Z991239-5022 #comment feat: 合并密钥优化

Module/mod_accessauth/AccessAuthFSM.cpp

@@ -127,7 +127,12 @@ struct TimeSynTask : ITaskSp
 			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
 			m_fsm->PostEventFIFO(pEvent);
 			CSimpleStringA strMsg(true);
-			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或重启应用");
+			if (!m_fsm->IsCenterSettingFilesExist()) {
+				strMsg = CSimpleStringA::Format("集中配置文件不存在，请下载集中配置后重启应用");
+			} 
+			else {
+				strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或重启应用");
+			}
 			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
 			return;
 		}
@@ -143,6 +148,7 @@ struct TimeSynTask : ITaskSp
 		timeSynReq.terminalNo = si.strTerminalID.GetData();
 		timeSynReq.curTime = CSmallDateTime::GetNow().GetTime64();
 		timeSynReq.m_url = m_fsm->GetmAccessAuthHost();
+		//timeSynReq.m_url += "/api/v2/sessionkey";
 		timeSynReq.m_url += "/api/v3/sessionkey";//v3 新接口，返回title、content
 		long beg = GetTickCount();
 		bool ret = client->Post(timeSynReq, timeSynRet);
@@ -269,6 +275,8 @@ struct TimeSynTask : ITaskSp
 					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
 				}
 			}
+			/*m_fsm->doWarnMsg(ERROR_ACCESSAUTH_CONNECT_ACS,
+				GetOutPutStr("%s%s", "连接总行ACS准入服务失败（TimeSynTask）.", result.WhatError().c_str()).c_str(), true);*/
 			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取会话密钥");
 			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask Connect Failed.");
 
@@ -302,11 +310,41 @@ struct UpdateWKTask : ITaskSp
 		CAccessAuthUpdateWKReq updateWKReq;
 		updateWKReq.terminalNo = si.strTerminalID.GetData();
 		auto tmkpair = m_entity->GenerateTmkToKMC();//first是加密的，seconde是没加密的
-
 		updateWKReq.encRandom = tmkpair.first;
+
+		PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this->m_entity);
+		auto errRc = pPinPad->Connect();
+		if (errRc == Error_Succeed)
+		{
+			PinPadService_GetCheckCode_Req req = {};
+			PinPadService_GetCheckCode_Ans ans = {};
+
+			req.mSN.Init(1);
+			req.wSN.Init(1);
+			req.mSN[0] = 1;
+			req.wSN[0] = 0;
+			errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
+			if (errRc == Error_Succeed)
+			{
+				updateWKReq.tpkKeyCheck = ans.checkcode[0].GetData();
+				updateWKReq.keyIndex = ans.index[0].GetData();
+				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("Get keyChek && keyIndex suc.");
+			}
+			else
+			{
+				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("Get keyChek && keyIndex failed.");
+			}
+
+			pPinPad->GetFunction()->CloseSession();
+		}
+		else
+		{
+			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("connect to pinpad failed.error code:%d", errRc);
+		}
+
 		CAccessAuthUpdateWKRet updateWKRet;
 		updateWKReq.m_url = m_fsm->GetmAccessAuthHost();
-		updateWKReq.m_url += "/api/v3/wkupdate";
+		updateWKReq.m_url += "/api/v5/wkupdate";
 		long beg = GetTickCount();
 		bool ret = client->Post(updateWKReq, updateWKRet);
 		long end = GetTickCount();
@@ -327,7 +365,7 @@ struct UpdateWKTask : ITaskSp
 
 
 			ErrorCodeEnum eLoadErr = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKRet.tpk,
-				updateWKRet.edk, updateWKRet.index);
+				updateWKRet.edk, updateWKRet.keyIndex);
 			if (eLoadErr == Error_Succeed) {
 				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("LoadKeysToPinPadNew")
 					("UpdateWKTask LoadKeysToPinPadNew Success");
@@ -336,7 +374,7 @@ struct UpdateWKTask : ITaskSp
 			}
 			else {
 				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI("LoadKeysToPinPadNew")
-					("UpdateWKTask 加载秘钥到密码键盘失败，请检查密码键盘连接状态. error = %08X", eLoadErr);
+					("UpdateWKTask LoadKeysToPinPadNew error = %08X", eLoadErr);
 			}
 		}
 		else {
@@ -356,9 +394,12 @@ struct UpdateWKTask : ITaskSp
 #else
 		struct UpdateWKReq
 		{
-			std::string terminalNo;
-			std::string encRandom;
-			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, encRandom)
+			string terminalNo;
+			string encRandom;
+			string tpkKeyCheck; //tpk密钥校验值
+			string edkKeyCheck; //edk密钥校验值
+			string keyIndex; //密钥序号
+			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, encRandom, tpkKeyCheck, edkKeyCheck, keyIndex)
 		} updateWKReq;
 
