package com.maverick.ssh.components.jce;

import com.maverick.ssh.SshException;
import com.maverick.ssh.components.SshPublicKey;
import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import com.maverick.util.UnsignedInteger64;
import com.sshtools.publickey.SshPublicKeyFileFactory;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: classes.dex */
public abstract class OpenSshCertificate {
    public static final String OPTION_FORCE_COMMAND = "force-command";
    public static final String OPTION_SOURCE_ADDRESS = "source-address";
    public static final String PERMIT_AGENT_FORWARDING = "permit-agent-forwarding";
    public static final String PERMIT_PORT_FORWARDING = "permit-port-forwarding";
    public static final String PERMIT_USER_PTY = "permit-pty";
    public static final String PERMIT_USER_RC = "permit-user-rc";
    public static final String PERMIT_X11_FORWARDING = "permit-x11-forwarding";
    public static final int SSH_CERT_TYPE_HOST = 2;
    public static final int SSH_CERT_TYPE_USER = 1;
    String keyId;
    String reserved;
    UnsignedInteger64 serial;
    byte[] signature;
    SshPublicKey signedBy;
    int type;
    UnsignedInteger64 validAfter;
    UnsignedInteger64 validBefore;
    Set<String> validPrincipals = new HashSet();
    Map<String, String> criticalOptions = new HashMap();
    Set<String> extensions = new HashSet();

    /* JADX INFO: Access modifiers changed from: protected */
    public void decode(ByteArrayReader byteArrayReader) throws IOException, SshException {
        this.serial = byteArrayReader.readUINT64();
        this.type = (int) byteArrayReader.readInt();
        this.keyId = byteArrayReader.readString();
        ByteArrayReader byteArrayReader2 = new ByteArrayReader(byteArrayReader.readBinaryString());
        while (byteArrayReader2.available() > 0) {
            this.validPrincipals.add(byteArrayReader2.readString());
        }
        byteArrayReader2.close();
        this.validAfter = byteArrayReader.readUINT64();
        this.validBefore = byteArrayReader.readUINT64();
        ByteArrayReader byteArrayReader3 = new ByteArrayReader(byteArrayReader.readBinaryString());
        while (byteArrayReader3.available() > 0) {
            this.criticalOptions.put(byteArrayReader3.readString(), byteArrayReader3.readString());
        }
        byteArrayReader3.close();
        ByteArrayReader byteArrayReader4 = new ByteArrayReader(byteArrayReader.readBinaryString());
        while (byteArrayReader4.available() > 0) {
            String trim = byteArrayReader4.readString().trim();
            if (!trim.equals("")) {
                this.extensions.add(trim);
            }
        }
        byteArrayReader4.close();
        this.reserved = byteArrayReader.readString();
        this.signedBy = SshPublicKeyFileFactory.decodeSSH2PublicKey(byteArrayReader.readBinaryString());
        this.signature = byteArrayReader.readBinaryString();
        byte[] bArr = new byte[byteArrayReader.array().length - (this.signature.length + 4)];
        System.arraycopy(byteArrayReader.array(), 0, bArr, 0, bArr.length);
        this.signedBy.verifySignature(this.signature, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void encode(ByteArrayWriter byteArrayWriter) throws IOException, SshException {
        byteArrayWriter.writeUINT64(this.serial);
        byteArrayWriter.writeInt(this.type);
        byteArrayWriter.writeString(this.keyId);
        ByteArrayWriter byteArrayWriter2 = new ByteArrayWriter();
        Iterator<String> it = this.validPrincipals.iterator();
        while (it.hasNext()) {
            byteArrayWriter2.writeString(it.next());
        }
        byteArrayWriter.writeBinaryString(byteArrayWriter2.toByteArray());
        byteArrayWriter2.close();
        byteArrayWriter.writeUINT64(this.validAfter);
        byteArrayWriter.writeUINT64(this.validBefore);
        ByteArrayWriter byteArrayWriter3 = new ByteArrayWriter();
        for (String str : this.criticalOptions.keySet()) {
            byteArrayWriter3.writeString(str);
            byteArrayWriter3.writeString(this.criticalOptions.get(str));
        }
        byteArrayWriter.writeBinaryString(byteArrayWriter3.toByteArray());
        byteArrayWriter3.close();
        ByteArrayWriter byteArrayWriter4 = new ByteArrayWriter();
        Iterator<String> it2 = this.extensions.iterator();
        while (it2.hasNext()) {
            byteArrayWriter4.writeString(it2.next());
        }
        byteArrayWriter.writeBinaryString(byteArrayWriter4.toByteArray());
        byteArrayWriter4.close();
        byteArrayWriter.writeString(this.reserved);
        byteArrayWriter.writeBinaryString(this.signedBy.getEncoded());
        byteArrayWriter.writeBinaryString(this.signature);
    }

    public Set<String> getExtensions() {
        return this.extensions;
    }

    public String getForcedCommand() {
        return this.criticalOptions.get(OPTION_FORCE_COMMAND);
    }

    public String getKeyId() {
        return this.keyId;
    }

    public Set<String> getPrincipals() {
        return this.validPrincipals;
    }

    public UnsignedInteger64 getSerial() {
        return this.serial;
    }

    public SshPublicKey getSignedBy() {
        return this.signedBy;
    }

    public Set<String> getSourceAddresses() {
        HashSet hashSet = new HashSet();
        if (this.criticalOptions.containsKey(OPTION_SOURCE_ADDRESS)) {
            StringTokenizer stringTokenizer = new StringTokenizer(this.criticalOptions.get(OPTION_SOURCE_ADDRESS), ",");
            while (stringTokenizer.hasMoreTokens()) {
                hashSet.add(stringTokenizer.nextToken());
            }
        }
        return hashSet;
    }

    public int getType() {
        return this.type;
    }

    public Date getValidAfter() {
        return new Date(this.validAfter.longValue() * 1000);
    }

    public Date getValidBefore() {
        return new Date(this.validBefore.longValue() * 1000);
    }

    public boolean isForceCommand() {
        return this.criticalOptions.containsKey(OPTION_FORCE_COMMAND);
    }
}
