Example 21 with Receipt
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getReceiptServiceInputs.
/**
* To build ReceiptServices from the incoming receipt.
*
* @param receipt Relevant incoming receipt send from the client side.
* @return Set of the receipt services.
*/
private List<ReceiptServiceInput> getReceiptServiceInputs(JSONObject receipt) {
JSONArray services = receipt.getJSONArray(FrameworkConstants.Consent.SERVICES);
List<ReceiptServiceInput> receiptServiceInputs = new ArrayList<>();
for (int serviceIndex = 0; serviceIndex < services.length(); serviceIndex++) {
JSONObject service = services.getJSONObject(serviceIndex);
ReceiptServiceInput receiptServiceInput = new ReceiptServiceInput();
JSONArray purposes = service.getJSONArray(FrameworkConstants.Consent.PURPOSES);
List<ReceiptPurposeInput> receiptPurposeInputs = new ArrayList<>();
for (int purposeIndex = 0; purposeIndex < purposes.length(); purposeIndex++) {
receiptPurposeInputs.add(getReceiptPurposeInputs((JSONObject) purposes.get(purposeIndex)));
}
receiptServiceInput.setPurposes(receiptPurposeInputs);
receiptServiceInputs.add(receiptServiceInput);
}
return receiptServiceInputs;
}
Also used :
ReceiptServiceInput(org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)
JSONObject(org.json.JSONObject)
ReceiptPurposeInput(org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)
JSONArray(org.json.JSONArray)
ArrayList(java.util.ArrayList)
Example 22 with Receipt
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class ConsentDeletionAppMgtListener method doPostDeleteApplication.
/**
* When an application is deleted, it will delete all relevant receipts issued againsed that application.
*
* @param applicationName Name of the application which is getting deleted.
* @param tenantDomain Tenant domain of the application.
* @param userName Username of the person who does the deletion.
* @return true.
* @throws IdentityApplicationManagementException IdentityApplicationManagementException.
*/
@Override
public boolean doPostDeleteApplication(String applicationName, String tenantDomain, String userName) throws IdentityApplicationManagementException {
ConsentManager consentManager = IdentityConsentDataHolder.getInstance().getConsentManager();
if (log.isDebugEnabled()) {
log.debug(String.format("Deleting consents on deletion of application: %s, in tenant domain: %s.", applicationName, tenantDomain));
}
try {
List<ReceiptListResponse> receiptListResponses = consentManager.searchReceipts(consentSearchLimit, 0, "*", tenantDomain, applicationName, null, null);
if (log.isDebugEnabled()) {
log.debug(String.format("%d number of consents found for application %s", receiptListResponses.size(), applicationName));
}
receiptListResponses.forEach(rethrowConsumer(receiptListResponse -> {
if (log.isDebugEnabled()) {
log.debug(String.format("Deleting receipt with id : %s, issued for user: ", receiptListResponse.getConsentReceiptId(), receiptListResponse.getPiiPrincipalId()));
}
consentManager.deleteReceipt(receiptListResponse.getConsentReceiptId());
}));
} catch (ConsentManagementException e) {
throw new IdentityApplicationManagementException("Error while deleting user consents for application " + applicationName, e);
}
return true;
}
Also used :
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
IdentityConsentMgtUtils(org.wso2.carbon.identity.consent.mgt.IdentityConsentMgtUtils)
IdentityConsentDataHolder(org.wso2.carbon.identity.consent.mgt.internal.IdentityConsentDataHolder)
Properties(java.util.Properties)
AbstractApplicationMgtListener(org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener)
LambdaExceptionUtils.rethrowConsumer(org.wso2.carbon.identity.core.util.LambdaExceptionUtils.rethrowConsumer)
ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager)
ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)
List(java.util.List)
Map(java.util.Map)
ReceiptListResponse(org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse)
IdentityUtil(org.wso2.carbon.identity.core.util.IdentityUtil)
Log(org.apache.commons.logging.Log)
LogFactory(org.apache.commons.logging.LogFactory)
IdentityEventListenerConfig(org.wso2.carbon.identity.core.model.IdentityEventListenerConfig)
ApplicationMgtListener(org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener)
ReceiptListResponse(org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse)
ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager)
Example 23 with Receipt
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project carbon-identity-framework by wso2.
the class ConsentUtilityService method validateReceiptPIIs.
