private void validateRequiredParametersInConsent(ReceiptInput receiptInput) throws ConsentManagementClientException { if (isBlank(receiptInput.getPiiPrincipalId())) { throw handleClientException(ERROR_CODE_PII_PRINCIPAL_ID_REQUIRED, null); } if (isBlank(receiptInput.getCollectionMethod())) { throw handleClientException(ERROR_CODE_PII_COLLECTION_METHOD_REQUIRED, null); } if (isEmpty(receiptInput.getServices())) { throw handleClientException(ERROR_CODE_AT_LEAST_ONE_SERVICE_REQUIRED, null); } }
private ReceiptInput getReceiptInput(String subject, String collectionMethod, String jurisdiction, String language, String policyUrl, List<ReceiptServiceInput> serviceInputs, Map<String, String> properties) { ReceiptInput receiptInput = new ReceiptInput(); receiptInput.setCollectionMethod(collectionMethod); receiptInput.setJurisdiction(jurisdiction); receiptInput.setLanguage(language); receiptInput.setPolicyUrl(policyUrl); receiptInput.setServices(serviceInputs); receiptInput.setProperties(properties); receiptInput.setPiiPrincipalId(subject); return receiptInput; }
protected void addReceiptInfo(ReceiptInput receiptInput) throws ConsentManagementServerException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { template.executeInsert(INSERT_RECEIPT_SQL, (preparedStatement -> { preparedStatement.setString(1, receiptInput.getConsentReceiptId()); preparedStatement.setString(2, receiptInput.getVersion()); preparedStatement.setString(3, receiptInput.getJurisdiction()); preparedStatement.setTimestamp(4, new java.sql.Timestamp(new Date().getTime()), Calendar.getInstance(TimeZone.getTimeZone(UTC))); preparedStatement.setString(5, receiptInput.getCollectionMethod()); preparedStatement.setString(6, receiptInput.getLanguage()); preparedStatement.setString(7, receiptInput.getPiiPrincipalId()); preparedStatement.setInt(8, receiptInput.getTenantId()); preparedStatement.setString(9, receiptInput.getPolicyUrl()); preparedStatement.setString(10, ACTIVE_STATE); preparedStatement.setString(11, receiptInput.getPiiControllerInfo()); }), receiptInput, false); return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_ADD_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }
/** * This API is used to verify and store consent input. * * @param receiptInput consent input. * @throws ConsentManagementException Consent Management Exception. */ public AddReceiptResponse addConsent(ReceiptInput receiptInput) throws ConsentManagementException { validateInputParameters(receiptInput); receiptInput.setConsentReceiptId(generateConsentReceiptId()); setAPIVersion(receiptInput); setPIIControllerInfo(receiptInput); getReceiptsDAO(receiptDAOs).addReceipt(receiptInput); if (log.isDebugEnabled()) { log.debug("Consent stored successfully with the Id: " + receiptInput.getConsentReceiptId()); } return new AddReceiptResponse(receiptInput.getConsentReceiptId(), receiptInput.getCollectionMethod(), receiptInput.getLanguage(), receiptInput.getPiiPrincipalId(), receiptInput.getTenantDomain()); }
private void validateInputParameters(ReceiptInput receiptInput) throws ConsentManagementException { //Set authenticated user. if (isBlank(receiptInput.getPiiPrincipalId())) { receiptInput.setPiiPrincipalId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); } // Set authenticated user's tenant id if it is not set. if (isBlank(receiptInput.getTenantDomain())) { receiptInput.setTenantId(getTenantIdFromCarbonContext()); receiptInput.setTenantDomain(getTenantDomainFromCarbonContext()); } else { receiptInput.setTenantId(getTenantId(realmService, receiptInput.getTenantDomain())); } validateRequiredParametersInConsent(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { validateRequiredParametersInService(receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> validateRequiredParametersInPurpose(receiptServiceInput, receiptPurposeInput))); })); if (log.isDebugEnabled()) { log.debug("Consent adding request validation success"); } }
private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException { Gson gson = new Gson(); ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class); ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() < 0) { throw new IdentityRecoveryServerException("A service should be available in a receipt"); } // There should be a one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); } catch (IdentityProviderManagementException e) { throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e); } receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); }
