package com.techempower.gemini.pyxis;

import com.techempower.cache.EntityStore;
import com.techempower.data.EntityRelation;
import com.techempower.data.EntityRelationDescriptor;
import com.techempower.gemini.Context;
import com.techempower.gemini.GeminiApplication;
import com.techempower.gemini.GeminiConstants;
import com.techempower.gemini.GeminiHelper;
import com.techempower.gemini.messaging.MessageType;
import com.techempower.gemini.pyxis.PyxisUser;
import com.techempower.gemini.pyxis.PyxisUserGroup;
import com.techempower.gemini.pyxis.authorization.Authorizer;
import com.techempower.gemini.pyxis.authorization.Rejector;
import com.techempower.gemini.pyxis.crypto.AesGcmNoPaddingCryptograph;
import com.techempower.gemini.pyxis.crypto.Cryptograph;
import com.techempower.gemini.pyxis.handler.LoginHandler;
import com.techempower.gemini.pyxis.listener.BasicPasswordChangeListener;
import com.techempower.gemini.pyxis.listener.LastLoginUpdater;
import com.techempower.gemini.pyxis.listener.SecurityListener;
import com.techempower.gemini.pyxis.password.BCryptPasswordHasher;
import com.techempower.gemini.pyxis.password.PasswordDisallowedUsername;
import com.techempower.gemini.pyxis.password.PasswordHasher;
import com.techempower.gemini.pyxis.password.PasswordLength;
import com.techempower.gemini.pyxis.password.PasswordProposal;
import com.techempower.gemini.pyxis.password.PasswordRequirement;
import com.techempower.gemini.pyxis.password.PlaintextPasswordHasher;
import com.techempower.helper.DateHelper;
import com.techempower.helper.NetworkHelper;
import com.techempower.helper.StringHelper;
import com.techempower.util.Configurable;
import com.techempower.util.EnhancedProperties;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CopyOnWriteArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/techempower/gemini/pyxis/BasicSecurity.class */
public class BasicSecurity<U extends PyxisUser, G extends PyxisUserGroup> implements PyxisSecurity, Configurable {
    public static final int DEFAULT_FAILED_RESET_SECONDS = 300;
    public static final String PROPS_PREFIX = "BasicSecurity.";
    private final GeminiApplication application;
    private final Logger log;
    private final PyxisSettings settings;
    private final EntityStore store;
    private final Cryptograph cryptograph;
    private final Class<U> userClass;
    private final Class<G> groupClass;
    private final Class<? extends EntityRelationDescriptor<U, G>> userToGroupRelationDefinition;
    private final Class<? extends EntityRelationDescriptor<U, Login>> userToLoginRelationDefinition;
    private final PasswordRequirement[] passwordRequirements;
    private final PyxisAuthenticationArbiter arbiter;
    private PasswordHasher passwordHasher;
    private String loginUri;
    private String postLoginUrl;
    private boolean requireHttpsForm;
    private boolean exitHttpsPostLogin;
    private int failedAttemptLimit;
    private int failedResetSeconds;
    private long nextAutoReset;
    private List<SecurityListener<Context>> listeners;
    private Map<String, BasicSecurity<U, G>.LoginAttempt> ipToAttempts;
    private final Rejector forceLoginRejector;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/techempower/gemini/pyxis/BasicSecurity$LoginAttempt.class */
    public class LoginAttempt {
        private int count = 0;
        private long resetTime = 0;

        public LoginAttempt() {
        }

        public void setFailState() {
            this.count = 0;
            this.resetTime = System.currentTimeMillis() + (BasicSecurity.this.failedResetSeconds * 1000);
        }

        public boolean isGood() {
            return this.resetTime < System.currentTimeMillis();
        }

        public void attempt() {
            this.count++;
            if (this.count >= BasicSecurity.this.failedAttemptLimit) {
                setFailState();
            }
        }
    }

