123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794 |
- #include "stdafx.h"
- #include "SpBase.h"
- #include "mod_AccessAuth.h"
- //#include "PinPadClass.h"
- #include "RvcComm.h"
- #include "WMIDeviceQuery.h"
- #include <fileutil.h>
- #include <Strsafe.h>
- #include <wincrypt.h>
- #include "TokenKeeper_client_g.h"
- using namespace TokenKeeper;
- #include "PinPad_client_g.h"
- using namespace PinPad;
- #include "DeviceBaseClass.h"
- //#define IGNORE_PINPAD
- typedef struct _REG_TZI_FORMAT
- {
- LONG Bias;
- LONG StandardBias;
- LONG DaylightBias;
- SYSTEMTIME StandardDate;
- SYSTEMTIME DaylightDate;
- } REG_TZI_FORMAT;
- void CAccessAuthSession::Handle_Regist(SpOnewayCallContext<AccessAuthService_Regist_Info>::Pointer ctx)
- {
- m_pEntity->Regist();
- }
- void CAccessAuthSession::Handle_Unregist(SpOnewayCallContext<AccessAuthService_Unregist_Info>::Pointer ctx)
- {
- m_pEntity->Unregist(ctx->Info.nReason, ctx->Info.nWay);
- }
- void CAccessAuthSession::Handle_Reregist(SpOnewayCallContext<AccessAuthService_Reregist_Info>::Pointer ctx)
- {
- m_pEntity->Reregist();
- }
- void CAccessAuthSession::Handle_PushTerminalStage(SpOnewayCallContext<AccessAuthService_PushTerminalStage_Info>::Pointer ctx)
- {
- m_pEntity->PushTerminalStage(ctx->Info.cNewStage, ctx->Info.dwNewStageTime, ctx->Info.cOldStage, ctx->Info.dwOldStageTime);
- }
- void CAccessAuthSession::Handle_InitDev(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer ctx)
- {
- m_pEntity->InitDevice(ctx);
- }
- void CAccessAuthSession::Handle_SyncTime(SpOnewayCallContext<AccessAuthService_SyncTime_Info>::Pointer ctx)
- {
- m_pEntity->SyncTime();
- }
- void CAccessAuthEntity::OnStarted()
- {
- //设置时区为北京标准时区
- if (!SetLocalTimeZoneByKeyName("China Standard Time", FALSE))
- {
- //LogError(Severity_Middle, Error_Unexpect, ERROR_ACCESSAUTH_SETTIMEZONE, "设置标准时区失败");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_SETTIMEZONE,GetOutPutStr("%s%s","SetLocalTimeZoneByKeyName","False").c_str());
- }
- m_FSM.Init(this);
- }
- void CAccessAuthEntity::OnPreStart(CAutoArray<CSimpleStringA> strArgs,CSmartPointer<ITransactionContext> pTransactionContext)
- {
- ErrorCodeEnum Error = Error_Succeed;
- pTransactionContext->SendAnswer(Error) ;
- }
- void CAccessAuthEntity::OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer<ITransactionContext> pTransactionContext)
- {
- m_FSM.PostExitEvent();
- pTransactionContext->SendAnswer(Error_Succeed);
- }
- void CAccessAuthEntity::OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName)
- {
- }
- // 开始准入
- ErrorCodeEnum CAccessAuthEntity::Regist()
- {
- m_FSM.PostEventFIFO(new FSMEvent(CAccessAuthFSM::Event_StartRegist));
- return Error_Succeed;
- }
- // 重新准入
- ErrorCodeEnum CAccessAuthEntity::Reregist()
- {
- m_FSM.PostEventFIFO(new FSMEvent(CAccessAuthFSM::Event_StartReregist));
- return Error_Succeed;
- }
- // 准入退出
- ErrorCodeEnum CAccessAuthEntity::Unregist(int nReason, int nWay)
- {
- FSMEvent *pEvent = new FSMEvent(CAccessAuthFSM::Event_StartUnregist);
- pEvent->param1 = nReason;
- pEvent->param2 = nWay;
- m_FSM.PostEventFIFO(pEvent);
- return Error_Succeed;
- }
- ErrorCodeEnum CAccessAuthEntity::SyncTime()
- {
- return m_FSM.SyncTime();
- }
- ErrorCodeEnum CAccessAuthEntity::PushTerminalStage(char cNewStage, DWORD dwNewStageTime, char cOldStage, DWORD dwOldStageTime)
- {
- Dbg("on PushTerminalStage, cNewStage: %c", cNewStage);
- CAccessAuthFSM::ReportStateEvent *pEvent = new CAccessAuthFSM::ReportStateEvent(cNewStage, dwNewStageTime, cOldStage, dwOldStageTime);
- m_FSM.PostEventFIFO(pEvent);
- return Error_Succeed;
- }
- // KMC初始化
- ErrorCodeEnum CAccessAuthEntity::InitKMC()
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- CSimpleStringA strPath;
- int nRet = 0;
-
- CSystemStaticInfo si;
- ErrorCodeEnum rc = GetFunction()->GetSystemStaticInfo(si);
- if (rc != Error_Succeed)
- {
- strErrMsg = "InitKMC()=>GetSystemStaticInfo() fail";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char*)strErrMsg);
