diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 00000000..5e31c1d5
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,83 @@
+version: 2.1
+
+executors:
+ maven-executor:
+ docker:
+ - image: circleci/openjdk:8u171-jdk
+jobs:
+ build-and-test:
+ executor: maven-executor
+ steps:
+ - checkout
+ - restore_cache:
+ key: maven-m2-{{ checksum "pom.xml" }}
+ - configure-gpg
+ - run:
+ command: mvn -Prelease verify
+ - persist_to_workspace:
+ root: .
+ paths:
+ - .
+ - store_artifacts:
+ path: oss-build-support/target
+ destination: artifacts/oss-build-support
+ - store_artifacts:
+ path: oss-parent/target
+ destination: artifacts/oss-parent
+ - store_artifacts:
+ path: reflow-maven-skin/target
+ destination: artifacts/reflow-maven-skin
+ deploy-release:
+ executor: maven-executor
+ steps:
+ - deploy
+
+commands:
+ configure-gpg:
+ steps:
+ - run:
+ name: Configure GPG private key for signing project artifacts in OSS Sonatype
+ command: |
+ echo $SECRING_GPG_ASC_BASE64 | base64 --decode | gpg --batch --no-tty --import --yes
+ deploy:
+ steps:
+ - attach_workspace:
+ at: .
+ - restore_cache:
+ key: maven-m2-{{ checksum "pom.xml" }}
+ - configure-gpg
+ - run:
+ name: Release new version to Maven Central
+ command: |
+ mvn -s .circleci/maven-release-settings.xml -Prelease deploy
+ mvn -s .circleci/maven-release-settings.xml -Prelease nexus-staging:close -DstagingDescription="closing to release"
+ - save_cache:
+ paths:
+ - ~/.m2
+ key: maven-m2-{{ checksum "pom.xml" }}
+workflows:
+ releases:
+ jobs:
+ - build-and-test:
+ filters:
+ branches:
+ ignore: /.*/
+ # only act on version tags
+ tags:
+ only: /v[0-9]+(\.[0-9]+)*.*/
+ - deploy-release:
+ requires:
+ - build-and-test
+ filters:
+ branches:
+ ignore: /.*/
+ # only act on version tags
+ tags:
+ only: /v[0-9]+(\.[0-9]+)*.*/
+ tests:
+ jobs:
+ - build-and-test:
+ filters:
+ branches:
+ ignore: nist-pages
+
\ No newline at end of file
diff --git a/.circleci/maven-release-settings.xml b/.circleci/maven-release-settings.xml
new file mode 100644
index 00000000..cac87311
--- /dev/null
+++ b/.circleci/maven-release-settings.xml
@@ -0,0 +1,25 @@
+
+
+
+
+ ossrh
+ ${env.SONATYPE_USERNAME}
+ ${env.SONATYPE_PASSWORD}
+
+
+
+
+ gpg
+
+ gpg
+ ${env.GPG_PASSPHRASE}
+
+
+
+
+ gpg
+
+
diff --git a/.github/CONTENTS.md b/.github/CONTENTS.md
new file mode 100644
index 00000000..b93f276b
--- /dev/null
+++ b/.github/CONTENTS.md
@@ -0,0 +1,7 @@
+# GitHub Supporting Files
+
+This directory contains supporting files for the project's GitHub repository. The structure and contents of the directory are as follows:
+
+* [ISSUE_TEMPLATE](ISSUE_TEMPLATE): This directory contains several templates for creating new issues in GitHub.
+* [issue_template.md](issue_template.md): This file contains a template for creating a new issue in GitHub containing a user story.
+* [PULL_REQUEST_TEMPLATE.md](issue_template.md): This file contains a template to be filled out for each GitHub pull request by the person submitting it.
diff --git a/.github/ISSUE_TEMPLATE/README.md b/.github/ISSUE_TEMPLATE/README.md
new file mode 100644
index 00000000..91ffa7c3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/README.md
@@ -0,0 +1,7 @@
+# OSCAL GitHub Issue Template Files
+
+This directory contains templates for creating new project issues in GitHub. The structure and contents of the directory are as follows:
+
+* [bug_report.md](bug_report.md): This file contains a template for creating a new issue in GitHub to report a bug.
+* [question.md](question.md): This file contains a template for creating a new issue in GitHub containing a general question about the project.
+* [feature_request.md](feature_request.md): This file contains a template for creating a new issue in GitHub containing a user story.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 00000000..0bceb328
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,39 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+# Describe the bug
+
+{A clear and concise description of what the bug is.}
+
+# Who is the bug affecting?
+
+# What is affected by this bug?
+
+{Describe the impact the bug is having.}
+
+# When does this occur?
+
+{Describe the conditions under which the bug is occurring.}
+
+# How do we replicate the issue?
