myvtm/Module/mod_accessauth/AccessAuthFSM.cpp

#include "stdafx.h"
#include "AccessAuthFSM.h"
#include "mod_AccessAuth.h"
#include "Event.h"
#include "access_basefun.h"
#include  <stdio.h>
#include  <stdlib.h>
#include "fileutil.h"
#include "iniutil.h"
#include "CommEntityUtil.hpp"
#include "CommEntityRestful.hpp"
#include "SpUtility.h"
#include "comm.h"
#include "PinPad_client_g.h"
#include <codecvt>
using namespace PinPad;

#ifdef RVC_OS_WIN
#include  <io.h>
#include <stdint.h>"
#include "MyBase64.h"
#include <TlHelp32.h>
#include <iphlpapi.h>
#include <ws2tcpip.h>
#include <Winsock2.h>
#include <algorithm>
#include "WMIDeviceQuery.h"
#include <WinCrypt.h>
#include <Strsafe.h>
#include "DeviceBaseClass.h"
#pragma comment(lib, "IPHLPAPI.lib")
#define ALLOW_MULTI_NETWORKD_CARDS
#endif // RVC_OS_WIN

int HexBuf2StrBuf(PBYTE hexBuf, char** strBuf, DWORD len)
{
	char* tmpStr = *strBuf;
	int count = 0;
	for (int i = 0; i < len; ++i) {
		sprintf(tmpStr + count, "%0.2X", hexBuf[i]);
		count += 2;
	}
	return 0;
}
int StrBuf2HexBuf(LPCTSTR strBuf, PBYTE* hexBuf)
{
	int len = strlen(strBuf);
	if (len == 0 || len % 2 != 0)
		return 0;
	BYTE* buf = new BYTE[len / 2];
	if (buf == NULL)
		return 0;
	int j = 0;
	for (int i = 0; i < len;) {
		int tmpVal;
		sscanf(strBuf + i, "%2X", &tmpVal);
		buf[j] = tmpVal;
		i += 2;
		j++;
	}
	*hexBuf = buf;
	return j;
}

CAccessAuthFSM::CAccessAuthFSM()
	:m_finishAccess(0), m_nAccessFailedCount(0)
	, m_accessAuthHost(true), m_initDeviceHost(true)
	, m_torelateDiffSyncTimeSecs(180)
{
}

CAccessAuthFSM::~CAccessAuthFSM()
{
	m_iState = FSM_STATE_EXIT;		// 屏蔽退出ASSERT错误
}

void CAccessAuthFSM::OnStateTrans(int iSrcState, int iDstState)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("trans from %s to %s", GetStateName(iSrcState), GetStateName(iDstState));
}

ErrorCodeEnum CAccessAuthFSM::OnInit()
{
	LOG_FUNCTION();
	AddStateHooker(this);
	m_finishAccess = 0;

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Complied at: %s %s", __DATE__, __TIME__);

	//设置初始锁定状态，0
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	spFunction->SetSysVar("LockState", "0", true);

	ErrorCodeEnum Error = LoadCenterConfig();
	if (Error != Error_Succeed) 
	{
		LOG_TRACE("load CenterSetting.ini failed!");
	}

	GetDiffSyncTimeFromCenterSettings();
	return Error_Succeed;
}

ErrorCodeEnum CAccessAuthFSM::OnExit()
{
	RemoveStateHooker(this);
	return Error_Succeed;
}

void CAccessAuthFSM::HttpsLogCallBack(const char* logtxt)
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HttpsLogCallBack")("%s", logtxt);
}

struct TimeSynTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	TimeSynTask(CAccessAuthFSM* fsm) :m_fsm(fsm) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) 
		{
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
			m_fsm->PostEventFIFO(pEvent);
			CSimpleStringA strMsg(true);
			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或重启应用");
			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
			return;
		}
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);

		struct TimeSynReqStructJson
		{
			std::string terminalNo;
			int curTime;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, curTime)
		} timeSyncReq;
		struct TimeSyncAnsStructJson
		{
			int timeDiff;
			int authVersion;
			std::string sessionKey;
			std::string reserved;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(timeDiff, authVersion, sessionKey, reserved)
		}timeSyncAns;

		timeSyncReq.terminalNo = si.strTerminalID.GetData();
		timeSyncReq.curTime = CSmallDateTime::GetNow().GetTime64();

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v3/sessionkey");
		SP::Module::Restful::FulfillRequestJsonBody(&config, timeSyncReq);
		RestfulClient client = RestfulClient::getInstance();

		if (m_fsm->containsChinese(m_fsm->GetmAccessAuthHost().GetData()))
		{
			result.statusCode = 6;
			m_fsm->AuthLogWarn(result, m_fsm->GetmAccessAuthHost().GetData(), "获取会话密钥");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask Connect Failed.");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_ACS_FAIL;
			m_fsm->PostEventFIFO(pEvent);

			return;
		}

		std::string test;
		test = config.GetRequestUri();

		config.PreDo();
		client.Do(&config, &result);

		if (result.ResponseOK()) {
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);

			if (!responseStatus.IsOperatedOK()) {
				m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取会话密钥");
				return;
			}

			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, timeSyncAns);

			auto printFunc = [&timeSyncAns]() {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("timeDiff: %d", timeSyncAns.timeDiff);
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("authVersion: %d", timeSyncAns.authVersion);
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("sessionKey: %s", timeSyncAns.sessionKey.c_str());
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("reserved: %s", timeSyncAns.reserved.c_str());
	};
			printFunc();

			int decodedSessionKeyLen = 0;
			char* decodedSessionKey = Hex2Str(timeSyncAns.sessionKey.c_str(), decodedSessionKeyLen);
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("decodedSessionKey=%s,%d", decodedSessionKey, decodedSessionKeyLen);
			DWORD rc = Error_InvalidState;
			rc = m_fsm->HandleTimeSyn(timeSyncAns.timeDiff, (BYTE*)decodedSessionKey);
			delete decodedSessionKey;
			if (rc == Error_Succeed) {
				auto pEvent = new FSMEvent(CAccessAuthFSM::Event_EndSyncTime);
				m_fsm->PostEventFIFO(pEvent);
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask HandleTimeSyn error = %08X", rc);
			}
}
		else {
			std::string errDetail(result.WhatError());
			if (errDetail.find("Error resolving address") != std::string::npos) {
				std::string tmpDetail = SP::Module::Net::GetWWWInfoThroughDig(config.GetBaseUri());
				if (!tmpDetail.empty()) {
					SP::Utility::replaceInPlace(tmpDetail, "\n", "$$");
					const int len = tmpDetail.length();
					int pos = 0, times = 0;
					const int each_size = 450;
					std::vector<std::string> contents;
					while (pos < len) {
						const std::string elem = tmpDetail.substr(pos, (len - pos) > each_size ? each_size : std::string::npos);
						pos = (++times) * each_size;
						contents.push_back(elem);
						LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO,
							CSimpleStringA::Format("[%d]%s", times, elem.c_str()));
					}
				}
				else {
					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
				}
			}
			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取会话密钥");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask Connect Failed.");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_ACS_FAIL;
			m_fsm->PostEventFIFO(pEvent);
		}
	}
};

