myvtm/Module/mod_accessauth/mod_AccessAuth.cpp

#include "stdafx.h"
#include "SpBase.h"
#include "mod_AccessAuth.h"
//#include "PinPadClass.h"
#include "RvcComm.h"
#include "WMIDeviceQuery.h"
#include <fileutil.h>
#include <Strsafe.h>
#include <wincrypt.h>

#include "TokenKeeper_client_g.h"
using namespace TokenKeeper;

#include "PinPad_client_g.h"
using namespace PinPad;

#include "DeviceBaseClass.h"
//#define IGNORE_PINPAD

typedef struct _REG_TZI_FORMAT
{
	LONG Bias;
	LONG StandardBias;
	LONG DaylightBias;
	SYSTEMTIME StandardDate;
	SYSTEMTIME DaylightDate;
} REG_TZI_FORMAT;

void CAccessAuthSession::Handle_Regist(SpOnewayCallContext<AccessAuthService_Regist_Info>::Pointer ctx)
{
	m_pEntity->Regist();
}

void CAccessAuthSession::Handle_Unregist(SpOnewayCallContext<AccessAuthService_Unregist_Info>::Pointer ctx)
{
	m_pEntity->Unregist(ctx->Info.nReason, ctx->Info.nWay);
}

void CAccessAuthSession::Handle_Reregist(SpOnewayCallContext<AccessAuthService_Reregist_Info>::Pointer ctx)
{
	m_pEntity->Reregist();
}

void CAccessAuthSession::Handle_PushTerminalStage(SpOnewayCallContext<AccessAuthService_PushTerminalStage_Info>::Pointer ctx)
{
	m_pEntity->PushTerminalStage(ctx->Info.cNewStage, ctx->Info.dwNewStageTime, ctx->Info.cOldStage, ctx->Info.dwOldStageTime);
}

void CAccessAuthSession::Handle_InitDev(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer ctx)
{
	m_pEntity->InitDevice(ctx);
}

void CAccessAuthSession::Handle_SyncTime(SpOnewayCallContext<AccessAuthService_SyncTime_Info>::Pointer ctx)
{
	m_pEntity->SyncTime();
}

void CAccessAuthEntity::OnStarted()
{
	//设置时区为北京标准时区
	if (!SetLocalTimeZoneByKeyName("China Standard Time", FALSE))
	{
		//LogError(Severity_Middle, Error_Unexpect, ERROR_ACCESSAUTH_SETTIMEZONE, "设置标准时区失败");
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_SETTIMEZONE,GetOutPutStr("%s%s","SetLocalTimeZoneByKeyName","False").c_str());
	}

	m_FSM.Init(this);
}

void CAccessAuthEntity::OnPreStart(CAutoArray<CSimpleStringA> strArgs,CSmartPointer<ITransactionContext> pTransactionContext) 
{ 	
	ErrorCodeEnum Error = Error_Succeed;	
	pTransactionContext->SendAnswer(Error) ;
}

void CAccessAuthEntity::OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer<ITransactionContext> pTransactionContext) 
{ 
	m_FSM.PostExitEvent();
	pTransactionContext->SendAnswer(Error_Succeed); 
}

void CAccessAuthEntity::OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName)
{
}

// 开始准入
ErrorCodeEnum CAccessAuthEntity::Regist()
{		
	m_FSM.PostEventFIFO(new FSMEvent(CAccessAuthFSM::Event_StartRegist));
	return Error_Succeed;
}

// 重新准入
ErrorCodeEnum CAccessAuthEntity::Reregist()
{
	m_FSM.PostEventFIFO(new FSMEvent(CAccessAuthFSM::Event_StartReregist));
	return Error_Succeed;
}

// 准入退出
ErrorCodeEnum CAccessAuthEntity::Unregist(int nReason, int nWay)
{
	FSMEvent *pEvent = new FSMEvent(CAccessAuthFSM::Event_StartUnregist);
	pEvent->param1 = nReason;
	pEvent->param2 = nWay;
	m_FSM.PostEventFIFO(pEvent);
	return Error_Succeed;
}

ErrorCodeEnum CAccessAuthEntity::SyncTime()
{		
	return m_FSM.SyncTime();
}

ErrorCodeEnum CAccessAuthEntity::PushTerminalStage(char cNewStage, DWORD dwNewStageTime, char cOldStage, DWORD dwOldStageTime)
{
	Dbg("on PushTerminalStage, cNewStage: %c", cNewStage);
	CAccessAuthFSM::ReportStateEvent *pEvent = new CAccessAuthFSM::ReportStateEvent(cNewStage, dwNewStageTime, cOldStage, dwOldStageTime);
	m_FSM.PostEventFIFO(pEvent);
	return Error_Succeed;
}

// KMC初始化
ErrorCodeEnum CAccessAuthEntity::InitKMC()
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	CSimpleStringA strPath;
	int nRet = 0;
	
	CSystemStaticInfo si;
	ErrorCodeEnum rc = GetFunction()->GetSystemStaticInfo(si);	
	if (rc != Error_Succeed)
	{
		strErrMsg = "InitKMC()=>GetSystemStaticInfo() fail";
		SetAuthErrMsg((const char*)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
		//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char*)strErrMsg);
		LogWarn(Severity_Middle,Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
			GetOutPutStr("%s%08X%s%s", "GetSystemStaticInfo",rc,"strErrMsg", (const char*)strErrMsg).c_str());
		return rc;
	}

	if (HasCkCodeFlg())
	{
		rc = GetFunction()->GetPath("Dbg", strPath);
		LOG_ASSERT(rc == Error_Succeed);		
		strPath.Append("\\kmc");

		nRet = ::RvcInit(NULL, 0, NULL, 0, (char*)strPath.GetData(), NO_ALG);
		Dbg("has checkcode,RvcInit return %d",nRet);
	} 
	else
	{
		rc = GetFunction()->GetPath("RunInfo", strPath);
		LOG_ASSERT(rc == Error_Succeed);		
		strPath.Append("\\kmc");

		int nPinPadCapability = GetPinPadCapability();
		nRet = ::Init((const char*) strPath, strPath.GetLength(), nPinPadCapability);
		Dbg("not has checkcode,Init strPath=%s, nPinPadCapability=%d, return nPinPadCapability=,%d", strPath,nPinPadCapability,nRet);
	}	
	
	if (nRet == 1)
	{
		Dbg("DES WK need update, kmc init ret = %d", nRet);
		return Error_Succeed;
	}
	else if (nRet == 2)
	{
		Dbg("DES MK need init, kmc init ret = %d", nRet);
		return Error_Succeed;
	}
	else if (nRet == 11 || nRet == 12)
	{
		Dbg("SM WK need update, kmc init ret = %d", nRet);
		return Error_Succeed;
	}
	else if (nRet == 20 || nRet == 22 || nRet == 21)
	{
		Dbg("SM MK need init, kmc init ret = %d", nRet);
		return Error_Succeed;
	}
	else if (nRet != 0)
	{
		strErrMsg = CSimpleStringA::Format("kmc init fail, GetKMCLastErrMsg[%s], Init return[%d]", (const char*)GetKMCLastErrMsg(), nRet);
		SetAuthErrMsg((const char*)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
		//LogError(Severity_Middle, Error_Unexpect, ERROR_ACCESSAUTH_INITKMC, (const char*)strErrMsg);	
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_RVC_INIT,
			GetOutPutStr("%s%d%s%s", "RvcInit", nRet, "strErrMsg", (const char*)strErrMsg).c_str());
		return Error_Succeed;			//  xkm@20161214: 返回失败会强制使用密码键盘准入， 为了保持流程兼容改为成功
	}

