private void setIDPData(String tenantDomain, ReceiptServiceInput receiptServiceInput) throws IdentityProviderManagementException { IdentityProviderManager idpManager = IdentityProviderManager.getInstance(); IdentityProvider residentIdP = idpManager.getResidentIdP(tenantDomain); if (StringUtils.isEmpty(receiptServiceInput.getService())) { if (log.isDebugEnabled()) { log.debug("No service name found. Hence adding resident IDP home realm ID"); } receiptServiceInput.setService(residentIdP.getHomeRealmId()); } if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) { receiptServiceInput.setTenantDomain(tenantDomain); } if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) { if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) { receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription()); } else { receiptServiceInput.setSpDescription(IdentityRecoveryConstants.Consent.RESIDENT_IDP); } } if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) { if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) { receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName()); } else { receiptServiceInput.setSpDisplayName(IdentityRecoveryConstants.Consent.RESIDENT_IDP); } } }
private void validateRequiredParametersInService(ReceiptServiceInput receiptServiceInput) throws ConsentManagementException { if (isBlank(receiptServiceInput.getService())) { throw handleClientException(ERROR_CODE_SERVICE_NAME_REQUIRED, null); } if (isEmpty(receiptServiceInput.getPurposes())) { throw handleClientException(ERROR_CODE_AT_LEAST_ONE_PURPOSE_REQUIRED, null); } // Set authenticated user's tenant id if it is not set. if (isBlank(receiptServiceInput.getTenantDomain())) { receiptServiceInput.setTenantId(getTenantIdFromCarbonContext()); receiptServiceInput.setTenantDomain(getTenantDomainFromCarbonContext()); } else { receiptServiceInput.setTenantId(getTenantId(realmService, receiptServiceInput.getTenantDomain())); } }
private ReceiptServiceInput getReceiptServiceInput(ServiceProvider serviceProvider, String spTenantDomain, List<ReceiptPurposeInput> purposeInputs) { ReceiptServiceInput serviceInput = new ReceiptServiceInput(); serviceInput.setPurposes(purposeInputs); serviceInput.setTenantDomain(spTenantDomain); if (serviceProvider == null) { return serviceInput; } String spName = serviceProvider.getApplicationName(); String spDescription; spDescription = serviceProvider.getDescription(); if (StringUtils.isBlank(spDescription)) { spDescription = spName; } serviceInput.setService(spName); serviceInput.setSpDisplayName(spDescription); serviceInput.setSpDescription(spDescription); return serviceInput; }
protected int addReceiptSPAssociation(String receiptId, ReceiptServiceInput receiptServiceInput) throws ConsentManagementServerException { int receiptToSPAssocId; JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { receiptToSPAssocId = jdbcTemplate.withTransaction(template -> template.executeInsert(INSERT_RECEIPT_SP_ASSOC_SQL, (preparedStatement -> { preparedStatement.setString(1, receiptId); preparedStatement.setString(2, receiptServiceInput.getService()); preparedStatement.setInt(3, receiptServiceInput.getTenantId()); preparedStatement.setString(4, receiptServiceInput.getSpDisplayName()); preparedStatement.setString(5, receiptServiceInput.getSpDescription()); }), receiptServiceInput, true)); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_ADD_RECEIPT_SP_ASSOC, receiptServiceInput.getService(), e); } return receiptToSPAssocId; }
private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException { Gson gson = new Gson(); ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class); ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() < 0) { throw new IdentityRecoveryServerException("A service should be available in a receipt"); } // There should be a one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); } catch (IdentityProviderManagementException e) { throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e); } receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
private void revokeActiveReceipts(ReceiptInput receiptInput) throws ConsentManagementServerException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { List<String> ids = template.executeQuery(GET_ACTIVE_RECEIPTS_SQL, (resultSet, rowNumber) -> resultSet .getString(1), preparedStatement -> { preparedStatement.setString(1, receiptInput.getPiiPrincipalId()); preparedStatement.setString(2, receiptServiceInput.getService()); preparedStatement.setInt(3, receiptInput.getTenantId()); preparedStatement.setInt(4, receiptServiceInput.getTenantId()); }); if (isNotEmpty(ids)) { ids.forEach(rethrowConsumer(id -> { revokeReceipt(id); if (log.isDebugEnabled()) { log.debug("Revoked active receipt: " + id + " of the user: " + receiptInput .getPiiPrincipalId()); } })); } })); return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_REVOKE_ACTIVE_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }
throws ConsentManagementException { String serviceName = receiptServiceInput.getService(); if (receiptPurposeInput.getPurposeId() == null) { throw handleClientException(ERROR_CODE_PURPOSE_ID_MANDATORY, serviceName);
