package com.sshtools.server;

import com.sshtools.common.auth.AbstractPublicKeyAuthenticationProvider;
import com.sshtools.common.publickey.OpenSshCertificate;
import com.sshtools.common.ssh.SshConnection;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshPublicKey;
import java.io.IOException;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public class OpenSshCACertificateStoreImpl extends AbstractPublicKeyAuthenticationProvider {
    Set<SshPublicKey> caKeys;

    public OpenSshCACertificateStoreImpl(SshPublicKey sshPublicKey) {
        HashSet hashSet = new HashSet();
        this.caKeys = hashSet;
        hashSet.add(sshPublicKey);
    }

    public OpenSshCACertificateStoreImpl(Collection<SshPublicKey> collection) {
        HashSet hashSet = new HashSet();
        this.caKeys = hashSet;
        hashSet.addAll(collection);
    }

    public void addCAKey(SshPublicKey sshPublicKey) throws SshException {
        this.caKeys.add(sshPublicKey);
    }

    @Override // com.sshtools.common.auth.AbstractPublicKeyAuthenticationProvider, com.sshtools.common.auth.PublicKeyAuthenticationProvider
    public boolean checkKey(SshPublicKey sshPublicKey, SshConnection sshConnection) throws IOException {
        return isAuthorizedKey(sshPublicKey, sshConnection);
    }

    @Override // com.sshtools.common.auth.PublicKeyAuthenticationProvider
    public boolean isAuthorizedKey(SshPublicKey sshPublicKey, SshConnection sshConnection) {
        if (!sshPublicKey.isCertificate()) {
            return false;
        }
        OpenSshCertificate openSshCertificate = (OpenSshCertificate) sshPublicKey;
        if (openSshCertificate.getType() != 1 || !new Date().after(openSshCertificate.getValidAfter()) || !new Date().before(openSshCertificate.getValidBefore())) {
            return false;
        }
        if (openSshCertificate.getPrincipals().size() > 0 && !openSshCertificate.getPrincipals().contains(sshConnection.getUsername())) {
            return false;
        }
        Iterator<SshPublicKey> it2 = this.caKeys.iterator();
        while (it2.hasNext()) {
            if (openSshCertificate.getSignedBy().equals(it2.next())) {
                return true;
            }
        }
        return false;
    }

    public void removeKey(SshPublicKey sshPublicKey) {
        this.caKeys.remove(sshPublicKey);
    }
}