	Dbg("kmc init succ");
	return Error_Succeed;
}

		
// 获取WK更新请求包
// @nAlgFlag:  1:3des only; 2: sm4 only; 3: both 3des and sm4
ErrorCodeEnum CAccessAuthEntity::GetKmcWKUpdateData(char *pBuf, int &nLen, int  nAlgFlag)
{
	Dbg("CreateUpdateReq, algflag: %d", nAlgFlag);
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	if (HasCkCodeFlg())
	{
		//此处调用新接口，先调用pinpad接口生成mk校验码，并把校验码当成参数传入
		CAutoArray<CSimpleStringA> TmkChk;
		TmkChk.Init(1);
		Dbg("get Tmk check code from pinpad...");
		PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
		auto rc = pPinPad->Connect();
		if (rc == Error_Succeed)
		{
			PinPadService_GetCheckCode_Req req;
			PinPadService_GetCheckCode_Ans ans;
			req.mSN.Init(1);
			req.wSN.Init(1);
			req.wSN[0] = 99;

			if (1 == nAlgFlag)
			{
				req.mSN[0] = 0;	
				rc = pPinPad->GetCheckCode(req,ans,10000);
			}
			else if (2 == nAlgFlag)
			{
				req.mSN[0] = 1;
				rc = pPinPad->GetCheckCode(req,ans,10000);
			}
			else
			{
				//LogError(Severity_Low, rc, 0, "GetKmcWKUpdateData参数错误，nAlgFlag必须为0或1");
				Dbg("GetKmcWKUpdateData参数错误，nAlgFlag必须为0或1");
			}

			if (rc == Error_Succeed)
			{
				TmkChk[0] = ans.checkcode[0];
				Dbg("GetTmkCheck from pinpad succ, nAlgFlag[%d], Tmk:[%s]", nAlgFlag, ans.checkcode[0].GetData());
			}
			else
			{
				strErrMsg = "从PinPad获取主密钥校验码失败,请联系密码键盘厂商维护";
				SetAuthErrMsg((const char*)strErrMsg);
				spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
				//LogError(Severity_Low, rc, 0, "get tmk check code from pinpad fail");

				LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
					GetOutPutStr("%s%08X%s%s", "GetCheckCode", rc, "AuthErrMsg", strErrMsg).c_str());
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			strErrMsg = "连接PinPad实体失败";
			SetAuthErrMsg((const char*)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
			//LogError(Severity_Low, rc, 0, "connect to pinpad entity fail");
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
				GetOutPutStr("%s%s%s%s", "Connect", "False", "AuthErrMsg", strErrMsg).c_str());
		}
		pPinPad->SafeDelete();

		CSimpleStringA strTmk = TmkChk[0].SubString(0,16);
		int nRet = RvcCreateUpdateReq((char*)strTmk.GetData(), nAlgFlag-1, pBuf, &nLen);
		if (nRet != 0)
		{
			strErrMsg = CSimpleStringA::Format("调用KMC接口RvcCreateUpdateReq失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATEUPDATEREQ, (const char*)strErrMsg);
			SetAuthErrMsg((const char*)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_UPDATE_WK_REQ,
				GetOutPutStr("%s%d%s%s", "RvcCreateUpdateReq", nRet, "AuthErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}
	}
	else
	{
		int nRet = CreateUpdateReq(pBuf, &nLen, nAlgFlag);
		if (nRet != 0)
		{
			strErrMsg = CSimpleStringA::Format("调用KMC接口CreateUpdateReq失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATEUPDATEREQ, (const char*)strErrMsg);
			SetAuthErrMsg((const char*)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_UPDATE_WK_REQ,
				GetOutPutStr("%s%d%s%s", "CreateUpdateReq", nRet, "AuthErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}
	}

	return Error_Succeed;
}

ErrorCodeEnum CAccessAuthEntity::ParseWKUpdateResult(char *pBuf, int nLen, int nAlgFlag)
{
	// 调用KMC解析返回
	Dbg("ParseUpdateRes: [%s], len: %d, alg: %d", pBuf, nLen, nAlgFlag);
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	int nRet = RvcParseUpdateRes(pBuf, nLen, nAlgFlag-1, &m_pkeys);
	if (nRet != 0)
	{
		strErrMsg = CSimpleStringA::Format("调用KMC接口RvcParseUpdateRes失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
		SetAuthErrMsg((const char*)strErrMsg);	
		spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCPARSEUPDATERES, (const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_PARSE_UPDATE_RES,
			GetOutPutStr("%s%d%s%s", "RvcParseUpdateRes", nRet, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
		return Error_Unexpect;
	}

	char* pKeyBuf = RvcGetKey(m_pkeys, TMKCHK, pBuf);
	if (NULL == pKeyBuf)
	{
		strErrMsg = CSimpleStringA::Format("调用KMC接口RvcGetKey(ParseWKUpdateResult)失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);		
		SetAuthErrMsg((const char*)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
			GetOutPutStr("%s%s", "RvcGetKey", pKeyBuf).c_str());
		return Error_Unexpect;
	}

	//int nCapability = GetPinPadCapability();
	//if (nCapability == 1 || nCapability == 3)
	//{
	//	Dbg("print DES WK after update");
	//	PrintAllKeys(false);
	//}
	//if (nCapability == 2 || nCapability == 3)
	//{
	//	Dbg("print SM WK after update");
	//	PrintAllKeys(true);
	//}
	Dbg("parse wk update result succ");
	return Error_Succeed;
}

CSimpleStringA CAccessAuthEntity::GetKMCLastErrMsg()
{
	char szBuf[256];
	memset(szBuf, 0, 256);

	int nBufLen = 256;
	RvcGetLastErrorMsg(szBuf, &nBufLen);

	return szBuf;
}

ErrorCodeEnum CAccessAuthEntity::ReleaseKMC()
{
	::RvcRelease();
	return Error_Succeed;
}	

