Code refactored.

Signed-off-by: jjhz <[email protected]>

Author: jjhz

src/main/java/org/cyclonedx/model/Component.java

@@ -24,6 +24,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonUnwrapped;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import org.cyclonedx.Version;
 import org.cyclonedx.model.component.ModelCard;
 import org.cyclonedx.model.component.crypto.CryptoProperties;
@@ -44,6 +45,7 @@
 import com.github.packageurl.PackageURL;
 import org.cyclonedx.util.deserializer.LicenseDeserializer;
 import org.cyclonedx.util.deserializer.PropertiesDeserializer;
+import org.cyclonedx.util.serializer.ComponentAuthorsSerializer;
 
 @SuppressWarnings("unused")
 @JacksonXmlRootElement(localName = "component")
@@ -224,6 +226,10 @@ public String getScopeName() {
     private Tags tags;
 
     @VersionFilter(Version.VERSION_16)
+    @JsonProperty("authors")
+    @JacksonXmlElementWrapper(localName = "authors")
+    @JsonSerialize(using = ComponentAuthorsSerializer.class)
+    @JsonDeserialize(using = ComponentAuthorsDeserializer.class)
     private List<OrganizationalContact> authors;
 
     @VersionFilter(Version.VERSION_16)
@@ -556,13 +562,10 @@ public void setTags(final Tags tags) {
         this.tags = tags;
     }
 
-    @JacksonXmlElementWrapper(localName = "authors")
-    @JacksonXmlProperty(localName = "author")
     public List<OrganizationalContact> getAuthors() {
         return authors;
     }
 
-    @JsonDeserialize(using = ComponentAuthorsDeserializer.class)
     public void setAuthors(final List<OrganizationalContact> authors) {
         this.authors = authors;
     }

src/main/java/org/cyclonedx/util/deserializer/ComponentAuthorsDeserializer.java

@@ -37,10 +37,19 @@ public List<OrganizationalContact> deserialize(JsonParser p, DeserializationCont
         if (p instanceof FromXmlParser) { // Handle XML
             while (p.nextToken() != JsonToken.END_OBJECT && p.currentToken() != JsonToken.END_OBJECT) {
                 if (p.currentToken() == JsonToken.FIELD_NAME) {
-                    // Handles both <author> and <authors> as the item tag
-                    p.nextToken();
-                    OrganizationalContact contact = p.readValueAs(OrganizationalContact.class);
-                    contacts.add(contact);
+                    String fieldName = p.currentName();
+                    if ("author".equals(fieldName) || "authors".equals(fieldName)) {
+                        // Handles both <author> and <authors> as the item tag
+                        p.nextToken();
+                        contacts.add(p.readValueAs(OrganizationalContact.class));
+                    } else {
+                        ctxt.reportInputMismatch(
+                                List.class,
+                                "Unexpected field '%s' in %s",
+                                fieldName,
+                                getClass().getSimpleName()
+                        );
+                    }
                 }
             }
         } else { // Handle JSON
@@ -53,4 +62,4 @@ public List<OrganizationalContact> deserialize(JsonParser p, DeserializationCont
         }
         return contacts;
     }
-}
+}

src/main/java/org/cyclonedx/util/serializer/ComponentAuthorsSerializer.java

@@ -0,0 +1,60 @@
+/*
+ * This file is part of CycloneDX Core (Java).
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+
+package org.cyclonedx.util.serializer;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.cyclonedx.model.OrganizationalContact;
+
+import javax.xml.namespace.QName;
+import java.io.IOException;
+import java.util.List;
+
+public class ComponentAuthorsSerializer extends StdSerializer<List<OrganizationalContact>> {
+
+
+    public ComponentAuthorsSerializer() {
+        super(List.class, false);
+    }
+
+
+    @Override
+    public void serialize(List<OrganizationalContact> authors, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
+        if (jsonGenerator instanceof ToXmlGenerator) { // Handle XML
+            ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator;
+            xmlGenerator.writeStartArray();
+
+            for (OrganizationalContact author : authors) {
+                xmlGenerator.setNextName(new QName("author"));
+                xmlGenerator.writeObject(author);
+            }
+
+            xmlGenerator.writeEndArray();
+        } else { // Handle JSON, as default.
+            JsonSerializer<Object> defaultSerializer =
+                    serializerProvider.findValueSerializer(List.class, null);
+            defaultSerializer.serialize(authors, jsonGenerator, serializerProvider);
+        }
+    }
+
+}

src/test/java/org/cyclonedx/BomJsonGeneratorTest.java

@@ -21,17 +21,14 @@
 import com.fasterxml.jackson.databind.JsonNode;
 
 import java.nio.charset.StandardCharsets;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.io.IOUtils;
 import org.cyclonedx.generators.BomGeneratorFactory;
 import org.cyclonedx.generators.json.BomJsonGenerator;
 import org.cyclonedx.generators.xml.BomXmlGenerator;
-import org.cyclonedx.model.Bom;
-import org.cyclonedx.model.Component;
+import org.cyclonedx.model.*;
 import org.cyclonedx.model.Component.Type;
-import org.cyclonedx.model.License;
-import org.cyclonedx.model.LicenseChoice;
-import org.cyclonedx.model.Metadata;
-import org.cyclonedx.model.Service;
 import org.cyclonedx.model.license.Expression;
 import org.cyclonedx.parsers.JsonParser;
 import org.cyclonedx.parsers.XmlParser;
@@ -48,6 +45,8 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
 import java.util.stream.Stream;
 import java.util.Objects;
 