+
+{What are the steps to reproduce the behavior?
+1. Do this...
+1. Then this...
+1. See error
+
+If applicable, add screenshots to help explain your problem.}
+
+# Expected behavior (i.e. solution)
+
+{A clear and concise description of what you expected to happen.}
+
+# Other Comments
+
+{Add any other context about the problem here.}
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 00000000..1b64ee87
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: User Story, enhancement
+assignees: ''
+
+---
+
+# User Story:
+
+As a project {stakeholder}, I {provide a clear and concise description of what the problem is. Ex. I need to be able to do}
+
+## Goals:
+
+{A clear and concise description of what you want to happen. This should be outcome focused. Include concise description of any alternative solutions or features you've considered. Feel free to include screenshots or examples about the feature request here.}
+
+## Dependencies:
+
+{Describe any previous issues or related work that must be completed to start or complete this issue.}
+
+## Acceptance Criteria
+
+- [ ] All website and readme documentation affected by the changes in this issue have been updated.
+- [ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
+- [ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
new file mode 100644
index 00000000..61f1f046
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -0,0 +1,10 @@
+---
+name: Question
+about: Ask your question
+title: ''
+labels: question
+assignees: ''
+
+---
+
+{Please enter your question.}
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 00000000..1ba4a183
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,17 @@
+# Committer Notes
+
+{Please provide a brief description of what this PR accomplishes. Be sure to reference any issues addressed. If the PR is a work-in-progress submitted for early review, please include [WIP] at the beginning of the title or mark the PR as `DRAFT`.}
+
+### All Submissions:
+
+- [ ] Have you followed the guidelines in our [Contributing](https://github.com/usnistgov/oss-maven/blob/master/CONTRIBUTING.md) document?
+- [ ] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/usnistgov/oss-maven/pulls) for the same update/change?
+- [ ] Have you squashed any non-relevant commits and commit messages? \[[instructions](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History)\]
+- [ ] Do all automated CI/CD checks pass?
+
+### Changes to Core Features:
+
+- [ ] Have you added an explanation of what your changes do and why you'd like us to include them?
+- [ ] Have you written new tests for your core changes, as applicable?
+- [ ] Have you included examples of how to use your new feature(s)?
+- [ ] Have you updated all website and readme documentation affected by the changes you made?
diff --git a/.github/issue_template.md b/.github/issue_template.md
new file mode 100644
index 00000000..c616e0a7
--- /dev/null
+++ b/.github/issue_template.md
@@ -0,0 +1 @@
+{Please describe the nature of your issue}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..3fccdc00
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+.classpath
+.project
+.settings
+.checkstyle
+.factorypath
+.pmd
+.pmdruleset.xml
+/target/
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 00000000..0e000e81
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at oscal@nist.gov. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 00000000..50ec4a90
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,94 @@
+# Contributing to the Metaschema Project
+
+This page is for potential contributors to this project. It provides basic information on the project, describes the main ways people can make contributions, explains how to report issues relating to the project and projecta rtifacts, and lists pointers to additional sources of information.
+
+## Project approach
+
+This project uses an agile approach for development, where we focus on implementing the 20% of the functionality that solves 80% of the problem. We’re trying to focus on the core capabilities that are needed to provide the greatest amount of benefit. Because we’re working on a small set of capabilities, this allows us to make very fast progress. We’re building the features that we believe solve the biggest problems to provide the most value. We provide extension points that allow uncovered cases to be supported by others.
+
+We track our current work items using GitHub [project cards](../../projects). Our active project is typically the lowest numbered open project within the previously referenced page.
+
+## Making Contributions
+
+Contributions are welcome to this project repository.
+
+For more information on the project's current needs and priorities, see the project's GitHub issue tracker (discussed below). Please refer to the [guide on how to contribute to open source](https://opensource.guide/how-to-contribute/) for general information on contributing to an open source project.
+
+## Issue reporting and handling
+
+All requests for changes and enhancements to the repository are initiated through the project's [GitHub issue tracker](../../issues). To initiate a request, please [create a new issue](https://help.github.com/articles/creating-an-issue/). The following issue templates exist for creating a new issue:
+* [User Story](../../issues/new?template=feature_request.md&labels=enhancement%2C+User+Story): Use to describe a new feature or capability to be added to the project.
+* [Defect Report](../../issues/new?template=bug_report.md&labels=bug): Use to report a problem with an existing feature or capability.
+* [Question](../../issues/new?labels=question&template=question.md): Use to ask a question about the project or the contents of the repository.
+
+The project team regularly reviews the open issues, prioritizes their handling, and updates the issue statuses, proving comments on the current status as needed.