struct UpdateWKTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	CAccessAuthEntity* m_entity;
	UpdateWKTask(CAccessAuthFSM* fsm, CAccessAuthEntity* entity) :m_fsm(fsm), m_entity(entity) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) 
		{
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			return;
		}
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);

		if (m_fsm->containsChinese(m_fsm->GetmAccessAuthHost().GetData()))
		{
			m_fsm->doWarnMsg(ERROR_ACCESSAUTH_CONNECT_ACS,
				GetOutPutStr("%s", "连接总行ACS准入服务失败（UpdateWKTask）.").c_str(), true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5212")("UpdateWKTask Connect Failed.");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			m_fsm->PostEventFIFO(pEvent);

			return;
		}
		
		struct UpdateWKReq
		{
			std::string terminalNo;
			std::string encRandom;
			string tpkKeyCheck; //tpk密钥校验值
			string edkKeyCheck; //edk密钥校验值
			string keyIndex; //密钥序号
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, encRandom, tpkKeyCheck, edkKeyCheck, keyIndex)
		} updateWKReq;

		struct UpdateWKAns
		{
			string tmk;
			string tpk;
			string edk;
			string tpkKeyCheck; //密钥校验值
			string edkKeyCheck; //edk密钥校验值
			string keyIndex; //密钥序号
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(tmk, tpk, edk, tpkKeyCheck, edkKeyCheck, keyIndex)
		} updateWKAns;

		updateWKReq.terminalNo = si.strTerminalID.GetData();
		auto tmkpair = m_entity->GenerateTmkToKMC();//first是加密的，seconde是没加密的
		updateWKReq.encRandom = tmkpair.first;

		PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this->m_entity);
		auto errRc = pPinPad->Connect();
		if (errRc == Error_Succeed)
		{
			PinPadService_GetCheckCode_Req req = {};
			PinPadService_GetCheckCode_Ans ans = {};

			req.mSN.Init(1);
			req.wSN.Init(1);
			req.mSN[0] = 1;
			req.wSN[0] = 0;
			errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
			if (errRc == Error_Succeed)
			{
				updateWKReq.tpkKeyCheck = ans.checkcode[0].GetData();
				updateWKReq.keyIndex = ans.index[0].GetData();
			}
			else
			{
				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Get keyChek && keyIndex failed.");
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("connect to pinpad failed.error code:%d", errRc);
		}

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v5/wkupdate");

		SP::Module::Restful::FulfillRequestJsonBody(&config, updateWKReq);

		std::string test;
		test = config.GetRequestUri();
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("请求地址：%s.", test.c_str());

		RestfulClient client = RestfulClient::getInstance();
		config.PreDo();
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("to Post with new restful....");
		client.Do(&config, &result);
		if (result.ResponseOK()) {
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask Connect With Restful Success.");
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
			if (!responseStatus.IsOperatedOK()) {
				m_fsm->doWarnMsg(ERR_ACCESSAUTH_UPDATE_WK,
					GetOutPutStr("%s%s%s%s", "UpdateWKTask", responseStatus.errorCode.c_str(), "message", responseStatus.errorMsg.c_str()).c_str(), true);
				return;
			}
			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, updateWKAns);

			DWORD rc = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKAns.tpk, updateWKAns.edk, updateWKAns.keyIndex, updateWKAns.tpkKeyCheck, updateWKAns.edkKeyCheck);
			if (rc == Error_Succeed) {
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask 密钥加载失败，请检查密码键盘连接。 error = %08X", rc);
			}
		}
		else {
			m_fsm->doWarnMsg(ERROR_ACCESSAUTH_CONNECT_ACS,
				GetOutPutStr("%s%s", "连接总行ACS准入服务失败（UpdateWKTask）.", result.WhatError().c_str()).c_str(), true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5212")("UpdateWKTask Connect Failed.");
	}

	UpdateWKRetError:

		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
		m_fsm->PostEventFIFO(pEvent);
	}
};

struct GetTokenTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	CAccessAuthEntity* m_entity;
	GetTokenTask(CAccessAuthFSM* fsm, CAccessAuthEntity* entity) :m_fsm(fsm), m_entity(entity) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) {
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
			m_fsm->PostEventFIFO(pEvent);
			CSimpleStringA strMsg(true);
			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或尝试重启应用");
			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
			return;
		}

		///**TODO(Gifur@3/11/2022): 诗友确定是否还需要连分行！！！！！ */
		CAccessAuthGetTokenReq getTokenReq;
		if (m_fsm->GetTokenReq(&getTokenReq) != Error_Succeed)
		{
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
			m_fsm->PostEventFIFO(pEvent);
			return;
		}

		struct GetTokenReq
		{
			string installVersion;//终端版本（新加字段）
			string terminalCharacter;
			string terminalNo;
			string sessionTempPubKey;
			string encTerminalInfo;
			string publicKeySM;
			string pinPadID;
			string existPinPad;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(installVersion, terminalCharacter, terminalNo,
				sessionTempPubKey, encTerminalInfo, publicKeySM, pinPadID, existPinPad)
		} getTokenReqJson;

		struct AccessTokenJson
		{
			string enToken;
			string retHash;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(enToken, retHash)
		};
		struct SharedKeyJson
		{
			string enToken;
			string sharedSK;
			string retHash;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(enToken, sharedSK, retHash)
		};

		struct GetTokenAns
		{
			AccessTokenJson accessToken;
			SharedKeyJson sharedKey;
			bool flag;
			string warnMessage;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(accessToken, sharedKey, flag, warnMessage)
		} getTokenAns;

