package com.okta.authfoundation.client;

import com.okta.authfoundation.client.AccessTokenValidator;
import com.okta.authfoundation.jwt.Jwt;
import com.permutive.android.EventProperties;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsKt;
import okio.ByteString;

@Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J)\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096@ø\u0001\u0000¢\u0006\u0002\u0010\u000b\u0082\u0002\u0004\n\u0002\b\u0019¨\u0006\f"}, d2 = {"Lcom/okta/authfoundation/client/DefaultAccessTokenValidator;", "Lcom/okta/authfoundation/client/AccessTokenValidator;", "()V", "validate", "", EventProperties.CLIENT_INFO, "Lcom/okta/authfoundation/client/OAuth2Client;", "accessToken", "", "idToken", "Lcom/okta/authfoundation/jwt/Jwt;", "(Lcom/okta/authfoundation/client/OAuth2Client;Ljava/lang/String;Lcom/okta/authfoundation/jwt/Jwt;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "auth-foundation_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class DefaultAccessTokenValidator implements AccessTokenValidator {
    @Override // com.okta.authfoundation.client.AccessTokenValidator
    public Object validate(OAuth2Client oAuth2Client, String str, Jwt jwt, Continuation<? super Unit> continuation) {
        if (!Intrinsics.areEqual(jwt.getAlgorithm(), "RS256")) {
            throw new AccessTokenValidator.Error("Unsupported algorithm");
        }
        String atHash = ((IdTokenAtHash) jwt.deserializeClaims(IdTokenAtHash.INSTANCE.serializer())).getAtHash();
        if (atHash == null) {
            return Unit.INSTANCE;
        }
        ByteString.Companion companion = ByteString.INSTANCE;
        byte[] bytes = str.getBytes(Charsets.US_ASCII);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        ByteString sha256 = ByteString.Companion.of$default(companion, bytes, 0, 0, 3, null).sha256();
        int i = 5 >> 1;
        if (Intrinsics.areEqual(StringsKt__StringsKt.trimEnd(sha256.substring(0, sha256.size() / 2).base64Url(), '='), atHash)) {
            return Unit.INSTANCE;
        }
        throw new AccessTokenValidator.Error("ID Token at_hash didn't match the access token.");
    }
}