/**
* Validate a given receipt with with respective purposes.
*
* @param receiptInput User given receipt.
* @param purposes Configured purposes.
* @throws ConsentUtilityServiceException ConsentUtilityServiceException.
*/
public void validateReceiptPIIs(ReceiptInput receiptInput, List<Purpose> purposes) throws ConsentUtilityServiceException {
if (purposes == null || receiptInput == null) {
throw new IllegalArgumentException("Receipt Input and purposes should not be null");
}
if (log.isDebugEnabled()) {
log.debug("Validating receipt against purposes.");
}
List<ReceiptServiceInput> services = receiptInput.getServices();
for (Purpose purpose : purposes) {
purpose = fillPurpose(purpose);
boolean purposeConsented = false;
Set<Integer> mandatoryPIIs = getMandatoryPIIs(purpose);
if (log.isDebugEnabled()) {
log.debug("Mandatory PIIs for purpose : " + purpose.getName() + " : " + Arrays.toString(mandatoryPIIs.toArray()));
}
for (ReceiptServiceInput service : services) {
List<ReceiptPurposeInput> consentPurposes = service.getPurposes();
for (ReceiptPurposeInput consentPurpose : consentPurposes) {
if (Objects.equals(consentPurpose.getPurposeId(), purpose.getId())) {
purposeConsented = true;
List<PIICategoryValidity> pIICategories = consentPurpose.getPiiCategory();
Set<Integer> consentedPIIs = getPIIs(pIICategories);
if (log.isDebugEnabled()) {
log.debug("Consented PIIs: " + Arrays.toString(consentedPIIs.toArray()));
}
if (!consentedPIIs.containsAll(mandatoryPIIs)) {
throw new ConsentUtilityServiceException("One or more mandatory attributes are missing in" + " the given receipt");
}
}
}
if (!purposeConsented && !mandatoryPIIs.isEmpty()) {
throw new ConsentUtilityServiceException("Consent receipt does not contain consent for " + "purpose " + purpose.getName() + " with ID: " + purpose.getId() + ", which has " + "mandatory PIIs");
}
}
}
}
Also used :
ReceiptServiceInput(org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)
ConsentUtilityServiceException(org.wso2.carbon.identity.consent.mgt.exceptions.ConsentUtilityServiceException)
ReceiptPurposeInput(org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)
Purpose(org.wso2.carbon.consent.mgt.core.model.Purpose)
PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)
Example 24 with Receipt
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleResponseFromConsent.
private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
if (ArrayUtils.isNotEmpty(value)) {
params.put(key, Arrays.asList(value));
}
});
}
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received consent response", "receive-consent-response", null);
}
updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
String consent = getConsentFromRequest(oAuthMessage);
if (consent != null) {
if (OAuthConstants.Consent.DENY.equals(consent)) {
return handleDeniedConsent(oAuthMessage);
}
/*
Get the user consented claims from the consent response and create a consent receipt.
*/
handlePostConsent(oAuthMessage);
OIDCSessionState sessionState = new OIDCSessionState();
String redirectURL = handleUserConsent(oAuthMessage, consent, sessionState);
if (isFormPostResponseMode(oAuthMessage, redirectURL)) {
return handleFormPostResponseMode(oAuthMessage, sessionState, redirectURL);
}
redirectURL = manageOIDCSessionState(oAuthMessage, sessionState, redirectURL);
return Response.status(HttpServletResponse.SC_FOUND).location(new URI(redirectURL)).build();
} else {
return handleEmptyConsent(oAuthMessage);
}
}
Also used :
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
JSONObject(org.json.JSONObject)
URI(java.net.URI)
REDIRECT_URI(org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)
Example 25 with Receipt
use of org.wso2.carbon.consent.mgt.core.model.Receipt in project identity-governance by wso2-extensions.
the class UtilsTest method testGetConsentReceiptDTO.