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v3/access");

		if (m_fsm->containsChinese(m_fsm->GetmAccessAuthHost().GetData()))
		{
			result.statusCode = 6;
			m_fsm->AuthLogWarn(result, m_fsm->GetmAccessAuthHost().GetData(), "获取准入token");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask Connect Failed.");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
			m_fsm->PostEventFIFO(pEvent);

			return;
		}

		getTokenReqJson.installVersion = getTokenReq.installVersion;
		getTokenReqJson.terminalCharacter = getTokenReq.terminalCharacter;
		getTokenReqJson.terminalNo = getTokenReq.terminalNo;
		getTokenReqJson.sessionTempPubKey = getTokenReq.sessionTempPubKey;
		getTokenReqJson.encTerminalInfo = getTokenReq.encTerminalInfo;
		getTokenReqJson.publicKeySM = getTokenReq.publicKeySM;
		getTokenReqJson.pinPadID = getTokenReq.pinPadID;
		getTokenReqJson.existPinPad = getTokenReq.existPinPad;


		SP::Module::Restful::FulfillRequestJsonBody(&config, getTokenReqJson);

		std::string test;
		test = config.GetRequestUri();

		RestfulClient client = RestfulClient::getInstance();
		config.PreDo();
		client.Do(&config, &result);
		if (result.ResponseOK()) {
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
			if (!responseStatus.IsOperatedOK()) {
				m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
				return;
			}
			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, getTokenAns);

			if (getTokenAns.flag != false/*&& flag？*/) //判断是否需要告警，通过标志位,标志位待确定
			{
				CSimpleStringA tmsg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
					responseStatus.errorCode.c_str(), getTokenAns.warnMessage.c_str());
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", tmsg.GetData(), true);
			}
			else
			{
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", "", true);
			}

			DWORD rc = m_fsm->HandleGetToken((BYTE*)getTokenAns.sharedKey.enToken.c_str(), (BYTE*)getTokenAns.sharedKey.sharedSK.c_str(),
				(BYTE*)getTokenAns.accessToken.enToken.c_str(), (BYTE*)getTokenAns.accessToken.retHash.c_str());

			if (rc == Error_Succeed) {
				FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenSucc);
				m_fsm->PostEventFIFO(pEvent);
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask HandleGetToken error = %08X", rc);
			}
		}
		else {
			std::string errDetail(result.WhatError());
			if (errDetail.find("Error resolving address") != std::string::npos) {
				std::string tmpDetail = SP::Module::Net::GetWWWInfoThroughDig(config.GetBaseUri());
				if (!tmpDetail.empty()) {
					SP::Utility::replaceInPlace(tmpDetail, "\n", "$$");
					const int len = tmpDetail.length();
					int pos = 0, times = 0;
					const int each_size = 450;
					std::vector<std::string> contents;
					while (pos < len) {
						const std::string elem = tmpDetail.substr(pos, (len - pos) > each_size ? each_size : std::string::npos);
						pos = (++times) * each_size;
						contents.push_back(elem);
						LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO,
							CSimpleStringA::Format("[%d]%s", times, elem.c_str()));
					}
				}
				else {
					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
				}
			}

			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask Connect Failed.");
		}
		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
		m_fsm->PostEventFIFO(pEvent);
	}
};

struct InitDeviceTask :public ITaskSp
{
	CAccessAuthFSM* m_fsm;
	InitDeviceReq m_req;
	InitDeviceTask(CAccessAuthFSM* fsm, InitDeviceReq req) :m_fsm(fsm), m_req(req) {}

	void Process()
	{
		return;
	}
};


#ifdef RVC_OS_LINUX
bool isChineseChar(const char* p) {
	if (*p >= 0x80) { // ASCII字符的最高位是0，非ASCII字符的最高位是1
		char firstByte = *p;
		if ((firstByte & 0xE0) == 0xE0) { // 3字节的UTF-8字符
			return (*++p >= 0x80) && (*++p >= 0x80) && // 第二、三个字节都是10xxxxxx
				((firstByte & 0xFE) != 0xFE) && // 排除0xFE00~0xFEFF的特殊区域
				((*(unsigned char*)p - 0x80) <= 0xBF);
		}
		else if ((firstByte & 0xC0) == 0xC0) { // 2字节的UTF-8字符
			return (*++p >= 0x80) && // 第二个字节是10xxxxxx
				((firstByte & 0xFE) != 0xFE);
		}
}
	return false;
}

bool CAccessAuthFSM::containsChinese(const std::string& str) {
	for (size_t i = 0; i < str.size(); i++) {
		if (isChineseChar(str.c_str() + i)) {
			return true;
		}
	}
	return false;
}
#else
bool CAccessAuthFSM::containsChinese(const std::string& str) {
	int len = MultiByteToWideChar(CP_ACP, 0, str.c_str(), -1, NULL, 0);
	wchar_t* wideStr = new wchar_t[len];
	MultiByteToWideChar(CP_ACP, 0, str.c_str(), -1, wideStr, len);

	for (int i = 0; i < len; i++) {
		if (wideStr[i] >= 0x4E00 && wideStr[i] <= 0x9FFF) {
			delete[] wideStr;
			return true;
		}
	}

	delete[] wideStr;
	return false;
}
#endif // RVC_OS_WIN


void CAccessAuthFSM::doWarnMsg(int errReason, std::string errMsg, bool bNeedEvent, string varMsg)
{
#ifdef RVC_OS_WIN
	auto fullErrMsg = varMsg.length() > 0 ? varMsg : errMsg;
#else
	const std::string errMsgStr = SP::Utility::GBK2UTF8(errMsg);
	const std::string varMsgStr = SP::Utility::GBK2UTF8(varMsg);
	auto fullErrMsg = varMsgStr.length() > 0 ? varMsgStr : errMsgStr;
#endif // RVC_OS_WIN
	if (bNeedEvent) 
	{
		const ErrorCodeEnum ec = m_pEntity->GetFunction()->SetSysVar("AuthErrMsg", fullErrMsg.c_str(), true);
		if (ec != Error_Succeed) {
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Update SysVar failed: 0x%X", ec);
		}
		
		if (errReason == ERR_ACCESSAUTH_SERVICE_FAILED)
		{
			m_pEntity->GetFunction()->SetSysVar("AuthErrMsg", errMsg.c_str(), true);
			LogEvent(Severity_Middle, ERR_ACCESSAUTH_SERVICE_FAILED, errMsg.c_str());
		}
		else
		{
			LogEvent(Severity_Middle, checkErrType(errReason), errMsg.c_str());
		}
	}
	LogWarn(Severity_Middle, Error_Unexpect, errReason, errMsg.c_str());
}

