Search in sources :

Example 1 with ConsentPurpose

use of org.wso2.carbon.identity.application.common.model.ConsentPurpose in project carbon-identity-framework by wso2.

the class ConsentUtilityService method filterPIIsFromReceipt.

/**
 * If the consent is not given for a PII
 *
 * @param keySet
 * @param receipt
 * @return
 * @throws ConsentUtilityServiceException
 */
public Set<String> filterPIIsFromReceipt(Set<String> keySet, ReceiptInput receipt) throws ConsentUtilityServiceException {
    if (keySet == null || receipt == null) {
        throw new ConsentUtilityServiceException("Key set and receipt should not be null");
    }
    List<ReceiptServiceInput> services = receipt.getServices();
    Set<String> consentedPIIs = new HashSet<>();
    for (ReceiptServiceInput service : services) {
        List<ReceiptPurposeInput> purposes = service.getPurposes();
        for (ReceiptPurposeInput consentPurpose : purposes) {
            List<PIICategoryValidity> piiCategories = consentPurpose.getPiiCategory();
            for (PIICategoryValidity piiCategory : piiCategories) {
                consentedPIIs.add(getPIIName(consentPurpose.getPurposeId(), piiCategory.getId()));
            }
        }
    }
    keySet.retainAll(consentedPIIs);
    return keySet;
}
Also used : ConsentUtilityServiceException(org.wso2.carbon.identity.consent.mgt.exceptions.ConsentUtilityServiceException) ReceiptServiceInput(org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput) ReceiptPurposeInput(org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput) PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity) HashSet(java.util.HashSet)

Example 2 with ConsentPurpose

use of org.wso2.carbon.identity.application.common.model.ConsentPurpose in project carbon-identity-framework by wso2.

the class ApplicationManagementServiceImpl method deleteApplication.

// Will be supported with 'Advance Consent Management Feature'.
/*
    private void validateConsentPurposes(ServiceProvider serviceProvider) throws
            IdentityApplicationManagementException {

        ConsentManager consentManager = ApplicationManagementServiceComponentHolder.getInstance().getConsentManager();
        ConsentConfig consentConfig = serviceProvider.getConsentConfig();
        if (nonNull(consentConfig)) {
            ConsentPurposeConfigs consentPurposeConfigs = consentConfig.getConsentPurposeConfigs();
            if (nonNull(consentPurposeConfigs)) {
                ConsentPurpose[] consentPurposes = consentPurposeConfigs.getConsentPurpose();
                if (nonNull(consentPurposes)) {
                    for (ConsentPurpose consentPurpose : consentPurposes) {
                        int purposeId = consentPurpose.getPurposeId();
                        try {
                            Purpose purpose = consentManager.getPurpose(purposeId);
                            if (isNull(purpose)) {
                                if (log.isDebugEnabled()) {
                                    log.debug("ConsentManager returned null for Purpose ID: " + purposeId);
                                }
                                throw new IdentityApplicationManagementException("Invalid purpose ID: " + purposeId);
                            }

                            if (!isSPSpecificPurpose(serviceProvider, purpose) && !isSharedPurpose(purpose)) {
                                String message = "Purpose: %s with ID: %s is not defined under purposes for SP:" +
                                                 " %s or 'SHARED' purposes.";
                                String error = String.format(message, purpose.getName(), purpose.getId(),
                                                             serviceProvider.getApplicationName());
                                throw new IdentityApplicationManagementException(error);
                            }
                        } catch (ConsentManagementException e) {
                            if (ERROR_CODE_PURPOSE_ID_INVALID.getCode().equals(e.getErrorCode())) {
                                throw new IdentityApplicationManagementException("Invalid purpose ID: " + purposeId, e);
                            }
                            throw new IdentityApplicationManagementException("Error while retrieving consent purpose " +
                                                                             "with ID: " + purposeId, e);
                        }
                    }
                }
            }
        }
    }


    private boolean isSharedPurpose(Purpose purpose) {

        return PURPOSE_GROUP_SHARED.equals(purpose.getGroup()) && PURPOSE_GROUP_TYPE_SYSTEM.equals(
                purpose.getGroupType());
    }

    private boolean isSPSpecificPurpose(ServiceProvider serviceProvider, Purpose purpose) {