private ReceiptServiceInput getReceiptServiceInput(ServiceProvider serviceProvider, String spTenantDomain, List<ReceiptPurposeInput> purposeInputs) { ReceiptServiceInput serviceInput = new ReceiptServiceInput(); serviceInput.setPurposes(purposeInputs); serviceInput.setTenantDomain(spTenantDomain); if (serviceProvider == null) { return serviceInput; } String spName = serviceProvider.getApplicationName(); String spDescription; spDescription = serviceProvider.getDescription(); if (StringUtils.isBlank(spDescription)) { spDescription = spName; } serviceInput.setService(spName); serviceInput.setSpDisplayName(spDescription); serviceInput.setSpDescription(spDescription); return serviceInput; }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getMessage(), tenantDomain)); if (StringUtils.isEmpty(receiptServiceInput.getService())) { if (log.isDebugEnabled()) { log.debug("No service name found. Hence adding resident IDP home realm ID"); receiptServiceInput.setService(residentIdP.getHomeRealmId()); if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) { receiptServiceInput.setTenantDomain(tenantDomain); if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) { if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) { receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription()); } else { receiptServiceInput.setSpDescription(resideIdpDescription); if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) { if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) { receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName()); } else { receiptServiceInput.setSpDisplayName(resideIdpDescription);
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
List<ReceiptPurposeInput> consentPurposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : consentPurposes) { if (consentPurpose.getPurposeId() == purpose.getId()) {
String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getMessage(), tenantDomain)); if (StringUtils.isEmpty(receiptServiceInput.getService())) { if (log.isDebugEnabled()) { log.debug("No service name found. Hence adding resident IDP home realm ID"); receiptServiceInput.setService(residentIdP.getHomeRealmId()); if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) { receiptServiceInput.setTenantDomain(tenantDomain); if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) { if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) { receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription()); } else { receiptServiceInput.setSpDescription(resideIdpDescription); if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) { if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) { receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName()); } else { receiptServiceInput.setSpDisplayName(resideIdpDescription);
List<ReceiptPurposeInput> consentPurposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : consentPurposes) { if (consentPurpose.getPurposeId() == purpose.getId()) {
private void validateInputParameters(ReceiptInput receiptInput) throws ConsentManagementException { //Set authenticated user. if (isBlank(receiptInput.getPiiPrincipalId())) { receiptInput.setPiiPrincipalId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); } // Set authenticated user's tenant id if it is not set. if (isBlank(receiptInput.getTenantDomain())) { receiptInput.setTenantId(getTenantIdFromCarbonContext()); receiptInput.setTenantDomain(getTenantDomainFromCarbonContext()); } else { receiptInput.setTenantId(getTenantId(realmService, receiptInput.getTenantDomain())); } validateRequiredParametersInConsent(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { validateRequiredParametersInService(receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> validateRequiredParametersInPurpose(receiptServiceInput, receiptPurposeInput))); })); if (log.isDebugEnabled()) { log.debug("Consent adding request validation success"); } }
@Override public void addReceipt(ReceiptInput receiptInput) throws ConsentManagementException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { revokeActiveReceipts(receiptInput); addReceiptInfo(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { int receiptToSPAssocId = addReceiptSPAssociation(receiptInput.getConsentReceiptId(), receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> { int spToPurposeAssocId = addSpToPurposeAssociation(receiptToSPAssocId, receiptPurposeInput); receiptPurposeInput.getPurposeCategoryId().forEach(rethrowConsumer(id -> addSpPurposeToPurposeCategoryAssociation(spToPurposeAssocId, id))); receiptPurposeInput.getPiiCategory().forEach(rethrowConsumer(piiCategoryValidity -> addSpPurposeToPiiCategoryAssociation(spToPurposeAssocId, piiCategoryValidity.getId(), piiCategoryValidity.getValidity()))); })); })); if (receiptInput.getProperties() != null) { addReceiptProperties(receiptInput.getConsentReceiptId(), receiptInput.getProperties()); } return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_ADD_CONSENT_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }