIST
113 )
114 private List<ByComponent> _byComponents;
115
116 @BoundField(
117 formalName = "Remarks",
118 description = "Additional commentary about the containing object.",
119 useName = "remarks"
120 )
121 @BoundFieldValue(
122 typeAdapter = MarkupMultilineAdapter.class
123 )
124 private MarkupMultiline _remarks;
125
126 public Statement() {
127 }
128
129 public String getStatementId() {
130 return _statementId;
131 }
132
133 public void setStatementId(String value) {
134 _statementId = value;
135 }
136
137 public UUID getUuid() {
138 return _uuid;
139 }
140
141 public void setUuid(UUID value) {
142 _uuid = value;
143 }
144
145 public List<Property> getProps() {
146 return _props;
147 }
148
149 public void setProps(List<Property> value) {
150 _props = value;
151 }
152
153
154
155
156
157
158 public boolean addProp(Property item) {
159 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
160 if (_props == null) {
161 _props = new LinkedList<>();
162 }
163 return _props.add(value);
164 }
165
166
167
168
169
170
171 public boolean removeProp(Property item) {
172 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
173 return _props == null ? false : _props.remove(value);
174 }
175
176 public List<Link> getLinks() {
177 return _links;
178 }
179
180 public void setLinks(List<Link> value) {
181 _links = value;
182 }
183
184
185
186
187
188
189 public boolean addLink(Link item) {
190 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
191 if (_links == null) {
192 _links = new LinkedList<>();
193 }
194 return _links.add(value);
195 }
196
197
198
199
200
201
202 public boolean removeLink(Link item) {
203 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
204 return _links == null ? false : _links.remove(value);
205 }
206
207 public List<ResponsibleRole> getResponsibleRoles() {
208 return _responsibleRoles;
209 }
210
211 public void setResponsibleRoles(List<ResponsibleRole> value) {
212 _responsibleRoles = value;
213 }
214
215
216
217
218
219
220 public boolean addResponsibleRole(ResponsibleRole item) {
221 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
222 if (_responsibleRoles == null) {
223 _responsibleRoles = new LinkedList<>();
224 }
225 return _responsibleRoles.add(value);
226 }
227
228
229
230
231
232
233 public boolean removeResponsibleRole(ResponsibleRole item) {
234 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
235 return _responsibleRoles == null ? false : _responsibleRoles.remove(value);
236 }
237
238 public List<ByComponent> getByComponents() {
239 return _byComponents;
240 }
241
242 public void setByComponents(List<ByComponent> value) {
243 _byComponents = value;
244 }
245
246
247
248
249
250
251 public boolean addByComponent(ByComponent item) {
252 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
253 if (_byComponents == null) {
254 _byComponents = new LinkedList<>();
255 }
256 return _byComponents.add(value);
257 }
258
259
260
261
262
263
264 public boolean removeByComponent(ByComponent item) {
265 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
266 return _byComponents == null ? false : _byComponents.remove(value);
267 }
268
269 public MarkupMultiline getRemarks() {
270 return _remarks;
271 }
272
273 public void setRemarks(MarkupMultiline value) {
274 _remarks = value;
275 }
276
277 @Override
278 public String toString() {
279 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
280 }
281 }