+
+## Contributing to this GitHub repository
+
+This project uses a typical GitHub fork and pull request [workflow](https://guides.github.com/introduction/flow/). To establish a development environment for contributing to the project, you must do the following:
+
+1. Fork the repository to your personal workspace. Please refer to the Github [guide on forking a repository](https://help.github.com/articles/fork-a-repo/) for more details.
+1. Create a feature branch from the master branch for making changes. You can [create a branch in your personal repository](https://help.github.com/articles/creating-and-deleting-branches-within-your-repository/) directly on GitHub or create the branch using a Git client. For example, the ```git branch working``` command can be used to create a branch named *working*.
+1. You will need to make your modifications by adding, removing, and changing the content in the branch, then staging your changes using the ```git add``` and ```git rm``` commands.
+1. Once you have staged your changes, you will need to commit them. When committing, you will need to include a commit message. The commit message should describe the nature of your changes (e.g., added new feature X which supports Y). You can also reference an issue from the project repository by using the hash symbol. For example, to reference issue #34, you would include the text "#34". The full command would be: ```git commit -m "added new feature X which supports Y addressing issue #34"```.
+1. Next, you must push your changes to your personal repo. You can do this with the command: ```git push```.
+1. Finally, you can [create a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/).
+
+### Repository structure
+
+This repository consists of the following directories and files pertaining to the project:
+
+- [.github](.github): Contains GitHub issue and pull request templates for the project.
+[CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md): This file contains a code of conduct for all project contributors.
+- [CONTRIBUTING.md](CONTRIBUTING.md): This file is for potential contributors to the project. It provides basic information on the project, describes the main ways people can make contributions, explains how to report issues, and lists pointers to additional sources of information. It also has instructions on establishing a development environment for contributing to the project and using GitHub project cards to track development sprints.
+- [LICENSE.md](LICENSE.md): This file contains license information for the files in this GitHub repository.
+- [USERS.md](USERS.md): This file explains which types of users are most likely to benefit from use of this project and its artifacts.
+
+## Contributing to a Development Sprint
+
+This project is using the GitHub [project cards](../../projects) feature to track development sprints as part of the core project work stream. A typical development sprint lasts roughly a month, with some sprints lasting slightly less or more to work around major holidays or events attended by the core project team. The active sprint is typically the lowest numbered open project within the previously referenced page.
+
+### User Stories
+
+Each development sprint consists of a set of [user stories](../../issues?q=is%3Aopen+is%3Aissue+label%3A%22User+Story%22), that represent features, actions, or enhancements that are intended to be developed during the sprint. Each user story is based on a [template](../../issues/new?template=feature_request.md&labels=enhancement%2C+User+Story) and describes the basic problem or need to be addressed, a set of detailed goals to accomplish, any dependencies that must be addressed to start or complete the user story, and the criteria for acceptance of the contribution.
+
+The goals in a user story will be bulleted, indicating that each goal can be worked on in parallel, or numbered, indicating that each goal must be worked on sequentially. Each goal will be assigned to one or more individuals to accomplish.
+
+Note: A user story that is not part of a specific development sprint can still be worked on at any time by any project contributor. When a user story is not assigned to sprint, its status will not be tracked as part of our sprint management efforts, but when completed will still be considered as a possible contribution to the project.
+
+### Reporting User Story Status
+
+When working on a goal that is part of a user story you will want to provide a periodic report on any progress that has been made until that goal has been completed. This status must be reported as a comment to the associated user story issue. For a user story that is part of a development sprint, status reports will typically be made by close of business the day before the weekly status meeting. Progress on goals in each issue will be tracked by the NIST leads and will be used to update the project cards for the current sprint.
+
+When describing any open issues encountered use an "\@mention" of the individual who needs to respond to the issue. This will ensure that the individual is updated with this status. Please also raise any active, unresolved issues on the weekly status calls.
+
+### Project Status
+
+The project cards for each sprint will be in one of the following states:
+
+- "To do" - The user story has been assigned to the sprint, but work has not started.
+- "In progress" - Work has started on the user story, but development of the issue has not completed.
+- "Review in Progress" - All goals for the user story have been completed and one or more pull requests have been submitted for all associated work. The NIST team will review the pull requests to ensure that all goals and acceptance criteria have been met.
+- "Reviewer Approved" - All reviews of a pull request related to a user story have been completed. The pull request still needs to be merged.
+- "Done" - Once the contributed work has been reviewed and the pull request has been merged, the user story will be marked as "Done".
+
+Note: A pull request must be submitted for all goals before an issue will be moved to the "under review" status. If any goals or acceptance criteria have not been met, then the user story will be commented on to provide feedback, and the issue will be returned to the "In progress" state.
+
+## Communications mechanisms
+
+There are two mailing lists for the OSCAL project, for which this project supports:
+
+- *oscal-dev@nist.gov* for communication among parties interested in contributing to the development of OSCAL or exchanging ideas. Subscribe by sending an email to [oscal-dev-join@nist.gov](mailto:oscal-dev-join@nist.gov). To unsubscribe send an email to [oscal-dev-leave@nist.gov](mailto:oscal-dev-leave@nist.gov).
