package com.google.gwt.user.server.rpc;

import com.google.gwt.user.client.rpc.RpcToken;
import com.google.gwt.user.client.rpc.RpcTokenException;
import com.google.gwt.user.client.rpc.XsrfToken;
import com.google.gwt.user.server.Util;
import com.google.gwt.util.tools.shared.Md5Utils;
import com.google.gwt.util.tools.shared.StringUtils;
import java.lang.reflect.Method;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;

/* loaded from: input_file:WEB-INF/lib/vaadin-server-7.5.1.jar:com/google/gwt/user/server/rpc/XsrfProtectedServiceServlet.class */
public class XsrfProtectedServiceServlet extends AbstractXsrfProtectedServiceServlet {
    String sessionCookieName;

    public XsrfProtectedServiceServlet() {
        this((String) null);
    }

    public XsrfProtectedServiceServlet(String str) {
        this.sessionCookieName = null;
        this.sessionCookieName = str;
    }

    public XsrfProtectedServiceServlet(Object obj) {
        this(obj, null);
    }

    public XsrfProtectedServiceServlet(Object obj, String str) {
        super(obj);
        this.sessionCookieName = null;
        this.sessionCookieName = str;
    }

    @Override // javax.servlet.GenericServlet
    public void init() throws ServletException {
        super.init();
        if (this.sessionCookieName == null) {
            this.sessionCookieName = getServletConfig().getInitParameter(XsrfTokenServiceServlet.COOKIE_NAME_PARAM);
            if (this.sessionCookieName == null) {
                this.sessionCookieName = getServletContext().getInitParameter(XsrfTokenServiceServlet.COOKIE_NAME_PARAM);
            }
            if (this.sessionCookieName == null) {
                throw new IllegalStateException("Session cookie name not set! Use 'gwt.xsrf.session_cookie_name' context-param to specify session cookie name");
            }
        }
    }

    @Override // com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
    protected void validateXsrfToken(RpcToken rpcToken, Method method) throws RpcTokenException {
        if (rpcToken == null) {
            throw new RpcTokenException("XSRF token missing");
        }
        Cookie cookie = Util.getCookie(getThreadLocalRequest(), this.sessionCookieName, false);
        if (cookie == null || cookie.getValue() == null || cookie.getValue().length() == 0) {
            throw new RpcTokenException("Session cookie is missing or empty! Unable to verify XSRF cookie");
        }
        if (!StringUtils.toHexString(Md5Utils.getMd5Digest(cookie.getValue().getBytes())).equals(((XsrfToken) rpcToken).getToken())) {
            throw new RpcTokenException("Invalid XSRF token");
        }
    }
}