    public BasicSecurity(GeminiApplication geminiApplication, Class<U> cls, Class<G> cls2, Class<? extends EntityRelationDescriptor<U, G>> cls3, Class<? extends EntityRelationDescriptor<U, Login>> cls4) {
        this.log = LoggerFactory.getLogger(getClass());
        this.passwordHasher = null;
        this.loginUri = LoginHandler.DEFAULT_LOGIN_TEMPLATE;
        this.postLoginUrl = "/";
        this.requireHttpsForm = true;
        this.exitHttpsPostLogin = false;
        this.failedAttemptLimit = 0;
        this.failedResetSeconds = DEFAULT_FAILED_RESET_SECONDS;
        this.nextAutoReset = 0L;
        this.listeners = null;
        this.ipToAttempts = null;
        this.forceLoginRejector = new Rejector() { // from class: com.techempower.gemini.pyxis.BasicSecurity.1
            @Override // com.techempower.gemini.pyxis.authorization.Rejector
            public void reject(Context context, PyxisUser pyxisUser) {
                String str;
                String queryString = context.getQueryString();
                String str2 = context.getRequestUri() + (queryString != null ? "?" + queryString : "");
                String str3 = BasicSecurity.this.isRequireHttpsForm() ? context.getSecureUrl() + BasicSecurity.this.getLoginUri() : "/" + BasicSecurity.this.getLoginUri();
                boolean z = !BasicSecurity.this.postLoginUrl.equals(str2);
                if (!GeminiHelper.isJsonRequest(context)) {
                    context.messages().put("You need to be logged in to perform this action. Please login and try again.", MessageType.ERROR);
                    if (z) {
                        str = (StringHelper.containsNullSafe(str3, "?") ? "&" : "?") + "r=" + NetworkHelper.encodeUrl(str2);
                    } else {
                        str = "";
                    }
                    context.redirect(str3 + str);
                    return;
                }
                HashMap hashMap = new HashMap(3);
                hashMap.put(LoginHandler.DEFAULT_LOGIN_TEMPLATE, str3);
                hashMap.put("request", str2);
                hashMap.put(GeminiConstants.GEMINI_MESSAGE, "You need to be logged in to perform this action. Please login and try again.");
                context.setStatus(401);
                GeminiHelper.sendJson(context, hashMap);
            }
        };
        this.application = geminiApplication;
        this.settings = constructPyxisSettings(geminiApplication);
        this.listeners = new CopyOnWriteArrayList();
        List<PasswordRequirement> constructPasswordRequirements = constructPasswordRequirements();
        this.passwordRequirements = (PasswordRequirement[]) constructPasswordRequirements.toArray(new PasswordRequirement[constructPasswordRequirements.size()]);
        geminiApplication.getConfigurator().addConfigurable(this);
        this.store = geminiApplication.getStore();
        this.userClass = cls;
        this.groupClass = cls2;
        this.userToGroupRelationDefinition = cls3;
        this.userToLoginRelationDefinition = cls4;
        this.cryptograph = constructCryptograph();
        this.arbiter = constructAuthenticationArbiter();
        if (this.store == null) {
            this.log.error("CachingSecurity cannot function without an application cache!");
        }
        addStandardListeners();
    }

    public BasicSecurity(GeminiApplication geminiApplication, Class<U> cls, Class<G> cls2, Class<? extends EntityRelationDescriptor<U, G>> cls3) {
        this(geminiApplication, cls, cls2, cls3, null);
    }

    protected void addStandardListeners() {
        addListener(new LastLoginUpdater(this));
        addListener(new BasicPasswordChangeListener());
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Cryptograph getCryptograph() {
        return this.cryptograph;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisAuthenticationArbiter getAuthenticationArbiter() {
        return this.arbiter;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisSettings getSettings() {
        return this.settings;
    }

    protected EntityStore getStore() {
        return this.store;
    }

    @Override // com.techempower.util.Configurable
    public void configure(EnhancedProperties enhancedProperties) {
        this.settings.configure(enhancedProperties);
        EnhancedProperties.Focus focus = enhancedProperties.focus(PROPS_PREFIX);
        this.loginUri = focus.get("LoginUri", this.loginUri);
        this.postLoginUrl = focus.get("PostLoginUrl", this.postLoginUrl);
        this.requireHttpsForm = focus.getBoolean("RequireHTTPS", this.requireHttpsForm);
        this.exitHttpsPostLogin = focus.getBoolean("ExitHTTPS", this.exitHttpsPostLogin);
        this.failedAttemptLimit = focus.getInt("FailedAttemptLimit", this.failedAttemptLimit);
        this.failedResetSeconds = focus.getInt("FailedResetSeconds", this.failedResetSeconds);
        if (this.loginUri.startsWith("/")) {
            this.loginUri = this.loginUri.substring(1);
        }
        if (isFailedAttemptLimiting()) {
            this.nextAutoReset = DateHelper.getEndOfDay().getTime().getTime();
        }
        String str = focus.get("HashingAlgorithm", "bcrypt");
        boolean z = -1;
        switch (str.hashCode()) {
            case 1973234167:
                if (str.equals("plaintext")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.passwordHasher = new PlaintextPasswordHasher();
                break;
            default:
                this.passwordHasher = new BCryptPasswordHasher();
                break;
        }
        this.log.info("Using {} hashing algorithm.", this.passwordHasher.getName());
    }