//ErrorCodeEnum CAccessAuthEntity::PrintAllKeys(bool bSM)
//{
//	// 取出主密钥
//	char keyBuf[64];
//	int nKeyBufLen = 64;
//	memset(keyBuf, 0, 64);
//
//	char chkBuf[16];
//	int nChkBufLen = 16;
//	memset(chkBuf, 0, 16);
//
//	int nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csTMK : cTMK);
//	if (nRet != 0)
//	{
//		Dbg("get %s TMK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
//		return Error_Unexpect;
//	}
//
//	Dbg("get %s TMK succeed: [%s], checkcode: [%s]",
//		bSM ? "SM" : "DES",
//		ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
//		ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
//
//	// 取出TPK
//	nKeyBufLen = 64;
//	memset(keyBuf, 0, 64);
//
//	nChkBufLen = 16;
//	memset(chkBuf, 0, 16);
//
//	nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csTPK : cTPK);
//	if (nRet != 0)
//	{
//		Dbg("get %s TPK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
//		return Error_Unexpect;
//	}
//
//	Dbg("get %s TPK succeed: [%s], checkcode: [%s]",
//		bSM ? "SM" : "DES",
//		ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
//		ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
//
//
//	// 取出EDK
//	nKeyBufLen = 64;
//	memset(keyBuf, 0, 64);
//
//	nChkBufLen = 16;
//	memset(chkBuf, 0, 16);
//
//	nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csEDK : cEDK);
//	if (nRet != 0)
//	{
//		Dbg("get %s EDK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
//		return Error_Unexpect;
//	}
//
//	Dbg("get %s EDK succeed: [%s], checkcode: [%s]",
//		bSM ? "SM" : "DES",
//		ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
//		ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
//	return Error_Succeed;
//}

// 加载新WK
ErrorCodeEnum CAccessAuthEntity::LoadPinPadWK(bool bSM)
{
#ifdef IGNORE_PINPAD
	return Error_Succeed;
#else
	// 1:3des only; 2: sm4 only; 3: both 3des and sm4
	//int nCapability = GetPinPadCapability();
	//Dbg("pinpad capability: %d", nCapability);
	
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	char *retKeyBuf = NULL;
	if (!bSM)
	{
		// support des key
		// 读取工作密钥TPK
		char keyBuf[64];
		memset(keyBuf, 0, 64);

		retKeyBuf = RvcGetKey(m_pkeys, TPK, keyBuf);
		if (NULL == retKeyBuf)
		{
			strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get des TPK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY,  (const char*)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
				GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}

		PinPadService_LoadKeys_Req req = {};
		req.initializeflag = false;
		req.workingkey1 = keyBuf;

		// 读取加密密钥EDK
		memset(keyBuf, 0, 64);
		retKeyBuf = RvcGetKey(m_pkeys, EDK, keyBuf);
		if (NULL == retKeyBuf)
		{
			strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get des EDK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY,  (const char*)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
				GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}

		req.workingkey2 = keyBuf;

		Dbg("load des key to pinpad...");
		PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
		auto rc = pPinPad->Connect();
		if (rc == Error_Succeed)
		{
			PinPadService_LoadKeys_Ans ans = {};
			rc = pPinPad->LoadKeys(req, ans, 30000);
			if (rc == Error_Succeed)
				Dbg("load des key to pinpad succ");
			else
			{
				strErrMsg = "加载DES密钥到PinPad失败";
				SetAuthErrMsg((const char*)strErrMsg);
				spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
				//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_LOADKEYS2PINPAD, (const char*)strErrMsg);

				LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_LOAD_KEYS_TO_PINPAD,
					GetOutPutStr("%s%08x%s%s", "LoadKeys", rc, "strErrMsg", strErrMsg).c_str());
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			strErrMsg = "连接PinPad实体失败";
			SetAuthErrMsg((const char*)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char*)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
				GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
		}
		pPinPad->SafeDelete();
		return rc;
	}
	else
	//if (nCapability == 2 || nCapability == 3)
	{
		// support sm key
		// 读取工作密钥TPK
		char keyBuf[64];
		memset(keyBuf, 0, 64);

		retKeyBuf = RvcGetKey(m_pkeys, TPK, keyBuf);
		if (NULL == retKeyBuf)
		{
			strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get sm TPK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY,  (const char*)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
				GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}

		PinPadService_LoadKeysSM_Req req = {};
		req.smflag = 1;
		req.initializeflag = false;
		req.workingkey1 = keyBuf;

		// 读取加密密钥EDK
		memset(keyBuf, 0, 64);
		retKeyBuf = RvcGetKey(m_pkeys, EDK, keyBuf);
		if (NULL == retKeyBuf)
		{
			strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get sm EDK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY,  (const char*)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
				GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
			return Error_Unexpect;
		}

		req.workingkey2 = keyBuf;

		Dbg("load sm key to pinpad...");
		PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
		auto rc = pPinPad->Connect();
		if (rc == Error_Succeed)
		{
			PinPadService_LoadKeysSM_Ans ans = {};
			rc = pPinPad->LoadKeysSM(req, ans, 30000);
			if (rc == Error_Succeed)
				Dbg("load sm key to pinpad succ");
			else
			{
				strErrMsg = "加载SM密钥到PinPad失败";
				SetAuthErrMsg((const char*)strErrMsg);
				spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
				//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_LOADKEYS2PINPAD, (const char*)strErrMsg);
				LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_LOAD_KEYS_TO_PINPAD,
					GetOutPutStr("%s%08x%s%s", "LoadKeys", rc, "strErrMsg", strErrMsg).c_str());
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			strErrMsg = "连接PinPad实体失败";
			SetAuthErrMsg((const char*)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char*)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
				GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
		}
		pPinPad->SafeDelete();
		return rc;
	}
#endif
}

// 将16进制字符串转成BYTE数据
bool CAccessAuthEntity::HexStrToByteArray(const char* pHex, BYTE *pBuf, int *pBufLen)
{
	int nHexLen = strlen(pHex);
	if (nHexLen %2 != 0)
	{
		Dbg("error hex string length");
		return false;
	}

	if (nHexLen /2 > *pBufLen)
	{
		Dbg("not enough buf length");
		return false;
	}

	for(int i=0; i<nHexLen; i++)
	{
		BYTE b =0;
		char ch1 = pHex[i];

		if (ch1 >='0' && ch1<='9')
			b = ch1 - '0';
		else if (ch1 >='A' && ch1 <='F')
			b = ch1 - 'A' + 10;
		else
		{
			Dbg("invalid hex string");
			return false;
		}

		if (i %2 ==0)
		{
			pBuf[i/2] = b;
		}
		else
		{
			pBuf[i/2] = pBuf[i/2] << 4 | b;
		}
	}