 		struct UpdateWKAns
@@ -366,17 +407,49 @@ struct UpdateWKTask : ITaskSp
 			string tmk;
 			string tpk;
 			string edk;
-			string index;
-			JSONCONVERT2OBJECT_MEMEBER_REGISTER(tmk, tpk, edk, index)
+			string tpkKeyCheck; //密钥校验值
+			string edkKeyCheck; //edk密钥校验值
+			string keyIndex; //密钥序号
+			JSONCONVERT2OBJECT_MEMEBER_REGISTER(tmk, tpk, edk, tpkKeyCheck, edkKeyCheck, keyIndex)
 		} updateWKAns;
 
 		updateWKReq.terminalNo = si.strTerminalID.GetData();
 		auto tmkpair = m_entity->GenerateTmkToKMC();//first是加密的，seconde是没加密的
 		updateWKReq.encRandom = tmkpair.first;
 
+		PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this->m_entity);
+		auto errRc = pPinPad->Connect();
+		if (errRc == Error_Succeed)
+		{
+			PinPadService_GetCheckCode_Req req = {};
+			PinPadService_GetCheckCode_Ans ans = {};
+
+			req.mSN.Init(1);
+			req.wSN.Init(1);
+			req.mSN[0] = 1;
+			req.wSN[0] = 0;
+			errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
+			if (errRc == Error_Succeed)
+			{
+				updateWKReq.tpkKeyCheck = ans.checkcode[0].GetData();
+				updateWKReq.keyIndex = ans.index[0].GetData();
+				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("Get keyChek && keyIndex suc.");
+			}
+			else
+			{
+				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("Get keyChek && keyIndex failed.");
+			}
+
+			pPinPad->GetFunction()->CloseSession();
+		}
+		else
+		{
+			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("UpdateWKTask")("connect to pinpad failed.error code:%d", errRc);
+		}
+
 		HttpClientResponseResult result;
 		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData());
-		config.SetChildUri("/api/v3/wkupdate");
+		config.SetChildUri("/api/v5/wkupdate");
 
 		SP::Module::Restful::FulfillRequestJsonBody(&config, updateWKReq);
 
@@ -401,15 +474,19 @@ struct UpdateWKTask : ITaskSp
 			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("tmk=%s %d", updateWKAns.tmk.c_str(), updateWKAns.tmk.size());
 			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("tpk=%s %d", updateWKAns.tpk.c_str(), updateWKAns.tpk.size());
 			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("edk=%s %d", updateWKAns.edk.c_str(), updateWKAns.edk.size());
-			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("index=%s %d", updateWKAns.index.c_str(), updateWKAns.index.size());
+			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("tpkKeyCheck=%s %d", updateWKAns.tpkKeyCheck.c_str(), updateWKAns.tpkKeyCheck.size());
+			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("edkKeyCheck=%s %d", updateWKAns.edkKeyCheck.c_str(), updateWKAns.edkKeyCheck.size());
+			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("index=%s %d", updateWKAns.keyIndex.c_str(), updateWKAns.keyIndex.size());
 
-			DWORD rc = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKAns.tpk, updateWKAns.edk, updateWKAns.index);
+			DWORD rc = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKAns.tpk, updateWKAns.edk, updateWKAns.keyIndex);
 			if (rc == Error_Succeed) {
 				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask LoadKeysToPinPadNew Success");
+				/*FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_UpdateWKSucc);
+				m_fsm->PostEventFIFO(pEvent);*/
 				return;
 			}
 			else {
-				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask 加载秘钥到密码键盘失败，请检查密码键盘连接状态. error = %08X", rc);
+				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask LoadKeysToPinPadNew error = %08X", rc);
 			}
 		}
 		else {
@@ -420,6 +497,7 @@ struct UpdateWKTask : ITaskSp
 
 	UpdateWKRetError:
 
+		//FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_UpdateWKFail);
 		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
 		m_fsm->PostEventFIFO(pEvent);
 #endif // RVC_OS_WIN
@@ -441,7 +519,12 @@ struct GetTokenTask : ITaskSp
 			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
 			m_fsm->PostEventFIFO(pEvent);
 			CSimpleStringA strMsg(true);
-			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或尝试重启应用");
+			if (!m_fsm->IsCenterSettingFilesExist()) {
+				strMsg = CSimpleStringA::Format("集中配置文件不存在，请下载集中配置后重启应用");
+			} 
+			else {
+				strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或尝试重启应用");
+			}
 			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
 			return;
 		}
@@ -460,6 +543,7 @@ struct GetTokenTask : ITaskSp
 
 		CAccessAuthGetTokenRet getTokenRet;
 		getTokenReq.m_url = m_fsm->GetmAccessAuthHost();
+		//getTokenReq.m_url += "/api/v2/access"; 
 		getTokenReq.m_url += "/api/v3/access"; //v3新接口，返回title，content
 
 		long beg = GetTickCount();
@@ -585,6 +669,10 @@ struct GetTokenTask : ITaskSp
 			SP::Module::Restful::CommResponseJson responseStatus;
 			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
 			if (!responseStatus.IsOperatedOK()) {
+				/*m_fsm->doWarnMsg(ERR_ACCESSAUTH_LOCK_STATE,
+					GetOutPutStr("%s%s%s%s", "GetTokenTask", responseStatus.errorCode.c_str(),
+						"message", responseStatus.errorMsg.c_str()).c_str(), true);*/
+
 				m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
 				return;
 			}
@@ -636,6 +724,8 @@ struct GetTokenTask : ITaskSp
 					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
 				}
 			}
+			/*m_fsm->doWarnMsg(ERROR_ACCESSAUTH_CONNECT_ACS,
+				GetOutPutStr("%s%s", "连接总行ACS准入服务失败（GetTokenTask）.", result.WhatError().c_str()).c_str(), true);*/
 
 			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
 			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask Connect Failed.");
@@ -802,7 +892,7 @@ unsigned int CAccessAuthFSM::s2_on_event(FSMEvent* pEvent)
 		auto pEntity = (CAccessAuthEntity*)m_pEntity;
 		if (pEvent->param1 == AccessAuthorization_UserErrorCode_AccessAuth_NULL) 
 		{
-			CSimpleStringA strMsg = CSimpleStringA::Format("准入Url为空");
+			CSimpleStringA strMsg = CSimpleStringA::Format("准入Url为空,集中配置文件：%s", IsCenterSettingFilesExist() ? "存在" : "不存在");
 			pEntity->SetAuthErrMsg(strMsg);
 		} 
 		else if (pEvent->param1 == AccessAuthorization_UserErrorCode_ACS_FAIL) 
@@ -1402,6 +1492,8 @@ void CAccessAuthFSM::UpdateWK()
 	CSimpleStringA strPinPadID = "", strDeviceID = "";
 	bool bHasPinPad = false;
 	pEntity->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
+	//int capability = pEntity->GetPinPadCapability();
+	//Dbg("GetPinPadCapability:%d", capability);
 	if (bHasPinPad) {
 		CSmartPointer<UpdateWKTask> updateWKTask = new UpdateWKTask(this, pEntity);
 		GetEntityBase()->GetFunction()->PostThreadPoolTask(updateWKTask.GetRawPointer());
@@ -1441,6 +1533,17 @@ void CAccessAuthFSM::GetDiffSyncTimeFromCenterSettings()
 	}
 }
 