@@ -603,15 +602,64 @@ public void testIssue492() throws Exception {
     }
 
     @Test
-    public void testComponentAuthorsDeserializationJsonObject16() throws Exception {
-        Bom bom = createCommonJsonBom("/1.6/valid-component-authors-json-object-1.6.json");
-        Component component = bom.getComponents().get(0);
-        assertNotNull(component.getAuthors());
-        assertEquals(2, component.getAuthors().size());
-        assertEquals("Test Author 1", component.getAuthors().get(0).getName());
-        assertEquals("[email protected]", component.getAuthors().get(0).getEmail());
-        assertEquals("Test Author 2", component.getAuthors().get(1).getName());
-        assertNull(component.getAuthors().get(1).getEmail());
+    public void testComponentAuthorsSerializationAndDeserialization() throws Exception {
+        Version version = Version.VERSION_16;
+        Bom bom = createCommonJsonBom("/1.6/valid-component-authors-1.6.json");
+
+        assertNotNull(bom.getComponents());
+        assertEquals(1, bom.getComponents().size());
+
+        Component bomComponent = bom.getComponents().get(0);
+        assertEquals("Outer Author with String value", bomComponent.getAuthor());
+
+        List<OrganizationalContact> bomAuthors = bomComponent.getAuthors();
+        assertNotNull(bomAuthors);
+        assertEquals(2, bomAuthors.size());
+
+        OrganizationalContact bomAuthor1 = bomAuthors.get(0);
+        OrganizationalContact bomAuthor2 = bomAuthors.get(1);
+
+        assertNotNull(bomAuthor1);
+        assertEquals("Test Author 1", bomAuthor1.getName());
+        assertEquals("[email protected]", bomAuthor1.getEmail());
+        assertEquals("123", bomAuthor1.getPhone());
+
+        assertNotNull(bomAuthor2);
+        assertEquals("Test Author 2", bomAuthor2.getName());
+        assertEquals("[email protected]", bomAuthor2.getEmail());
+        assertEquals("456", bomAuthor2.getPhone());
+
+        BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom);
+        String jsonString = generator.toJsonString();
+
+        File loadedFile = writeToFile(jsonString);
+        JsonParser parser = new JsonParser();
+        assertTrue(parser.isValid(loadedFile, version));
+
+        // Verify the json content
+        ObjectMapper mapper = new ObjectMapper();
+        JsonNode rootNode = mapper.readTree(jsonString);
+
+        JsonNode component = rootNode.path("components").get(0);
+        assertNotNull(component);
+
+        String outerAuthor = component.path("author").asText();
+        assertEquals("Outer Author with String value", outerAuthor, "Outer author value mismatch");
+
+        JsonNode authorsNode = component.path("authors");
+        assertTrue(authorsNode.isArray());
+        assertEquals(2, authorsNode.size(), "Authors list size mismatch");
+
+        Iterator<JsonNode> elements = authorsNode.elements();
+        JsonNode author1 = elements.next();
+        assertEquals("Test Author 1", author1.path("name").asText());
+        assertEquals("[email protected]", author1.path("email").asText());
+        assertEquals("123", author1.path("phone").asText());
+
+        JsonNode author2 = elements.next();
+        assertEquals("Test Author 2", author2.path("name").asText());
+        assertEquals("[email protected]", author2.path("email").asText());
+        assertEquals("456", author2.path("phone").asText());
     }
 
     private void assertExternalReferenceInfo(Bom bom) {

src/test/java/org/cyclonedx/BomXmlGeneratorTest.java

@@ -45,6 +45,7 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
@@ -794,10 +795,37 @@ public void testIssue408Regression_jsonToXml_externalReferenceBom() throws Excep
         assertTrue(parser.isValid(loadedFile, version));
     }
 
