use of org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput in project identity-governance by wso2-extensions.
the class UserSelfRegistrationManager method addConsent.
private void addConsent(String consent, String tenantDomain) throws ConsentManagementException, IdentityRecoveryServerException {
Gson gson = new Gson();
ReceiptInput receiptInput = gson.fromJson(consent, ReceiptInput.class);
ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager();
if (receiptInput.getServices().size() < 0) {
throw new IdentityRecoveryServerException("A service should be available in a receipt");
}
// There should be a one receipt
ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0);
// without giving consent to any of the purposes.
if (receiptServiceInput.getPurposes().isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("Consent does not contain any purposes. Hence not adding consent");
}
return;
}
receiptServiceInput.setTenantDomain(tenantDomain);
try {
setIDPData(tenantDomain, receiptServiceInput);
} catch (IdentityProviderManagementException e) {
throw new ConsentManagementException("Error while retrieving identity provider data", "Error while " + "setting IDP data", e);
}
receiptInput.setTenantDomain(tenantDomain);
consentManager.addConsent(receiptInput);
}
use of org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method buildReceiptInput.
private ReceiptInput buildReceiptInput(String subject, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
String collectionMethod = "Web Form - Sign-in";
String jurisdiction = "NONE";
String language = "us_EN";
String consentType = "EXPLICIT";
String termination = CONSENT_VALIDITY_TYPE_VALID_UNTIL + CONSENT_VALIDITY_TYPE_SEPARATOR + CONSENT_VALIDITY_TYPE_VALID_UNTIL_INDEFINITE;
String policyUrl = "NONE";
Purpose purpose = getDefaultPurpose();
PurposeCategory purposeCategory = getDefaultPurposeCategory();
List<PIICategoryValidity> piiCategoryIds = getPiiCategoryValidityForClaims(claimsWithConsent, claimsDeniedConsent, termination);
List<ReceiptServiceInput> serviceInputs = new ArrayList<>();
List<ReceiptPurposeInput> purposeInputs = new ArrayList<>();
List<Integer> purposeCategoryIds = new ArrayList<>();
Map<String, String> properties = new HashMap<>();
purposeCategoryIds.add(purposeCategory.getId());
ReceiptPurposeInput purposeInput = getReceiptPurposeInput(consentType, termination, purpose, piiCategoryIds, purposeCategoryIds);
purposeInputs.add(purposeInput);
ReceiptServiceInput serviceInput = getReceiptServiceInput(serviceProvider, spTenantDomain, purposeInputs);
serviceInputs.add(serviceInput);
return getReceiptInput(subject, collectionMethod, jurisdiction, language, policyUrl, serviceInputs, properties);
}
use of org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getReceiptServiceInputs.
/**
* To build ReceiptServices from the incoming receipt.
*
* @param receipt Relevant incoming receipt send from the client side.
* @return Set of the receipt services.
*/
private List<ReceiptServiceInput> getReceiptServiceInputs(JSONObject receipt) {
JSONArray services = receipt.getJSONArray(FrameworkConstants.Consent.SERVICES);
List<ReceiptServiceInput> receiptServiceInputs = new ArrayList<>();
for (int serviceIndex = 0; serviceIndex < services.length(); serviceIndex++) {
JSONObject service = services.getJSONObject(serviceIndex);
ReceiptServiceInput receiptServiceInput = new ReceiptServiceInput();
JSONArray purposes = service.getJSONArray(FrameworkConstants.Consent.PURPOSES);
List<ReceiptPurposeInput> receiptPurposeInputs = new ArrayList<>();
for (int purposeIndex = 0; purposeIndex < purposes.length(); purposeIndex++) {
receiptPurposeInputs.add(getReceiptPurposeInputs((JSONObject) purposes.get(purposeIndex)));
}
receiptServiceInput.setPurposes(receiptPurposeInputs);
receiptServiceInputs.add(receiptServiceInput);
}
return receiptServiceInputs;
}
use of org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getReceiptInput.
private ReceiptInput getReceiptInput(String subject, String collectionMethod, String jurisdiction, String language, String policyUrl, List<ReceiptServiceInput> serviceInputs, Map<String, String> properties) {
ReceiptInput receiptInput = new ReceiptInput();
receiptInput.setCollectionMethod(collectionMethod);
receiptInput.setJurisdiction(jurisdiction);
receiptInput.setLanguage(language);
receiptInput.setPolicyUrl(policyUrl);
receiptInput.setServices(serviceInputs);
receiptInput.setProperties(properties);
receiptInput.setPiiPrincipalId(subject);
return receiptInput;
}
use of org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput in project carbon-identity-framework by wso2.
the class ConsentUtilityService method validateReceiptPIIs.
/**
* Validate a given receipt with with respective purposes.
*
* @param receiptInput User given receipt.
* @param purposes Configured purposes.
* @throws ConsentUtilityServiceException ConsentUtilityServiceException.
*/
public void validateReceiptPIIs(ReceiptInput receiptInput, List<Purpose> purposes) throws ConsentUtilityServiceException {
if (purposes == null || receiptInput == null) {
throw new IllegalArgumentException("Receipt Input and purposes should not be null");
}
if (log.isDebugEnabled()) {
log.debug("Validating receipt against purposes.");
}
List<ReceiptServiceInput> services = receiptInput.getServices();
for (Purpose purpose : purposes) {
purpose = fillPurpose(purpose);
boolean purposeConsented = false;
Set<Integer> mandatoryPIIs = getMandatoryPIIs(purpose);
if (log.isDebugEnabled()) {
log.debug("Mandatory PIIs for purpose : " + purpose.getName() + " : " + Arrays.toString(mandatoryPIIs.toArray()));
}
for (ReceiptServiceInput service : services) {
List<ReceiptPurposeInput> consentPurposes = service.getPurposes();
for (ReceiptPurposeInput consentPurpose : consentPurposes) {
if (Objects.equals(consentPurpose.getPurposeId(), purpose.getId())) {
purposeConsented = true;
List<PIICategoryValidity> pIICategories = consentPurpose.getPiiCategory();
Set<Integer> consentedPIIs = getPIIs(pIICategories);
if (log.isDebugEnabled()) {
log.debug("Consented PIIs: " + Arrays.toString(consentedPIIs.toArray()));
}
if (!consentedPIIs.containsAll(mandatoryPIIs)) {
throw new ConsentUtilityServiceException("One or more mandatory attributes are missing in" + " the given receipt");
}
}
}
if (!purposeConsented && !mandatoryPIIs.isEmpty()) {
throw new ConsentUtilityServiceException("Consent receipt does not contain consent for " + "purpose " + purpose.getName() + " with ID: " + purpose.getId() + ", which has " + "mandatory PIIs");
}
}
}
}
Aggregations