    protected Cryptograph constructCryptograph() {
        return new AesGcmNoPaddingCryptograph(this.application);
    }

    protected PyxisAuthenticationArbiter constructAuthenticationArbiter() {
        return new SessionAuthenticationArbiter(this.application);
    }

    protected List<PasswordRequirement> constructPasswordRequirements() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PasswordLength(BasicUser.PASSWORD_LENGTH));
        arrayList.add(new PasswordDisallowedUsername(false));
        return arrayList;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String getLoginUri() {
        return this.loginUri;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String getPostLoginUrl(Context context) {
        PyxisUser user = getUser(context);
        String str = context.query().get("r");
        if (StringHelper.isEmpty(str)) {
            return getPostLoginUrl(user);
        }
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        return (!context.isSecure() || isExitHttpsPostLogin()) ? context.getUrl() + str : context.getSecureUrl() + str;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String getPostLoginUrl(PyxisUser pyxisUser) {
        return this.postLoginUrl;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isRequireHttpsForm() {
        return this.requireHttpsForm;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isExitHttpsPostLogin() {
        return this.exitHttpsPostLogin;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isFailedAttemptLimiting() {
        return this.failedAttemptLimit > 0;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean authCheck(Context context, Authorizer authorizer, Rejector rejector) {
        PyxisUser pyxisUser = null;
        if (isLoggedIn(context)) {
            pyxisUser = getUser(context);
        }
        if (pyxisUser != null && (authorizer == null || authorizer.isAuthorized(pyxisUser, context))) {
            return true;
        }
        if (rejector != null) {
            rejector.reject(context, pyxisUser);
            return false;
        }
        this.forceLoginRejector.reject(context, pyxisUser);
        return false;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean authCheck(Context context) {
        return authCheck(context, null, null);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Rejector getForceLoginRejector() {
        return this.forceLoginRejector;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isLoginAttemptPermitted(Context context) {
        BasicSecurity<U, G>.LoginAttempt loginAttempt;
        return !isFailedAttemptLimiting() || (loginAttempt = getIpToAttempts().get(context.getClientId())) == null || loginAttempt.isGood();
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isLoginPermitted(PyxisUser pyxisUser) {
        return pyxisUser.isEnabled();
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void captureFailedLoginAttempt(Context context) {
        BasicSecurity<U, G>.LoginAttempt loginAttempt;
        if (isFailedAttemptLimiting()) {
            Map<String, BasicSecurity<U, G>.LoginAttempt> ipToAttempts = getIpToAttempts();
            synchronized (ipToAttempts) {
                loginAttempt = ipToAttempts.get(context.getClientId());
                if (loginAttempt == null) {
                    loginAttempt = new LoginAttempt();
                    ipToAttempts.put(context.getClientId(), loginAttempt);
                }
            }
            loginAttempt.attempt();
        }
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void captureSuccessfulLoginAttempt(Context context) {
        if (isFailedAttemptLimiting()) {
            getIpToAttempts().remove(context.getClientId());
        }
    }

    public GeminiApplication getApplication() {
        return this.application;
    }

    protected PyxisSettings constructPyxisSettings(GeminiApplication geminiApplication) {
        return new PyxisSettings(geminiApplication, PROPS_PREFIX);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean passwordTest(PyxisUser pyxisUser, String str) {
        return pyxisUser != null && this.passwordHasher.testPassword(str, pyxisUser.getUserPassword());
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser getUser(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        U userByUsername = getUserByUsername(str);
        if (passwordTest(userByUsername, str2)) {
            return userByUsername;
        }
        return null;
    }

    public U getUserByEmail(String str) {
        if (str == null) {
            return null;
        }
        return (U) this.store.get(this.userClass, "getUserEmail", sanitizeEmailAddress(str));
    }

    public U getUserByEmail(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        try {
            U userByEmail = getUserByEmail(str);
            if (passwordTest(userByEmail, str2)) {
                return userByEmail;
            }
            return null;
        } catch (Exception e) {
            this.log.info("Exception while retrieving user by email address: ", e);
            return null;
        }
    }