void CAccessAuthFSM::s1_on_entry()
{
	CSimpleStringA strEntryStatus = GetEntryPermitSysVar();
	if (strEntryStatus.Compare("L") == 0) {
		PostEventFIFO(new FSMEvent(Event_AccessAuthSucc));
	} 
	else {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("EntryStatus: %s", strEntryStatus.GetData());
		SetEntryPermitSysVar("I");
	}
	GetEntityBase()->GetFunction()->SetSysVar("AccessHavePath", "Y");//oiltmp to delete
}

void CAccessAuthFSM::s1_on_exit()
{
}

unsigned int CAccessAuthFSM::s1_on_event(FSMEvent* pEvent)
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("s1_on_event: %d", pEvent->iEvt);
	return 0;
}
void CAccessAuthFSM::s2_on_entry()
{
	LOG_FUNCTION();

	m_finishAccess = 0;
	SetEntryPermitSysVar("C");
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("开始第%d次准入", m_nAccessFailedCount);

	CSmartPointer<TimeSynTask> timeSynTask = new TimeSynTask(this);
	GetEntityBase()->GetFunction()->PostThreadPoolTask(timeSynTask.GetRawPointer());
}

void CAccessAuthFSM::s2_on_exit()
{
}

unsigned int CAccessAuthFSM::s2_on_event(FSMEvent* pEvent)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("s2 receives event id: %d", pEvent->iEvt);

	if (pEvent->iEvt == Event_EndSyncTime) 
	{
		pEvent->SetHandled();

		CSmartPointer<GetTokenTask> getTokenTask = new GetTokenTask(this, (CAccessAuthEntity*)m_pEntity);
		GetEntityBase()->GetFunction()->PostThreadPoolTask(getTokenTask.GetRawPointer());
		return 0;

	} 
	else if (pEvent->iEvt == Event_ReqTokenCancel)
	{ //这里貌似会触发健康发起重试

		auto pEntity = (CAccessAuthEntity*)m_pEntity;
		if (pEvent->param1 == AccessAuthorization_UserErrorCode_AccessAuth_NULL) 
		{
			CSimpleStringA strMsg = CSimpleStringA::Format("准入Url为空");
			pEntity->SetAuthErrMsg(strMsg);
		} 
		else if (pEvent->param1 == AccessAuthorization_UserErrorCode_ACS_FAIL) 
		{
			pEntity->SetAuthErrMsg("访问总行ACS失败");
		} 
		else 
		{
			CSimpleStringA strErrMsg = CSimpleStringA::Format("准入超时(%d)", m_finishAccess);
			pEntity->GetFunction()->ShowFatalError(strErrMsg);
		}

		SetEntryPermitSysVar("A");
		m_nAccessFailedCount++;
		pEvent->SetHandled();

	}
	else if (pEvent->iEvt == Event_ReqTokenFail) 
	{  //而这里不会触发健康发起重试

		SetEntryPermitSysVar("F");
		pEvent->SetHandled();

		auto pEntity = (CAccessAuthEntity*)m_pEntity;
		CSimpleStringA strErrMsg = CSimpleStringA::Format("%s", (const char*)pEntity->GetAuthErrMsg());
		// 发送准入失败事件,暂时不发送事件进去关门界面，原因关门界面显示中文乱码
		doWarnMsg(EVENT_ACCESSAUTH_FAILED, strErrMsg.GetData(), true);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520B")("准入失败");
		pEntity->GetFunction()->ShowFatalError(strErrMsg);

		m_nAccessFailedCount = 0;

	} 
	else if (pEvent->iEvt == Event_ReqTokenSucc) 
	{

		SetEntryPermitSysVar("L");
		LogEvent(Severity_Middle, EVENT_ACCESSAUTH_SUCCEED, "终端准入成功");
		m_pEntity->GetFunction()->ShowStartupInfo("准入成功");
		m_nAccessFailedCount = 0;
		pEvent->SetHandled();
		PostEventFIFO(new FSMEvent(Event_AccessAuthSucc));

	} 

	return 0;
}

void CAccessAuthFSM::s3_on_entry()
{
	LOG_FUNCTION();
	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);
	if (si.InstallVersion.ToString().IsNullOrEmpty()) {
		LogWarn(Severity_Low, Error_Debug, AccessAuthorization_UserErrorCode_Start, "终端准入成功");
	}
	else {
		LogWarn(Severity_Low, Error_Debug, AccessAuthorization_UserErrorCode_Start, CSimpleStringA::Format("终端准入成功，版本: %s", si.InstallVersion.ToString().GetData()));
	}
}

unsigned int CAccessAuthFSM::s3_on_event(FSMEvent* event)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("s3 receives event id: %d", event->iEvt);
	return 0;
}

CSimpleStringA CAccessAuthFSM::GetEntryPermitSysVar()
{
	CSimpleStringA strValue(true);
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	spFunction->GetSysVar("EntryPermit", strValue);
	return strValue;
}

ErrorCodeEnum CAccessAuthFSM::SetEntryPermitSysVar(const CSimpleStringA& newVal)
{
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Set EntryPermit with %s", newVal.GetData());
	return spFunction->SetSysVar("EntryPermit", (const char*)newVal);
}

ErrorCodeEnum CAccessAuthFSM::LoadCenterConfig()
{
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = spFunction->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error) 
	{
		spConfig->ReadConfigValue("AccessAuthorization", "HostUrl", m_accessAuthHost);
		spConfig->ReadConfigValue("AccessAuthorization", "HostInitDeviceUrl", m_initDeviceHost);
	}

	return Error;
}

bool CAccessAuthFSM::DecryptWithSessionKey(BYTE* encText, int encTextLen, BYTE* decTest, int& decTestLen)
{
	BYTE key[16] = { 0 };
	memcpy(key, ((CAccessAuthEntity*)m_pEntity)->m_AuthSessionKey, 16);
	char* keyTmp = Str2Hex((char*)key, 16);
	delete keyTmp;

	if (!DecWithSM4_ECB(key, encText, encTextLen, decTest, &decTestLen)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("DecryptWithSessionKey ECB error.");
		return false;
	}
	keyTmp = Str2Hex((char*)decTest, decTestLen);
	delete keyTmp;
	return true;
}

