package com.maverick.sshd.auth;

import com.maverick.sshd.Connection;
import com.maverick.sshd.PublicKeyAuthenticationProvider;
import com.maverick.sshd.platform.PermissionDeniedException;
import com.sshtools.common.publickey.SshPublicKeyFile;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.OpenSshCertificate;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:com/maverick/sshd/auth/OpenSshCertificateAuthenticationProvider.class */
public class OpenSshCertificateAuthenticationProvider implements PublicKeyAuthenticationProvider {
    Set<SshPublicKey> caKeys = new HashSet();

    public OpenSshCertificateAuthenticationProvider(SshPublicKey... sshPublicKeyArr) {
        this.caKeys.addAll(Arrays.asList(sshPublicKeyArr));
    }

    public OpenSshCertificateAuthenticationProvider(Collection<SshPublicKey> collection) {
        this.caKeys.addAll(collection);
    }

    public void addCAKey(SshPublicKey sshPublicKey) throws SshException {
        this.caKeys.add(sshPublicKey);
    }

    public void removeKey(SshPublicKey sshPublicKey) {
        this.caKeys.remove(sshPublicKey);
    }

    @Override // com.maverick.sshd.PublicKeyAuthenticationProvider
    public boolean isAuthorizedKey(SshPublicKey sshPublicKey, Connection connection) throws IOException {
        if (!(sshPublicKey instanceof OpenSshCertificate)) {
            return false;
        }
        OpenSshCertificate openSshCertificate = (OpenSshCertificate) sshPublicKey;
        if (openSshCertificate.getType() != 1 || !new Date().after(openSshCertificate.getValidAfter()) || !new Date().before(openSshCertificate.getValidBefore())) {
            return false;
        }
        if (openSshCertificate.getPrincipals().size() > 0 && !openSshCertificate.getPrincipals().contains(connection.getUsername())) {
            return false;
        }
        Iterator<SshPublicKey> it = this.caKeys.iterator();
        while (it.hasNext()) {
            if (openSshCertificate.getSignedBy().equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.maverick.sshd.PublicKeyAuthenticationProvider
    public Iterator<SshPublicKeyFile> getKeys(Connection connection) throws PermissionDeniedException, IOException {
        throw new UnsupportedOperationException();
    }

    @Override // com.maverick.sshd.PublicKeyAuthenticationProvider
    public void remove(SshPublicKey sshPublicKey, Connection connection) throws IOException, PermissionDeniedException, SshException {
        throw new UnsupportedOperationException();
    }

    @Override // com.maverick.sshd.PublicKeyAuthenticationProvider
    public void add(SshPublicKey sshPublicKey, String str, Connection connection) throws IOException, PermissionDeniedException, SshException {
        throw new UnsupportedOperationException();
    }
}
