Search in sources :

Example 1 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class ConsentDeletionUserEventHandler method handleEvent.

/**
 * Delete consents issued against a particular user when a user is deleted.
 *
 * @param event Post User Delete event.
 * @throws IdentityEventException IdentityEventException.
 */
@Override
public void handleEvent(Event event) throws IdentityEventException {
    IdentityEventMessageContext eventContext = new IdentityEventMessageContext(event);
    if (!isEnabled(eventContext)) {
        if (log.isDebugEnabled()) {
            log.debug("ConsentDeletionUserEventHandler is disabled. Not handling the " + event.getEventName() + " event.");
        }
        return;
    }
    Map<String, Object> eventProperties = event.getEventProperties();
    String userName = (String) eventProperties.get(IdentityEventConstants.EventProperty.USER_NAME);
    UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get(IdentityEventConstants.EventProperty.USER_STORE_MANAGER);
    String domainName = userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
    String tenantDomain = getUserTenantDomain(eventProperties);
    String usernameWithUserStoreDomain = UserCoreUtil.addDomainToName(userName, domainName);
    if (log.isDebugEnabled()) {
        log.debug(String.format("Deleting consents for user: %s , in tenant domain :%s", usernameWithUserStoreDomain, tenantDomain));
    }
    ConsentManager consentManager = IdentityConsentDataHolder.getInstance().getPrivilegedConsentManager();
    try {
        List<ReceiptListResponse> receiptListResponses = consentManager.searchReceipts(consentSearchLimit, 0, usernameWithUserStoreDomain, null, "*", null);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Found %d receipts issued for user: %s, in tenant domain: %s", receiptListResponses.size(), usernameWithUserStoreDomain, tenantDomain));
        }
        receiptListResponses.forEach(rethrowConsumer(receiptListResponse -> {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Deleting receipt with ID : %s, issued for application %s", receiptListResponse.getConsentReceiptId(), receiptListResponse.getSpDisplayName()));
            }
            consentManager.deleteReceipt(receiptListResponse.getConsentReceiptId());
        }));
    } catch (ConsentManagementException e) {
        throw new IdentityEventException("Error while deleting consents for user " + userName, e);
    }
}
Also used : IdentityConsentMgtUtils(org.wso2.carbon.identity.consent.mgt.IdentityConsentMgtUtils) IdentityConsentDataHolder(org.wso2.carbon.identity.consent.mgt.internal.IdentityConsentDataHolder) InitConfig(org.wso2.carbon.identity.core.handler.InitConfig) IdentityEventException(org.wso2.carbon.identity.event.IdentityEventException) LambdaExceptionUtils.rethrowConsumer(org.wso2.carbon.identity.core.util.LambdaExceptionUtils.rethrowConsumer) AbstractEventHandler(org.wso2.carbon.identity.event.handler.AbstractEventHandler) ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) Event(org.wso2.carbon.identity.event.event.Event) UserCoreConstants(org.wso2.carbon.user.core.UserCoreConstants) MessageContext(org.wso2.carbon.identity.core.bean.context.MessageContext) IdentityRuntimeException(org.wso2.carbon.identity.base.IdentityRuntimeException) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) List(java.util.List) Map(java.util.Map) ReceiptListResponse(org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse) IdentityEventMessageContext(org.wso2.carbon.identity.event.bean.IdentityEventMessageContext) IdentityEventConstants(org.wso2.carbon.identity.event.IdentityEventConstants) UserCoreUtil(org.wso2.carbon.user.core.util.UserCoreUtil) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) IdentityEventException(org.wso2.carbon.identity.event.IdentityEventException) ReceiptListResponse(org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager) IdentityEventMessageContext(org.wso2.carbon.identity.event.bean.IdentityEventMessageContext)

Example 2 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class ConsentUtilityService method filterPIIsFromReceipt.

/**
 * If the consent is not given for a PII
 *
 * @param keySet
 * @param receipt
 * @return
 * @throws ConsentUtilityServiceException
 */
public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException {
    if (keySet == null || receipt == null) {
        throw new ConsentUtilityServiceException("Key set and receipt should not be null");
    }
    List<ReceiptServiceInput> services = receipt.getServices();
    Set<String> consentedPIIs = new HashSet<>();
    for (ReceiptServiceInput service : services) {
        List<ReceiptPurposeInput> purposes = service.getPurposes();
        for (ReceiptPurposeInput consentPurpose : purposes) {
            List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory();
            for (PIICategoryValidity piiCategory : piiCategories) {
                consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId()));
            }
        }
    }
    keySet.retainAll(consentedPIIs);
    return keySet;
}
Also used : ConsentUtilityServiceException(org.wso2.carbon.identity.consent.mgt.exceptions.ConsentUtilityServiceException) ReceiptServiceInput(org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput) ReceiptPurposeInput(org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput) PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity) HashSet(java.util.HashSet)

Example 3 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class JITProvisioningPostAuthenticationHandler method setIDPData.