DWORD CAccessAuthFSM::HandleTimeSyn(long nTimeDiff, BYTE* nSessionKey)
{
	// 比较终端和服务器时间， 时差小于3分钟（默认，可通过集中配置配置）不纠正	
	const long dwTimeDiff = nTimeDiff > 0 ? nTimeDiff : 0 - nTimeDiff;
	const long torelateTime = m_torelateDiffSyncTimeSecs > 0 ? m_torelateDiffSyncTimeSecs : 0 - m_torelateDiffSyncTimeSecs;
	if (torelateTime < dwTimeDiff) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("HandleTimeSyn")
			("time diff is too large (%ds), sync time now", nTimeDiff);

		CSmallDateTime dtServerTime((DWORD)(CSmallDateTime::GetNow()) + nTimeDiff);
		SYSTEMTIME stServerTime = dtServerTime.ToSystemTime();
#ifdef RVC_OS_WIN
		if (SetLocalTime(&stServerTime)) {
#else
		if (set_system_time_by_sec(nTimeDiff)) {
#endif // RVC_OS_WIN
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("sync time with server succeed, server time: [%s]", dtServerTime.ToTimeString().GetData());
			LogWarn(Severity_Low, Error_Debug, AccessAuthorization_UserErrorCode_Sync_Time_Succ,
				CSimpleStringA::Format("sync time succ:  server time: [%s],diff[%ld],threshold:[%d]", 
					dtServerTime.ToTimeString().GetData(), nTimeDiff, m_torelateDiffSyncTimeSecs));
		}
		else {
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_Sync_Time_Failed,
				CSimpleStringA::Format("sync time failed:  server time: [%s],diff[%ld],threshold:[%d](GLE=%u)",
					dtServerTime.ToTimeString().GetData(), nTimeDiff, m_torelateDiffSyncTimeSecs, GetLastError()));
			return ERR_ACCESSAUTH_SET_LOCALE_TIME;
		}
	} 
	else {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("HandleTimeSyn")
			("time diff is acceptable (%lds), threshold(%d),", nTimeDiff, m_torelateDiffSyncTimeSecs);
	}

	//会话密钥缓存
	if (((CAccessAuthEntity*)m_pEntity)->SaveAuthKey(nSessionKey))
		return Error_Succeed;
	return Error_Unexpect;
}

DWORD CAccessAuthFSM::HandleGetToken(BYTE* enToken1, BYTE* sharedKey, BYTE* enToken2, BYTE* retHash)
{
	DWORD rc = Error_Succeed;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("retHash=%s", (char*)retHash);

	char* enToken1_acs, * sharedKey_acs, * enToken2_acs, * hash_acs;
	int enToken1_acs_len = 0, sharedKey_acs_len = 0, enToken2_acs_len = 0, hash_acs_len = 0;

	enToken1_acs = Hex2Str((char*)enToken1, enToken1_acs_len);
	sharedKey_acs = Hex2Str((char*)sharedKey, sharedKey_acs_len);
	enToken2_acs = Hex2Str((char*)enToken2, enToken2_acs_len);
	hash_acs = Hex2Str((char*)retHash, hash_acs_len);

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("enToken1_acs_len=%d", enToken1_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("sharedKey_acs_len=%d", sharedKey_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("enToken2_acs_len=%d", enToken2_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("hash_acs_len=%d", hash_acs_len);

	memset(enToken1, 0, strlen((char*)enToken1));
	memset(sharedKey, 0, strlen((char*)sharedKey));
	memset(enToken2, 0, strlen((char*)enToken2));
	memset(retHash, 0, strlen((char*)retHash));

	memcpy(enToken1, enToken1_acs, enToken1_acs_len);
	memcpy(sharedKey, sharedKey_acs, sharedKey_acs_len);
	memcpy(enToken2, enToken2_acs, enToken2_acs_len);
	memcpy(retHash, hash_acs, hash_acs_len);

	delete enToken1_acs;
	delete sharedKey_acs;
	delete enToken2_acs;
	delete hash_acs;

	BYTE enToken[512 + 16] = { 0 };
	memcpy(enToken, enToken1, 256);
	memcpy(enToken + 256, enToken2, 256);
	memcpy(enToken + 512, sharedKey, 16);

	BYTE sm3[32] = { 0 };
	if (!SM3Hash(enToken, 512 + 16, sm3)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("SM3 Hash error at Token Ret.");
	}
	if (memcmp(sm3, retHash, 32) != 0) 
	{
		rc = Error_Bug;
		pEntity->SetAuthErrMsg("返回令牌校验不通过");
		pEntity->GetFunction()->SetSysVar("AuthErrMsg", "返回令牌校验不通过", true);
		char* sm3Ret = Str2Hex((char*)sm3, 32);
		delete sm3Ret;
		doWarnMsg(ERR_ACCESSAUTH_TOKEN_HASH, "返回令牌校验不通过", true);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%s", "Hash", "返回令牌校验不通过").c_str());
	} 
	else 
	{
		CBlob token;
		token.Alloc(512);
		memcpy(token.m_pData, enToken, 512);

		CBlob sharedSK;
		sharedSK.Alloc(16);
		memcpy(sharedSK.m_pData, sharedKey, 16);
		rc = pEntity->SaveTokenAndSharedSK(token, sharedSK);
		if (rc != Error_Succeed) 
		{
			pEntity->SetAuthErrMsg("保存令牌失败");
			pEntity->GetFunction()->SetSysVar("AuthErrMsg", "保存令牌失败", true);
			pEntity->SetAuthErrMsg("保存令牌失败");
			doWarnMsg(ERR_ACCESSAUTH_SAVE_TOKEN, "保存令牌失败", true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5208")(GetOutPutStr("%s%08X", "SaveTokenAndSharedSK", rc).c_str());
		}
	}
	return rc;
}

DWORD CAccessAuthFSM::GetEncTerminalInfo(CBlob& encInfo)
{
	LOG_FUNCTION();
	RequestTokenReq1 req1;
	memset(&req1, 0, sizeof(req1));
	BYTE* pBuf = (BYTE*)&req1.encTerminalInfo;

	// 设置长度
	sprintf((char*)pBuf, "%.4d", sizeof(RequestTokenInfo));

	RequestTokenInfo* pInfo = (RequestTokenInfo*)(pBuf + 4);