	*pBufLen = nHexLen / 2;
	return true;
}

string CAccessAuthEntity::ByteArrayToHexStr(BYTE *pBuf, int nBufLen)
{
	char szBuf[1024];
	memset(szBuf, 0, sizeof(szBuf));

	for(int i=0; i<nBufLen; i++)
	{
		BYTE b1 = (pBuf[i] >> 4) & 0x0F;
		BYTE b2 = pBuf[i] & 0x0F;
		
		if (b1 <= 9)
			szBuf[i*2] = '0' + b1;
		else
			szBuf[i*2] = 'A' + b1 - 10;

		if (b2 <= 9)
			szBuf[i*2+1] = '0' + b2;
		else
			szBuf[i*2+1] = 'A' + b2 - 10;
	}


	return szBuf;
}

// 调用密码键盘加密
ErrorCodeEnum CAccessAuthEntity::EncryptDataWithPinPad(const CBlob &raw, CBlob &enc)
{
#ifdef IGNORE_PINPAD
	enc.Alloc(raw.m_iLength);
	memcpy(enc.m_pData, raw.m_pData, raw.m_iLength);
	return Error_Succeed;
#else	
	//EnDecryptInfo srcInfo;
	//memset(&srcInfo, 0, sizeof(srcInfo));
	//string strHex = ByteArrayToHexStr((BYTE*)raw.m_pData, raw.m_iLength);
	//srcInfo.dwSize = strHex.length();
	//memcpy(srcInfo.data, strHex.c_str(), strHex.length());
	//
	//EnDecryptInfo destInfo;
	//memset(&destInfo, 0, sizeof(destInfo));
	//destInfo.dwSize = 512;

	//// 改为测试数据
	////memset(&srcInfo, 0, sizeof(srcInfo));
	////memcpy(srcInfo.data, "30303132353637383536373839404142", 32);
	//Dbg("begin encrpyt data by pinpad");
	//ErrorCodeEnum rc = m_pPinPad->EncryptData(srcInfo, destInfo);
	//if (rc != Error_Succeed)
	//{
	//	Dbg("pinpad encrypt data error, %s(%d)", (const char *)GetPinPadLastErrMsg(), rc);
	//	return rc;
	//}

	//Dbg("pinpad encrypt data succeed: [%s]", destInfo.data);

	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	PinPadService_EncryptData_Req req = {};
	PinPadService_EncryptData_Ans ans = {};
	req.data = ByteArrayToHexStr((BYTE*)raw.m_pData, raw.m_iLength).c_str();

	Dbg("begin encrpyt data with pinpad");
	PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
	auto rc = pPinPad->Connect();
	if (rc == Error_Succeed)
	{
		rc = pPinPad->EncryptData(req, ans, 10000);
		if (rc == Error_Succeed)
			Dbg("encrypt data with pinpad succ: [%s]", (const char*)ans.ciphertext);
		else
		{
			strErrMsg = "encrypt data with pinpad fail";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_PINPADENCDATA, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
				GetOutPutStr("%s%08x%s%s", "EncryptData", rc, "strErrMsg", strErrMsg).c_str());
		}

		pPinPad->GetFunction()->CloseSession();
	}
	else
	{
		strErrMsg = "connect to pinpad entity fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
			GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
	}
	pPinPad->SafeDelete();
	if (rc != Error_Succeed)
		return rc;

	/*
	// 解密看看能否还原
	EnDecryptInfo srcInfo2;
	srcInfo2.dwSize = 512;
	memset(&srcInfo2, 0, sizeof(srcInfo2));
	nRet = m_pPinPad->DecryptData(destInfo, srcInfo2);
	if (nRet != ERROR_SUCCESS)
	{
		Dbg("pinpad decrypt data error, %s(%d)", (const char *) GetPinPadLastErrMsg(), nRet);
		return rc;
	}

	Dbg("pinpad decrypt data succeed: [%s]", srcInfo2.data);
	
	// 拷入测试数据
	//memset(req1.encTerminalInfo, 0, sizeof(req1.encTerminalInfo));
	*/

	BYTE buf[512];
	int nLen = 512;
	memset(buf, 0, 512);
	if (!HexStrToByteArray((const char*)ans.ciphertext, buf, &nLen))
	{
		strErrMsg = "convert encrypted data to byte array fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_HEXSTRTOBYTEARRAR, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_HEX_TO_BYTE,
			GetOutPutStr("%s%s%s%s", "HexStrToByteArray", "False", "strErrMsg", strErrMsg).c_str());
		return Error_Unexpect;
	}

	enc.Alloc(nLen);
	memcpy(enc.m_pData, buf, nLen);
	return Error_Succeed;
#endif
}

// 生成临时RSA密钥对
ErrorCodeEnum CAccessAuthEntity::CreateRsaKeyPair(CBlob &pubKey, CBlob &priKey)
{
	int nPubKeyLen = 140;
	int nPriKeyLen = 620;
	pubKey.Alloc(nPubKeyLen);
	priKey.Alloc(nPriKeyLen);

	if (!::CreateRsaKeyPair((BYTE *)pubKey.m_pData, &nPubKeyLen, (BYTE *)priKey.m_pData, &nPriKeyLen))
	{
		SetAuthErrMsg("创建RSA密钥对失败");
		CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
		spFunction->SetSysVar("AuthErrMsg", "创建RSA密钥对失败", true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATERSAKEYPAIR, "创建RSA密钥对失败!");
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_RSA_KEY_PAIR,
			GetOutPutStr("%s%s","CreateRsaKeyPair","False").c_str());
		return Error_Unexpect;
	}

	pubKey.Resize(nPubKeyLen);
	priKey.Resize(nPriKeyLen);
	return Error_Succeed;
}

// 保存到令牌管理实体中
ErrorCodeEnum CAccessAuthEntity::SaveRsaKeyPair(const CBlob &pubKey, const CBlob &priKey)
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
	ErrorCodeEnum rc = pTokenServiceClient->Connect();
	if (rc != Error_Succeed)
	{
		strErrMsg = "连接令牌管理实体失败";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNECTTOKENMANAGER, (const char *)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE,
			GetOutPutStr("%s%08X%s%s", "Connect", rc,"strErrMsg", strErrMsg).c_str());
	}
	else
	{
		TokenService_SetKeyPair_Req req;
		req.pub_key = pubKey;
		req.pri_key = priKey;
		TokenService_SetKeyPair_Ans ans;
		rc = pTokenServiceClient->SetKeyPair(req, ans, 3000);
		pTokenServiceClient->GetFunction()->CloseSession();
		if (rc != Error_Succeed)
		{
			strErrMsg = "保存密钥对失败";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVERSAKEYPAIR, (const char *)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
				GetOutPutStr("%s%08X%s%s", "SetKeyPair", rc,"strErrMsg", (const char*)strErrMsg).c_str());
		}
		else
			Dbg("set rsa key pair succ");
	}

	pTokenServiceClient->SafeDelete();
	return rc;
}

ErrorCodeEnum CAccessAuthEntity::SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK)
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
	ErrorCodeEnum rc = pTokenServiceClient->Connect();
	if (rc != Error_Succeed)
	{
		strErrMsg = "连接令牌管理实体失败";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNECTTOKENMANAGER, (const char *)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE,
			GetOutPutStr("%s%08X%s%s", "Connect", rc,"strErrMsg", (const char*)strErrMsg).c_str());
	}
	else
	{
		TokenService_SetToken_Req req = {};
		req.token = token;
		TokenService_SetToken_Ans ans;
		rc = pTokenServiceClient->SetToken(req, ans, 5000);
		if (rc == Error_Succeed)
			Dbg("save token succ, token: [%s]", ByteArrayToHexStr((BYTE*)token.m_pData, token.m_iLength).c_str());
		else
		{
			strErrMsg = "保存令牌失败";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVETOKEN, (const char *)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
				GetOutPutStr("%s%08X%s%s", "SetToken", rc,"strErrMsg", strErrMsg).c_str());
		}

