SWIDTagCharacteristics.java
/**
* Portions of this software was developed by employees of the National Institute
* of Standards and Technology (NIST), an agency of the Federal Government and is
* being made available as a public service. Pursuant to title 17 United States
* Code Section 105, works of NIST employees are not subject to copyright
* protection in the United States. This software may be subject to foreign
* copyright. Permission in the United States and in foreign countries, to the
* extent that NIST may hold copyright, to use, copy, modify, create derivative
* works, and distribute this software and its documentation without fee is hereby
* granted on a non-exclusive basis, provided that this notice and disclaimer
* of warranty appears in all copies.
*
* THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
* EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
* THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
* INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
* SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
* SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
* INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
* OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
* CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
* PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
* OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
*/
package gov.nist.secauto.swid.swidval;
import gov.nist.secauto.decima.xml.document.XMLDocument;
import gov.nist.secauto.decima.xml.document.XPathEvaluator;
import gov.nist.secauto.decima.xml.document.XPathNamespaceContext;
import java.util.Objects;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactoryConfigurationException;
public class SWIDTagCharacteristics {
/**
* Detects the SWID tag characteristics for the provided file.
*
* @param doc
* the file to generate characteristics for
* @return the detected SWID tag characteristics
* @throws XPathExpressionException
* if an error occurred while evaluating the XPath expressions used to determine the
* characteristics
* @throws XPathFactoryConfigurationException
* if an error occurred while establishing the XPath evaluation environment
*/
public static SWIDTagCharacteristics getSWIDTagCharacteristics(XMLDocument doc)
throws XPathExpressionException, XPathFactoryConfigurationException {
XPathEvaluator eval = doc.newXPathEvaluator();
XPathNamespaceContext nsContext = new XPathNamespaceContext();
nsContext.addNamespace("swid", "http://standards.iso.org/iso/19770/-2/2015/schema.xsd");
eval.setNamespaceContext(nsContext);
boolean authoritative = eval.test("//swid:Entity[contains(@role,'tagCreator') and "
+ "(contains(@role,'aggregator') or contains(@role,'distributor') or contains(@role,'licensor') or "
+ "contains(@role,'softwareCreator'))]");
String tagTypeValue = eval.evaluateSingle(
"if (/swid:SoftwareIdentity[@patch='true']) then 'patch' "
+ "else (if (/swid:SoftwareIdentity[@supplemental='true']) then 'supplemental' "
+ "else (if (/swid:SoftwareIdentity[@corpus='true']) then 'corpus' else 'primary'))",
XPathConstants.STRING, null);
TagType tagType = TagType.lookup(tagTypeValue);
return new SWIDTagCharacteristics(tagType, authoritative);
}
private final TagType tagType;
private final boolean authoritative;
/**
* Construct a new SWID tag characteristics using the provided characteristics.
*
* @param tagType
* the type of the tag
* @param authoritative
* <code>true</code> if the tag is authoritative, or <code>false</code> otherwise
*/
public SWIDTagCharacteristics(TagType tagType, boolean authoritative) {
Objects.requireNonNull(tagType, "tagType");
this.tagType = tagType;
this.authoritative = authoritative;
}
/**
* Retrieve the tag type.
*
* @return the tagType
*/
public TagType getTagType() {
return tagType;
}
/**
* Determine if the tag is authoritative or not.
*
* @return <code>true</code> if the tag is authoritative, or <code>false</code> otherwise
*/
public boolean isAuthoritative() {
return authoritative;
}
}