        return serviceProvider.getApplicationName().equals(purpose.getGroup())&& PURPOSE_GROUP_TYPE_SP.equals(
                purpose.getGroupType());
    }
    */
@Override
public void deleteApplication(String applicationName, String tenantDomain, String username) throws IdentityApplicationManagementException {
    ServiceProvider serviceProvider;
    // invoking the listeners
    Collection<ApplicationMgtListener> listeners = getApplicationMgtListeners();
    for (ApplicationMgtListener listener : listeners) {
        if (listener.isEnable() && !listener.doPreDeleteApplication(applicationName, tenantDomain, username)) {
            throw buildServerException("Pre Delete application operation of listener: " + getName(listener) + " failed for application: " + applicationName + " of tenantDomain: " + tenantDomain);
        }
    }
    try {
        startTenantFlow(tenantDomain, username);
        doPreDeleteChecks(applicationName, tenantDomain, username);
        ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
        serviceProvider = appDAO.getApplication(applicationName, tenantDomain);
        if (serviceProvider != null) {
            ApplicationMgtUtil.deleteAppRole(applicationName);
            ApplicationMgtUtil.deletePermissions(applicationName);
            appDAO.deleteApplication(applicationName);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Application cannot be found for name: " + applicationName + " in tenantDomain: " + tenantDomain);
            }
            return;
        }
    } catch (Exception e) {
        String error = "Error occurred while deleting the application: " + applicationName + ". " + e.getMessage();
        throw buildServerException(error, e);
    } finally {
        endTenantFlow();
    }
    for (ApplicationMgtListener listener : listeners) {
        if (listener.isEnable() && !listener.doPostDeleteApplication(serviceProvider, tenantDomain, username)) {
            log.error("Post Delete application operation of listener: " + getName(listener) + " failed for " + "application with name: " + applicationName + " of tenantDomain: " + tenantDomain);
            return;
        }
    }
    triggerAuditLogEvent(getInitiatorId(username, tenantDomain), getInitiatorId(username, tenantDomain), USER, CarbonConstants.LogEventConstants.EventCatalog.DELETE_APPLICATION.getEventId(), getAppId(serviceProvider), getApplicationName(serviceProvider), TARGET_APPLICATION, null);
}
Also used : ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) AbstractApplicationMgtListener(org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener) ApplicationMgtListener(org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener) PaginatableFilterableApplicationDAO(org.wso2.carbon.identity.application.mgt.dao.PaginatableFilterableApplicationDAO) ApplicationDAO(org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO) FileBasedApplicationDAO(org.wso2.carbon.identity.application.mgt.dao.impl.FileBasedApplicationDAO) IdentityApplicationManagementClientException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException) TransformerException(javax.xml.transform.TransformerException) RegistryException(org.wso2.carbon.registry.api.RegistryException) IOException(java.io.IOException) IdentityApplicationManagementValidationException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) JAXBException(javax.xml.bind.JAXBException) IdentityApplicationRegistrationFailureException(org.wso2.carbon.identity.application.common.IdentityApplicationRegistrationFailureException) SAXException(org.xml.sax.SAXException) DefaultAuthSeqMgtException(org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityApplicationManagementServerException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 3 with ConsentPurpose

use of org.wso2.carbon.identity.application.common.model.ConsentPurpose in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method updateConsentPurposeConfiguration.

/**
 * Updates the consent purpose configurations of the application.
 *
 * @param connection
 * @param applicationId
 * @param consentConfig
 * @param tenantID
 */
private void updateConsentPurposeConfiguration(Connection connection, int applicationId, ConsentConfig consentConfig, int tenantID) throws IdentityApplicationManagementException {
    try (PreparedStatement pst = connection.prepareStatement(UPDATE_BASIC_APP_INFO_WITH_CONSENT_ENABLED)) {
        pst.setString(1, consentConfig.isEnabled() ? "1" : "0");
        pst.setInt(2, tenantID);
        pst.setInt(3, applicationId);
        pst.executeUpdate();
    } catch (SQLException e) {
        String error = String.format("Error while setting consentEnabled: %s for applicationId: %s in tenantId: " + "%s", Boolean.toString(consentConfig.isEnabled()), applicationId, tenantID);
        throw new IdentityApplicationManagementException(error, e);
    }
    ConsentPurposeConfigs consentPurposeConfigs = consentConfig.getConsentPurposeConfigs();
    if (isNull(consentPurposeConfigs)) {
        if (log.isDebugEnabled()) {
            log.debug("ConsentPurposeConfigs entry is null for application ID: " + applicationId);
        }
        return;
    }
    ConsentPurpose[] consentPurposes = consentPurposeConfigs.getConsentPurpose();
    if (isNull(consentPurposes)) {
        if (log.isDebugEnabled()) {
            log.debug("ConsentPurpose entry is null for application ID: " + applicationId);
        }
        return;
    }
    for (ConsentPurpose consentPurpose : consentPurposes) {
        try (PreparedStatement ps = connection.prepareStatement(ADD_SP_CONSENT_PURPOSE)) {
            ps.setInt(1, applicationId);
            ps.setInt(2, consentPurpose.getPurposeId());
            ps.setInt(3, consentPurpose.getDisplayOrder());
            ps.setInt(4, tenantID);
            ps.executeUpdate();
        } catch (SQLException e) {
            String error = String.format("Error while persisting consent purposeId: %s for applicationId: %s " + "in tenantId: %s", consentPurpose.getPurposeId(), applicationId, tenantID);
            throw new IdentityApplicationManagementException(error, e);
        }
    }
}
Also used : SQLException(java.sql.SQLException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) PreparedStatement(java.sql.PreparedStatement) NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) ConsentPurposeConfigs(org.wso2.carbon.identity.application.common.model.ConsentPurposeConfigs) ConsentPurpose(org.wso2.carbon.identity.application.common.model.ConsentPurpose)