		TokenService_SetSharedSK_Req req2 = {};
		req2.ssk = sharedSK;
		TokenService_SetSharedSK_Ans ans2 = {};
		rc = pTokenServiceClient->SetSharedSK(req2, ans2, 5000);
		if (rc == Error_Succeed)
			Dbg("save shared session key succ");
		else
		{
			strErrMsg = "保存会话密钥失败";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVETOKEN, (const char *)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
				GetOutPutStr("%s%08X%s%s", "SetSharedSK", rc,"strErrMsg", (const char*)strErrMsg).c_str());
		}

		pTokenServiceClient->GetFunction()->CloseSession();
	}

	pTokenServiceClient->SafeDelete();
	return rc;
}

bool CAccessAuthEntity::HasPinPad()
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	CSystemStaticInfo info;

	auto rc = GetFunction()->GetSystemStaticInfo(info);
	if (rc != Error_Succeed)
	{
		strErrMsg = "HasPinPad()=>GetSystemStaticInfo() fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
			GetOutPutStr("%s%08X", "GetSystemStaticInfo", rc).c_str());
		return true;
	}

	if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true))		// 回单打印机、简化版
	{
		Dbg("MachineType[%s], not exist pinpad", info.strMachineType);
		return false;
	}
	else if (stricmp(info.strMachineType, "RVC.PAD") == 0)		// Pad机型
	{
		// 根据PinPad实体状态确定是否连接密码键盘
		bool bPinPadExist = false;
		auto pPinPadClient = new PinPadService_ClientBase(this);

		if (pPinPadClient->Connect() != Error_Succeed)
		{
			Dbg("connect PinPad fail, assume no pinpad");
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
				GetOutPutStr("%s%s", "Connect", "False").c_str());
		}
		else
		{
			PinPadService_GetDevInfo_Req req = {};
			PinPadService_GetDevInfo_Ans ans = {};

			auto rc = pPinPadClient->GetDevInfo(req, ans, 3000);
			if (rc != Error_Succeed)
			{
				strErrMsg = "PinPad::GetDevInfo() fail";
				SetAuthErrMsg((const char *)strErrMsg);
				spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
				//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);
				LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
					GetOutPutStr("%s%08X", "GetDevInfo", rc).c_str());
			}
			else
			{
				Dbg("PinPad::GetDevInfo() return state: %d", ans.state);
				bPinPadExist = ans.state != DEVICE_STATUS_NOT_READY;
			}

			pPinPadClient->GetFunction()->CloseSession();
		}

		pPinPadClient->SafeDelete();
		pPinPadClient = NULL;
		return bPinPadExist;
	}
	else
	{
		// 其它VTM机型，全部有内置密码键盘
		return true;
	}
}

// 1:3des only; 2: sm4 only; 3: both 3des and sm4
// 由当前已初始化的密钥文件决定，兼容旧版本终端
int CAccessAuthEntity::GetPinPadCapability()
{
	int nCapability = 0;

	PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
	auto rc = pPinPad->Connect();
	if (rc == Error_Succeed)
	{
		PinPadService_QueryFunc_Req req;
		PinPadService_QueryFunc_Ans ans;

		rc = pPinPad->QueryFunc(req,ans,3000);
		if (rc == Error_Succeed)
		{
			nCapability = ans.reserved1;
			Dbg("QueryFunc from pinpad succ, nCapability[%d]", nCapability);
		}
		else
		{
			SetAuthErrMsg("从PinPad获取主密钥类型失败");
			CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
			spFunction->SetSysVar("AuthErrMsg", "从PinPad获取主密钥类型失败", true);
			//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_GETPINPADCAPABILITY, "从PinPad获取主密钥类型失败");

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
				GetOutPutStr("%s%s%s%s", "QueryFunc", "False", "AuthErrMsg", "从PinPad获取主密钥类型失败").c_str());
		}

		pPinPad->GetFunction()->CloseSession();
	}
	else
	{
		SetAuthErrMsg("连接PinPad实体失败");
		CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
		spFunction->SetSysVar("AuthErrMsg", "连接PinPad实体失败", true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, "连接PinPad实体失败");
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
			GetOutPutStr("%s%08X%s%s", "Connect", rc,"AuthErrMsg", "连接PinPad实体失败").c_str());
	}
	pPinPad->SafeDelete();

	return nCapability;
}

bool CAccessAuthEntity::SaveAuthVerAndKey(int nAuthVer, BYTE *pKey)
{
	m_nAuthVersion = nAuthVer;
	if (m_nAuthVersion == 2)
		memcpy(m_AuthSessionKey, pKey, 140);
	else
		memset(m_AuthSessionKey, 0, 140);

	return true;
}

static BYTE* ConvertHexStrToBytes(const char *pszStr)
{
	if (pszStr == NULL || strlen(pszStr) == 0)
		return NULL;

	int nLen = strlen(pszStr) / 2;
	BYTE *pRet = (BYTE*)malloc(nLen);
	memset(pRet, 0, nLen);

	for (int i = 0; i < nLen; i++)
	{
		int nTmp(0);
		if (sscanf(&pszStr[i * 2], "%2X", &nTmp) != 1)
		{
			free(pRet);
			return NULL;
		}

		pRet[i] = (BYTE)nTmp;
	}

	return pRet;
}

// 使用准入会话密钥加密
ErrorCodeEnum CAccessAuthEntity::EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc)
{
	assert(m_nAuthVersion ==2);

	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	// 将准入会话密钥导到CSP中
	HCRYPTPROV hProv(0);
	if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
	{
		DWORD dwLastError = GetLastError();
		Dbg("open RVC keyset fail:  %d", dwLastError);

		//如果返回错误码NTE_BAD_KEYSET（0x80090016L），密钥集丢失，提示重新初始化密钥	
		if (dwLastError == NTE_BAD_KEYSET)
		{
			strErrMsg = "windows密钥集丢失，请重新初始化密钥!";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_OPEN_CRYPT_CONTEXT,
				GetOutPutStr("%s%s%s%d", "CryptAcquireContext", "False", "dwLastError", dwLastError).c_str());
		}

		return Error_Unexpect;
	}
	else
		Dbg("open RVC keyset succ");

	HCRYPTKEY hExchKey(0);
	if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
	{
		strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CRYPT_GET_UESR_KEY,
			GetOutPutStr("%s%s%s%d", "CryptGetUserKey", "False", "dwLastError", GetLastError()).c_str());
		CryptReleaseContext(hProv, 0);
		return Error_Unexpect;
	}

	Dbg("get exchange key succ");	

