Z991239-4686 #comment feat: TimeSynTask使用/api/v3/sessionkey接口，同步请求结构

Module/mod_accessauth/AccessAuthConn.cpp

@@ -413,7 +413,7 @@ DWORD CAccessAuthConn::SendGetTokenPackage()
 	// xkm@20150702  修改加密长度，保证调用CryptoAPI加密时不超过112长度
 	CBlob raw, enc;	
 	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
-	if (pEntity->GetAuthVersion() == 2)
+	if (/*pEntity->GetAuthVersion() == 2*/true)
 	{
 		// 使用会话密钥加密
 		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("使用会话密钥加密....");
@@ -534,7 +534,7 @@ DWORD CAccessAuthConn::SendGetTokenPackage()
 	if (GetUKeyRootCertHash(strHash2))
 		strncpy(req3.szUKeyRootHash, strHash2, strHash2.GetLength());
 
-	req3.nAuthVersion = pEntity->GetAuthVersion();
+	req3.nAuthVersion = 2;
 
 	// 上报指纹用于准入校验
 	// 更改了指纹大小，16->32,另外16字节通过REQ0上传
@@ -1338,7 +1338,7 @@ DWORD CAccessAuthConn::HandleUpdateMD5Ret(const CSmartPointer<IPackage> &pRecvPk
 	string strErrMsg;
 	return rc;
 }
-DWORD CAccessAuthConn::HandleTimeSyn(int nTimeDiff,BYTE nAuthVersion,BYTE* nSessionKey) {
+DWORD CAccessAuthConn::HandleTimeSyn(int nTimeDiff,/*BYTE nAuthVersion,*/BYTE* nSessionKey) {
 	// 比较终端和服务器时间， 时差小于3分钟（默认，可通过集中配置配置）不纠正	
 	const int timeDiff = nTimeDiff > 0 ? nTimeDiff : 0 - nTimeDiff;
 	const int torelateTime = m_torelateDiffSyncTimeSecs > 0 ? m_torelateDiffSyncTimeSecs : 0 - m_torelateDiffSyncTimeSecs;
@@ -1370,8 +1370,8 @@ DWORD CAccessAuthConn::HandleTimeSyn(int nTimeDiff,BYTE nAuthVersion,BYTE* nSess
 	}
 
 	// 检查准入请求版本 //会话密钥缓存
-	Dbg("auth version: %d", nAuthVersion);
-	if (((CAccessAuthEntity*)m_pEntity)->SaveAuthVerAndKey(nAuthVersion, nSessionKey)) {
+	Dbg("无需检测准入版本"/*, nAuthVersion*/);
+	if (((CAccessAuthEntity*)m_pEntity)->SaveAuthKey(nSessionKey)) {
 		return Error_Succeed;
 	} else {
         return Error_Unexpect;
@@ -1576,7 +1576,7 @@ DWORD CAccessAuthConn::GetEncTerminalInfo(CBlob& encInfo) {
 
 	CBlob raw;
 	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
-	if (pEntity->GetAuthVersion() == 2)
+	if (/*pEntity->GetAuthVersion() == 2*/true)
 	{
 		// 使用会话密钥加密
 		Dbg("使用会话密钥加密。。。");
@@ -1756,7 +1756,7 @@ DWORD CAccessAuthConn::GetTokenReq(CAccessAuthGetTokenReq* getTokenReq)
 	memcpy(tmp, fingerPrintHex, 32);
 	delete fingerPrintHex;
 
-	getTokenReq->TOKEN_R3.authVersion = pEntity->GetAuthVersion();
+	getTokenReq->TOKEN_R3.authVersion = 2;
 	getTokenReq->TOKEN_R3.fingerPrint = tmp;
 	getTokenReq->TOKEN_R3.kmcSyncFlag = "";
 	memset(tmp, 0, sizeof(tmp));