+- *oscal-updates@nist.gov* for low-frequency updates on the status of the OSCAL project. Subscribe by sending an email to [oscal-updates-join@nist.gov](mailto:oscal-updates-join@nist.gov). To unsubscribe send an email to [oscal-updates-leave@nist.gov](mailto:oscal-updates-leave@nist.gov).
+
+# Licenses and attribution
+
+## This project is in the public domain
+
+This project is in the worldwide public domain.
+
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain](https://creativecommons.org/publicdomain/zero/1.0/) dedication.
+
+## Contributions will be released into the public domain
+
+All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 00000000..610ea538
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,31 @@
+## This project is in the worldwide public domain
+
+As a work of the United States government, this project is in the public domain within the United States under the [National Institute of Standards and Technology Software License](#national-institute-of-standards-and-technology-software-license).
+
+Additionally, this work is made available in the public domain worldwide using the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+
+### National-Institute of Standards and Technology Software License
+
+Portions of this software was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government and is being made available as a public service. Pursuant to title 17 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States. This software may be subject to foreign copyright. Permission in the United States and in foreign countries, to the extent that NIST may hold copyright, to use, copy, modify, create derivative works, and distribute this software and its documentation without fee is hereby granted on a non-exclusive basis, provided that this notice and disclaimer of warranty appears in all copies.
+
+THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+
+### CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+#### No Copyright
+
+The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
+
+You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.
+
+#### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law. When using or citing the work, you should not imply endorsement by the author or the affirmer.
+
+### Contributions to this project
+
+As stated in [CONTRIBUTING](CONTRIBUTING.md), all contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 00000000..40886434
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,270 @@
+
+ 4.0.0
+
+
+ gov.nist.secauto
+ oss-parent
+ 15-SNAPSHOT
+
+
+ gov.nist.secauto.oscal
+ liboscal-java
+ 0.0.1-SNAPSHOT
+ jar
+
+ Metaschema Framework Parent
+ A Java library that parses XML, JSON, and YAML data formatted acording to a Metaschema-based model.
+ https://github.com/usnistgov/liboscal-java
+
+
+ GitHub Issues
+ https://github.com/usnistgov/liboscal-java/issues
+
+
+
+ https://github.com/usnistgov/liboscal-java
+ scm:git:https://github.com/usnistgov/liboscal-java.git
+ scm:git:ssh://git@github.com:usnistgov/liboscal-java.git
+ HEAD
+
+
+
+
+ ossrh
+ https://oss.sonatype.org/content/repositories/snapshots
+
+
+ ossrh
+ https://oss.sonatype.org/service/local/staging/deploy/maven2/
+
+
+ site_scm
+ scm:git:ssh://git@github.com:usnistgov/liboscal-java.git
+
+
+
+
+
+ NIST License
+ https://www.nist.gov/director/licensing
+ repo
+ NIST software License
+
+
+
+
+ National Institute of Standards and Technology
+ https://www.nist.gov
+
+
+
+
+ david.waltermire@nist.gov
+ David Waltermire
+ david.waltermire@nist.gov
+ National Institute of Standards and Technology
+
+ architect
+ developer
+ maintainer
+
+
+
+
+
+
+ OSCAL NIST Team
+ oscal@nist.gov
+
+
+ OSCAL Project Development Discussion
+ oscal-dev@nist.gov
+ oscal-dev-join@nist.gov
+ oscal-dev-leave@nist.gov
+
+
+ OSCAL Project Updates
+ oscal-updates-join@nist.gov
+ oscal-updates-leave@nist.gov
+
+
+
+
+ 11
+ 11
+ 11
+ master
+
+
+
+
+ gov.nist.secauto.metaschema
+ metaschema-java-binding
+ 0.0.1-SNAPSHOT
+
+
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-xml
+ 2.10.1
+
+
+ org.junit.jupiter
+ junit-jupiter-api
+ 5.6.0
+ test
+
+
+ org.junit.jupiter
+ junit-jupiter-engine
+ 5.6.0
+ test
+
+
+
+
+
+ com.googlecode.maven-download-plugin
+ download-maven-plugin
+ 1.4.2
+
+ true
+ false
+
+
+
+ download-metadata-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_metadata_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-control-common-metaschema
+ initialize
+
+ wget
+
+
+ https://raw.githubusercontent.com/usnistgov/OSCAL/master/src/metaschema/oscal_control-common_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-catalog-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_catalog_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-profile-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_profile_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-implementation-common-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_implementation-common_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-ssp-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_ssp_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-component-metaschema
+ initialize
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/src/metaschema/oscal_component_metaschema.xml
+ ${project.build.directory}/download/metaschema
+
+
+
+ download-catalog-xml
+ generate-test-resources
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/content/nist.gov/SP800-53/rev4/xml/NIST_SP-800-53_rev4_catalog.xml
+ ${project.build.directory}/download/content
+
+
+
+ download-catalog-json
+ generate-test-resources
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/content/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json
+ ${project.build.directory}/download/content
+
+
+
+ download-catalog-yaml
+ generate-test-resources
+
+ wget
+
+
+ https://github.com/usnistgov/OSCAL/raw/${oscal.commit}/content/nist.gov/SP800-53/rev4/yaml/NIST_SP-800-53_rev4_catalog.yaml
+ ${project.build.directory}/download/content
+
+
+
+
+
+ gov.nist.secauto.metaschema
+ metaschema-maven-plugin
+ 0.0.1-SNAPSHOT
+
+
+ generate-model-sources
+
+ generate-sources
+
+
+ ${project.build.directory}/download/metaschema
+
+ oscal_*_metaschema.xml
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/main/java/gov/nist/secauto/oscal/java/ContentUtil.java b/src/main/java/gov/nist/secauto/oscal/java/ContentUtil.java
new file mode 100644
index 00000000..01504e38
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/java/ContentUtil.java
@@ -0,0 +1,73 @@
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+package gov.nist.secauto.oscal.java;
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government.
+ * Pursuant to title 17 United States Code Section 105, works of NIST employees are
+ * not subject to copyright protection in the United States and are considered to
+ * be in the public domain. Permission to freely use, copy, modify, and distribute
+ * this software and its documentation without fee is hereby granted, provided that
+ * this notice and disclaimer of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR
+ * IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.format.DataFormatDetector;
+import com.fasterxml.jackson.core.format.DataFormatMatcher;
+import com.fasterxml.jackson.core.format.MatchStrength;
+import com.fasterxml.jackson.dataformat.xml.XmlFactory;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class ContentUtil {
+ private static final JsonFactory jsonFactory = new JsonFactory();
+ private static final XmlFactory xmlFactory = new XmlFactory();
+ private static final YAMLFactory yamlFactory = new YAMLFactory();
+
+ public static DataFormatMatcher detectFormat(InputStream is) throws IOException {
+
+ DataFormatDetector det = new DataFormatDetector(new JsonFactory[] { jsonFactory, xmlFactory, yamlFactory });
+ det = det.withMinimalMatch(MatchStrength.WEAK_MATCH).withOptimalMatch(MatchStrength.SOLID_MATCH);
+
+ DataFormatMatcher matcher = det.findFormat(is);
+ return matcher;
+ }
+
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/java/OscalLoader.java b/src/main/java/gov/nist/secauto/oscal/java/OscalLoader.java
new file mode 100644
index 00000000..5130a552
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/java/OscalLoader.java
@@ -0,0 +1,244 @@
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+package gov.nist.secauto.oscal.java;
+
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government.
+ * Pursuant to title 17 United States Code Section 105, works of NIST employees are
+ * not subject to copyright protection in the United States and are considered to
+ * be in the public domain. Permission to freely use, copy, modify, and distribute
+ * this software and its documentation without fee is hereby granted, provided that
+ * this notice and disclaimer of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR
+ * IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+import com.ctc.wstx.stax.WstxInputFactory;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.core.format.DataFormatMatcher;
+
+import gov.nist.csrc.ns.oscal._1.Catalog;
+import gov.nist.csrc.ns.oscal._1.ComponentDefinition;
+import gov.nist.csrc.ns.oscal._1.Profile;
+import gov.nist.csrc.ns.oscal._1.SystemSecurityPlan;
+import gov.nist.secauto.metaschema.binding.BindingContext;
+import gov.nist.secauto.metaschema.binding.BindingException;
+import gov.nist.secauto.metaschema.binding.Format;
+import gov.nist.secauto.metaschema.binding.io.Configuration;
+import gov.nist.secauto.metaschema.binding.io.Deserializer;
+import gov.nist.secauto.metaschema.binding.io.Feature;
+import gov.nist.secauto.metaschema.binding.io.MutableConfiguration;
+import gov.nist.secauto.metaschema.binding.io.json.parser.JsonUtil;
+
+import org.codehaus.stax2.XMLEventReader2;
+import org.codehaus.stax2.XMLInputFactory2;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.nio.charset.Charset;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.StartElement;
+
+public class OscalLoader {
+ private final BindingContext bindingContext;
+
+ public OscalLoader() {
+ this(BindingContext.newInstance());
+ }
+
+ public OscalLoader(BindingContext bindingContext) {
+ this.bindingContext = bindingContext;
+ }
+
+ protected BindingContext getBindingContext() {
+ return bindingContext;
+ }
+
+ private Class detectModelXml(File file) throws BindingException {
+ Class retval = null;
+ try {
