use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class ConsentDeletionUserEventHandler method handleEvent.
/**
* Delete consents issued against a particular user when a user is deleted.
*
* @param event Post User Delete event.
* @throws IdentityEventException IdentityEventException.
*/
@Override
public void handleEvent(Event event) throws IdentityEventException {
IdentityEventMessageContext eventContext = new IdentityEventMessageContext(event);
if (!isEnabled(eventContext)) {
if (log.isDebugEnabled()) {
log.debug("ConsentDeletionUserEventHandler is disabled. Not handling the " + event.getEventName() + " event.");
}
return;
}
Map<String, Object> eventProperties = event.getEventProperties();
String userName = (String) eventProperties.get(IdentityEventConstants.EventProperty.USER_NAME);
UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get(IdentityEventConstants.EventProperty.USER_STORE_MANAGER);
String domainName = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
String tenantDomain = getUserTenantDomain(eventProperties);
String usernameWithUserStoreDomain = UserCoreUtil.addDomainToName(userName, domainName);
if (log.isDebugEnabled()) {
log.debug(String.format("Deleting consents for user: %s , in tenant domain :%s", usernameWithUserStoreDomain, tenantDomain));
}
ConsentManager consentManager = IdentityConsentDataHolder.getInstance().getPrivilegedConsentManager();
try {
List<ReceiptListResponse> receiptListResponses = consentManager.searchReceipts(consentSearchLimit, 0, usernameWithUserStoreDomain, null, "*", null);
if (log.isDebugEnabled()) {
log.debug(String.format("Found %d receipts issued for user: %s, in tenant domain: %s", receiptListResponses.size(), usernameWithUserStoreDomain, tenantDomain));
}
receiptListResponses.forEach(rethrowConsumer(receiptListResponse -> {
if (log.isDebugEnabled()) {
log.debug(String.format("Deleting receipt with ID : %s, issued for application %s", receiptListResponse.getConsentReceiptId(), receiptListResponse.getSpDisplayName()));
}
consentManager.deleteReceipt(receiptListResponse.getConsentReceiptId());
}));
} catch (ConsentManagementException e) {
throw new IdentityEventException("Error while deleting consents for user " + userName, e);
}
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class ConsentUtilityService method filterPIIsFromReceipt.
/**
* If the consent is not given for a PII
*
* @param keySet
* @param receipt
* @return
* @throws ConsentUtilityServiceException
*/
public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException {
if (keySet == null || receipt == null) {
throw new ConsentUtilityServiceException("Key set and receipt should not be null");
}
List<ReceiptServiceInput> services = receipt.getServices();
Set<String> consentedPIIs = new HashSet<>();
for (ReceiptServiceInput service : services) {
List<ReceiptPurposeInput> purposes = service.getPurposes();
for (ReceiptPurposeInput consentPurpose : purposes) {
List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory();
for (PIICategoryValidity piiCategory : piiCategories) {
consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId()));
}
}
}
keySet.retainAll(consentedPIIs);
return keySet;
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method setIDPData.
/**
* Set the IDP releated data in the receipt service input.
*
* @param tenantDomain Tenant domain.
* @param receiptServiceInput Relevant receipt service input which the
* @throws PostAuthenticationFailedException Post Authentication Failed Exception.
*/
private void setIDPData(String tenantDomain, ReceiptServiceInput receiptServiceInput) throws PostAuthenticationFailedException {
String resideIdpDescription = "Resident IDP";
IdentityProviderManager idpManager = IdentityProviderManager.getInstance();
IdentityProvider residentIdP = null;
try {
residentIdP = idpManager.getResidentIdP(tenantDomain);
} catch (IdentityProviderManagementException e) {
handleExceptions(String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA.getCode(), e);
}
if (residentIdP == null) {
throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getCode(), String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getMessage(), tenantDomain));
}
if (StringUtils.isEmpty(receiptServiceInput.getService())) {
if (log.isDebugEnabled()) {
log.debug("No service name found. Hence adding resident IDP home realm ID");
}
receiptServiceInput.setService(residentIdP.getHomeRealmId());
}
if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) {
receiptServiceInput.setTenantDomain(tenantDomain);
}
if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) {
if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) {
receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription());
} else {
receiptServiceInput.setSpDescription(resideIdpDescription);
}
}
if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) {
if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) {
receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName());
} else {
receiptServiceInput.setSpDisplayName(resideIdpDescription);
}
}
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getReceiptPurposeInputs.
/**
* To get the receive purpose inputs from json object from the client side.
*
* @param receiptPurpose Relevant receipt purpose.
* @return receipt purpose input, based on receipt purpose object.
*/
private ReceiptPurposeInput getReceiptPurposeInputs(JSONObject receiptPurpose) {
ReceiptPurposeInput receiptPurposeInput = new ReceiptPurposeInput();
receiptPurposeInput.setConsentType(FrameworkConstants.Consent.EXPLICIT_CONSENT_TYPE);
receiptPurposeInput.setPrimaryPurpose(true);
receiptPurposeInput.setThirdPartyDisclosure(false);
receiptPurposeInput.setPurposeId(receiptPurpose.getInt("purposeId"));
JSONArray purposeCategoryId = receiptPurpose.getJSONArray("purposeCategoryId");
List<Integer> purposeCategoryIdArray = new ArrayList<>();
for (int index = 0; index < purposeCategoryId.length(); index++) {
purposeCategoryIdArray.add(purposeCategoryId.getInt(index));
}
receiptPurposeInput.setTermination(FrameworkConstants.Consent.INFINITE_TERMINATION);
receiptPurposeInput.setPurposeCategoryId(purposeCategoryIdArray);
receiptPurposeInput.setTermination(FrameworkConstants.Consent.INFINITE_TERMINATION);
List<PIICategoryValidity> piiCategoryValidities = new ArrayList<>();
JSONArray piiCategories = (JSONArray) receiptPurpose.get(FrameworkConstants.Consent.PII_CATEGORY);
for (int categoryIndex = 0; categoryIndex < piiCategories.length(); categoryIndex++) {
JSONObject piiCategory = (JSONObject) piiCategories.get(categoryIndex);
PIICategoryValidity piiCategoryValidity = new PIICategoryValidity(piiCategory.getInt("piiCategoryId"), FrameworkConstants.Consent.INFINITE_TERMINATION);
piiCategoryValidity.setConsented(true);
piiCategoryValidities.add(piiCategoryValidity);
}
receiptPurposeInput.setPiiCategory(piiCategoryValidities);
return receiptPurposeInput;
}
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method buildConsentForResidentIDP.
/**
* Builds consent receipt input according to consent API.
*
* @param piiPrincipalId P11 Principal ID
* @param consent Consent String which contains services.
* @param policyURL Policy URL.
* @return Consent string which contains above facts.
*/
private ReceiptInput buildConsentForResidentIDP(String piiPrincipalId, String consent, String policyURL) {
ReceiptInput receiptInput = new ReceiptInput();
receiptInput.setJurisdiction("USA");
receiptInput.setCollectionMethod(FrameworkConstants.Consent.COLLECTION_METHOD_JIT);
receiptInput.setLanguage(FrameworkConstants.Consent.LANGUAGE_ENGLISH);
receiptInput.setPiiPrincipalId(piiPrincipalId);
receiptInput.setPolicyUrl(policyURL);
JSONObject receipt = new JSONObject(consent);
receiptInput.setServices(getReceiptServiceInputs(receipt));
if (log.isDebugEnabled()) {
log.debug("Built consent from endpoint util : " + consent);
}
return receiptInput;
}
Aggregations