+BOOL CAccessAuthFSM::IsCenterSettingFilesExist()
+{
+	BOOL result(FALSE);
+	CSimpleStringA strPath;
+	GetEntityBase()->GetFunction()->GetPath("CenterSetting", strPath);
+	if (!strPath.IsNullOrEmpty() && ExistsFileA(strPath)) {
+		result = TRUE;
+	}
+	return result;
+}
+
 template<class T>
 void CAccessAuthFSM::AuthLogWarn(const T& ret, const string& url, const string& method, bool bNeedEvent)
 {
@@ -1491,7 +1594,72 @@ void CAccessAuthFSM::AuthLogWarn(const T& ret, const string& url, const string&
 void CAccessAuthFSM::GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer& ctx)
 {
 	CSimpleStringA tmp;
+#ifdef RVC_OS_WIN
 	ctx->Ans.netStatus = 1; //成功
+#else
+	ErrorCodeEnum ec = Error_Succeed;
+	int netType = 0; //默认未知
+
+	CSimpleStringA tmpVendor(""), tmpDevSN(""), tmpDLLVersion("");
+	GetEntityBase()->GetFunction()->GetSysVar("FWBVendor", tmpVendor);
+	GetEntityBase()->GetFunction()->GetSysVar("FWBDevSN", tmpDevSN);
+	GetEntityBase()->GetFunction()->GetSysVar("FWBVersion", tmpDLLVersion);
+
+
+	if (tmpDLLVersion.GetLength() < 2)
+		tmpDLLVersion = "8.1";
+	if (tmpDevSN.GetLength() > 12 && tmpDevSN.IndexOf("FWB") > 2)
+	{
+		Dbg("This is fwb device.");
+	}
+	else
+	{
+		int i = 0;
+		int sockfd;
+		struct ifconf ifconf;
+		struct ifreq* ifreq;
+		char buf[1024];
+
+		//初始化ifconf
+		ifconf.ifc_len = 1024;
+		ifconf.ifc_buf = buf;
 
+		if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+		{
+			perror("socket error");
+			exit(1);
+		}
+
+		//获取所有接口信息
+		ioctl(sockfd, SIOCGIFCONF, &ifconf);
+
+		//逐个获取Ip地址
+		int size = ifconf.ifc_len / sizeof(struct ifreq);
+		ifreq = (struct ifreq*)buf;
+		string netName(ifreq->ifr_name);
+
+		if (size == 1 && netName == "lo") //只有逻辑地址 -- 网线被拔出
+		{
+			netType = 0;
+			tmp = "无网络";
+		}
+		else
+		{
+			for (i = size; i > 0; i--)
+			{
+				string netName(ifreq->ifr_name); //有其他网卡 -- 有线
+				if (netName != "lo")
+				{
+					netType = 1;
+					tmp = "网络已连接";
+				}
+				ifreq++;
+			}
+		}
+
+		ctx->Ans.netStatus = netType;
+	}
+	ctx->Ans.netMsg = tmp;
+#endif // RVC_OS_WIN
 	ctx->Answer(Error_Succeed);
 }

Module/mod_accessauth/AccessAuthFSM.h

@@ -67,10 +67,16 @@ typedef struct CSessionkeySynRet : CHTTPRet {
 typedef struct CAccessAuthUpdateWKReq : CHTTPReq {
 	string terminalNo;
 	string encRandom;
+	string tpkKeyCheck; //tpk密钥校验值
+	string edkKeyCheck; //edk密钥校验值
+	string keyIndex; //密钥序号
 	string ToJson() {
 		Json::Value value;
 		value[REFLECTION(terminalNo)] = terminalNo;
 		value[REFLECTION(encRandom)] = encRandom;
+		value[REFLECTION(tpkKeyCheck)] = tpkKeyCheck;
+		value[REFLECTION(edkKeyCheck)] = edkKeyCheck;
+		value[REFLECTION(keyIndex)] = keyIndex;
 		Json::FastWriter writer;
 		string strData = writer.write(value);
 		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CAccessAuthUpdateWKReq")
@@ -83,7 +89,9 @@ typedef struct CAccessAuthUpdateWKReq : CHTTPReq {
 typedef struct CAccessAuthUpdateWKRet : CHTTPRet {
 	string tpk;
 	string edk;
-	string index;
+	string tpkKeyCheck; //密钥校验值
+	string edkKeyCheck; //edk密钥校验值
+	string keyIndex; //密钥序号
 
 	bool Parse(string strData) {
 		Json::Value root;
@@ -92,7 +100,9 @@ typedef struct CAccessAuthUpdateWKRet : CHTTPRet {
 
 		tpk = root["data"][REFLECTION(tpk)].asString();
 		edk = root["data"][REFLECTION(edk)].asString();
-		index = root["data"][REFLECTION(index)].asString();
+		tpkKeyCheck = root["data"][REFLECTION(tpkKeyCheck)].asString();
+		edkKeyCheck = root["data"][REFLECTION(edkKeyCheck)].asString();
+		keyIndex = root["data"][REFLECTION(keyIndex)].asString();
 
