package com.fidesmo.sec.delivery;

import com.fidesmo.sec.utils.Hex;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.security.cert.CertificateException;

/* loaded from: classes.dex */
class Encryption {
    private final PublicKey publicKey;

    private Encryption(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    private byte[] encrypt(byte[] bArr, Key key) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(1, key, new IvParameterSpec(new byte[16]));
        return cipher.doFinal(bArr);
    }

    private byte[] encryptEphemeral(Key key) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA512AndMGF1Padding", "BC");
        cipher.init(1, this.publicKey);
        return cipher.doFinal(key.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptedUserResponse encryptUserResponse(Map<String, String> map, PublicKey publicKey) throws Exception {
        if (publicKey == null) {
            throw new CertificateException("Service wasn't properly configured: Encryption was requested but no certificate was provided.");
        }
        Encryption encryption = new Encryption(publicKey);
        HashMap hashMap = new HashMap();
        Key generateEphemeralKey = encryption.generateEphemeralKey();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), Hex.encodeHex(encryption.encrypt(entry.getValue().getBytes(), generateEphemeralKey)));
        }
        return new EncryptedUserResponse(hashMap, encryption.encryptEphemeral(generateEphemeralKey));
    }

    private Key generateEphemeralKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }
}
