package com.cedarsolutions.server.service.impl;

import com.cedarsolutions.exception.NotConfiguredException;
import com.cedarsolutions.server.service.ISpringContextService;
import com.cedarsolutions.server.service.IXsrfTokenService;
import com.cedarsolutions.util.LoggingUtils;
import com.google.gwt.user.client.rpc.RpcToken;
import com.google.gwt.user.client.rpc.RpcTokenException;
import com.google.gwt.user.client.rpc.XsrfToken;
import com.google.gwt.util.tools.shared.Md5Utils;
import com.google.gwt.util.tools.shared.StringUtils;
import javax.servlet.http.Cookie;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/cedarsolutions/server/service/impl/GwtCookieXsrfTokenService.class */
public class GwtCookieXsrfTokenService extends AbstractService implements IXsrfTokenService {
    public static final String DEFAULT_TOKEN = "none";
    private static Logger LOGGER = LoggingUtils.getLogger(GwtCookieXsrfTokenService.class);
    private String sessionCookieName;
    private ISpringContextService springContextService;

    public void afterPropertiesSet() throws NotConfiguredException {
        super.afterPropertiesSet();
        if (this.sessionCookieName == null || this.springContextService == null) {
            throw new NotConfiguredException("GwtCookieXsrfTokenService is not properly configured.");
        }
    }

    @Override // com.cedarsolutions.server.service.IXsrfTokenService
    public String generateXsrfToken() throws RpcTokenException {
        String generateTokenFromCookie = generateTokenFromCookie(getSessionCookie(), "generate");
        LOGGER.debug("Generated CSRF/XSRF token [" + generateTokenFromCookie + "].");
        return generateTokenFromCookie;
    }

    @Override // com.cedarsolutions.server.service.IXsrfTokenService
    public void validateXsrfToken(RpcToken rpcToken) throws RpcTokenException {
        try {
            validateXsrfToken((XsrfToken) rpcToken);
        } catch (ClassCastException e) {
            LOGGER.error("Possible CSRF/XSRF attack: provided token is not XsrfToken");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: provided token is not XsrfToken");
        }
    }

    @Override // com.cedarsolutions.server.service.IXsrfTokenService
    public void validateXsrfToken(XsrfToken xsrfToken) throws RpcTokenException {
        if (xsrfToken == null) {
            LOGGER.error("Possible CSRF/XSRF attack: token not provided.");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: token not provided");
        }
        validateXsrfToken(xsrfToken.getToken());
    }

    @Override // com.cedarsolutions.server.service.IXsrfTokenService
    public void validateXsrfToken(String str) throws RpcTokenException {
        if (str == null) {
            LOGGER.error("Possible CSRF/XSRF attack: token not provided.");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: token not provided");
        }
        String generateTokenFromCookie = generateTokenFromCookie(getSessionCookie(), "verify");
        if (generateTokenFromCookie.equals(str)) {
            LOGGER.debug("CSRF/XSRF token [" + str + "] was valid.");
        } else {
            LOGGER.error("Possible CSRF/XSRF attack: expected [" + generateTokenFromCookie + "], but got [" + str + "]");
            throw new RpcTokenException("CSRF/XSRF token not valid: possible CSRF/XSRF attack");
        }
    }

    protected static String generateTokenFromCookie(Cookie cookie, String str) {
        if (cookie != null && cookie.getValue() != null && cookie.getValue().length() != 0) {
            return generateTokenFromCookie(cookie.getValue());
        }
        LOGGER.error("Unable to " + str + " CSRF/XSRF token: session cookie missing or empy");
        throw new RpcTokenException("Unable to " + str + " CSRF/XSRF token: session cookie missing or empy");
    }

    protected static String generateTokenFromCookie(String str) {
        return StringUtils.toHexString(Md5Utils.getMd5Digest(str.getBytes()));
    }

    protected Cookie getSessionCookie() {
        return this.springContextService.getCookie(getSessionCookieName(), false);
    }

    public String getSessionCookieName() {
        return this.sessionCookieName;
    }

    public void setSessionCookieName(String str) {
        this.sessionCookieName = str;
    }

    public ISpringContextService getSpringContextService() {
        return this.springContextService;
    }

    public void setSpringContextService(ISpringContextService iSpringContextService) {
        this.springContextService = iSpringContextService;
    }
}