/**
 * Set the IDP releated data in the receipt service input.
 *
 * @param tenantDomain        Tenant domain.
 * @param receiptServiceInput Relevant receipt service input which the
 * @throws PostAuthenticationFailedException Post Authentication Failed Exception.
 */
private void setIDPData(String tenantDomain, ReceiptServiceInput receiptServiceInput) throws PostAuthenticationFailedException {
    String resideIdpDescription = "Resident IDP";
    IdentityProviderManager idpManager = IdentityProviderManager.getInstance();
    IdentityProvider residentIdP = null;
    try {
        residentIdP = idpManager.getResidentIdP(tenantDomain);
    } catch (IdentityProviderManagementException e) {
        handleExceptions(String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA.getCode(), e);
    }
    if (residentIdP == null) {
        throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getCode(), String.format(ErrorMessages.ERROR_WHILE_SETTING_IDP_DATA_IDP_IS_NULL.getMessage(), tenantDomain));
    }
    if (StringUtils.isEmpty(receiptServiceInput.getService())) {
        if (log.isDebugEnabled()) {
            log.debug("No service name found. Hence adding resident IDP home realm ID");
        }
        receiptServiceInput.setService(residentIdP.getHomeRealmId());
    }
    if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) {
        receiptServiceInput.setTenantDomain(tenantDomain);
    }
    if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) {
        if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) {
            receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription());
        } else {
            receiptServiceInput.setSpDescription(resideIdpDescription);
        }
    }
    if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) {
        if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) {
            receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName());
        } else {
            receiptServiceInput.setSpDisplayName(resideIdpDescription);
        }
    }
}
Also used : IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) IdentityProviderManager(org.wso2.carbon.idp.mgt.IdentityProviderManager) PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 4 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class JITProvisioningPostAuthenticationHandler method getReceiptPurposeInputs.

/**
 * To get the receive purpose inputs from json object from the client side.
 *
 * @param receiptPurpose Relevant receipt purpose.
 * @return receipt purpose input, based on receipt purpose object.
 */
private ReceiptPurposeInput getReceiptPurposeInputs(JSONObject receiptPurpose) {
    ReceiptPurposeInput receiptPurposeInput = new ReceiptPurposeInput();
    receiptPurposeInput.setConsentType(FrameworkConstants.Consent.EXPLICIT_CONSENT_TYPE);
    receiptPurposeInput.setPrimaryPurpose(true);
    receiptPurposeInput.setThirdPartyDisclosure(false);
    receiptPurposeInput.setPurposeId(receiptPurpose.getInt("purposeId"));
    JSONArray purposeCategoryId = receiptPurpose.getJSONArray("purposeCategoryId");
    List<Integer> purposeCategoryIdArray = new ArrayList<>();
    for (int index = 0; index < purposeCategoryId.length(); index++) {
        purposeCategoryIdArray.add(purposeCategoryId.getInt(index));
    }
    receiptPurposeInput.setTermination(FrameworkConstants.Consent.INFINITE_TERMINATION);
    receiptPurposeInput.setPurposeCategoryId(purposeCategoryIdArray);
    receiptPurposeInput.setTermination(FrameworkConstants.Consent.INFINITE_TERMINATION);
    List<PIICategoryValidity> piiCategoryValidities = new ArrayList<>();
    JSONArray piiCategories = (JSONArray) receiptPurpose.get(FrameworkConstants.Consent.PII_CATEGORY);
    for (int categoryIndex = 0; categoryIndex < piiCategories.length(); categoryIndex++) {
        JSONObject piiCategory = (JSONObject) piiCategories.get(categoryIndex);
        PIICategoryValidity piiCategoryValidity = new PIICategoryValidity(piiCategory.getInt("piiCategoryId"), FrameworkConstants.Consent.INFINITE_TERMINATION);
        piiCategoryValidity.setConsented(true);
        piiCategoryValidities.add(piiCategoryValidity);
    }
    receiptPurposeInput.setPiiCategory(piiCategoryValidities);
    return receiptPurposeInput;
}
Also used : JSONObject(org.json.JSONObject) ReceiptPurposeInput(org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)

Example 5 with Receipt

use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.

the class JITProvisioningPostAuthenticationHandler method buildConsentForResidentIDP.

/**
 * Builds consent receipt input according to consent API.
 *
 * @param piiPrincipalId P11 Principal ID
 * @param consent        Consent String which contains services.
 * @param policyURL      Policy URL.
 * @return Consent string which contains above facts.
 */
private ReceiptInput buildConsentForResidentIDP(String piiPrincipalId, String consent, String policyURL) {
    ReceiptInput receiptInput = new ReceiptInput();
    receiptInput.setJurisdiction("USA");
    receiptInput.setCollectionMethod(FrameworkConstants.Consent.COLLECTION_METHOD_JIT);
    receiptInput.setLanguage(FrameworkConstants.Consent.LANGUAGE_ENGLISH);
    receiptInput.setPiiPrincipalId(piiPrincipalId);
    receiptInput.setPolicyUrl(policyURL);
    JSONObject receipt = new JSONObject(consent);
    receiptInput.setServices(getReceiptServiceInputs(receipt));
    if (log.isDebugEnabled()) {
        log.debug("Built consent from endpoint util : " + consent);
    }
    return receiptInput;
}
Also used : JSONObject(org.json.JSONObject) ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput)

Aggregations

ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)9 Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)9 ArrayList (java.util.ArrayList)8 ConsentManager (org.wso2.carbon.consent.mgt.core.ConsentManager)7 ReceiptListResponse (org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse)7 JSONObject (org.json.JSONObject)6 Test (org.testng.annotations.Test)6 SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)6 ReceiptServiceInput (org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)5 PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)4 ReceiptPurposeInput (org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)4 ConsentReceiptDTO (org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO)4 HashMap (java.util.HashMap)3 List (java.util.List)3 Map (java.util.Map)3 JSONArray (org.json.JSONArray)3 ReceiptInput (org.wso2.carbon.consent.mgt.core.model.ReceiptInput)3 SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)3 RealmService (org.wso2.carbon.user.core.service.RealmService)3 TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)3