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);
	strncpy(pInfo->szTerminalNo, (const char*)si.strTerminalID, sizeof(pInfo->szTerminalNo) - 1);

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool isPinPadMac = false, bPinPadOnline = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, isPinPadMac, bPinPadOnline);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("GetPinPadIDAndDeviceID ret: %d, PinPadID: %s, DeviceID: %s", nRet, strPinPadID.GetData(), strDeviceID.GetData());
	if (nRet == 2 || nRet == 3) {
		strncpy(pInfo->szPadDeviceID, (const char*)strDeviceID, sizeof(pInfo->szPadDeviceID) - 1);
	}

	strncpy(pInfo->szMachineType, (const char*)si.strMachineType, sizeof(pInfo->szMachineType) - 1);

	// 设备版本，低两位为小版本号，高两位为大版本号 Binary	4
	DWORD ver32 = si.MachineVersion.GetVersion32();
	for (int i = 0; i < 4; i++) {
		pInfo->machineVersion[3 - i] = ((BYTE*)&ver32)[i];
	}

	//	安装版本，其中包含软件框架版本	binary	8
	__int64 ver64 = si.InstallVersion.GetVersion64();
	for (int i = 0; i < 8; i++) {
		pInfo->installVersion[7 - i] = ((BYTE*)&ver64)[i];
	}
#ifdef RVC_OS_WIN	
	hostent* ent = gethostbyname(NULL);
	if (ent && ent->h_addr_list[0] != NULL) {
		int i = 0;
		for (; ent->h_addr_list[i] != NULL; ++i) {
			struct in_addr* in = (struct in_addr*)ent->h_addr_list[i];
			//99开头行内办公网，10开头行内业务网。规范出自《招商银行总行网络规范汇编（2017年版）.pdf》
			if (in->S_un.S_un_b.s_b1 == 99 || in->S_un.S_un_b.s_b1 == 10)
				break;
		}

		if (ent->h_addr_list[i] == NULL)
			i = 0;

		auto in = (struct in_addr*)ent->h_addr_list[i];

		pInfo->ip[0] = in->S_un.S_un_b.s_b1;
		pInfo->ip[1] = in->S_un.S_un_b.s_b2;
		pInfo->ip[2] = in->S_un.S_un_b.s_b3;
		pInfo->ip[3] = in->S_un.S_un_b.s_b4;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("ip:%d.%d.%d.%d", pInfo->ip[0], pInfo->ip[1], pInfo->ip[2], pInfo->ip[3]);
	}
#else
	char ip[32] = { 0 };
	if (getIPFromLinux(ip)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Get IP From Linux Error ex.");
	else {
		if (ip2byte(ip, pInfo->ip)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Ip 2 Byte Error");
		else {
			for (int i = 0; i < 4; i++) {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("ip[%d]=%d", i, (int)pInfo->ip[i]);
			}
		}
	}
#endif //#ifdef RVC_OS_WIN
	strncpy(pInfo->szSites, si.strSite, sizeof(pInfo->szSites) - 1);

	si.EnrolGPS.GetBinaryLongitude(&pInfo->currentGPS[0]);
	si.EnrolGPS.GetBinaryLatitude(&pInfo->currentGPS[4]);

	CSimpleStringA ts;
	DWORD rc = m_pEntity->GetFunction()->GetSysVar("TerminalStage", ts);
	if (rc != Error_Succeed) 
	{
		string outStr = GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "TerminalStage", ts.GetData());
		doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(outStr.c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(ts.GetLength() >= 1);
	pInfo->chTerminalState = ts[0];

	CSimpleStringA rs;
	rc = m_pEntity->GetFunction()->GetSysVar("RunState", rs);
	if (rc != Error_Succeed) 
	{
		string outStr = GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "RunState", rs.GetData());
		doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(outStr.c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(rs.GetLength() >= 1);
	pInfo->chRunState = rs[0];


	CBlob raw;
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	// 使用会话密钥加密
	raw.Refer(pBuf, sizeof(RequestTokenInfo) + 4);
	rc = pEntity->EncryptDataWithSessionKey(raw, encInfo);

	if (rc != Error_Succeed) 
	{
		doWarnMsg(ERR_ACCESSAUTH_ENCRYPT_KEY,
			GetOutPutStr("%s%08X", "CryptEncrypt", rc).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X", "CryptEncrypt", rc).c_str());
		return ERR_ACCESSAUTH_ENCRYPT_KEY;
	}
	return Error_Succeed;
}

//密钥加密并转成可见字符
DWORD CAccessAuthFSM::GetTmk(string& tmk)
{
	BYTE tmp[140];
	CBlob pubKey;
	CBlob priKey;
	DWORD rc = ((CAccessAuthEntity*)m_pEntity)->CreateSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	rc = ((CAccessAuthEntity*)m_pEntity)->SaveSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	memset(tmp, 0, sizeof(tmp));
	if (pubKey.m_iLength > 70) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时公钥长度(%d)大于70。。。", pubKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(tmp, sizeof(tmp) - 70, pubKey.m_pData, pubKey.m_iLength);
	if (priKey.m_iLength > 70) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时私钥长度(%d)大于70。。。", priKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(&tmp[70], sizeof(tmp) - 70, priKey.m_pData, priKey.m_iLength);
	char* pRet = new char[512];
	HexBuf2StrBuf(tmp, &pRet, 140);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("data=%s,%d", pRet, strlen(pRet));
	tmk.assign(pRet);
	delete[] pRet;

	return Error_Succeed;
}

DWORD CAccessAuthFSM::GetTokenReq(CAccessAuthGetTokenReq* getTokenReq)
{
	DWORD rc;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

	CSystemStaticInfo si;
	pEntity->GetFunction()->GetSystemStaticInfo(si);

	getTokenReq->installVersion = si.InstallVersion.ToString();

	BYTE fingerPrint[32] = { 0 };
	int nBufLen = sizeof(fingerPrint);
	if (!pEntity->GetTerminalFingerPrint(fingerPrint, nBufLen)) 
	{
		doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5203")
			(GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False").c_str());
		return ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT;
	}
	char tmp[256] = { 0 };
	char* fingerPrintHex = Str2Hex((char*)fingerPrint, 64);
	memcpy(tmp, fingerPrintHex, 64);
	getTokenReq->terminalCharacter = tmp;
	delete fingerPrintHex;