@Test
public void testGetConsentReceiptDTO() throws Exception {
Receipt receipt = new Receipt();
receipt.setConsentReceiptId(CONSENT_RECEIPT_ID);
receipt.setVersion(RECEIPT_VERSION);
receipt.setJurisdiction(RECEIPT_JURISDICTION);
receipt.setCollectionMethod(RECEIPT_COLLECTION_METHOD);
receipt.setLanguage(RECEIPT_LANGUAGE);
receipt.setPiiPrincipalId(USERNAME_CLAIM_VALUE);
receipt.setConsentTimestamp(1517447315404L);
PiiController piiController = new PiiController(PII_CONTROLLER_NAME, false, PII_CONTROLLER_CONTACT, PII_CONTROLLER_EMAIL, PII_CONTROLLER_PHONE, PII_CONTROLLER_URL, new Address(ADDRESS_COUNTRY, ADDRESS_LOCALITY, ADDRESS_REGION, ADDRESS_OFFICE_BOX_NUMBER, ADDRESS_POSTAL_CODE, ADDRESS_STREET_ADDRESS));
List<PiiController> piiControllers = new ArrayList<>();
piiControllers.add(piiController);
receipt.setPiiControllers(piiControllers);
ReceiptService receiptService = new ReceiptService();
receiptService.setService(SERVICE_TRAVELOCITY);
receiptService.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
receiptService.setTenantId(MultitenantConstants.SUPER_TENANT_ID);
receiptService.setReceiptToServiceId(1);
ConsentPurpose consentPurpose = new ConsentPurpose();
consentPurpose.setPurpose(CONSENT_PURPOSE);
List<String> purposeCategories = new ArrayList<>();
purposeCategories.add(PURPOSE_CATEGORY);
consentPurpose.setPurposeCategory(purposeCategories);
consentPurpose.setConsentType(CONSENT_TYPE);
PIICategoryValidity piiCategory = new PIICategoryValidity(PII_CATEGORY_ID, PII_CATEGORY_VALIDITY);
List<PIICategoryValidity> piiCategories = new ArrayList<>();
piiCategories.add(piiCategory);
consentPurpose.setPiiCategory(piiCategories);
consentPurpose.setPrimaryPurpose(true);
consentPurpose.setTermination(CONSENT_TERMINATION);
consentPurpose.setThirdPartyDisclosure(false);
consentPurpose.setServiceToPurposeId(1);
List<ConsentPurpose> purposes = new ArrayList<>();
purposes.add(consentPurpose);
receiptService.setPurposes(purposes);
List<ReceiptService> receiptServices = new ArrayList<>();
receiptServices.add(receiptService);
receipt.setServices(receiptServices);
receipt.setPolicyUrl(RECEIPT_POLICY_URL);
receipt.setSensitive(true);
receipt.setState(RECEIPT_STATE);
receipt.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
receipt.setTenantId(-1234);
List<String> spiCategory = new ArrayList<>();
spiCategory.add(SPI_CATEGORY);
receipt.setSpiCat(spiCategory);
ConsentReceiptDTO consentReceiptDTO = Utils.getConsentReceiptDTO(receipt);
Assert.assertEquals(consentReceiptDTO.getConsentReceiptID(), CONSENT_RECEIPT_ID);
Assert.assertEquals(consentReceiptDTO.getVersion(), RECEIPT_VERSION);
Assert.assertEquals(consentReceiptDTO.getJurisdiction(), RECEIPT_JURISDICTION);
Assert.assertEquals(consentReceiptDTO.getCollectionMethod(), RECEIPT_COLLECTION_METHOD);
Assert.assertEquals(consentReceiptDTO.getLanguage(), RECEIPT_LANGUAGE);
Assert.assertEquals(consentReceiptDTO.getPolicyUrl(), RECEIPT_POLICY_URL);
Assert.assertEquals(consentReceiptDTO.getSensitive(), Boolean.TRUE);
Assert.assertEquals(consentReceiptDTO.getState(), RECEIPT_STATE);
Assert.assertEquals(consentReceiptDTO.getTenantDomain(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
Assert.assertEquals(consentReceiptDTO.getConsentTimestamp(), Long.valueOf(RECEIPT_CONSENT_TIMESTAMP));
Assert.assertEquals(consentReceiptDTO.getSpiCat().size(), 1);
Assert.assertEquals(consentReceiptDTO.getSpiCat().get(0), SPI_CATEGORY);
List<PiiControllerDTO> piiControllersFromDTO = consentReceiptDTO.getPiiControllers();
Assert.assertEquals(piiControllersFromDTO.size(), 1);
Assert.assertEquals(piiControllersFromDTO.get(0).getContact(), PII_CONTROLLER_CONTACT);
Assert.assertEquals(piiControllersFromDTO.get(0).getEmail(), PII_CONTROLLER_EMAIL);
Assert.assertEquals(piiControllersFromDTO.get(0).getPhone(), PII_CONTROLLER_PHONE);