Module/mod_accessauth/AccessAuthConn.h

@@ -296,7 +296,7 @@ private:
 	bool Sha1Hash(BYTE *pData, int nDataLen, BYTE hash[20]);
 	
 public:
-	DWORD HandleTimeSyn(int nTimeDiff, BYTE nAuthVersion, BYTE* nSessionKey);
+	DWORD HandleTimeSyn(int nTimeDiff, /*BYTE nAuthVersion,*/ BYTE* nSessionKey);
 	DWORD HandleLockState(int nState);
 	DWORD HandleGetToken(BYTE* token, BYTE* sharedKey, BYTE* token2, BYTE* retHash);
 	DWORD GetEncTerminalInfo(CBlob& encInfo);

Module/mod_accessauth/AccessAuthFSM.cpp

@@ -154,8 +154,8 @@ struct TimeSynTask : ITaskSp {
         {
             std::string terminalNo;
             int curTime;
-            std::string reserved;
-            JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, curTime, reserved)
+            //std::string reserved;
+            JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, curTime/*, reserved*/)
         } timeSyncReq;
         struct TimeSyncAnsStructJson
         {
@@ -168,11 +168,11 @@ struct TimeSynTask : ITaskSp {
 
 		timeSyncReq.terminalNo = si.strTerminalID.GetData();
 		timeSyncReq.curTime = CSmallDateTime::GetNow().GetTime64();
-		timeSyncReq.reserved = "";
+		//timeSyncReq.reserved = "";
 
 		HttpClientResponseResult result;
 		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData());
-		config.SetChildUri("/api/sessionkey");
+		config.SetChildUri("/api/v3/sessionkey");
 		SP::Module::Restful::FulfillRequestJsonBody(&config, timeSyncReq);
         RestfulClient client = RestfulClient::getInstance();
         config.PreDo();
@@ -203,7 +203,7 @@ struct TimeSynTask : ITaskSp {
             DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("decodedSessionKey=%s,%d", decodedSessionKey, decodedSessionKeyLen);
             DWORD rc = Error_InvalidState;
             if (m_fsm->m_pConnection != NULL) {
-                rc = m_fsm->m_pConnection->HandleTimeSyn(timeSyncAns.timeDiff, timeSyncAns.authVersion, (BYTE*)decodedSessionKey);
+                rc = m_fsm->m_pConnection->HandleTimeSyn(timeSyncAns.timeDiff, /*timeSyncAns.authVersion,*/ (BYTE*)decodedSessionKey);
             }
             delete decodedSessionKey;
             if (rc == Error_Succeed) {

Module/mod_accessauth/mod_AccessAuth.cpp

@@ -908,92 +908,89 @@ int Char2Int(char * ch) {
 	}
 	return num;
 }
-bool CAccessAuthEntity::SaveAuthVerAndKey(int nAuthVer, BYTE *pKey)
+bool CAccessAuthEntity::SaveAuthKey(BYTE *pKey)
 {
 	LOG_FUNCTION();
 
-	m_nAuthVersion = nAuthVer;
+	//m_nAuthVersion = nAuthVer;
 	memset(m_AuthSessionKey, 0, 140);
 
-	if (m_nAuthVersion == 2)
-	{
-		CSimpleString runInfoPath, iniPath;
-		auto rc = GetFunction()->GetPath("runinfo", runInfoPath);
-		if (rc != Error_Succeed) {
-			Dbg("GetPath runinfo error=%d.", rc);
-			return false;
-		}
-		
-		char privateKey[BUF_SIZE] = { 0 };
-		iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "AccessAuthorization.ini";
-        //runInfoPath += SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "Initializer.ini";
+	CSimpleString runInfoPath, iniPath;
+	auto rc = GetFunction()->GetPath("runinfo", runInfoPath);
+	if (rc != Error_Succeed) {
+		Dbg("GetPath runinfo error=%d.", rc);
+		return false;
+	}
+
+	char privateKey[BUF_SIZE] = { 0 };
+	iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "AccessAuthorization.ini";
+	//runInfoPath += SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "Initializer.ini";
 