-    @Test
-    public void testComponentAuthorSerializationOutputAsString() throws Exception {
+    @ParameterizedTest
+    @ValueSource(strings = {
+            "/1.6/valid-component-authors-1.6.xml",
+            "/1.6/invalid-component-authors-legacy-1.6.xml"
+    })
+    public void testComponentAuthorsSerializationAndDeserialization(String xmlFilePath) throws Exception {
         Version version = Version.VERSION_16;
-        Bom bom = createCommonBomXml("/1.6/valid-component-authors-1.6.xml");
+        Bom bom = createCommonBomXml(xmlFilePath);
+
+        assertNotNull(bom.getComponents());
+        assertEquals(1, bom.getComponents().size());
+
+        Component bomComponent = bom.getComponents().get(0);
+        assertEquals("Outer Author with String value", bomComponent.getAuthor());
+
+        List<OrganizationalContact> bomAuthors = bomComponent.getAuthors();
+        assertNotNull(bomAuthors);
+        assertEquals(2, bomAuthors.size());
+
+        OrganizationalContact bomAuthor1 = bomAuthors.get(0);
+        OrganizationalContact bomAuthor2 = bomAuthors.get(1);
+
+        assertNotNull(bomAuthor1);
+        assertEquals("Test Author 1", bomAuthor1.getName());
+        assertEquals("[email protected]", bomAuthor1.getEmail());
+        assertEquals("123", bomAuthor1.getPhone());
+
+        assertNotNull(bomAuthor2);
+        assertEquals("Test Author 2", bomAuthor2.getName());
+        assertEquals("[email protected]", bomAuthor2.getEmail());
+        assertEquals("456", bomAuthor2.getPhone());
 
         BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom);
         String xmlString = generator.toXmlString();
@@ -840,16 +868,26 @@ public Iterator<String> getPrefixes(String namespaceURI) {
 
         assertEquals("Test Author 1", author1);
         assertEquals("Test Author 2", author2);
+
+        String email1 = xpath.evaluate("//bom:component/bom:authors/bom:author[1]/bom:email", doc);
+        String email2 = xpath.evaluate("//bom:component/bom:authors/bom:author[2]/bom:email", doc);
+
+        assertEquals("[email protected]", email1);
+        assertEquals("[email protected]", email2);
+
+        String phone1 = xpath.evaluate("//bom:component/bom:authors/bom:author[1]/bom:phone", doc);
+        String phone2 = xpath.evaluate("//bom:component/bom:authors/bom:author[2]/bom:phone", doc);
+
+        assertEquals("123", phone1);
+        assertEquals("456", phone2);
+
+        String outerAuthorStr = (String) xpath.evaluate("//bom:component/bom:author", doc, XPathConstants.STRING);
+        assertEquals("Outer Author with String value", outerAuthorStr);
     }
 
     @Test
-    public void testComponentAuthorsDeserializationLegacy() throws Exception {
-        Bom bom = createCommonBomXml("/1.6/invalid-component-authors-legacy-1.6.xml");
-        Component component = bom.getComponents().get(0);
-        assertNotNull(component.getAuthors());
-        assertEquals(2, component.getAuthors().size());
-        assertEquals("Test Author 1", component.getAuthors().get(0).getName());
-        assertEquals("Test Author 2", component.getAuthors().get(1).getName());
+    public void testComponentAuthorsWithInvalidItemTag(){
+        assertThrows(ParseException.class, () -> createCommonBomXml("/1.6/invalid-component-authors-bad-item-name-1.6.xml"));
     }
 
     private void assertExternalReferenceInfo(Bom bom) {

src/test/resources/1.6/invalid-component-authors-bad-item-name-1.6.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom serialNumber="urn:uuid:e1acbeda-240f-4ab6-bd4e-749ab4183fec" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
+    <components>
+        <component type="application">
+            <authors>
+                <bad-authors>
+                    <name>Test Author 1</name>
+                    <email>[email protected]</email>
+                    <phone>123</phone>
+                </bad-authors>
+                <bad-authors>
+                    <name>Test Author 2</name>
+                    <email>[email protected]</email>
+                    <phone>456</phone>
+                </bad-authors>
+            </authors>
+            <author>Outer Author with String value</author>
+            <name>Test Component</name>
+        </component>
+    </components>
+</bom>

src/test/resources/1.6/invalid-component-authors-legacy-1.6.xml

@@ -1,16 +1,21 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <bom serialNumber="urn:uuid:e1acbeda-240f-4ab6-bd4e-749ab4183fec" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
-  <components>
-    <component type="application">
-      <authors>
-        <authors>
-          <name>Test Author 1</name>
-        </authors>
-        <authors>
-          <name>Test Author 2</name>
-        </authors>
-      </authors>
-      <name>Test Component</name>
-    </component>
-  </components>
+    <components>
+        <component type="application">
+            <authors>
+                <authors>
+                    <name>Test Author 1</name>
+                    <email>[email protected]</email>
+                    <phone>123</phone>
+                </authors>
+                <authors>
+                    <name>Test Author 2</name>
+                    <email>[email protected]</email>
+                    <phone>456</phone>
+                </authors>
+            </authors>
+            <author>Outer Author with String value</author>
+            <name>Test Component</name>
+        </component>
+    </components>
 </bom>