private List<ClaimMetaData> getConsentClaimsFromReceipt(Receipt receipt) { List<ReceiptService> services = receipt.getServices(); List<PIICategoryValidity> piiCategories = getPIICategoriesFromServices(services); List<ClaimMetaData> claimsFromPIICategoryValidity = getClaimsFromPIICategoryValidity(piiCategories); if (isDebugEnabled()) { String message = String.format("User: %s has provided consent in receipt: %s for claims: " + claimsFromPIICategoryValidity, receipt.getPiiPrincipalId(), receipt.getConsentReceiptId()); logDebug(message); } return claimsFromPIICategoryValidity; }
private void handleCrossDomainPermission(String receiptId) throws ConsentManagementException { String tenantDomain = ConsentUtils.getTenantDomainFromCarbonContext(); Receipt receipt = consentManager.getReceipt(receiptId); if (receipt != null) { if (StringUtils.equals(receipt.getTenantDomain(), tenantDomain)) { return; } else if (receipt.getServices().stream().anyMatch(service -> StringUtils.equals(service.getTenantDomain(), tenantDomain))) { return; } } String message = String.format(ERROR_CODE_RECEIPT_ID_INVALID.getMessage(), receiptId) + " in tenant: " + tenantDomain; throw new ConsentManagementClientException(message, ERROR_CODE_RECEIPT_ID_INVALID.getCode()); }
receipt = jdbcTemplate.withTransaction(template -> { Receipt internalReceipt = template.fetchSingleRecord(GET_RECEIPT_SQL, (resultSet, rowNumber) -> { Receipt receiptInfo = new Receipt(); receiptInfo.setConsentReceiptId(receiptId); receiptInfo.setVersion(resultSet.getString(1)); receiptInfo.setJurisdiction(resultSet.getString(2)); receiptInfo.setConsentTimestamp(resultSet.getTimestamp(3).getTime()); receiptInfo.setCollectionMethod(resultSet.getString(4)); receiptInfo.setLanguage(resultSet.getString(5)); receiptInfo.setPiiPrincipalId(resultSet.getString(6)); receiptInfo.setTenantId(resultSet.getInt(7)); receiptInfo.setPolicyUrl(resultSet.getString(8)); receiptInfo.setState(resultSet.getString(9)); receiptInfo.setPiiController(resultSet.getString(10)); return receiptInfo; }, preparedStatement -> { internalReceipt.setServices(getServiceInfoOfReceipt(receiptId, receiptContext)); setReceiptSensitivity(receiptContext, internalReceipt);
private void setPublicKey(Receipt receipt) throws ConsentManagementException { String publicKey = getPublicKey(receipt.getTenantDomain()); receipt.setPublicKey(publicKey); }
consentReceiptDTO.setCollectionMethod(receipt.getCollectionMethod()); consentReceiptDTO.setConsentReceiptID(receipt.getConsentReceiptId()); consentReceiptDTO.setJurisdiction(receipt.getJurisdiction()); consentReceiptDTO.setConsentTimestamp(receipt.getConsentTimestamp()); consentReceiptDTO.setLanguage(receipt.getLanguage()); consentReceiptDTO.setPiiPrincipalId(receipt.getPiiPrincipalId()); consentReceiptDTO.setPolicyUrl(receipt.getPolicyUrl()); consentReceiptDTO.setSensitive(receipt.isSensitive()); consentReceiptDTO.setTenantDomain(receipt.getTenantDomain()); consentReceiptDTO.setVersion(receipt.getVersion()); consentReceiptDTO.setState(receipt.getState()); consentReceiptDTO.setServices(receipt.getServices().stream().map(receiptService -> { ServiceDTO serviceDTO = new ServiceDTO(); serviceDTO.setService(receiptService.getService()); return serviceDTO; }).collect(Collectors.toList())); consentReceiptDTO.setSpiCat(receipt.getSpiCat()); consentReceiptDTO.setPiiControllers(receipt.getPiiControllers().stream().map(piiController -> { PiiControllerDTO piiControllerDTO = new PiiControllerDTO(); AddressDTO addressDTO = new AddressDTO(); consentReceiptDTO.setPublicKey(receipt.getPublicKey()); addressDTO.setAddressCountry(piiController.getAddress().getAddressCountry()); addressDTO.setAddressLocality(piiController.getAddress().getAddressLocality());
private void populateTenantDomain(Receipt receipt) throws ConsentManagementServerException { receipt.setTenantDomain(ConsentUtils.getTenantDomain(realmService, receipt.getTenantId())); receipt.getServices().forEach(rethrowConsumer(receiptService -> receiptService.setTenantDomain(ConsentUtils .getTenantDomain(realmService, receiptService.getTenantId())))); }