 		return true;
 	}
@@ -237,6 +247,9 @@ typedef struct CInitlizerMKReq : CHTTPReq {
 	string auth;//预留鉴权
 	int loginWay;//1表示错误页发起，需要传入登录密码；0表示用户桌面发起，不需要传入登录密码
 	string encRandom; //tmk pk加密的随机密钥
+	string tpkKeyCheck; //密钥校验值
+	string edkKeyCheck; //密钥校验值
+	string keyIndex; //密钥序号
 
 	string ToJson() {
 #ifdef RVC_OS_WIN
@@ -262,6 +275,9 @@ typedef struct CInitlizerMKReq : CHTTPReq {
 		value[REFLECTION(auth)] = auth;
 		value[REFLECTION(loginWay)] = loginWay;
 		value[REFLECTION(encRandom)] = encRandom;
+		value[REFLECTION(tpkKeyCheck)] = tpkKeyCheck;
+		value[REFLECTION(edkKeyCheck)] = edkKeyCheck;
+		value[REFLECTION(keyIndex)] = keyIndex;
 		Json::FastWriter writer;
 		string strData = writer.write(value);
 
@@ -291,6 +307,9 @@ typedef struct CInitlizerMKReq : CHTTPReq {
 		rvcJson.AddStringToObject(REFLECTION(auth), (char*)auth.c_str());
 		rvcJson.AddNumberToObject(REFLECTION(loginWay), loginWay);
 		rvcJson.AddStringToObject(REFLECTION(encRandom), (char*)encRandom.c_str());
+		rvcJson.AddStringToObject(REFLECTION(tpkKeyCheck), (char*)tpkKeyCheck.c_str());
+		rvcJson.AddStringToObject(REFLECTION(edkKeyCheck), (char*)edkKeyCheck.c_str());;
+		rvcJson.AddStringToObject(REFLECTION(keyIndex), (char*)keyIndex.c_str());
 		string ret;
 		char* tmp = rvcJson.GetJsonStr();
 		ret.assign(tmp);
@@ -306,7 +325,9 @@ typedef struct CInitlizerMKRet : CHTTPRet {
 #ifdef RVC_OS_WIN
 	string tpk;
 	string edk;
-	string index;
+	string tpkKeyCheck;
+	string edkKeyCheck;
+	string keyIndex;
 
 	bool Parse(string strData) {
 		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CInitlizerMKRet")("ret=%s at CInitlizerMKRet", strData.c_str());
@@ -316,7 +337,9 @@ typedef struct CInitlizerMKRet : CHTTPRet {
 		reader.parse(strData, root, false);
 		tpk = root["data"][REFLECTION(tpk)].asString();
 		edk = root["data"][REFLECTION(edk)].asString();
-		index = root["data"][REFLECTION(index)].asString();
+		tpkKeyCheck = root["data"][REFLECTION(tpkKeyCheck)].asString();
+		edkKeyCheck = root["data"][REFLECTION(edkKeyCheck)].asString();
+		keyIndex = root["data"][REFLECTION(keyIndex)].asString();
 		return true;
 	}
 #else
@@ -324,7 +347,9 @@ typedef struct CInitlizerMKRet : CHTTPRet {
 		string TMK;
 		string TPK;
 		string EDK;
-		string index;
+		string tpkKeyCheck;
+		string edkKeyCheck;
+		string keyIndex;
 		string reserved;
 	} data;
 	bool Parse(string strData) {
@@ -336,7 +361,9 @@ typedef struct CInitlizerMKRet : CHTTPRet {
 		data.TMK = retJson->GetStringValue(REFLECTION(tmk));
 		data.TPK = retJson->GetStringValue(REFLECTION(tpk));
 		data.EDK = retJson->GetStringValue(REFLECTION(edk));
-		data.index = retJson->GetStringValue(REFLECTION(index));
+		data.tpkKeyCheck = retJson->GetStringValue(REFLECTION(tpkKeyCheck));
+		data.edkKeyCheck = retJson->GetStringValue(REFLECTION(edkKeyCheck));
+		data.keyIndex = retJson->GetStringValue(REFLECTION(keyIndex));
 		rvcJson.Destory();
 		retJson->Destory();
 		delete retJson;
@@ -481,6 +508,7 @@ public:
 	{
 		m_fNetworkChecking = busing;
 	}
+	BOOL IsCenterSettingFilesExist();
 	void SetDevPubKey(CSimpleStringA csDevPubKey) { m_strDevPubKey = csDevPubKey; }
 	CSimpleStringA GetDevPubKey() { return m_strDevPubKey; }
 

