/**
   * Creates ExtSource and UserExtSource if necessary for the purpose of joining users identities.
   *
   * @param user User to add UES to
   * @param actor Actor to add
   * @param extSourceName ExtSource name to add
   * @param extSourceType ExtSource type to add
   * @param loa loa in ext source
   * @throws PerunException when anything fails
   */
  private void createExtSourceAndUserExtSource(
      User user, String actor, String extSourceName, String extSourceType, int loa)
      throws PerunException {

    ExtSource extSource = new ExtSource(extSourceName, extSourceType);
    try {
      extSource =
          perun.getExtSourcesManagerBl().getExtSourceByName(registrarSession, extSourceName);
    } catch (ExtSourceNotExistsException ex) {
      extSource = perun.getExtSourcesManager().createExtSource(registrarSession, extSource, null);
    }

    UserExtSource ues = new UserExtSource();
    ues.setLogin(actor);
    ues.setLoa(loa);
    ues.setExtSource(extSource);

    perun.getUsersManager().addUserExtSource(registrarSession, user, ues);
  }
  /**
   * Convert RichUsers to Identity objects with obfuscated email address and limited set of ext
   * sources. Service users are removed from the list.
   *
   * @param list RichUsers to convert
   * @return list of Identities without service ones
   * @throws PerunException
   */
  private List<Identity> convertToIdentities(List<RichUser> list) throws PerunException {

    List<Identity> result = new ArrayList<Identity>();

    if (list != null && !list.isEmpty()) {

      for (RichUser u : list) {

        // skip service users
        if (u.isServiceUser()) continue;

        Identity identity = new Identity();
        identity.setName(u.getDisplayName());
        identity.setId(u.getId());

        for (Attribute a : u.getUserAttributes()) {

          if (MailManagerImpl.URN_USER_PREFERRED_MAIL.equals(a.getName())) {
            if (a.getValue() != null && !((String) a.getValue()).isEmpty()) {

              String safeMail = ((String) a.getValue()).split("@")[0];

              if (safeMail.length() > 2) {
                safeMail =
                    safeMail.substring(0, 1)
                        + "****"
                        + safeMail.substring(safeMail.length() - 1, safeMail.length());
              }

              safeMail += "@" + ((String) a.getValue()).split("@")[1];

              identity.setEmail(safeMail);
            }
          } else if ("urn:perun:user:attribute-def:def:organization".equals(a.getName())) {
            if (a.getValue() != null) {
              identity.setOrganization((String) a.getValue());
            }
          }
        }

        List<ExtSource> es = new ArrayList<ExtSource>();
        for (UserExtSource ues : u.getUserExtSources()) {
          if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_X509)) {
            es.add(ues.getExtSource());
          } else if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_IDP)) {
            if (ues.getExtSource().getName().equals("https://extidp.cesnet.cz/idp/shibboleth")) {
              // FIXME - hack Social IdP to let us know proper identity source
              String type = ues.getLogin().split("@")[1].split("\\.")[0];
              ues.getExtSource()
                  .setName(
                      "https://extidp.cesnet.cz/idp/shibboleth&authnContextClassRef=urn:cesnet:extidp:authn:"
                          + type);
            } else if (ues.getExtSource().getName().equals("https://login.elixir-czech.org/idp/")) {
              // FIXME - hack Elixir proxy IdP to let us know proper identity source
              String type = ues.getLogin().split("@")[1];
              ues.getExtSource().setName("https://login.elixir-czech.org/idp/@" + type);
            }
            es.add(ues.getExtSource());
          } else if (ues.getExtSource()
              .getType()
              .equals(ExtSourcesManagerEntry.EXTSOURCE_KERBEROS)) {
            es.add(ues.getExtSource());
          }
        }
        identity.setIdentities(es);

        result.add(identity);
      }
    }

    return result;
  }