	// 将会话密钥导入到持久容器中
	HCRYPTKEY hSessionKey(0);
	if (!CryptImportKey(hProv, m_AuthSessionKey, sizeof(m_AuthSessionKey), hExchKey, 0, &hSessionKey))
	{
		strErrMsg = CSimpleStringA::Format("import session key fail: %d, 请重新初始化密钥", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_IMPORTSESSIONKEY, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CRYPT_IMPORT_KEY,
			GetOutPutStr("%s%s%s%d", "CryptImportKey", "False", "dwLastError", GetLastError()).c_str());
		CryptDestroyKey(hExchKey);
		CryptReleaseContext(hProv, 0);
		return Error_Unexpect;
	}

	// 使用会话密钥加密数据
	DWORD dwDataLen = raw.m_iLength;
	BYTE *pEncData = new BYTE[128];
	memset(pEncData, 0, 128);
	memcpy(pEncData, raw.m_pData, raw.m_iLength);
	if (!CryptEncrypt(hSessionKey, 0, TRUE, 0, pEncData, &dwDataLen, 128))
	{
		strErrMsg = CSimpleStringA::Format("encrypt data fail: %d, 请重新初始化密钥", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CRYPTWITHSESSIONKEY, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_ENCRYPT_SESSION_KEY,
			GetOutPutStr("%s%s%s%d", "CryptEncrypt", "False", "dwLastError", GetLastError()).c_str());
		CryptDestroyKey(hSessionKey);
		CryptDestroyKey(hExchKey);
		CryptReleaseContext(hProv, 0);
		return Error_Unexpect;
	}
	
	enc.Attach(pEncData, dwDataLen);
	CryptDestroyKey(hSessionKey);
	CryptDestroyKey(hExchKey);
	CryptReleaseContext(hProv, 0);
	return Error_Succeed;
}

bool CAccessAuthEntity::GetMD5Hash(const char *pStr, BYTE md5[16])
{
	HCRYPTPROV hCryptProv;
	bool bRet = false;
	if (CryptAcquireContextA(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET))
	{
		HCRYPTHASH hHash;
		if (CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash))
		{
			CryptHashData(hHash, (LPBYTE)pStr, strlen(pStr), 0);

			DWORD dwLen = 16;
			CryptGetHashParam(hHash, HP_HASHVAL, (LPBYTE)&md5[0], &dwLen, 0);
			bRet = true;
		}
		else
		{
			LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, CSimpleStringA::Format("CryptCreateHash fail: %d", GetLastError()));
		}

		CryptDestroyHash(hHash);
	}
	else
	{
		LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, CSimpleStringA::Format("CryptAcquireContextA fail: %d", GetLastError()));
	}

	CryptReleaseContext(hCryptProv, 0);
	return bRet;
}

static char* ConvertBytesToHexStr(BYTE *pBuf, int nLen)
{
	char *pRet = (char*)malloc(nLen * 2 + 1);
	memset(pRet, 0, nLen * 2 + 1);
	char *p = pRet;
	for (int i = 0; i < nLen; i++)
	{
		BYTE b = pBuf[i];
		BYTE l = (b >> 4) & 0x0F;
		if (l >= 10)
			*p = l - 10 + 'A';
		else
			*p = l + '0';

		p++;
		BYTE r = b & 0x0F;
		if (r >= 10)
			*p = r - 10 + 'A';
		else
			*p = r + '0';
		p++;
	}

	return pRet;
}

bool CAccessAuthEntity::GetTerminalFingerPrint(BYTE *pBuf, int &nBufLen)
{
	char szTmp[1024] = {};
	int nTmpBufLen = 1024;
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	CSimpleStringA strRet;
	if (!QueryWMIDevice(Processor, "ProcessorId", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("query cpu id fail: %d, 请重启设备", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETCPUID, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());
		return false;
	}
	strRet = szTmp;
	//Dbg("cpu id: %s", szTmp);

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(BaseBoard, "SerialNumber", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("query baseboard sn fail: %d, 请重启设备", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETBASEBOARDSN, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		return false;
	}
	//Dbg("baseboard sn: %s", szTmp);

	strRet += "|";
	strRet += szTmp;

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(DiskDrive, "SerialNumber", szTmp, &nTmpBufLen))
	{
		strErrMsg = CSimpleStringA::Format("query harddisk sn fail: %d, 请重启设备", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_DISKDRIVESN, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "DiskDrive", GetLastError()).c_str());
		return false;
	}
	//Dbg("harddisk sn: %s", szTmp);

	strRet += "|";
	strRet += szTmp;

	Dbg("device info: [%s]", (const char*)strRet);

	// md5 hash
	BYTE md5[16] = {};
	if (!GetMD5Hash((const char*)strRet, md5))
	{
		strErrMsg = "get md5 hash as fingerprint fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%s", "GetMD5Hash", "False", "strErrMsg", (const char*)strErrMsg).c_str());
		return false;
	}

	if (nBufLen < 16)
	{
		//Dbg("buf len is too small");
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, "buf len is too small fail");
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%d", "nBufLen", nBufLen).c_str());
		return false;
	}

	nBufLen = 16;
	memcpy(pBuf, md5, nBufLen);

	char *pszMd5 = ConvertBytesToHexStr(md5, 16);
	//Dbg("fringerprint: [%s]", pszMd5);
	free(pszMd5);
	return true;
}

#define RSAPUBKEY_BITLEN 1024
struct PublicKeyBlob
{
	PUBLICKEYSTRUC  publickeystruc;
	RSAPUBKEY rsapubkey;
	BYTE modulus[RSAPUBKEY_BITLEN / 8];
};

// 生成RSA密钥对，并导出公钥
bool CAccessAuthEntity::GetTerminalPublicKey(BYTE *pBuf, int &nBufLen)
{
	if (nBufLen < sizeof(PublicKeyBlob))
	{
		Dbg("buf len is too small, must >= %d", sizeof(PublicKeyBlob));;
		return false;
	}

	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	HCRYPTPROV hProv(0);
	if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
	{
		DWORD dwLastError = GetLastError();
		if (dwLastError != NTE_BAD_KEYSET)
		{
			strErrMsg = "windows密钥集丢失，请重新初始化密钥!";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
				GetOutPutStr("%s%s%s%s", "CryptAcquireContext", "False", "strErrMsg", strErrMsg).c_str());
			return false;
		}

		Dbg("RVC keyset not exist, create now");
		if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET))
		{
			strErrMsg = "windows密钥集丢失，请重新初始化密钥!";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
				GetOutPutStr("%s%s%s%s", "CryptAcquireContext", "False", "strErrMsg", strErrMsg).c_str());
			CryptReleaseContext(hProv, 0);
			return false;
		}

		Dbg("create RVC keyset succ");
	}
	else
		Dbg("open RVC keyset succ");

	HCRYPTKEY hExchKey(0);
	if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
	{
		DWORD dwLastError = GetLastError();
		if (dwLastError != NTE_NO_KEY)
		{
			strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥!", GetLastError());
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
				GetOutPutStr("%s%s%s%s", "CryptGetUserKey", "False", "strErrMsg", strErrMsg).c_str());
			CryptReleaseContext(hProv, 0);
			return false;
		}