Module/mod_accessauth/mod_AccessAuth.cpp

@@ -53,7 +53,7 @@ struct InitializerInitMKTask : ITaskSp
 		auto tmkpair = m_entity->GenerateTmkToKMC();
 		initMKReq.encRandom = tmkpair.first;
 		initMKReq.m_url = m_entity->GetInitUrl();
-		initMKReq.m_url += "/api/v3/initmk";
+		initMKReq.m_url += "/api/v5/initmk";
 		long beg = GetTickCount();
 		bool ret = client->Post(initMKReq, initMKRet);
 		long end = GetTickCount();
@@ -67,10 +67,10 @@ struct InitializerInitMKTask : ITaskSp
 				return;
 			}
 			if (m_entity->HasPinPad()) {
-				if (m_entity->LoadKeysToPinPadACS(tmkpair.second, initMKRet.tpk, initMKRet.edk, initMKRet.index) == Error_Succeed)
+				if (m_entity->LoadKeysToPinPadACS(tmkpair.second, initMKRet.tpk, initMKRet.edk, initMKRet.keyIndex) == Error_Succeed)
 					m_entity->EndInitMK(Error_Succeed, "");
 				else
-					m_entity->EndInitMK(ERR_INITIALIZER_INIT_EXCEPTION, "加载秘钥到密码键盘失败，请检查密码键盘连接状态，多次失败请联系厂商排查。");//，待完善细化错误码oiltest
+					m_entity->EndInitMK(ERR_INITIALIZER_INIT_EXCEPTION, "加载秘钥到密码键盘失败");//，待完善细化错误码oiltest
 			}
 			else
 				m_entity->EndInitMK(Error_Succeed, "");
@@ -108,10 +108,13 @@ struct InitializerInitMKTask : ITaskSp
 			string auth;//预留鉴权
 			int loginWay;//1表示错误页发起，需要传入登录密码；0表示用户桌面发起，不需要传入登录密码
 			string encRandom; //tmk pk加密的随机密钥
+			string tpkKeyCheck; //密钥校验值
+			string edkKeyCheck; //密钥校验值
+			string keyIndex; //密钥序号
 
 			JSONCONVERT2OBJECT_MEMEBER_REGISTER(enrolAddr, enrolGPS, installVersion, ip, machineModel, machineType,
 				padDeviceID, site, terminalNo, factory, modal, type, version, terminalCharacter, pinPadID, publicKey,
-				user, password, auth, loginWay, encRandom)
+				user, password, auth, loginWay, encRandom, tpkKeyCheck, edkKeyCheck, keyIndex)
 
 		} instanceReq;
 
@@ -135,23 +138,27 @@ struct InitializerInitMKTask : ITaskSp
 		instanceReq.password = initMKReq.password;
 		instanceReq.auth = initMKReq.auth;
 		instanceReq.loginWay = initMKReq.loginWay;
-
 		instanceReq.encRandom = tmkpair.first;
+		instanceReq.tpkKeyCheck = initMKReq.tpkKeyCheck;
+		instanceReq.edkKeyCheck = initMKReq.edkKeyCheck;
+		instanceReq.keyIndex = initMKReq.keyIndex;
 
 		struct InstanceAnsJson
 		{
 			string TMK;
 			string TPK;
 			string EDK;
-			string index;
+			string tpkKeyCheck;
+			string edkKeyCheck;
+			string keyIndex;
 			string reserved;
-			JSONCONVERT2OBJECT_MEMEBER_REGISTER(TMK, TPK, EDK, index)
-				JSONCONVERT2OBJECT_MEMEBER_RENAME_REGISTER("tmk", "tpk", "edk", "index")
+			JSONCONVERT2OBJECT_MEMEBER_REGISTER(TMK, TPK, EDK, tpkKeyCheck, edkKeyCheck, keyIndex)
+				JSONCONVERT2OBJECT_MEMEBER_RENAME_REGISTER("tmk", "tpk", "edk", "tpkKeyCheck", "edkKeyCheck", "keyIndex")
 		} instanceAns;
 