Example 4 with ConsentPurpose

use of org.wso2.carbon.identity.application.common.model.ConsentPurpose in project carbon-identity-framework by wso2.

the class ConsentPurpose method build.

/**
 * Build ConsentPurpose from ConsentPurpose OM element.
 *
 * @param consentPurposeOM ConsentPurpose OM element.
 * @return ConsentPurpose object.
 */
public static ConsentPurpose build(OMElement consentPurposeOM) throws IdentityApplicationManagementException {
    ConsentPurpose consentPurpose = new ConsentPurpose();
    if (consentPurposeOM == null) {
        return consentPurpose;
    }
    Iterator<?> children = consentPurposeOM.getChildElements();
    while (children.hasNext()) {
        OMElement member = (OMElement) children.next();
        if (PURPOSE_ID_ELEM.equals(member.getLocalName())) {
            try {
                consentPurpose.setPurposeId(Integer.parseInt(member.getText()));
            } catch (NumberFormatException e) {
                log.warn("PurposeID should be an Integer. Found: " + member.getText() + " instead.");
                throw new IdentityApplicationManagementException("Invalid purpose ID: " + member.getText(), e);
            }
        } else {
            if (DISPLAY_ORDER_ELEM.equals(member.getLocalName())) {
                try {
                    consentPurpose.setDisplayOrder(Integer.parseInt(member.getText()));
                } catch (NumberFormatException e) {
                    log.warn("DisplayOrder should be an Integer. Found: " + member.getText() + " instead. Setting " + "default display order: " + DEFAULT_DISPLAY_ORDER);
                    consentPurpose.setDisplayOrder(DEFAULT_DISPLAY_ORDER);
                }
            }
        }
    }
    return consentPurpose;
}
Also used : IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) OMElement(org.apache.axiom.om.OMElement)

Example 5 with ConsentPurpose

use of org.wso2.carbon.identity.application.common.model.ConsentPurpose in project identity-governance by wso2-extensions.

the class Utils method getConsentReceiptDTO.