    protected U getUserByUsername(String str) {
        return (U) this.store.get(this.userClass, "getUserUsername", sanitizeUsername(str));
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser getUser(String str) {
        if (str == null) {
            return null;
        }
        return getUserByUsername(str);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser findUser(String str) {
        PyxisUser user = getUser(str);
        return user != null ? user : getUserByEmail(str);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser getUser(long j) {
        return (PyxisUser) this.store.get(this.userClass, j);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Collection<PyxisUserGroup> getAllUserGroups() {
        return this.store.list(this.groupClass);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUserGroup getUserGroup(String str) {
        return (PyxisUserGroup) this.store.get(this.groupClass, "getName", str);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUserGroup getUserGroup(long j) {
        return (PyxisUserGroup) this.store.get(this.groupClass, j);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void addUserLogin(long j, Login login) {
        this.store.getRelation(this.userToLoginRelationDefinition).add(j, (long) login);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void removeUserLogin(long j, Login login) {
        this.store.getRelation(this.userToLoginRelationDefinition).remove(j, (long) login);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Collection<Login> getUserLogins(long j) {
        return this.store.getRelation(this.userToLoginRelationDefinition).rightValueSet(j);
    }

    private EntityRelation<U, G> getUserToGroupRelation() {
        return this.store.getRelation(this.userToGroupRelationDefinition);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public long[] getGroupsForUser(long j) {
        return getUserToGroupRelation().rightIDArray(j);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public long[] getUsersInGroup(long j) {
        return getUserToGroupRelation().leftIDArray(j);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean updateGroupMembership(long j, long[] jArr) {
        EntityRelation<U, G> userToGroupRelation = getUserToGroupRelation();
        userToGroupRelation.removeLeftValue(j);
        for (long j2 : jArr) {
            userToGroupRelation.add(j, j2);
        }
        BasicUser basicUser = (BasicUser) getUser(j);
        if (basicUser == null) {
            return true;
        }
        basicUser.setUserGroups(getGroupsForUser(j));
        return true;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void addUserToGroup(PyxisUser pyxisUser, long j, boolean z) {
        EntityRelation<U, G> userToGroupRelation = getUserToGroupRelation();
        if (z) {
            userToGroupRelation.removeLeftValue(pyxisUser.getId());
        }
        userToGroupRelation.add(pyxisUser.getId(), j);
        ((BasicUser) pyxisUser).setUserGroups(getGroupsForUser(pyxisUser.getId()));
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void removeUserFromGroup(PyxisUser pyxisUser, long j) {
        getUserToGroupRelation().remove(pyxisUser.getId(), j);
        ((BasicUser) pyxisUser).setUserGroups(getGroupsForUser(pyxisUser.getId()));
    }

    public String toString() {
        return "CachingSecurity [u:" + (this.userClass != null ? Integer.valueOf(this.userClass.hashCode()) : "<not-specified>") + "]";
    }

    public boolean saveGroupMembership(BasicUser basicUser) {
        return updateGroupMembership(basicUser.getId(), basicUser.getUserGroups());
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void setUserMembership(PyxisUser pyxisUser, long j, boolean z) {
        if (z) {
            addUserToGroup(pyxisUser, j);
        } else {
            removeUserFromGroup(pyxisUser, j);
        }
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void addUserToGroup(PyxisUser pyxisUser, PyxisUserGroup pyxisUserGroup) {
        addUserToGroup(pyxisUser, pyxisUserGroup, false);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void addUserToGroup(PyxisUser pyxisUser, long j) {
        addUserToGroup(pyxisUser, j, false);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void addUserToGroup(PyxisUser pyxisUser, PyxisUserGroup pyxisUserGroup, boolean z) {
        if (pyxisUserGroup == null) {
            return;
        }
        addUserToGroup(pyxisUser, pyxisUserGroup.getId(), z);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void removeUserFromGroup(PyxisUser pyxisUser, PyxisUserGroup pyxisUserGroup) {
        if (pyxisUserGroup == null) {
            return;
        }
        removeUserFromGroup(pyxisUser, pyxisUserGroup.getId());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [com.techempower.gemini.pyxis.PyxisUser] */
    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean login(Context context, String str, String str2, boolean z) {
        U user = getUser(str, str2);
        if (user == null && this.settings.isEmailAuthenticationEnabled()) {
            user = getUserByEmail(str, str2);
        }
        return login(context, user, z);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean login(Context context, PyxisUser pyxisUser, boolean z) {
        if (pyxisUser == null || !isLoginPermitted(pyxisUser)) {
            captureFailedLoginAttempt(context);
            Iterator<SecurityListener<Context>> it = this.listeners.iterator();
            while (it.hasNext()) {
                it.next().loginFailed(context);
            }
            return false;
        }
        this.arbiter.login(context, pyxisUser, z);
        captureSuccessfulLoginAttempt(context);
        Iterator<SecurityListener<Context>> it2 = this.listeners.iterator();
        while (it2.hasNext()) {
            it2.next().loginSuccessful(context, pyxisUser);
        }
        this.log.info("Logged in: {}", pyxisUser);
        return true;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void logout(Context context) {
        notifyListenersLogout(getUser(context), context);
        this.arbiter.logout(context);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void logout(PyxisUser pyxisUser) {
        notifyListenersLogout(pyxisUser, null);
    }

