private void validateRequiredParametersInConsent(ReceiptInput receiptInput) throws ConsentManagementClientException { if (isBlank(receiptInput.getPiiPrincipalId())) { throw handleClientException(ERROR_CODE_PII_PRINCIPAL_ID_REQUIRED, null); } if (isBlank(receiptInput.getCollectionMethod())) { throw handleClientException(ERROR_CODE_PII_COLLECTION_METHOD_REQUIRED, null); } if (isEmpty(receiptInput.getServices())) { throw handleClientException(ERROR_CODE_AT_LEAST_ONE_SERVICE_REQUIRED, null); } }
private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException { Gson gson = new Gson(); ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class); ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() < 0) { throw new IdentityRecoveryServerException("A service should be available in a receipt"); } // There should be a one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); } catch (IdentityProviderManagementException e) { throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e); } receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
/** * If the consent is not given for a PII * * @param keySet * @param receipt * @return * @throws ConsentUtilityServiceException */ public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException { if (keySet == null || receipt == null) { throw new ConsentUtilityServiceException("Key set and receipt should not be null"); } List<ReceiptServiceInput> services = receipt.getServices(); Set<String> consentedPIIs = new HashSet<>(); for (ReceiptServiceInput service : services) { List<ReceiptPurposeInput> purposes = service.getPurposes(); for (ReceiptPurposeInput consentPurpose : purposes) { List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory(); for (PIICategoryValidity piiCategory : piiCategories) { consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId())); } } } keySet.retainAll(consentedPIIs); return keySet; }
private void revokeActiveReceipts(ReceiptInput receiptInput) throws ConsentManagementServerException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { List<String> ids = template.executeQuery(GET_ACTIVE_RECEIPTS_SQL, (resultSet, rowNumber) -> resultSet .getString(1), preparedStatement -> { preparedStatement.setString(1, receiptInput.getPiiPrincipalId()); preparedStatement.setString(2, receiptServiceInput.getService()); preparedStatement.setInt(3, receiptInput.getTenantId()); preparedStatement.setInt(4, receiptServiceInput.getTenantId()); }); if (isNotEmpty(ids)) { ids.forEach(rethrowConsumer(id -> { revokeReceipt(id); if (log.isDebugEnabled()) { log.debug("Revoked active receipt: " + id + " of the user: " + receiptInput .getPiiPrincipalId()); } })); } })); return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_REVOKE_ACTIVE_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }
log.debug("Validating receipt against purposes."); List<ReceiptServiceInput> services = receiptInput.getServices(); for (Purpose purpose : purposes) { purpose = fillPurpose(purpose);
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
log.debug("Validating receipt against purposes."); List<ReceiptServiceInput> services = receiptInput.getServices(); for (Purpose purpose : purposes) { purpose = fillPurpose(purpose);
private void validateInputParameters(ReceiptInput receiptInput) throws ConsentManagementException { //Set authenticated user. if (isBlank(receiptInput.getPiiPrincipalId())) { receiptInput.setPiiPrincipalId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername()); } // Set authenticated user's tenant id if it is not set. if (isBlank(receiptInput.getTenantDomain())) { receiptInput.setTenantId(getTenantIdFromCarbonContext()); receiptInput.setTenantDomain(getTenantDomainFromCarbonContext()); } else { receiptInput.setTenantId(getTenantId(realmService, receiptInput.getTenantDomain())); } validateRequiredParametersInConsent(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { validateRequiredParametersInService(receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> validateRequiredParametersInPurpose(receiptServiceInput, receiptPurposeInput))); })); if (log.isDebugEnabled()) { log.debug("Consent adding request validation success"); } }
@Override public void addReceipt(ReceiptInput receiptInput) throws ConsentManagementException { JdbcTemplate jdbcTemplate = JdbcUtils.getNewTemplate(); try { jdbcTemplate.withTransaction(template -> { revokeActiveReceipts(receiptInput); addReceiptInfo(receiptInput); receiptInput.getServices().forEach(rethrowConsumer(receiptServiceInput -> { int receiptToSPAssocId = addReceiptSPAssociation(receiptInput.getConsentReceiptId(), receiptServiceInput); receiptServiceInput.getPurposes().forEach(rethrowConsumer(receiptPurposeInput -> { int spToPurposeAssocId = addSpToPurposeAssociation(receiptToSPAssocId, receiptPurposeInput); receiptPurposeInput.getPurposeCategoryId().forEach(rethrowConsumer(id -> addSpPurposeToPurposeCategoryAssociation(spToPurposeAssocId, id))); receiptPurposeInput.getPiiCategory().forEach(rethrowConsumer(piiCategoryValidity -> addSpPurposeToPiiCategoryAssociation(spToPurposeAssocId, piiCategoryValidity.getId(), piiCategoryValidity.getValidity()))); })); })); if (receiptInput.getProperties() != null) { addReceiptProperties(receiptInput.getConsentReceiptId(), receiptInput.getProperties()); } return null; }); } catch (TransactionException e) { throw ConsentUtils.handleServerException(ErrorMessages.ERROR_CODE_ADD_CONSENT_RECEIPT, receiptInput.getPiiPrincipalId(), e); } }