Add support for CBOM (#379)

Signed-off-by: Alex Alzate <aalzate@sonatype.com>
CycloneDX · Apr 22, 2024 · 7d88ab9 · 7d88ab9
1 parent 6fa515a
commit 7d88ab9
Show file tree

Hide file tree

Showing 25 changed files with 1,288 additions and 2 deletions.
diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java
@@ -24,6 +24,7 @@
 
 import org.cyclonedx.Version;
 import org.cyclonedx.model.component.ModelCard;
+import org.cyclonedx.model.component.crypto.CryptoProperties;
 import org.cyclonedx.model.component.modelCard.ComponentData;
 import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer;
 import org.cyclonedx.util.deserializer.HashesDeserializer;
@@ -68,7 +69,9 @@
      "releaseNotes",
      "modelCard",
      "data",
-     "signature"
+     "cryptoProperties",
+     "signature",
+     "provides"
     })
 public class Component extends ExtensibleElement {
 
@@ -96,7 +99,10 @@ public enum Type {
         @JsonProperty("machine-learning-model")
         MACHINE_LEARNING_MODEL("machine-learning-model"),
         @JsonProperty("data")
-        DATA("data");
+        DATA("data"),
+        @VersionFilter(value = Version.VERSION_16)
+        @JsonProperty("cryptographic-asset")
+        CRYPTOGRAPHIC_ASSET("cryptographic-asset");
 
         private final String name;
 
@@ -179,6 +185,14 @@ public String getScopeName() {
     @JsonProperty("data")
     private ComponentData data;
 
+    @VersionFilter(value = Version.VERSION_16)
+    @JsonProperty("cryptoProperties")
+    private CryptoProperties cryptoProperties;
+
+    @VersionFilter(value = Version.VERSION_16)
+    @JsonProperty("provides")
+    private List<String> provides;
+
     @JsonOnly
     @VersionFilter(Version.VERSION_14)
     private Signature signature;
@@ -463,6 +477,22 @@ public void setSwhid(final List<String> swhid) {
         this.swhid = swhid;
     }
 
+    public CryptoProperties getCryptoProperties() {
+        return cryptoProperties;
+    }
+
+    public void setCryptoProperties(final CryptoProperties cryptoProperties) {
+        this.cryptoProperties = cryptoProperties;
+    }
+
+    public List<String> getProvides() {
+        return provides;
+    }
+
+    public void setProvides(final List<String> provides) {
+        this.provides = provides;
+    }
+
     @Override
     public int hashCode() {
         return Objects.hash(author, publisher, group, name, version, description, scope, hashes, license, copyright,

diff --git a/src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java
@@ -0,0 +1,145 @@
+package org.cyclonedx.model.component.crypto;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.component.crypto.enums.CertificationLevel;
+import org.cyclonedx.model.component.crypto.enums.CryptoFunction;
+import org.cyclonedx.model.component.crypto.enums.ExecutionEnvironment;
+import org.cyclonedx.model.component.crypto.enums.ImplementationPlatform;
+import org.cyclonedx.model.component.crypto.enums.Mode;
+import org.cyclonedx.model.component.crypto.enums.Padding;
+import org.cyclonedx.model.component.crypto.enums.Primitive;
+import org.cyclonedx.util.deserializer.CertificationLevelDeserializer;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+@JsonPropertyOrder({
+    "primitive",
+    "parameterSetIdentifier",
+    "curve",
+    "executionEnvironment",
+    "implementationPlatform",
+    "certificationLevel", "mode", "padding", "cryptoFunctions",
+    "classicalSecurityLevel", "nistQuantumSecurityLevel"
+})
+public class AlgorithmProperties
+{
+  private Primitive primitive;
+
+  private String parameterSetIdentifier;
+
+  private String curve;
+
+  private ExecutionEnvironment executionEnvironment;
+
+  private ImplementationPlatform implementationPlatform;
+
+  @JsonDeserialize(using = CertificationLevelDeserializer.class)
+  private CertificationLevel certificationLevel;
+
+  private Mode mode;
+
+  private Padding padding;
+
+  private List<CryptoFunction> cryptoFunctions;
+
+  private Integer classicalSecurityLevel;
+
+  private Integer nistQuantumSecurityLevel;
+
+  public Primitive getPrimitive() {
+    return primitive;
+  }
+
+  public void setPrimitive(final Primitive primitive) {
+    this.primitive = primitive;
+  }
+
+  public String getParameterSetIdentifier() {
+    return parameterSetIdentifier;
+  }
+
+  public void setParameterSetIdentifier(final String parameterSetIdentifier) {
+    this.parameterSetIdentifier = parameterSetIdentifier;
+  }
+
+  public String getCurve() {
+    return curve;
+  }
+
+  public void setCurve(final String curve) {
+    this.curve = curve;
+  }
+
+  public ExecutionEnvironment getExecutionEnvironment() {
+    return executionEnvironment;
+  }
+
+  public void setExecutionEnvironment(final ExecutionEnvironment executionEnvironment) {
+    this.executionEnvironment = executionEnvironment;
+  }
+
+  public ImplementationPlatform getImplementationPlatform() {
+    return implementationPlatform;
+  }
+
+  public void setImplementationPlatform(final ImplementationPlatform implementationPlatform) {
+    this.implementationPlatform = implementationPlatform;
+  }
+
+  public CertificationLevel getCertificationLevel() {
+    return certificationLevel;
+  }
+
+  public void setCertificationLevel(final CertificationLevel certificationLevel) {
+    this.certificationLevel = certificationLevel;
+  }
+
+  public Mode getMode() {
+    return mode;
+  }
+
+  public void setMode(final Mode mode) {
+    this.mode = mode;
+  }
+
+  public Padding getPadding() {
+    return padding;
+  }
+
+  public void setPadding(final Padding padding) {
+    this.padding = padding;
+  }
+
+  @JacksonXmlElementWrapper(localName = "cryptoFunctions")
+  @JacksonXmlProperty(localName = "cryptoFunction")
+  public List<CryptoFunction> getCryptoFunctions() {
+    return cryptoFunctions;
+  }
+
+  public void setCryptoFunctions(final List<CryptoFunction> cryptoFunctions) {
+    this.cryptoFunctions = cryptoFunctions;
+  }
+
+  public Integer getClassicalSecurityLevel() {
+    return classicalSecurityLevel;
+  }
+
+  public void setClassicalSecurityLevel(final Integer classicalSecurityLevel) {
+    this.classicalSecurityLevel = classicalSecurityLevel;
+  }
+
+  public Integer getNistQuantumSecurityLevel() {
+    return nistQuantumSecurityLevel;
+  }
+
+  public void setNistQuantumSecurityLevel(final Integer nistQuantumSecurityLevel) {
+    this.nistQuantumSecurityLevel = nistQuantumSecurityLevel;
+  }
+}
diff --git a/src/main/java/org/cyclonedx/model/component/crypto/CertificateProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/CertificateProperties.java
@@ -0,0 +1,100 @@
+package org.cyclonedx.model.component.crypto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+@JsonPropertyOrder({
+    "subjectName",
+    "issuerName",
+    "notValidBefore",
+    "notValidAfter",
+    "signatureAlgorithmRef",
+    "subjectPublicKeyRef",
+    "certificateFormat",
+    "certificateExtension"
+    })
+public class CertificateProperties
+{
+  private String subjectName;
+
+  private String issuerName;
+
+  private String notValidBefore;
+
+  private String notValidAfter;
+
+  private String  signatureAlgorithmRef;
+
+  private String subjectPublicKeyRef;
+
+  private String certificateFormat;
+
+  private String certificateExtension;
+
+  public String getSubjectName() {
+    return subjectName;
+  }
+
+  public void setSubjectName(final String subjectName) {
+    this.subjectName = subjectName;
+  }
+
+  public String getIssuerName() {
+    return issuerName;
+  }
+
+  public void setIssuerName(final String issuerName) {
+    this.issuerName = issuerName;
+  }
+
+  public String getNotValidBefore() {
+    return notValidBefore;
+  }
+
+  public void setNotValidBefore(final String notValidBefore) {
+    this.notValidBefore = notValidBefore;
+  }
+
+  public String getNotValidAfter() {
+    return notValidAfter;
+  }
+
+  public void setNotValidAfter(final String notValidAfter) {
+    this.notValidAfter = notValidAfter;
+  }
+
+  public String getSignatureAlgorithmRef() {
+    return signatureAlgorithmRef;
+  }
+
+  public void setSignatureAlgorithmRef(final String signatureAlgorithmRef) {
+    this.signatureAlgorithmRef = signatureAlgorithmRef;
+  }
+
+  public String getSubjectPublicKeyRef() {
+    return subjectPublicKeyRef;
+  }
+
+  public void setSubjectPublicKeyRef(final String subjectPublicKeyRef) {
+    this.subjectPublicKeyRef = subjectPublicKeyRef;
+  }
+
+  public String getCertificateFormat() {
+    return certificateFormat;
+  }
+
+  public void setCertificateFormat(final String certificateFormat) {
+    this.certificateFormat = certificateFormat;
+  }
+
+  public String getCertificateExtension() {
+    return certificateExtension;
+  }
+
+  public void setCertificateExtension(final String certificateExtension) {
+    this.certificateExtension = certificateExtension;
+  }
+}
diff --git a/src/main/java/org/cyclonedx/model/component/crypto/CipherSuite.java b/src/main/java/org/cyclonedx/model/component/crypto/CipherSuite.java
@@ -0,0 +1,44 @@
+package org.cyclonedx.model.component.crypto;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+@JsonPropertyOrder({"name", "algorithms", "identifiers"})
+public class CipherSuite
+{
+
+  private String name;
+
+  private List<String> algorithms;
+
+  private List<String> identifiers;
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(final String name) {
+    this.name = name;
+  }
+
+  public List<String> getAlgorithms() {
+    return algorithms;
+  }
+
+  public void setAlgorithms(final List<String> algorithms) {
+    this.algorithms = algorithms;
+  }
+
+  public List<String> getIdentifiers() {
+    return identifiers;
+  }
+
+  public void setIdentifiers(final List<String> identifiers) {
+    this.identifiers = identifiers;
+  }
+}