 #ifdef RVC_OS_WIN
-		GetPrivateProfileString("TerminalPD", "PrivateKey", "", privateKey, BUF_SIZE, runInfoPath.GetData());
+	GetPrivateProfileString("TerminalPD", "PrivateKey", "", privateKey, BUF_SIZE, runInfoPath.GetData());
 #else
-		Dbg("path ex：%s", iniPath.GetData());
-		char* tmp = inifile_read_str(iniPath.GetData(),"TerminalPD", "PrivateKey", "");
-		strcpy(privateKey, tmp);
-		delete tmp;
+	Dbg("path ex：%s", iniPath.GetData());
+	char* tmp = inifile_read_str(iniPath.GetData(), "TerminalPD", "PrivateKey", "");
+	strcpy(privateKey, tmp);
+	delete tmp;
 #endif // RVC_OS_WIN
-		
-		if (strlen(privateKey) <= 0) {
-			iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "Initializer.ini";
-			char* tmp2 = inifile_read_str(iniPath.GetData(), "TerminalPD", "PrivateKey", "");
-			strcpy(privateKey, tmp2);
-			delete tmp2;
 
-			if (strlen(privateKey) <= 0)
-			{
-				printPasswdError();
-				return false;
-			}
-		}
-		Dbg("privateKey=%s,%d", privateKey, strlen(privateKey));
-
-		int decodedPrivateKeyLen;
+	if (strlen(privateKey) <= 0) {
+		iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "Initializer.ini";
+		char* tmp2 = inifile_read_str(iniPath.GetData(), "TerminalPD", "PrivateKey", "");
+		strcpy(privateKey, tmp2);
+		delete tmp2;
 
-		char* pDecodedPrivateKey = Hex2Str(privateKey, decodedPrivateKeyLen);
-		Dbg("decodedPrivateKeyLen=%d", decodedPrivateKeyLen);
-		
-	    char pDecryptPrivateKey[BUF_SIZE] = { 0 };
-		int decryprtLen = BUF_SIZE;
-		if (!DecWithSM4_ECB("s5da69gnh4!963@6s5da69gnh4!963@6", (BYTE*)pDecodedPrivateKey, decodedPrivateKeyLen, (BYTE*)pDecryptPrivateKey, &decryprtLen)) {
-			Dbg("DecWithSM4_ECB decrypt privateKey error.");
+		if (strlen(privateKey) <= 0)
+		{
 			printPasswdError();
-			delete[] pDecodedPrivateKey;
 			return false;
 		}
+	}
+	Dbg("privateKey=%s,%d", privateKey, strlen(privateKey));
+
+	int decodedPrivateKeyLen;
+
+	char* pDecodedPrivateKey = Hex2Str(privateKey, decodedPrivateKeyLen);
+	Dbg("decodedPrivateKeyLen=%d", decodedPrivateKeyLen);
+
+	char pDecryptPrivateKey[BUF_SIZE] = { 0 };
+	int decryprtLen = BUF_SIZE;
+	if (!DecWithSM4_ECB("s5da69gnh4!963@6s5da69gnh4!963@6", (BYTE*)pDecodedPrivateKey, decodedPrivateKeyLen, (BYTE*)pDecryptPrivateKey, &decryprtLen)) {
+		Dbg("DecWithSM4_ECB decrypt privateKey error.");
+		printPasswdError();
 		delete[] pDecodedPrivateKey;
-		//添加调试信息
-		char * pEncPriKey = Str2Hex((char*)pDecryptPrivateKey, decryprtLen);
-		Dbg("DecWithSM4_ECB succeess.privateKey=%s", pEncPriKey);
-		delete pEncPriKey;
-
-		char pPlainKey[KEY_SIZE];
-		int plainKeyLen = KEY_SIZE;
-		char pKeyLen[4] = { 0 };
-		memcpy(pKeyLen, pKey, 4);
-		int kenLen = Char2Int(pKeyLen);
-		Dbg("kenLen=%d", kenLen);
-		char* pEncodeKey = Str2Hex((char*)pKey,kenLen + 4);
-		Dbg("pEncodeKey=%s", pEncodeKey);
-		delete pEncodeKey;
-		char* key = new char[kenLen + 1];
-		memset(key, 0, kenLen + 1);
-		memcpy(key, pKey + 4, kenLen);
-		if (!DecWithSM2PriKey((BYTE*)key, kenLen, (BYTE*)pPlainKey, &plainKeyLen, (BYTE*)pDecryptPrivateKey, decryprtLen)) {
-			Dbg("使用私钥解密失败！");
-			printPasswdError();
-			return false;
-		}
-		Dbg("使用私钥解密成功");
-		if (plainKeyLen != KEY_SIZE) {
-			Dbg("私钥解密后的会话密钥长度不等于16！");
-		}
-		
-		memcpy(m_AuthSessionKey, pPlainKey, KEY_SIZE);
+		return false;
 	}
+	delete[] pDecodedPrivateKey;
+	//添加调试信息
+	char* pEncPriKey = Str2Hex((char*)pDecryptPrivateKey, decryprtLen);
+	Dbg("DecWithSM4_ECB succeess.privateKey=%s", pEncPriKey);
+	delete pEncPriKey;
+
+	char pPlainKey[KEY_SIZE];
+	int plainKeyLen = KEY_SIZE;
+	char pKeyLen[4] = { 0 };
+	memcpy(pKeyLen, pKey, 4);
+	int kenLen = Char2Int(pKeyLen);
+	Dbg("kenLen=%d", kenLen);
+	char* pEncodeKey = Str2Hex((char*)pKey, kenLen + 4);
+	Dbg("pEncodeKey=%s", pEncodeKey);
+	delete pEncodeKey;
+	char* key = new char[kenLen + 1];
+	memset(key, 0, kenLen + 1);
+	memcpy(key, pKey + 4, kenLen);
+	if (!DecWithSM2PriKey((BYTE*)key, kenLen, (BYTE*)pPlainKey, &plainKeyLen, (BYTE*)pDecryptPrivateKey, decryprtLen)) {
+		Dbg("使用私钥解密失败！");
+		printPasswdError();
+		return false;
+	}
+	Dbg("使用私钥解密成功");
+	if (plainKeyLen != KEY_SIZE) {
+		Dbg("私钥解密后的会话密钥长度不等于16！");
+	}
+
+	memcpy(m_AuthSessionKey, pPlainKey, KEY_SIZE);
 
