SystemInformation.java
package gov.nist.secauto.oscal.lib.model;
import gov.nist.secauto.metaschema.core.datatype.adapter.UriAdapter;
import gov.nist.secauto.metaschema.core.datatype.adapter.UriReferenceAdapter;
import gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter;
import gov.nist.secauto.metaschema.core.datatype.markup.MarkupLine;
import gov.nist.secauto.metaschema.core.datatype.markup.MarkupLineAdapter;
import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultiline;
import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultilineAdapter;
import gov.nist.secauto.metaschema.core.model.IBoundObject;
import gov.nist.secauto.metaschema.core.model.IMetaschemaData;
import gov.nist.secauto.metaschema.core.model.JsonGroupAsBehavior;
import gov.nist.secauto.metaschema.core.model.constraint.IConstraint;
import gov.nist.secauto.metaschema.core.util.ObjectUtils;
import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValue;
import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValues;
import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly;
import gov.nist.secauto.metaschema.databind.model.annotations.BoundField;
import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag;
import gov.nist.secauto.metaschema.databind.model.annotations.Expect;
import gov.nist.secauto.metaschema.databind.model.annotations.GroupAs;
import gov.nist.secauto.metaschema.databind.model.annotations.IndexHasKey;
import gov.nist.secauto.metaschema.databind.model.annotations.KeyField;
import gov.nist.secauto.metaschema.databind.model.annotations.Matches;
import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly;
import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints;
import java.lang.Override;
import java.lang.String;
import java.net.URI;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
/**
* Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60</a>.
*/
@MetaschemaAssembly(
formalName = "System Information",
description = "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
name = "system-information",
moduleClass = OscalSspModule.class,
valueConstraints = @ValueConstraints(allowedValues = {@AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "privacy-designation", description = "Is this a privacy sensitive system? yes or no")), @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privacy-designation']/@value", values = {@AllowedValue(value = "yes", description = "The system is privacy sensitive."), @AllowedValue(value = "no", description = "The system is not privacy sensitive.")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "link/@rel", allowOthers = true, values = @AllowedValue(value = "privacy-impact-assessment", description = "A link to the privacy impact assessment.")), @AllowedValues(level = IConstraint.Level.ERROR, target = "information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)", allowOthers = true, values = {@AllowedValue(value = "fips-199-low", description = "A 'low' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-moderate", description = "A 'moderate' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-high", description = "A 'high' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199).")}, remarks = "FIPS-199 taxonomy is provided here as a starting point. We will provide other taxonomies based on community requests.")}, indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment' and starts-with(@href,'#')]", indexName = "index-back-matter-resource", keyFields = @KeyField(target = "@href", pattern = "#(.*)")), matches = {@Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[starts-with(.,'#')]", typeAdapter = UriReferenceAdapter.class), @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[not(starts-with(.,'#'))]", typeAdapter = UriAdapter.class)})
)
public class SystemInformation implements IBoundObject {
private final IMetaschemaData __metaschemaData;
@BoundAssembly(
formalName = "Property",
description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
useName = "prop",
maxOccurs = -1,
groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
)
private List<Property> _props;
@BoundAssembly(
formalName = "Link",
description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
useName = "link",
maxOccurs = -1,
groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
)
private List<Link> _links;
@BoundAssembly(
formalName = "Information Type",
description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
useName = "information-type",
minOccurs = 1,
maxOccurs = -1,
groupAs = @GroupAs(name = "information-types", inJson = JsonGroupAsBehavior.LIST)
)
private List<InformationType> _informationTypes;
public SystemInformation() {
this(null);
}
public SystemInformation(IMetaschemaData data) {
this.__metaschemaData = data;
}
@Override
public IMetaschemaData getMetaschemaData() {
return __metaschemaData;
}
public List<Property> getProps() {
return _props;
}
public void setProps(List<Property> value) {
_props = value;
}
/**
* Add a new {@link Property} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addProp(Property item) {
Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_props == null) {
_props = new LinkedList<>();
}
return _props.add(value);
}
/**
* Remove the first matching {@link Property} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeProp(Property item) {
Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _props != null && _props.remove(value);
}
public List<Link> getLinks() {
return _links;
}
public void setLinks(List<Link> value) {
_links = value;
}
/**
* Add a new {@link Link} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addLink(Link item) {
Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_links == null) {
_links = new LinkedList<>();
}
return _links.add(value);
}
/**
* Remove the first matching {@link Link} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeLink(Link item) {
Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _links != null && _links.remove(value);
}
public List<InformationType> getInformationTypes() {
return _informationTypes;
}
public void setInformationTypes(List<InformationType> value) {
_informationTypes = value;
}
/**
* Add a new {@link InformationType} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addInformationType(InformationType item) {
InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_informationTypes == null) {
_informationTypes = new LinkedList<>();
}
return _informationTypes.add(value);
}
/**
* Remove the first matching {@link InformationType} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeInformationType(InformationType item) {
InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _informationTypes != null && _informationTypes.remove(value);
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
}
/**
* Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60</a>.