 		HttpClientResponseResult result;
 		HttpClientRequestConfig config(HttpRequestMethod::POST, m_entity->GetInitUrl().GetData());
-		config.SetChildUri("/api/v3/initmk");
+		config.SetChildUri("/api/v5/initmk");
 		SP::Module::Restful::FulfillRequestJsonBody(&config, instanceReq);
 
 		std::string test;
@@ -167,18 +174,18 @@ struct InitializerInitMKTask : ITaskSp
 			SP::Module::Restful::CommResponseJson responseStatus;
 			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
 			if (!responseStatus.IsOperatedOK()) {
-				Dbg("InitializerInitMKNew failed: %s", responseStatus.errorMsg.c_str());
+				Dbg("update wk failed: %s", responseStatus.errorMsg.c_str());
 				m_entity->EndInitMK(ERR_INITIALIZER_INIT_EXCEPTION, responseStatus.errorMsg.c_str());
 			}
 			else {
 				if (m_entity->HasPinPad()) {
 					const bool testResult = SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, instanceAns);
 					Dbg("ExtractDataFromDebranchResponse returned: %d", testResult);
-					if (m_entity->LoadKeysToPinPadACS(tmkpair.second, instanceAns.TPK, instanceAns.EDK, instanceAns.index) == Error_Succeed) {
+					if (m_entity->LoadKeysToPinPadACS(tmkpair.second, instanceAns.TPK, instanceAns.EDK, instanceAns.keyIndex) == Error_Succeed) {
 						m_entity->EndInitMK(Error_Succeed, "");
 					}
 					else {
-						m_entity->EndInitMK(ERR_INITIALIZER_INIT_EXCEPTION, "加载秘钥到密码键盘失败，请检查密码键盘连接状态，多次失败请联系厂商排查。");//，待完善细化错误码oiltest
+						m_entity->EndInitMK(ERR_INITIALIZER_INIT_EXCEPTION, "加载秘钥到密码键盘失败");//，待完善细化错误码oiltest
 					}
 				}
 				else {
@@ -390,7 +397,7 @@ DWORD CAccessAuthEntity::SaveSM2KeyPair(const CBlob &pubKey, const CBlob &priKey
 		req.pub_key = pubKey;
 		req.pri_key = priKey;
 		TokenService_SetKeyPair_Ans ans;
-		rc = (*pTokenServiceClient)(EntityResource::getLink().upgradeLink())->SetKeyPair(req, ans, 3000);
+		rc = pTokenServiceClient->SetKeyPair(req, ans, 3000);
 		pTokenServiceClient->GetFunction()->CloseSession();
 		if (rc != Error_Succeed)
 		{
@@ -433,11 +440,10 @@ ErrorCodeEnum CAccessAuthEntity::SaveTokenAndSharedSK(const CBlob &token, const
 	{
 		TokenService_SetToken_Req req = {};
 		req.token = token;
-		TokenService_SetToken_Ans ans; 
-		EntityResource::setLink(EntityResource::getLink().upgradeLink());
-		rc = (*pTokenServiceClient)(EntityResource::getLink())->SetToken(req, ans, 5000);
+		TokenService_SetToken_Ans ans;
+		rc = pTokenServiceClient->SetToken(req, ans, 5000);
 		if (rc == Error_Succeed)
-			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SetToken")
+			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("SetToken")
 				("save token succ, token: [%s]", ByteArrayToHexStr((BYTE*)token.m_pData, token.m_iLength).c_str());
 		else
 		{
@@ -453,7 +459,7 @@ ErrorCodeEnum CAccessAuthEntity::SaveTokenAndSharedSK(const CBlob &token, const
 		TokenService_SetSharedSK_Req req2 = {};
 		req2.ssk = sharedSK;
 		TokenService_SetSharedSK_Ans ans2 = {};
-		rc = (*pTokenServiceClient)(EntityResource::getLink().upgradeLink())->SetSharedSK(req2, ans2, 5000);
+		rc = pTokenServiceClient->SetSharedSK(req2, ans2, 5000);
 		if (rc == Error_Succeed)
 			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SetSharedSK")
 				("save shared session key succ");
@@ -554,7 +560,7 @@ int CAccessAuthEntity::GetPinPadCapability()
 		PinPadService_QueryFunc_Req req;
 		PinPadService_QueryFunc_Ans ans;
 