Assert.assertEquals(piiControllersFromDTO.get(0).getPiiControllerUrl(), PII_CONTROLLER_URL);
Assert.assertEquals(piiControllersFromDTO.get(0).getPiiController(), PII_CONTROLLER_NAME);
Assert.assertEquals(piiControllersFromDTO.get(0).getOnBehalf(), Boolean.FALSE);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getAddressCountry(), ADDRESS_COUNTRY);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getAddressLocality(), ADDRESS_LOCALITY);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getAddressRegion(), ADDRESS_REGION);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getPostalCode(), ADDRESS_POSTAL_CODE);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getPostOfficeBoxNumber(), ADDRESS_OFFICE_BOX_NUMBER);
Assert.assertEquals(piiControllersFromDTO.get(0).getAddress().getStreetAddress(), ADDRESS_STREET_ADDRESS);
Assert.assertEquals(consentReceiptDTO.getServices().size(), 1);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getService(), SERVICE_TRAVELOCITY);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getTenantDomain(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().size(), 1);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getConsentType(), CONSENT_TYPE);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPurpose(), CONSENT_PURPOSE);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getTermination(), CONSENT_TERMINATION);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getThirdPartyName(), null);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getThirdPartyDisclosure(), Boolean.FALSE);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPrimaryPurpose(), Boolean.TRUE);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPiiCategory().size(), 1);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPiiCategory().get(0).getValidity(), PII_CATEGORY_VALIDITY);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPurposeCategory().size(), 1);
Assert.assertEquals(consentReceiptDTO.getServices().get(0).getPurposes().get(0).getPurposeCategory().get(0), PURPOSE_CATEGORY);
}
Also used :
PiiController(org.wso2.carbon.consent.mgt.core.model.PiiController)
ConsentReceiptDTO(org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO)
Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt)
ReceiptService(org.wso2.carbon.consent.mgt.core.model.ReceiptService)
Address(org.wso2.carbon.consent.mgt.core.model.Address)
PiiControllerDTO(org.wso2.carbon.identity.user.export.core.dto.PiiControllerDTO)
ArrayList(java.util.ArrayList)
ConsentPurpose(org.wso2.carbon.consent.mgt.core.model.ConsentPurpose)
PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)
Test(org.testng.annotations.Test)
Aggregations
ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)9
Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)9
ArrayList (java.util.ArrayList)8
ConsentManager (org.wso2.carbon.consent.mgt.core.ConsentManager)7
ReceiptListResponse (org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse)7
JSONObject (org.json.JSONObject)6
Test (org.testng.annotations.Test)6
SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)6
ReceiptServiceInput (org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)5
PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)4
ReceiptPurposeInput (org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)4
ConsentReceiptDTO (org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO)4
HashMap (java.util.HashMap)3
List (java.util.List)3
Map (java.util.Map)3
JSONArray (org.json.JSONArray)3
ReceiptInput (org.wso2.carbon.consent.mgt.core.model.ReceiptInput)3
SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)3
RealmService (org.wso2.carbon.user.core.service.RealmService)3
TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)3