*/
@MetaschemaAssembly(
formalName = "Information Type",
description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
name = "information-type",
moduleClass = OscalSspModule.class,
valueConstraints = @ValueConstraints(expect = @Expect(level = IConstraint.Level.WARNING, test = "@uuid", message = "It is a best practice to provide a UUID."))
)
public static class InformationType implements IBoundObject {
private final IMetaschemaData __metaschemaData;
/**
* "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this information type elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>information type</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document."
*/
@BoundFlag(
formalName = "Information Type Universally Unique Identifier",
description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this information type elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `information type` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
name = "uuid",
typeAdapter = UuidAdapter.class
)
private UUID _uuid;
@BoundField(
formalName = "title field",
description = "A human readable name for the information type. This title should be meaningful within the context of the system.",
useName = "title",
minOccurs = 1,
typeAdapter = MarkupLineAdapter.class
)
private MarkupLine _title;
@BoundField(
formalName = "Information Type Description",
description = "A summary of how this information type is used within the system.",
useName = "description",
minOccurs = 1,
typeAdapter = MarkupMultilineAdapter.class
)
private MarkupMultiline _description;
@BoundAssembly(
formalName = "Information Type Categorization",
description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.",
useName = "categorization",
maxOccurs = -1,
groupAs = @GroupAs(name = "categorizations", inJson = JsonGroupAsBehavior.LIST)
)
private List<Categorization> _categorizations;
@BoundAssembly(
formalName = "Property",
description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
useName = "prop",
maxOccurs = -1,
groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
)
private List<Property> _props;
@BoundAssembly(
formalName = "Link",
description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
useName = "link",
maxOccurs = -1,
groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
)
private List<Link> _links;
@BoundAssembly(
formalName = "Confidentiality Impact Level",
description = "The expected level of impact resulting from the unauthorized disclosure of the described information.",
useName = "confidentiality-impact"
)
private Impact _confidentialityImpact;
@BoundAssembly(
formalName = "Integrity Impact Level",
description = "The expected level of impact resulting from the unauthorized modification of the described information.",
useName = "integrity-impact"
)
private Impact _integrityImpact;
@BoundAssembly(
formalName = "Availability Impact Level",
description = "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.",
useName = "availability-impact"
)
private Impact _availabilityImpact;
public InformationType() {
this(null);
}
public InformationType(IMetaschemaData data) {
this.__metaschemaData = data;
}
@Override
public IMetaschemaData getMetaschemaData() {
return __metaschemaData;
}
public UUID getUuid() {
return _uuid;
}
public void setUuid(UUID value) {
_uuid = value;
}
public MarkupLine getTitle() {
return _title;
}
public void setTitle(MarkupLine value) {
_title = value;
}
public MarkupMultiline getDescription() {
return _description;
}
public void setDescription(MarkupMultiline value) {
_description = value;
}
public List<Categorization> getCategorizations() {
return _categorizations;
}
public void setCategorizations(List<Categorization> value) {
_categorizations = value;
}
/**
* Add a new {@link Categorization} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addCategorization(Categorization item) {
Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_categorizations == null) {
_categorizations = new LinkedList<>();
}
return _categorizations.add(value);
}
/**
* Remove the first matching {@link Categorization} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeCategorization(Categorization item) {
Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _categorizations != null && _categorizations.remove(value);
}
public List<Property> getProps() {
return _props;
}
public void setProps(List<Property> value) {
_props = value;
}
/**
* Add a new {@link Property} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addProp(Property item) {
Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_props == null) {
_props = new LinkedList<>();
}
return _props.add(value);
}
/**
* Remove the first matching {@link Property} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeProp(Property item) {
Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _props != null && _props.remove(value);
}
public List<Link> getLinks() {
return _links;
}
public void setLinks(List<Link> value) {
_links = value;
}
/**
* Add a new {@link Link} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addLink(Link item) {
Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_links == null) {
_links = new LinkedList<>();
}
return _links.add(value);
}
/**
* Remove the first matching {@link Link} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeLink(Link item) {
Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _links != null && _links.remove(value);
}
public Impact getConfidentialityImpact() {
return _confidentialityImpact;
}
public void setConfidentialityImpact(Impact value) {
_confidentialityImpact = value;
}
public Impact getIntegrityImpact() {
return _integrityImpact;
}
public void setIntegrityImpact(Impact value) {
_integrityImpact = value;
}
public Impact getAvailabilityImpact() {
return _availabilityImpact;
}
public void setAvailabilityImpact(Impact value) {
_availabilityImpact = value;
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
}
/**
* A set of information type identifiers qualified by the given identification <code>system</code> used, such as NIST SP 800-60.
*/
@MetaschemaAssembly(
formalName = "Information Type Categorization",
description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.",
name = "categorization",
moduleClass = OscalSspModule.class
)
public static class Categorization implements IBoundObject {
private final IMetaschemaData __metaschemaData;
/**
* "Specifies the information type identification system used."
*/
@BoundFlag(
formalName = "Information Type Identification System",
description = "Specifies the information type identification system used.",
name = "system",
required = true,
typeAdapter = UriAdapter.class,
remarks = "This value must be an [absolute URI](https://pages.nist.gov/OSCAL/concepts/uri-use/#absolute-uri) that serves as a [naming system identifier](https://pages.nist.gov/OSCAL/concepts/uri-use/#use-as-a-naming-system-identifier).",
valueConstraints = @ValueConstraints(allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = @AllowedValue(value = "http://doi.org/10.6028/NIST.SP.800-60v2r1", description = "Based on the section identifiers in NIST [Special Publication 800-60 Volume II Revision 1](https://doi.org/10.6028/NIST.SP.800-60v2r1).")))
)
private URI _system;
@BoundField(
formalName = "Information Type Systematized Identifier",
description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier qualified by the given identification `system` used, such as NIST SP 800-60. This identifier has [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope and can be used to reference this system elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). This id should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
useName = "information-type-id",
maxOccurs = -1,
groupAs = @GroupAs(name = "information-type-ids", inJson = JsonGroupAsBehavior.LIST)
)
private List<String> _informationTypeIds;
public Categorization() {
this(null);
}
public Categorization(IMetaschemaData data) {
this.__metaschemaData = data;
}
@Override
public IMetaschemaData getMetaschemaData() {
return __metaschemaData;
}
public URI getSystem() {
return _system;
}
public void setSystem(URI value) {
_system = value;
}
public List<String> getInformationTypeIds() {
return _informationTypeIds;
}
public void setInformationTypeIds(List<String> value) {
_informationTypeIds = value;
}
/**
* Add a new {@link String} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addInformationTypeId(String item) {
String value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_informationTypeIds == null) {
_informationTypeIds = new LinkedList<>();
}
return _informationTypeIds.add(value);
}
/**
* Remove the first matching {@link String} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeInformationTypeId(String item) {
String value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _informationTypeIds != null && _informationTypeIds.remove(value);
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
}
}
}
}