/**
 * This API is used to get ConsentReceiptDTO response.
 *
 * @param receipt Receipt instance.
 * @return ConsentReceiptDTO.
 */
public static ConsentReceiptDTO getConsentReceiptDTO(Receipt receipt) {
    ConsentReceiptDTO consentReceiptDTO = new ConsentReceiptDTO();
    consentReceiptDTO.setCollectionMethod(receipt.getCollectionMethod());
    consentReceiptDTO.setConsentReceiptID(receipt.getConsentReceiptId());
    consentReceiptDTO.setJurisdiction(receipt.getJurisdiction());
    consentReceiptDTO.setConsentTimestamp(receipt.getConsentTimestamp());
    consentReceiptDTO.setLanguage(receipt.getLanguage());
    consentReceiptDTO.setPiiPrincipalId(receipt.getPiiPrincipalId());
    consentReceiptDTO.setPolicyUrl(receipt.getPolicyUrl());
    consentReceiptDTO.setSensitive(receipt.isSensitive());
    consentReceiptDTO.setTenantDomain(receipt.getTenantDomain());
    consentReceiptDTO.setVersion(receipt.getVersion());
    consentReceiptDTO.setState(receipt.getState());
    consentReceiptDTO.setServices(receipt.getServices().stream().map(receiptService -> {
        ServiceDTO serviceDTO = new ServiceDTO();
        serviceDTO.setService(receiptService.getService());
        serviceDTO.setTenantDomain(receiptService.getTenantDomain());
        serviceDTO.setPurposes(receiptService.getPurposes().stream().map(consentPurpose -> {
            PurposeDTO purposeDTO = new PurposeDTO();
            purposeDTO.setConsentType(consentPurpose.getConsentType());
            purposeDTO.setPiiCategory(consentPurpose.getPiiCategory().stream().map(piiCategoryValidity -> {
                PiiCategoryDTO piiCategoryDTO = new PiiCategoryDTO();
                piiCategoryDTO.setPiiCategory(piiCategoryValidity.getName());
                piiCategoryDTO.setValidity(piiCategoryValidity.getValidity());
                return piiCategoryDTO;
            }).collect(Collectors.toList()));
            purposeDTO.setPrimaryPurpose(consentPurpose.isPrimaryPurpose());
            purposeDTO.setPurpose(consentPurpose.getPurpose());
            purposeDTO.setPurposeCategory(consentPurpose.getPurposeCategory());
            purposeDTO.setTermination(consentPurpose.getTermination());
            purposeDTO.setThirdPartyDisclosure(consentPurpose.isThirdPartyDisclosure());
            purposeDTO.setThirdPartyName(consentPurpose.getThirdPartyName());
            return purposeDTO;
        }).collect(Collectors.toList()));
        return serviceDTO;
    }).collect(Collectors.toList()));
    consentReceiptDTO.setSpiCat(receipt.getSpiCat());
    consentReceiptDTO.setPiiControllers(receipt.getPiiControllers().stream().map(piiController -> {
        PiiControllerDTO piiControllerDTO = new PiiControllerDTO();
        AddressDTO addressDTO = new AddressDTO();
        consentReceiptDTO.setPublicKey(receipt.getPublicKey());
        addressDTO.setAddressCountry(piiController.getAddress().getAddressCountry());
        addressDTO.setAddressLocality(piiController.getAddress().getAddressLocality());
        addressDTO.setAddressRegion(piiController.getAddress().getAddressRegion());
        addressDTO.setPostalCode(piiController.getAddress().getPostalCode());
        addressDTO.setPostOfficeBoxNumber(piiController.getAddress().getPostOfficeBoxNumber());
        addressDTO.setStreetAddress(piiController.getAddress().getStreetAddress());
        piiControllerDTO.setAddress(addressDTO);
        piiControllerDTO.setContact(piiController.getContact());
        piiControllerDTO.setEmail(piiController.getEmail());
        piiControllerDTO.setPhone(piiController.getPhone());
        piiControllerDTO.setPiiController(piiController.getPiiController());
        piiControllerDTO.setPiiControllerUrl(piiController.getPiiControllerUrl());
        piiControllerDTO.setOnBehalf(piiController.isOnBehalf());
        return piiControllerDTO;
    }).collect(Collectors.toList()));
    return consentReceiptDTO;
}
Also used : ConsentReceiptDTO(org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO) PurposeDTO(org.wso2.carbon.identity.user.export.core.dto.PurposeDTO) PiiControllerDTO(org.wso2.carbon.identity.user.export.core.dto.PiiControllerDTO) ServiceDTO(org.wso2.carbon.identity.user.export.core.dto.ServiceDTO) PiiCategoryDTO(org.wso2.carbon.identity.user.export.core.dto.PiiCategoryDTO) AddressDTO(org.wso2.carbon.identity.user.export.core.dto.AddressDTO)

Aggregations

IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)5 ArrayList (java.util.ArrayList)3 PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)3 PreparedStatement (java.sql.PreparedStatement)2 SQLException (java.sql.SQLException)2 OMElement (org.apache.axiom.om.OMElement)2 ReceiptPurposeInput (org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput)2 ReceiptServiceInput (org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput)2 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)2 ConsentPurpose (org.wso2.carbon.identity.application.common.model.ConsentPurpose)2 ConsentPurposeConfigs (org.wso2.carbon.identity.application.common.model.ConsentPurposeConfigs)2 ConsentUtilityServiceException (org.wso2.carbon.identity.consent.mgt.exceptions.ConsentUtilityServiceException)2 ConsentReceiptDTO (org.wso2.carbon.identity.user.export.core.dto.ConsentReceiptDTO)2 PiiControllerDTO (org.wso2.carbon.identity.user.export.core.dto.PiiControllerDTO)2 IOException (java.io.IOException)1 ResultSet (java.sql.ResultSet)1 HashSet (java.util.HashSet)1 JAXBException (javax.xml.bind.JAXBException)1 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1 TransformerException (javax.xml.transform.TransformerException)1