		Dbg("exchange key not exist, now create it!");
		if (!CryptGenKey(hProv, AT_KEYEXCHANGE, RSA1024BIT_KEY | CRYPT_EXPORTABLE, &hExchKey))
		{
			strErrMsg = CSimpleStringA::Format("create exchange key fail: %d, 请重新初始化密钥!", GetLastError());
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GENEXCHANGEKEY, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
				GetOutPutStr("%s%s%s%s", "CryptGenKey", "False", "strErrMsg", strErrMsg).c_str());
			CryptReleaseContext(hProv, 0);
			return false;
		}

		Dbg("create exchange key succ");
		CryptDestroyKey(hExchKey);
		hExchKey = 0;

		if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
		{
			strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥!", GetLastError());
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
				GetOutPutStr("%s%s%s%s", "CryptGetUserKey", "False", "strErrMsg", strErrMsg).c_str());
			CryptReleaseContext(hProv, 0);
			return false;
		}
	}
	Dbg("get exchange key succ");

	Dbg("export public key now");
	if (!CryptExportKey(hExchKey, 0, PUBLICKEYBLOB, 0, pBuf, (DWORD*)&nBufLen))
	{
		strErrMsg = CSimpleStringA::Format("export public key fail: %d, 请重新初始化密钥!", GetLastError());
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_EXPORTKEY,  (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
			GetOutPutStr("%s%s%s%s", "CryptExportKey", "False", "strErrMsg", strErrMsg).c_str());
		CryptDestroyKey(hExchKey);
		CryptReleaseContext(hProv, 0);
		return false;
	}

	assert(nBufLen == sizeof(PublicKeyBlob));
	Dbg("export public key succ, len = %d ", nBufLen);
	char *pszPubKey = ConvertBytesToHexStr(pBuf, nBufLen);
	//Dbg("public key blob: [%s]", pszPubKey);
	free(pszPubKey);

	CryptDestroyKey(hExchKey);
	CryptReleaseContext(hProv, 0);
	return true;
}

ErrorCodeEnum CAccessAuthEntity::InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx)
{
	return m_FSM.InitDevice(ctx);
}

// 返回1：只有PinPadID；2：只有DeviceID；3：两者都有；0：没有；-1表示失败
int CAccessAuthEntity::GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimpleStringA &strDeviceID)
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	CSystemStaticInfo info;
	auto rc = GetFunction()->GetSystemStaticInfo(info);
	if (rc != Error_Succeed)
	{
		strErrMsg = "GetPinPadIDAndDeviceID()=>GetSystemStaticInfo() fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
			GetOutPutStr("%s%08X", "GetSystemStaticInfo", rc).c_str());
		return -1;
	}

	if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true))		// 回单打印机、简化版
		return 0;

	int nRet = -1;
	auto pPinPadClient = new PinPadService_ClientBase(this);
	bool bPinPadID = false;
	bool bDeviceID = false;
	bool bVendor = false;
	CSimpleStringA strVendor;
	CSimpleStringA strPID;
	CSimpleStringA strMID;
	rc = pPinPadClient->Connect();
	if (rc == Error_Succeed)
	{
		PinPadService_GetDevInfo_Req req = {};
		PinPadService_GetDevInfo_Ans ans = {};

		rc = pPinPadClient->GetDevInfo(req, ans, 3000);
		if (rc == Error_Succeed)
		{
			if (ans.state == DEVICE_STATUS_NORMAL)
			{
				nRet = 0;
				Dbg("pinpad model: %s", (const char*)ans.model);

				// CM = V2.0#PM = V1.0#MID = 75500001#PID = 12345678#FWID = V1234567#Vendor = nantian
				// 密码键盘ID，PID，8到16字节;  设备ID，MID，8到16字节;  固件版本号，FWID，8字节
				CSimpleStringA str = ans.model;
				if (!str.IsNullOrEmpty())
				{
					auto arr = str.Split('#');
					if (arr.GetCount() > 0)
					{
						for (int i = 0; i < arr.GetCount(); i++)
						{
							auto arr2 = arr[i].Split('=');
							if (arr2.GetCount() != 2)
								continue;

							//if (arr2[0] == "PID")
							if(!strnicmp((LPCTSTR)arr2[0], "PID", strlen("PID")))
							{
								strPID = arr2[1];

								if (!strPID.IsNullOrEmpty())
									bPinPadID = true;
							}
							//else if (arr2[0] == "MID")
							else if(!strnicmp((LPCTSTR)arr2[0], "MID", strlen("MID")))
							{
								strMID = arr2[1];

								if (!strMID.IsNullOrEmpty())
									bDeviceID = true;
							}
							//else if (arr2[0] == "Vendor")
							else if(!strnicmp((LPCTSTR)arr2[0], "Vendor", strlen("Vendor")))
							{
								strVendor = arr2[1];

								if (!strVendor.IsNullOrEmpty())
									bVendor = true;
							}
						}
					}
				}
			}
			else
			{
				Dbg("pinpad not exist, state: %d", ans.state);
			}
		}
		else
		{
			strErrMsg = "PinPad::GetDevInfo() fail";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);

			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
				GetOutPutStr("%s%08X%s%s", "GetDevInfo", rc, "strErrMsg", (const char*)strErrMsg ).c_str());
		}

		pPinPadClient->GetFunction()->CloseSession();
	}
	else
	{
		strErrMsg = "连接PinPad实体失败";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
			GetOutPutStr("%s%08X%s%s", "Connect", rc, "strErrMsg", "连接PinPad实体失败").c_str());
	}
	pPinPadClient->SafeDelete();
	pPinPadClient = NULL;

	if (bPinPadID)
	{
		if (bVendor)
			strPinPadID = strVendor + "_" + strPID;
		else
			strPinPadID = strPID;

		nRet += 1;
	}

	if (bDeviceID)
	{
		if (bVendor)
			strDeviceID = strVendor + "_" + strMID;
		else
			strDeviceID = strMID;

		nRet += 2;
	}

	return nRet;
}

bool CAccessAuthEntity::HasCkCodeFlg()
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	CSystemStaticInfo info;
	auto rc = GetFunction()->GetSystemStaticInfo(info);
	if (rc != Error_Succeed)
	{
		strErrMsg = "HasCkCodeFlg()=>GetSystemStaticInfo() fail";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
			GetOutPutStr("%s%08X%s%s", "GetSystemStaticInfo", rc, "strErrMsg", (const char*)strErrMsg).c_str());
		return false;
	}

	if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true))		// 回单打印机、简化版
	{
		Dbg("MachineType is [%s], not exist pinpad entity", info.strMachineType);
		return false;
	}
		

	auto pPinPadClient = new PinPadService_ClientBase(this);
	bool bCheckCode = false;
	CSimpleStringA strSpeficiCM;

	if (pPinPadClient->Connect() == Error_Succeed)
	{
		PinPadService_GetDevInfo_Req req = {};
		PinPadService_GetDevInfo_Ans ans = {};

		auto rc = pPinPadClient->GetDevInfo(req, ans, 3000);
		if (rc == Error_Succeed)
		{
			if (ans.state == DEVICE_STATUS_NORMAL)
			{
				Dbg("pinpad model: %s", (const char*)ans.model);