 	return true;
 }
@@ -1026,7 +1023,7 @@ static BYTE* ConvertHexStrToBytes(const char *pszStr)
 ErrorCodeEnum CAccessAuthEntity::EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc)
 {
 	LOG_FUNCTION();
-	assert(m_nAuthVersion ==2);
+	//assert(m_nAuthVersion ==2);
 	//这里不需要delete,由CBlob析构函数去执行
 	BYTE* pEncData = new BYTE[1024];
 	int pEncDataSize = 1024;

Module/mod_accessauth/mod_AccessAuth.h

@@ -30,7 +30,7 @@ private:
 class CAccessAuthEntity : public CEntityBase, public ISysVarListener
 {
 public:
-	CAccessAuthEntity() :m_nAuthVersion(1), m_bGetKMCKey(false){}
+	CAccessAuthEntity() :/*m_nAuthVersion(1),*/ m_bGetKMCKey(false){}
 	virtual ~CAccessAuthEntity() {}
 
 	virtual const char* GetEntityVersion() const { return MODULE_VERSION_FULL; }
@@ -106,9 +106,9 @@ public:
 	int GetPinPadCapability();
 
 	// 保存准入版本及会话密钥
-	bool SaveAuthVerAndKey(int nAuthVer, BYTE *pKey);
+	bool SaveAuthKey(BYTE *pKey);
 
-	inline int  GetAuthVersion(){ return m_nAuthVersion; }
+	//inline int  GetAuthVersion(){ return m_nAuthVersion; }
 
 	// 调用准入会话密钥加密
 	ErrorCodeEnum EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc);
@@ -207,7 +207,7 @@ public:
 protected:
 	CAccessAuthFSM m_FSM;
 
-	int m_nAuthVersion;		// 准入请求版本： 1 借助KMC密钥验证；2 借助终端密钥动态生成会话密钥验证
+	//int m_nAuthVersion;		// 准入请求版本： 1 借助KMC密钥验证；2 借助终端密钥动态生成会话密钥验证
 	CSystemStaticInfo m_info;
 
 	CSimpleStringA m_strAuthErrMsg;