    protected void notifyListenersLogout(PyxisUser pyxisUser, Context context) {
        if (pyxisUser != null) {
            Iterator<SecurityListener<Context>> it = this.listeners.iterator();
            while (it.hasNext()) {
                it.next().logoutSuccessful(context, pyxisUser);
            }
        }
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser getUser(Context context) {
        return this.arbiter.getUser(context);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean isLoggedIn(Context context) {
        return this.arbiter.isLoggedIn(context);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PasswordHasher getPasswordHasher() {
        return this.passwordHasher;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public List<String> passwordValidate(PasswordProposal passwordProposal) {
        if (passwordProposal.bypassValidation) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(this.passwordRequirements.length);
        for (PasswordRequirement passwordRequirement : this.passwordRequirements) {
            String validate = passwordRequirement.validate(passwordProposal);
            if (validate != null) {
                arrayList.add(validate);
            }
        }
        return arrayList;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public List<String> passwordChange(PasswordProposal passwordProposal) {
        List<String> passwordValidate = passwordValidate(passwordProposal);
        if (passwordValidate.isEmpty()) {
            passwordProposal.hashedPassword = this.passwordHasher.encryptPassword(passwordProposal.password);
            passwordProposal.user.setUserPassword(passwordProposal.hashedPassword);
            Iterator<SecurityListener<Context>> it = this.listeners.iterator();
            while (it.hasNext()) {
                it.next().passwordChanged(passwordProposal);
            }
        }
        return passwordValidate;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void saveUser(PyxisUser pyxisUser) {
        this.application.getEntityUpdater().add(pyxisUser);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public void beginMasquerade(Context context, PyxisUser pyxisUser) {
        this.arbiter.beginMasquerade(context, pyxisUser);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser getMasqueradingUser(Context context) {
        return this.arbiter.getMasqueradingUser(context);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public boolean endMasquerade(Context context) {
        return this.arbiter.endMasquerade(context);
    }

    protected synchronized Map<String, BasicSecurity<U, G>.LoginAttempt> getIpToAttempts() {
        autoResetAttemptsIfNeeded();
        if (this.ipToAttempts == null) {
            this.ipToAttempts = new HashMap();
        }
        return this.ipToAttempts;
    }

    protected void autoResetAttemptsIfNeeded() {
        if (System.currentTimeMillis() > this.nextAutoReset) {
            resetLoginAttempts();
            this.nextAutoReset = DateHelper.getEndOfDay().getTime().getTime();
        }
    }

    protected synchronized void resetLoginAttempts() {
        this.ipToAttempts = null;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUser constructUser() {
        return new BasicUser(this);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public PyxisUserGroup constructUserGroup() {
        return new BasicUserGroup();
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public <C extends Context> void addListener(SecurityListener<C> securityListener) {
        this.listeners.add(securityListener);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public <C extends Context> void removeListener(SecurityListener<C> securityListener) {
        this.listeners.remove(securityListener);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Class<PyxisUser> getUserClass() {
        return this.userClass;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public Class<PyxisUserGroup> getUserGroupClass() {
        return this.groupClass;
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String sanitizeUsername(String str) {
        Objects.requireNonNull(str, "Username may not be null.");
        return StringHelper.trim(StringHelper.truncate(str, BasicUser.USERNAME_LENGTH.max)).toLowerCase();
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String sanitizeEmailAddress(String str) {
        Objects.requireNonNull(str, "Email may not be null.");
        return StringHelper.trim(StringHelper.truncate(str, BasicWebUser.EMAIL_LENGTH.max)).toLowerCase();
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String sanitizeFirstname(String str) {
        Objects.requireNonNull(str, "Firstname may not be null.");
        return StringHelper.truncate(str, 50);
    }

    @Override // com.techempower.gemini.pyxis.PyxisSecurity
    public String sanitizeLastname(String str) {
        Objects.requireNonNull(str, "Lastname may not be null.");
        return StringHelper.truncate(str, 50);
    }
}