+ XMLInputFactory2 xmlInputFactory = (XMLInputFactory2) WstxInputFactory.newInstance();
+ xmlInputFactory.configureForXmlConformance();
+ xmlInputFactory.setProperty(XMLInputFactory2.IS_COALESCING, false);
+
+ try (Reader reader = new FileReader(file, Charset.forName("UTF8"))) {
+ XMLEventReader2 eventReader = (XMLEventReader2) xmlInputFactory.createXMLEventReader(reader);
+ if (eventReader.peek().isStartDocument()) {
+ while (eventReader.hasNext() && !eventReader.peek().isStartElement()) {
+ eventReader.nextEvent();
+ }
+ }
+
+ if (!eventReader.peek().isStartElement()) {
+ throw new UnsupportedOperationException("Unable to detect a start element");
+ }
+
+ StartElement start = eventReader.nextEvent().asStartElement();
+ QName qname = start.getName();
+
+ if ("http://csrc.nist.gov/ns/oscal/1.0".equals(qname.getNamespaceURI())) {
+ switch (qname.getLocalPart()) {
+ case "catalog":
+ retval = Catalog.class;
+ break;
+ case "profile":
+ retval = Profile.class;
+ break;
+ case "system-security-plan":
+ retval = SystemSecurityPlan.class;
+ break;
+ case "component-definition":
+ retval = ComponentDefinition.class;
+ break;
+ default:
+ throw new UnsupportedOperationException("Unrecognized element name: " + qname.toString());
+ }
+ }
+
+ if (retval == null) {
+ throw new UnsupportedOperationException("Unrecognized element name: " + qname.toString());
+ }
+ reader.close();
+ }
+ } catch (IOException | XMLStreamException ex) {
+ throw new BindingException(ex);
+ }
+ return retval;
+ }
+
+ private Class detectModelJson(JsonParser parser) throws BindingException {
+ Class retval = null;
+ try {
+ JsonUtil.readNextToken(parser, JsonToken.START_OBJECT);
+ outer: while (JsonToken.FIELD_NAME.equals(parser.nextToken())) {
+ String name = parser.getCurrentName();
+ switch (name) {
+ case "catalog":
+ retval = Catalog.class;
+ break outer;
+ case "profile":
+ retval = Profile.class;
+ break outer;
+ case "system-security-plan":
+ retval = SystemSecurityPlan.class;
+ break outer;
+ case "component-definition":
+ retval = ComponentDefinition.class;
+ break outer;
+ case "$schema":
+ JsonUtil.skipValue(parser);
+ break;
+ default:
+ throw new UnsupportedOperationException("Unrecognized field name: " + name);
+ }
+ }
+ } catch (IOException ex) {
+ throw new BindingException(ex);
+ }
+ return retval;
+ }
+
+ private Deserializer getDeserializer(Class clazz, Format format, Configuration config)
+ throws BindingException {
+ Deserializer retval = getBindingContext().newDeserializer(format, clazz, config);
+ return retval;
+ }
+
+ public CLASS load(Class clazz, File file) throws BindingException {
+ try (InputStream is = new FileInputStream(file)) {
+
+ DataFormatMatcher matcher = ContentUtil.detectFormat(is);
+ switch (matcher.getMatchStrength()) {
+ case FULL_MATCH:
+ case SOLID_MATCH:
+ case WEAK_MATCH:
+ Class modelClass;
+ if ("XML".equals(matcher.getMatchedFormatName())) {
+ is.close();
+ modelClass = detectModelXml(file);
+ } else {
+ modelClass = detectModelJson(matcher.createParserWithMatch());
+ is.close();
+ }
+ if (!clazz.isAssignableFrom(modelClass)) {
+ throw new UnsupportedOperationException(String.format(
+ "The detected model class '%s' is not assignable to '%s'", modelClass.getName(), clazz.getName()));
+ }
+ Format format = Format.valueOf(matcher.getMatchedFormatName());
+ if (format == null) {
+ is.close();
+ throw new UnsupportedOperationException("Unsupported source format: " + matcher.getMatchedFormatName());
+ }
+
+ MutableConfiguration config = new MutableConfiguration().enableFeature(Feature.DESERIALIZE_ROOT);
+ Deserializer deserializer = getDeserializer(clazz, format, config);
+ CLASS retval = deserializer.deserialize(file);
+ return retval;
+ case INCONCLUSIVE:
+ case NO_MATCH:
+ default:
+ is.close();
