/**
* Creates ExtSource and UserExtSource if necessary for the purpose of joining users identities.
*
* @param user User to add UES to
* @param actor Actor to add
* @param extSourceName ExtSource name to add
* @param extSourceType ExtSource type to add
* @param loa loa in ext source
* @throws PerunException when anything fails
*/
private void createExtSourceAndUserExtSource(
User user, String actor, String extSourceName, String extSourceType, int loa)
throws PerunException {
ExtSource extSource = new ExtSource(extSourceName, extSourceType);
try {
extSource =
perun.getExtSourcesManagerBl().getExtSourceByName(registrarSession, extSourceName);
} catch (ExtSourceNotExistsException ex) {
extSource = perun.getExtSourcesManager().createExtSource(registrarSession, extSource, null);
}
UserExtSource ues = new UserExtSource();
ues.setLogin(actor);
ues.setLoa(loa);
ues.setExtSource(extSource);
perun.getUsersManager().addUserExtSource(registrarSession, user, ues);
}
/**
* Convert RichUsers to Identity objects with obfuscated email address and limited set of ext
* sources. Service users are removed from the list.
*
* @param list RichUsers to convert
* @return list of Identities without service ones
* @throws PerunException
*/
private List<Identity> convertToIdentities(List<RichUser> list) throws PerunException {
List<Identity> result = new ArrayList<Identity>();
if (list != null && !list.isEmpty()) {
for (RichUser u : list) {
// skip service users
if (u.isServiceUser()) continue;
Identity identity = new Identity();
identity.setName(u.getDisplayName());
identity.setId(u.getId());
for (Attribute a : u.getUserAttributes()) {
if (MailManagerImpl.URN_USER_PREFERRED_MAIL.equals(a.getName())) {
if (a.getValue() != null && !((String) a.getValue()).isEmpty()) {
String safeMail = ((String) a.getValue()).split("@")[0];
if (safeMail.length() > 2) {
safeMail =
safeMail.substring(0, 1)
+ "****"
+ safeMail.substring(safeMail.length() - 1, safeMail.length());
}
safeMail += "@" + ((String) a.getValue()).split("@")[1];
identity.setEmail(safeMail);
}
} else if ("urn:perun:user:attribute-def:def:organization".equals(a.getName())) {
if (a.getValue() != null) {
identity.setOrganization((String) a.getValue());
}
}
}
List<ExtSource> es = new ArrayList<ExtSource>();
for (UserExtSource ues : u.getUserExtSources()) {
if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_X509)) {
es.add(ues.getExtSource());
} else if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_IDP)) {
if (ues.getExtSource().getName().equals("https://extidp.cesnet.cz/idp/shibboleth")) {
// FIXME - hack Social IdP to let us know proper identity source
String type = ues.getLogin().split("@")[1].split("\\.")[0];
ues.getExtSource()
.setName(
"https://extidp.cesnet.cz/idp/shibboleth&authnContextClassRef=urn:cesnet:extidp:authn:"
+ type);
} else if (ues.getExtSource().getName().equals("https://login.elixir-czech.org/idp/")) {
// FIXME - hack Elixir proxy IdP to let us know proper identity source
String type = ues.getLogin().split("@")[1];
ues.getExtSource().setName("https://login.elixir-czech.org/idp/@" + type);
}
es.add(ues.getExtSource());
} else if (ues.getExtSource()
.getType()
.equals(ExtSourcesManagerEntry.EXTSOURCE_KERBEROS)) {
es.add(ues.getExtSource());
}
}
identity.setIdentities(es);
result.add(identity);
}
}
return result;
}