				// CM = V2.0#PM = V1.0#MID = 75500001#PID = 12345678#FWID = V1234567#Vendor = nantian
				// 密码键盘ID，PID，8到16字节;  设备ID，MID，8到16字节;  固件版本号，FWID，8字节
				CSimpleStringA str = ans.model;
				if (!str.IsNullOrEmpty())
				{
					auto arr = str.Split('#');
					if (arr.GetCount() > 0)
					{
						for (int i = 0; i < arr.GetCount(); i++)
						{
							auto arr2 = arr[i].Split('=');
							if (arr2.GetCount() != 2)
								continue;

							if(!strnicmp((LPCTSTR)arr2[0], "CM", strlen("CM")))
							{
								strSpeficiCM = arr2[1];

								if (strSpeficiCM.GetLength() > 3 && _strnicmp(strSpeficiCM, "V2.0", strlen("V2.0")) == 0)
								{
									//Support checkcode, then operate checkcode routine..
									bCheckCode = true;									
								}								
							}						
						}
					}
				}
			}
			else
			{
				Dbg("pinpad not exist, state: %d", ans.state);	
				LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
					GetOutPutStr("%s%d", "ans.state", ans.state).c_str());
			}
		}
		else
		{
			strErrMsg = "PinPad::GetDevInfo() fail";
			SetAuthErrMsg((const char *)strErrMsg);
			spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
			//LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);
			LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
				GetOutPutStr("%s%08X", "GetDevInfo", rc).c_str());
		}

		pPinPadClient->GetFunction()->CloseSession();
	}
	else
	{
		strErrMsg = "连接PinPad实体失败";
		SetAuthErrMsg((const char *)strErrMsg);
		spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
		//LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
			GetOutPutStr("%s%s", "strErrMsg", strErrMsg).c_str());
	}

	pPinPadClient->SafeDelete();
	pPinPadClient = NULL;

	return bCheckCode? true:false;
}

wstring CAccessAuthEntity::ANSIToUnicode(const string& str)
{
	int  len = 0;
	len = str.length();

	int  unicodeLen = ::MultiByteToWideChar(CP_ACP,
		0,
		str.c_str(),
		-1,
		NULL,
		0); 

	wchar_t *  pUnicode;  
	pUnicode = new  wchar_t[unicodeLen+1];  
	memset(pUnicode,0,(unicodeLen+1)*sizeof(wchar_t));  
	::MultiByteToWideChar( CP_ACP,
		0,
		str.c_str(),
		-1,
		(LPWSTR)pUnicode,
		unicodeLen);

	wstring  rt;  
	rt = (wchar_t*)pUnicode;
	delete  pUnicode; 

	return  rt;  
}

//China Standard Time
BOOL CAccessAuthEntity::SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime)
{
	HKEY hKey;
	LONG ErrorCode;
	TCHAR szSubKey[256];
	TCHAR szStandardName[32];
	TCHAR szDaylightName[32];
	REG_TZI_FORMAT regTZI;	
	DWORD dwByteLen;

	// 检测入口参数
	if ((szTimeZoneKeyName == NULL) || (strlen(szTimeZoneKeyName) == 0))
	{	
		// 时区标识符不能为空
		return FALSE;
	}

	StringCchCopy(szSubKey, 256, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\"));
	StringCchCat(szSubKey, 256, szTimeZoneKeyName);	
	ErrorCode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szSubKey, 0, KEY_QUERY_VALUE, &hKey);
	if (ErrorCode != ERROR_SUCCESS)
	{
		//LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegOpenKeyEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time fail");
		Dbg("RegOpenKeyEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time fail");
		return FALSE;
	}

	// 标准名
	dwByteLen = sizeof(szStandardName);
	ErrorCode = RegQueryValueEx(hKey, TEXT("Std"), NULL, NULL, reinterpret_cast<LPBYTE>(&szStandardName), &dwByteLen);
	if (ErrorCode != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);
		//LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Std fail");
		Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Std fail");
		return FALSE;
	}

	// 夏时制名
	dwByteLen = sizeof(szDaylightName);
	ErrorCode = RegQueryValueEx(hKey, TEXT("Dlt"), NULL, NULL, reinterpret_cast<LPBYTE>(&szDaylightName), &dwByteLen);
	if (ErrorCode != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);
		//LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Dlt fail");
		Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Dlt fail");
		return FALSE;
	}

	// 时区信息
	dwByteLen = sizeof(regTZI);
	ErrorCode = RegQueryValueEx(hKey, TEXT("TZI"), NULL, NULL, reinterpret_cast<LPBYTE>(&regTZI), &dwByteLen);
	RegCloseKey(hKey);
	if ((ErrorCode != ERROR_SUCCESS) || (dwByteLen > sizeof(regTZI)))
	{
		//LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\TZI fail");
		Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\TZI fail");
		return FALSE;
	}

	// 开启权限
	HANDLE hToken;
	TOKEN_PRIVILEGES tkp;	
	BOOL isOK;

	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
	{
		//LogError(Severity_Middle, Error_Unexpect, GetLastError(), "OpenProcessToken Standard Time\\Dlt fail");
		Dbg("OpenProcessToken Standard Time\\Dlt fail");
		return FALSE;
	}

	LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME, &tkp.Privileges[0].Luid);
	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
	if (GetLastError() != ERROR_SUCCESS)
	{
		CloseHandle(hToken);
		//LogError(Severity_Middle, Error_Unexpect, GetLastError(), "AdjustTokenPrivileges fail");
		Dbg("AdjustTokenPrivileges fail");
		return FALSE;
	}

	// 设置新时区
	DYNAMIC_TIME_ZONE_INFORMATION tzi;
	tzi.Bias = regTZI.Bias;
	tzi.StandardDate = regTZI.StandardDate;
	tzi.StandardBias = regTZI.StandardBias;		
	tzi.DaylightDate = regTZI.DaylightDate;	
	tzi.DaylightBias = regTZI.DaylightBias;			
	tzi.DynamicDaylightTimeDisabled = !isDaylightSavingTime;
	wcscpy(tzi.StandardName, ANSIToUnicode(szStandardName).c_str());
	wcscpy(tzi.DaylightName, ANSIToUnicode(szDaylightName).c_str());
	wcscpy(tzi.TimeZoneKeyName, ANSIToUnicode(szTimeZoneKeyName).c_str());

	isOK = SetDynamicTimeZoneInformation(&tzi);	// 设置动态时区
	if (!isOK)
	{
		//LogError(Severity_Middle, Error_Unexpect,  GetLastError(), "SetDynamicTimeZoneInformation fail");
		Dbg("SetDynamicTimeZoneInformation fail");
	}	

	// 关闭权限
	tkp.Privileges[0].Attributes = 0;
	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
	CloseHandle(hToken);

	return isOK;
}

SP_BEGIN_ENTITY_MAP()
	SP_ENTITY(CAccessAuthEntity)
SP_END_ENTITY_MAP()