+ throw new UnsupportedOperationException("Unable to identify format for file: " + file.getPath());
+ }
+ } catch (IOException ex) {
+ throw new BindingException(ex);
+ }
+ }
+
+ public Catalog loadCatalog(File file) throws BindingException {
+ return load(Catalog.class, file);
+ }
+
+ public Profile loadProfile(File file) throws BindingException {
+ return load(Profile.class, file);
+ }
+
+ public SystemSecurityPlan loadSystemSecurityPlan(File file) throws BindingException {
+ return load(SystemSecurityPlan.class, file);
+ }
+
+ public ComponentDefinition loadComponentDefinition(File file) throws BindingException {
+ return load(ComponentDefinition.class, file);
+ }
+}
diff --git a/src/main/metaschema-bindings/oscal-metaschema-bindings.xml b/src/main/metaschema-bindings/oscal-metaschema-bindings.xml
new file mode 100644
index 00000000..4a117a8b
--- /dev/null
+++ b/src/main/metaschema-bindings/oscal-metaschema-bindings.xml
@@ -0,0 +1,30 @@
+
+
+
+
+ gov.nist.secauto.oscal.lib
+
+
+
+
+
+ ComponentData
+ gov.nist.int
+
+
+
+
+ ImplementedRequirementByComponent
+
+
+
+
+
+
+ ProfiledSetParameter
+
+
+
+
\ No newline at end of file
diff --git a/src/test/java/gov/nist/secauto/oscal/java/OscalLoaderTest.java b/src/test/java/gov/nist/secauto/oscal/java/OscalLoaderTest.java
new file mode 100644
index 00000000..4ee7a775
--- /dev/null
+++ b/src/test/java/gov/nist/secauto/oscal/java/OscalLoaderTest.java
@@ -0,0 +1,82 @@
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+package gov.nist.secauto.oscal.java;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import gov.nist.csrc.ns.oscal._1.Catalog;
+import gov.nist.secauto.metaschema.binding.BindingContext;
+import gov.nist.secauto.metaschema.binding.BindingException;
+import gov.nist.secauto.metaschema.binding.Format;
+import gov.nist.secauto.metaschema.binding.io.Feature;
+import gov.nist.secauto.metaschema.binding.io.MutableConfiguration;
+import gov.nist.secauto.metaschema.binding.io.Serializer;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+
+class OscalLoaderTest {
+ private static OscalLoader loader;
+
+ @BeforeAll
+ private static void initializeLoader() {
+ loader = new OscalLoader();
+ }
+
+ @Test
+ void testLoadCatalogYaml(@TempDir Path tempDir) throws BindingException, IOException {
+ // the YAML catalog is currently malformed, this will create a proper one for this test
+ Catalog catalog = loader.loadCatalog(new File("target/download/content/NIST_SP-800-53_rev4_catalog.xml").getCanonicalFile());
+
+ File out = new File(tempDir.toFile(), "out.yaml");
+ BindingContext context = BindingContext.newInstance();
+ MutableConfiguration config
+ = new MutableConfiguration().enableFeature(Feature.SERIALIZE_ROOT).enableFeature(Feature.DESERIALIZE_ROOT);
+
+ Serializer serializer = context.newSerializer(Format.YAML, Catalog.class, config);
+ serializer.serialize(catalog, out);
+
+ assertNotNull(loader.loadCatalog(out));
+
+ out.delete();
+ }
+
+ @Test
+ void testLoadCatalogJson() throws BindingException, IOException {
+ assertNotNull(loader.loadCatalog(new File("target/download/content/NIST_SP-800-53_rev4_catalog.json").getCanonicalFile()));
+ }
+
+ @Test
+ void testLoadCatalogXml() throws BindingException, IOException {
+ assertNotNull(loader.loadCatalog(new File("target/download/content/NIST_SP-800-53_rev4_catalog.xml").getCanonicalFile()));
+ }
+
+}
diff --git a/src/test/java/gov/nist/secauto/oscal/java/TestContent.java b/src/test/java/gov/nist/secauto/oscal/java/TestContent.java
new file mode 100644
index 00000000..3550cf0d
--- /dev/null
+++ b/src/test/java/gov/nist/secauto/oscal/java/TestContent.java
@@ -0,0 +1,174 @@
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.java;
+
+/**
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government.