	CBlob encInfo;
	if ((rc = GetEncTerminalInfo(encInfo)) != Error_Succeed) 
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetEncTerminalInfo failed:%d", rc);
		return rc;
	}
	char* pTmp = Str2Hex((char*)encInfo.m_pData, encInfo.m_iLength);
	getTokenReq->encTerminalInfo = pTmp;
	delete pTmp;
	getTokenReq->terminalNo = si.strTerminalID.GetData();
	string tmpStr = "";
	if ((rc = GetTmk(tmpStr)) != Error_Succeed) return rc;
	getTokenReq->sessionTempPubKey = tmpStr;

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool isPinPadMac = false, bPinPadOnline = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, isPinPadMac, bPinPadOnline);
	getTokenReq->pinPadID = strPinPadID.GetData();
	if (pEntity->HasPinPad()) 
	{
		getTokenReq->existPinPad = "1";
	} 
	else 
	{
		getTokenReq->existPinPad = "0";
	}
	return rc;
}

void CAccessAuthFSM::UpdateWK()
{
	LOG_FUNCTION();
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool isPinPadMac = false, bPinPadOnline = false;
	pEntity->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, isPinPadMac, bPinPadOnline);
	if (bPinPadOnline) {
		CSmartPointer<UpdateWKTask> updateWKTask = new UpdateWKTask(this, pEntity);
		GetEntityBase()->GetFunction()->PostThreadPoolTask(updateWKTask.GetRawPointer());
	}
}

DWORD CAccessAuthFSM::InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer& ctx)
{
	return Error_Succeed;
}

void CAccessAuthFSM::GetDiffSyncTimeFromCenterSettings()
{
	CSmartPointer<IConfigInfo> spConfig;
	GetEntityBase()->GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	int nValue(0);
	spConfig->ReadConfigValueInt(GetEntityBase()->GetEntityName(), "SyncTimeThreshold", nValue);
	if (nValue != 0) {
		m_torelateDiffSyncTimeSecs = nValue;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_BUSINESS_SYSTEM)("Fetch SyncTimeThreshold from CS returns: %d", m_torelateDiffSyncTimeSecs);
	}
}

template<class T>
void CAccessAuthFSM::AuthLogWarn(const T& ret, const string& url, const string& method, bool bNeedEvent)
{
	CSimpleStringA msg;
	if (!ret.ResponseOK())
	{
		int acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_x;
		if (ret.statusCode == 6) {
			acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_6;
			msg = CSimpleStringA::Format("%s失败：域名解析失败，请尝试重启应用", method.c_str());

		}
		else if (ret.statusCode == 28) {
			acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_28;
			msg = CSimpleStringA::Format("%s失败：连接总行服务超时，请尝试重启应用", method.c_str());
		}
		else {
			msg = CSimpleStringA::Format("%s失败，请尝试重启应用", method.c_str());
		}
		doWarnMsg(acsErrCode, msg.GetData(), bNeedEvent);
	}
	else {
		SP::Module::Restful::CommResponseJson responseStatus;
		SP::Module::Restful::GetStatusFromDebranchResponse(ret.content, responseStatus);
		msg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
			responseStatus.errorCode.c_str(), responseStatus.errorMsg.c_str());
		doWarnMsg(ERR_ACCESSAUTH_SERVICE_FAILED, msg.GetData(), bNeedEvent);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520A")("准入服务端报错");
	}
}

void CAccessAuthFSM::GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer& ctx)
{
	CSimpleStringA tmp;
	ctx->Ans.netStatus = 1; //成功

	ctx->Answer(Error_Succeed);
}

CSimpleStringA CAccessAuthFSM::GetOsVersion()
{
#if defined(RVC_OS_WIN)
	CSimpleStringA runInfoPath;
	ErrorCodeEnum eErr = GetEntityBase()->GetFunction()->GetPath("runinfo", runInfoPath);
	if (eErr != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_ERROR, LOG_TYPE_SYSTEM).setAPI(__FUNCTION__)("GetPath runinfo error=%s.", SpStrError(eErr));
		return "";
	}
	runInfoPath += "\\runcfg\\osverion";
	ifstream is;
	is.open(runInfoPath.GetData(), ios::binary);
	if (!is.is_open())
	{
		DWORD dwErr = GetLastError();
		DbgWithLink(LOG_LEVEL_ERROR, LOG_TYPE_SYSTEM).setAPI(__FUNCTION__)("open runcfg\\osverion file failed. [%d]", dwErr);
		return "";
	}
	string line;
	while (!is.eof()) {
		getline(is, line);
		int start = line.find("版本");
		if (start != string::npos)
			//return CSimpleStringA(line.substr(start + 5, line.length() - start - 7).c_str());
			return CSimpleStringA(line.c_str());
		else
			continue;
	}
	return "";
#else
	std::map<std::string, std::string> osInfo;
	const char filePath[] = "/etc/os-version";
	char tmp[33];
	memset(tmp, 0, 33);
	inifile_read_str_s("Version", "SystemName", "unknown", tmp, 32, filePath);
	osInfo["SystemName"] = tmp;
	memset(tmp, 0, 33);
	inifile_read_str_s("Version", "ProductType", "unknown", tmp, 32, filePath);
	osInfo["ProductType"] = tmp;
	memset(tmp, 0, 33);
	inifile_read_str_s("Version", "MajorVersion", "unknown", tmp, 32, filePath);
	osInfo["MajorVersion"] = tmp;
	memset(tmp, 0, 33);
	inifile_read_str_s("Version", "MinorVersion", "unknown", tmp, 32, filePath);
	osInfo["MinorVersion"] = tmp;
	memset(tmp, 0, 33);
	inifile_read_str_s("Version", "OsBuild", "unknown", tmp, 32, filePath);
	osInfo["OsBuild"] = tmp;
	return generateJsonStr(osInfo).second.c_str();
#endif
}

void CAccessAuthFSM::GetIPandMac(CSimpleStringA& ip, CSimpleStringA& mac)
{
	CAutoArray<SP::Module::Net::NetworkAdapterItem> netList;
	ErrorCodeEnum rc = SP::Module::Net::GetINETMacAddresses(netList);
	if (rc != Error_Succeed)
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI(__FUNCTION__)("Get sys netinfo failed!. rc=%d.", rc);
		return;
	}