-		rc = (*pPinPad)(EntityResource::getLink().upgradeLink())->QueryFunc(req,ans,3000);
+		rc = pPinPad->QueryFunc(req, ans, 3000);
 		if (rc == Error_Succeed)
 		{
 			nCapability = ans.encryptkey;
@@ -1104,7 +1110,7 @@ int CAccessAuthEntity::GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimp
 		PinPadService_GetDevInfo_Req req = {};
 		PinPadService_GetDevInfo_Ans ans = {};
 
-		auto rc = (*pPinPadClient)(EntityResource::getLink().upgradeLink())->GetDevInfo(req, ans, 3000);
+		rc = pPinPadClient->GetDevInfo(req, ans, 3000);
 		if (rc == Error_Succeed)
 		{
 			if (ans.state == DEVICE_STATUS_NORMAL)
@@ -1598,6 +1604,36 @@ bool CAccessAuthEntity::SendInitMKReqACS(CInitlizerMKReq& initMKReq)
 		initMKReq.loginWay = 0;
 	}
 
+	PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this);
+	auto errRc = pPinPad->Connect();
+	if (errRc == Error_Succeed)
+	{
+		PinPadService_GetCheckCode_Req req = {};
+		PinPadService_GetCheckCode_Ans ans = {};
+
+		req.mSN.Init(1);
+		req.wSN.Init(1);
+		req.mSN[0] = 1;
+		req.wSN[0] = 0;
+		errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
+		if (errRc == Error_Succeed)
+		{
+			initMKReq.tpkKeyCheck = ans.checkcode[0].GetData();
+			initMKReq.keyIndex = ans.index[0].GetData();
+			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SendInitMKReqACS")("Get keyChek && keyIndex suc.");
+		}
+		else
+		{
+			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SendInitMKReqACS")("Get keyChek && keyIndex failed.");
+		}
+
+		pPinPad->GetFunction()->CloseSession();
+	}
+	else
+	{
+		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("QueryCheckCode")("connect to pinpad failed.error code:%d", errRc);
+	}
+
 	return true;
 }
 
@@ -1627,6 +1663,7 @@ void CAccessAuthEntity::EndInitMK(DWORD rc, const char *pszErrMsg)
 
 	// 通知UI窗口
 	if (m_ctx != NULL) {
+		Dbg("success");
 		m_ctx->Ans.Errcode = rc;
 		m_ctx->Ans.ErrMsg = m_strLastErrMsg;
 		m_ctx->Answer(Error_Succeed);
@@ -1683,7 +1720,7 @@ ErrorCodeEnum CAccessAuthEntity::LoadKeysToPinPadACS(string TMK, string TPK, str
 		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("LoadKeysToPinPadACS")("req.reserved3=%s", req.reserved3.GetData());
 
 		PinPadService_LoadKeysSM_Ans ans = {};
-		rc = (*pPinPad)(EntityResource::getLink().upgradeLink())->LoadKeysSM(req, ans, 30000);
+		rc = pPinPad->LoadKeysSM(req, ans, 30000);
 		if (rc == Error_Succeed)
 			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("LoadKeysToPinPadACS")("load sm key to pinpad succ");
 		else
@@ -1815,7 +1852,9 @@ pair<string, string> CAccessAuthEntity::EncryptedByPubKey(CSimpleStringA pubKey,
 	}
 	else
 		memcpy(pxxKey, pOldPubKey, 65);
+	//RVCCOMM_API bool EncWithSM2PubKey(BYTE * pSource, int nSourceLen, BYTE * pDest, int* pDestLen, BYTE * pPubKey, int nKeyLen);
 	int retSM2 = EncWithSM2PubKey((unsigned char*)m_btRam, 16, (unsigned char*)random_enc_bypbk, &outMsgLen, (unsigned char*)pxxKey, 65);
+	//int retSM2 = CMBSM2Encrypt((unsigned char*)pxxKey, 65, (unsigned char*)btRam, 16, (unsigned char*)random_enc_bypbk, &outMsgLen);
 	if (!retSM2 || outMsgLen != 113)
 	{
 		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("EncryptedTmkToDevice")("EncWithSM2PubKey failed outMsgLen:%d.", outMsgLen);