+ * Pursuant to title 17 United States Code Section 105, works of NIST employees are
+ * not subject to copyright protection in the United States and are considered to
+ * be in the public domain. Permission to freely use, copy, modify, and distribute
+ * this software and its documentation without fee is hereby granted, provided that
+ * this notice and disclaimer of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR
+ * IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import gov.nist.csrc.ns.oscal._1.Catalog;
+import gov.nist.secauto.metaschema.binding.BindingContext;
+import gov.nist.secauto.metaschema.binding.BindingException;
+import gov.nist.secauto.metaschema.binding.Format;
+import gov.nist.secauto.metaschema.binding.io.Deserializer;
+import gov.nist.secauto.metaschema.binding.io.Feature;
+import gov.nist.secauto.metaschema.binding.io.MutableConfiguration;
+import gov.nist.secauto.metaschema.binding.io.Serializer;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Path;
+
+class TestContent {
+ private static final Logger logger = LogManager.getLogger(TestContent.class);
+
+ private static CLASS measureDeserializer(String format, File file, Deserializer deserializer,
+ int iterations) throws BindingException, FileNotFoundException {
+ CLASS retval = null;
+ long totalTime = 0;
+ for (int i = 0; i < iterations; i++) {
+ long startTime = System.nanoTime();
+ retval = deserializer.deserialize(file);
+ long endTime = System.nanoTime();
+ long timeElapsed = (endTime - startTime) / 1000000;
+ logger.info(String.format("%s read in %d milliseconds from %s", format, timeElapsed, file));
+ totalTime += timeElapsed;
+ }
+ long average = totalTime / iterations - 1;
+ if (iterations > 1) {
+ logger.info(String.format("%s read in %d milliseconds (on average) from %s", format, average, file));
+ }
+ return retval;
+ }
+
+ private static void measureSerializer(CLASS root, String format, File file, Serializer serializer,
+ int iterations) throws BindingException, FileNotFoundException {
+ long totalTime = 0;
+ for (int i = 0; i < iterations; i++) {
+ long startTime = System.nanoTime();
+ serializer.serialize(root, file);
+ long endTime = System.nanoTime();
+ long timeElapsed = (endTime - startTime) / 1000000;
+ logger.info(String.format("%s written in %d milliseconds to %s", format, timeElapsed, file));
+ totalTime += timeElapsed;
+ }
+ long average = totalTime / iterations;
+ if (iterations > 1) {
+ logger.info(String.format("%s written in %d milliseconds (on average) to %s", format, average, file));
+ }
+ }
+
+ private static void chainReadWrite(File xmlSource, Class clazz, Path tempDir, int iterations)
+ throws BindingException, FileNotFoundException, IOException {
+ BindingContext context = BindingContext.newInstance();
+ MutableConfiguration config
+ = new MutableConfiguration().enableFeature(Feature.SERIALIZE_ROOT).enableFeature(Feature.DESERIALIZE_ROOT);
+
+ CLASS obj;
+
+ // XML
+ {
+ Deserializer deserializer = context.newDeserializer(Format.XML, clazz, config);
+ obj = measureDeserializer("XML", xmlSource, deserializer, iterations);
+
+ File out = new File(tempDir.toFile(), "out.xml");
+ Serializer serializer = context.newSerializer(Format.XML, clazz, config);
+ measureSerializer(obj, "XML", out, serializer, iterations);
+ }
+
+ // JSON
+ {
+ File out = new File(tempDir.toFile(), "out.json");
+ Serializer serializer = context.newSerializer(Format.JSON, clazz, config);
+ measureSerializer(obj, "JSON", out, serializer, iterations);
+
+ Deserializer deserializer = context.newDeserializer(Format.JSON, clazz, config);
+ obj = measureDeserializer("JSON", out, deserializer, iterations);
+ }
+
+ // YAML
+ {
+ File out = new File(tempDir.toFile(), "out.yml");
+ Serializer serializer = context.newSerializer(Format.YAML, clazz, config);
+ measureSerializer(obj, "YAML", out, serializer, iterations);
+
+ Deserializer deserializer = context.newDeserializer(Format.YAML, clazz, config);
+ obj = measureDeserializer("YAML", out, deserializer, iterations);
+ }
+ }
+
+ @Test
+ public void testReadWriteOSCALCatalog(@TempDir Path tempDir) throws IOException, BindingException {
+
+ File catalogSourceXml = new File("target/download/content/NIST_SP-800-53_rev4_catalog.xml");
+ logger.info("Testing XML file: {}", catalogSourceXml.getName());
+ assertTrue(catalogSourceXml.exists());
+
+ File outDir = new File("target/test-content");
+ outDir.mkdirs();
+ tempDir = outDir.toPath();
+ chainReadWrite(catalogSourceXml, Catalog.class, tempDir, 1);
+ }
+
+ @Test
+ @Disabled
+ public void testOSCALCatalogMetrics(@TempDir Path tempDir) throws IOException, BindingException {
+
+ File catalogSourceXml = new File("target/download/content/NIST_SP-800-53_rev4_catalog.xml");
+ logger.info("Testing XML file: {}", catalogSourceXml.getName());
+ assertTrue(catalogSourceXml.exists());
+
+ chainReadWrite(catalogSourceXml, Catalog.class, tempDir, 50);
+ }
+}
diff --git a/src/test/resources/log4j2.xml b/src/test/resources/log4j2.xml
new file mode 100644
index 00000000..2999d73e
--- /dev/null
+++ b/src/test/resources/log4j2.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file