	CSimpleStringA csMac(""), csIP(""), csDNS("");
	for (int i = 0; i < netList.GetCount(); i++) {
		if (!csMac.IsNullOrEmpty()) {
			csMac += ";";
		}
		csMac += netList[i].mac.c_str();
	}
	mac = csMac;
	
	for (int i = 0; i < netList.GetCount(); i++) {
		if (!csIP.IsNullOrEmpty()) {
			csIP += ";";
		}
		csIP += netList[i].ip.c_str();
	}
	ip = csIP;

	return;
}

void CAccessAuthFSM::GetHardWareInfo(CSimpleStringA & cpu, CSimpleStringA & mainBoard, CSimpleStringA & disk)
{
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

#ifdef RVC_OS_LINUX
	char szTmp[1024] = {};
	string strTmp;
	int nTmpBufLen = 1024;
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = GetEntityBase()->GetFunction();

	CSimpleStringA strRet;
	CSimpleStringA runInfoPath;
	auto rc = GetEntityBase()->GetFunction()->GetPath("runinfo", runInfoPath);
	if (rc != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("GetPath runinfo error=%d.", rc);
		return;
	}
	runInfoPath += SPLIT_SLASH_STR "runcfg";
	if (!get_cpu_id_by_system(strTmp, runInfoPath.GetData()))
	{
		strErrMsg = CSimpleStringA::Format("查询CPU ID失败，请重启机器并重新初始化");
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		doWarnMsg(ERROR_ACCESSAUTH_GETCPUID,
			GetOutPutStr("%s%s", "Processor", "False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5213")
			(GetOutPutStr("%s%s", "Processor", "False").c_str());
		return;
	}

	cpu = strTmp.c_str();
	strRet = strTmp.c_str();
	strTmp.clear();
	if (!get_board_serial_by_system(strTmp, runInfoPath.GetData()))
	{
		strErrMsg = CSimpleStringA::Format("查询主板序列号失败,  请重启机器并重新初始化");
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		doWarnMsg(ERROR_ACCESSAUTH_GETBASEBOARDSN,
			GetOutPutStr("%s%s", "BaseBoard", "False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5214")
			(GetOutPutStr("%s%s", "BaseBoard", "False").c_str());
		return;
	}
	strRet += "|";

	mainBoard = strTmp.c_str();
	strRet += strTmp.c_str();
	vector<string> diskArr;
	int errCode = 0;
	if (!get_disk_serial_by_system(diskArr, errCode, runInfoPath.GetData()))
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("get_disk_serial_by_system errCode:%d", errCode);
		strErrMsg = CSimpleStringA::Format("查询磁盘序列号失败, 请重启机器并重新初始化");
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		doWarnMsg(ERROR_ACCESSAUTH_DISKDRIVESN,
			GetOutPutStr("%s%s", "DiskDrive", "False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5215")
			(GetOutPutStr("%s%s", "DiskDrive", "False").c_str());
		return;
	}
	strRet += "|";

	strTmp = "";
	vector<string>::iterator it = diskArr.begin();
	while (it != diskArr.end()) {
		strTmp += *it;
		it++;
	}
	strRet += strTmp.c_str();
	disk = strTmp.c_str();

	BYTE m_btTermSysInfoSM3[32] = { 0 };
	if (!SM3Hash(reinterpret_cast<BYTE*>(const_cast<char*>(strRet.GetData())), strRet.GetLength(), m_btTermSysInfoSM3))
	{
		strErrMsg = "get sm3 hash as fingerprint fail";
		pEntity->SetAuthErrMsg((const char*)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
		doWarnMsg(ERROR_ACCESSAUTH_GETSM3HASH, (const char*)strErrMsg);
		return;
	}
#else
	//oilyang@20231008 to get system info from runcfg first
	//no matter calculating from runcfg succeed or not,we also get system info from system api for update runcfg
	bool bCalcFromRunCfg = false;
	CSimpleString csInfo, strErrMsg, strRet;
	CSmartPointer<IConfigInfo> pConfigRun;
	ErrorCodeEnum eErr = GetEntityBase()->GetFunction()->OpenConfig(Config_Run, pConfigRun);
	if (eErr == Error_Succeed && pConfigRun->ReadConfigValue("system", "info", csInfo) == Error_Succeed && !csInfo.IsNullOrEmpty()) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("read device info from runcfg: [%s]", csInfo.GetData());
		CAutoArray<CSimpleStringA> sysInfo = csInfo.Split('|');
		if (sysInfo.GetCount() == 3)
		{
			cpu = sysInfo[0];
			mainBoard = sysInfo[1];
			disk = sysInfo[2];
		}
	}
	else
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTermSysInfo, OpenConfig Config_Run error=%d.", eErr);

	ULONGLONG ullStart = GetTickCount64();
	char szTmp[1024] = {};
	int nTmpBufLen = 1024;
	CSmartPointer<IEntityFunction> spFunction = GetEntityBase()->GetFunction();
	if (!QueryWMIDevice(Processor, "ProcessorId", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("查询 cpu id 失败: %d, 请尝试重启应用", GetLastError());
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());

		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5203")
			(GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());
		return;
	}
	strRet = szTmp;
	cpu = szTmp;

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(BaseBoard, "SerialNumber", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("查询 baseboard sn 失败: %d, 请尝试重启应用", GetLastError());
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5203")
			(GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		
		return;
	}

	strRet += "|";
	strRet += szTmp;
	mainBoard = szTmp;

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(DiskDrive, "SerialNumber", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("查询 harddisk sn 失败: %d, 请尝试重启应用", GetLastError());
		pEntity->SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "DiskDrive", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "DiskDrive", GetLastError()).c_str());
		
		return;
	}

	strRet += "|";
	strRet += szTmp;
	disk = szTmp;

	if (!bCalcFromRunCfg || csInfo.Compare(strRet) != 0)
	{
		eErr = pConfigRun->WriteConfigValue("system", "info", strRet.GetData());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("device info changed,before[%s],current[%s],write to runcfg:%d"
			, csInfo.GetData(), strRet.GetData(), eErr);
	}
	else
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("device info: [%s]", strRet.GetData());


	ULONGLONG ullEnd = GetTickCount64();
	if (ullEnd - ullStart > 5000)
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5201")
			("获取系统信息耗时过长:%d秒", (ullEnd - ullStart) / 1000);
		LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_GetTermCostTooLong,
			CSimpleStringA::Format("获取系统信息耗时过长:%d秒", (ullEnd - ullStart) / 1000));
	}
	return;
#endif // RVC_OS_LINUX
	
}