private List<ClaimMetaData> getAllUserApprovedClaims(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, UserConsent userConsent) throws SSOConsentServiceException { List<ClaimMetaData> claimsWithConsent = new ArrayList<>(); claimsWithConsent.addAll(userConsent.getApprovedClaims()); String spName = serviceProvider.getApplicationName(); String spTenantDomain = getSPTenantDomain(serviceProvider); String subject = buildSubjectWithUserStoreDomain(authenticatedUser); Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject); if (receipt == null) { return claimsWithConsent; } List<PIICategoryValidity> piiCategoriesFromServices = getPIICategoriesFromServices(receipt.getServices()); List<ClaimMetaData> claimsFromPIICategoryValidity = getClaimsFromPIICategoryValidity(piiCategoriesFromServices); claimsWithConsent.addAll(claimsFromPIICategoryValidity); return getDistinctClaims(claimsWithConsent); }
/** * This API is used to retrieve the consent receipt. * * @param receiptId Receipt Id. * @return Consent Receipt. * @throws ConsentManagementException Consent Management Exception. */ public Receipt getReceipt(String receiptId) throws ConsentManagementException { Receipt receipt = getReceiptsDAO(receiptDAOs).getReceipt(receiptId); if (receipt == null || receipt.getConsentReceiptId() == null) { if (log.isDebugEnabled()) { log.debug("No receipt found with the Id: " + receiptId); } String message = String.format(ERROR_CODE_RECEIPT_ID_INVALID.getMessage(), receiptId) + " in tenant: "+ ConsentUtils.getTenantDomainFromCarbonContext(); throw new ConsentManagementClientException(message, ERROR_CODE_RECEIPT_ID_INVALID.getCode()); } populateTenantDomain(receipt); setPIIControllerInfo(receipt); setPublicKey(receipt); return receipt; }
private List<ClaimMetaData> getAllUserApprovedClaims(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, UserConsent userConsent) throws SSOConsentServiceException { List<ClaimMetaData> claimsWithConsent = new ArrayList<>(); claimsWithConsent.addAll(userConsent.getApprovedClaims()); String spName = serviceProvider.getApplicationName(); String spTenantDomain = getSPTenantDomain(serviceProvider); String subject = buildSubjectWithUserStoreDomain(authenticatedUser); Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject); if (receipt == null) { return claimsWithConsent; } List<PIICategoryValidity> piiCategoriesFromServices = getPIICategoriesFromServices(receipt.getServices()); List<ClaimMetaData> claimsFromPIICategoryValidity = getClaimsFromPIICategoryValidity(piiCategoriesFromServices); claimsWithConsent.addAll(claimsFromPIICategoryValidity); return getDistinctClaims(claimsWithConsent); }
private List<ClaimMetaData> getConsentClaimsFromReceipt(Receipt receipt) { List<ReceiptService> services = receipt.getServices(); List<PIICategoryValidity> piiCategories = getPIICategoriesFromServices(services); List<ClaimMetaData> claimsFromPIICategoryValidity = getClaimsFromPIICategoryValidity(piiCategories); if (isDebugEnabled()) { String message = String.format("User: %s has provided consent in receipt: %s for claims: " + claimsFromPIICategoryValidity, receipt.getPiiPrincipalId(), receipt.getConsentReceiptId()); logDebug(message); } return claimsFromPIICategoryValidity; }
public void deleteReceipt(String receiptID) throws ConsentManagementException { Receipt receipt = getReceipt(receiptID); if (receipt == null) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_DELETE_RECEIPT, String .valueOf(receiptID)); } JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { receipt.getServices().forEach(rethrowConsumer(receiptService -> { int receiptToServiceId = receiptService.getReceiptToServiceId(); receiptService.getPurposes().forEach(rethrowConsumer(consentPurpose -> { int serviceToPurposeId = consentPurpose.getServiceToPurposeId(); deleteSpPurposeToPiiCategoryAssociation(serviceToPurposeId); deleteSpPurposeToPurposeCategoryAssociation(serviceToPurposeId); })); deleteSpToPurposeAssociation(receiptToServiceId); })); deleteReceiptSPAssociation(receiptID); deleteReceiptProperties(receiptID); deleteReceiptOnly(receiptID); return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_DELETE_RECEIPT, receiptID, e); } }