@Override public void addReceipt(ReceiptInput receiptInput) throws ConsentManagementException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { revokeActiveReceipts(receiptInput); addReceiptInfo(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { int receiptToSPAssocId = addReceiptSPAssociation(receiptInput.getConsentReceiptId(), receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> { int spToPurposeAssocId = addSpToPurposeAssociation(receiptToSPAssocId, receiptPurposeInput); receiptPurposeInput.getPurposeCategoryId().forEach(rethrowConsumer(id -> addSpPurposeToPurposeCategoryAssociation(spToPurposeAssocId, id))); receiptPurposeInput.getPiiCategory().forEach(rethrowConsumer(piiCategoryValidity -> addSpPurposeToPiiCategoryAssociation(spToPurposeAssocId, piiCategoryValidity.getId(), piiCategoryValidity.getValidity()))); })); })); if (receiptInput.getProperties() != null) { addReceiptProperties(receiptInput.getConsentReceiptId(), receiptInput.getProperties()); } return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_ADD_CONSENT_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
private void revokeActiveReceipts(ReceiptInput receiptInput) throws ConsentManagementServerException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { List<String> ids = template.executeQuery(GET_ACTIVE_RECEIPTS_SQL, (resultSet, rowNumber) -> resultSet .getString(1), preparedStatement -> { preparedStatement.setString(1, receiptInput.getPiiPrincipalId()); preparedStatement.setString(2, receiptServiceInput.getService()); preparedStatement.setInt(3, receiptInput.getTenantId()); preparedStatement.setInt(4, receiptServiceInput.getTenantId()); }); if (isNotEmpty(ids)) { ids.forEach(rethrowConsumer(id -> { revokeReceipt(id); if (log.isDebugEnabled()) { log.debug("Revoked active receipt: " + id + " of the user: " + receiptInput .getPiiPrincipalId()); } })); } })); return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_REVOKE_ACTIVE_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
private ReceiptInput getReceiptInput(String subject, String collectionMethod, String jurisdiction, String language, String policyUrl, List<ReceiptServiceInput> serviceInputs, Map<String, String> properties) { ReceiptInput receiptInput = new ReceiptInput(); receiptInput.setCollectionMethod(collectionMethod); receiptInput.setJurisdiction(jurisdiction); receiptInput.setLanguage(language); receiptInput.setPolicyUrl(policyUrl); receiptInput.setServices(serviceInputs); receiptInput.setProperties(properties); receiptInput.setPiiPrincipalId(subject); return receiptInput; }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
log.debug("Validating receipt against purposes."); List<ReceiptServiceInput> services = receiptInput.getServices(); for (Purpose purpose : purposes) { purpose = fillPurpose(purpose);
/** * Builds consent receipt input according to consent API. * * @param piiPrincipalId P11 Principal ID * @param consent Consent String which contains services. * @param policyURL Policy URL. * @return Consent string which contains above facts. */ private ReceiptInput buildConsentForResidentIDP(String piiPrincipalId, String consent, String policyURL) { ReceiptInput receiptInput = new ReceiptInput(); receiptInput.setJurisdiction("USA"); receiptInput.setCollectionMethod(FrameworkConstants.Consent.COLLECTION_METHOD_JIT); receiptInput.setLanguage(FrameworkConstants.Consent.LANGUAGE_ENGLISH); receiptInput.setPiiPrincipalId(piiPrincipalId); receiptInput.setPolicyUrl(policyURL); JSONObject receipt = new JSONObject(consent); receiptInput.setServices(getReceiptServiceInputs(receipt)); if (log.isDebugEnabled()) { log.debug("Built consent from endpoint util : " + consent); } return receiptInput; }
log.debug("Validating receipt against purposes."); List<ReceiptServiceInput> services = receiptInput.getServices(); for (Purpose purpose : purposes) { purpose = fillPurpose(purpose);
/** * Builds consent receipt input according to consent API. * * @param piiPrincipalId P11 Principal ID * @param consent Consent String which contains services. * @param policyURL Policy URL. * @return Consent string which contains above facts. */ private ReceiptInput buildConsentForResidentIDP(String piiPrincipalId, String consent, String policyURL) { ReceiptInput receiptInput = new ReceiptInput(); receiptInput.setJurisdiction("USA"); receiptInput.setCollectionMethod(FrameworkConstants.Consent.COLLECTION_METHOD_JIT); receiptInput.setLanguage(FrameworkConstants.Consent.LANGUAGE_ENGLISH); receiptInput.setPiiPrincipalId(piiPrincipalId); receiptInput.setPolicyUrl(policyURL); JSONObject receipt = new JSONObject(consent); receiptInput.setServices(getReceiptServiceInputs(receipt)); if (log.isDebugEnabled()) { log.debug("Built consent from endpoint util : " + consent); } return receiptInput; }