- LogWarn(Severity_Middle,Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
- GetOutPutStr("%s%08X%s%s", "GetSystemStaticInfo",rc,"strErrMsg", (const char*)strErrMsg).c_str());
- return rc;
- }
- if (HasCkCodeFlg())
- {
- rc = GetFunction()->GetPath("Dbg", strPath);
- LOG_ASSERT(rc == Error_Succeed);
- strPath.Append("\\kmc");
- nRet = ::RvcInit(NULL, 0, NULL, 0, (char*)strPath.GetData(), NO_ALG);
- Dbg("has checkcode,RvcInit return %d",nRet);
- }
- else
- {
- rc = GetFunction()->GetPath("RunInfo", strPath);
- LOG_ASSERT(rc == Error_Succeed);
- strPath.Append("\\kmc");
- int nPinPadCapability = GetPinPadCapability();
- nRet = ::Init((const char*) strPath, strPath.GetLength(), nPinPadCapability);
- Dbg("not has checkcode,Init strPath=%s, nPinPadCapability=%d, return nPinPadCapability=,%d", strPath,nPinPadCapability,nRet);
- }
-
- if (nRet == 1)
- {
- Dbg("DES WK need update, kmc init ret = %d", nRet);
- return Error_Succeed;
- }
- else if (nRet == 2)
- {
- Dbg("DES MK need init, kmc init ret = %d", nRet);
- return Error_Succeed;
- }
- else if (nRet == 11 || nRet == 12)
- {
- Dbg("SM WK need update, kmc init ret = %d", nRet);
- return Error_Succeed;
- }
- else if (nRet == 20 || nRet == 22 || nRet == 21)
- {
- Dbg("SM MK need init, kmc init ret = %d", nRet);
- return Error_Succeed;
- }
- else if (nRet != 0)
- {
- strErrMsg = CSimpleStringA::Format("kmc init fail, GetKMCLastErrMsg[%s], Init return[%d]", (const char*)GetKMCLastErrMsg(), nRet);
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Middle, Error_Unexpect, ERROR_ACCESSAUTH_INITKMC, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_RVC_INIT,
- GetOutPutStr("%s%d%s%s", "RvcInit", nRet, "strErrMsg", (const char*)strErrMsg).c_str());
- return Error_Succeed; // xkm@20161214: 返回失败会强制使用密码键盘准入, 为了保持流程兼容改为成功
- }
- Dbg("kmc init succ");
- return Error_Succeed;
- }
-
- // 获取WK更新请求包
- // @nAlgFlag: 1:3des only; 2: sm4 only; 3: both 3des and sm4
- ErrorCodeEnum CAccessAuthEntity::GetKmcWKUpdateData(char *pBuf, int &nLen, int nAlgFlag)
- {
- Dbg("CreateUpdateReq, algflag: %d", nAlgFlag);
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- if (HasCkCodeFlg())
- {
- //此处调用新接口,先调用pinpad接口生成mk校验码,并把校验码当成参数传入
- CAutoArray<CSimpleStringA> TmkChk;
- TmkChk.Init(1);
- Dbg("get Tmk check code from pinpad...");
- PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
- auto rc = pPinPad->Connect();
- if (rc == Error_Succeed)
- {
- PinPadService_GetCheckCode_Req req;
- PinPadService_GetCheckCode_Ans ans;
- req.mSN.Init(1);
- req.wSN.Init(1);
- req.wSN[0] = 99;
- if (1 == nAlgFlag)
- {
- req.mSN[0] = 0;
- rc = pPinPad->GetCheckCode(req,ans,10000);
- }
- else if (2 == nAlgFlag)
- {
- req.mSN[0] = 1;
- rc = pPinPad->GetCheckCode(req,ans,10000);
- }
- else
- {
- //LogError(Severity_Low, rc, 0, "GetKmcWKUpdateData参数错误,nAlgFlag必须为0或1");
- Dbg("GetKmcWKUpdateData参数错误,nAlgFlag必须为0或1");
- }
- if (rc == Error_Succeed)
- {
- TmkChk[0] = ans.checkcode[0];
- Dbg("GetTmkCheck from pinpad succ, nAlgFlag[%d], Tmk:[%s]", nAlgFlag, ans.checkcode[0].GetData());
- }
- else
- {
- strErrMsg = "从PinPad获取主密钥校验码失败,请联系密码键盘厂商维护";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, 0, "get tmk check code from pinpad fail");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08X%s%s", "GetCheckCode", rc, "AuthErrMsg", strErrMsg).c_str());
- }
- pPinPad->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "连接PinPad实体失败";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, 0, "connect to pinpad entity fail");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%s%s%s", "Connect", "False", "AuthErrMsg", strErrMsg).c_str());
- }
- pPinPad->SafeDelete();
- CSimpleStringA strTmk = TmkChk[0].SubString(0,16);
- int nRet = RvcCreateUpdateReq((char*)strTmk.GetData(), nAlgFlag-1, pBuf, &nLen);
- if (nRet != 0)
- {
- strErrMsg = CSimpleStringA::Format("调用KMC接口RvcCreateUpdateReq失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATEUPDATEREQ, (const char*)strErrMsg);
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_UPDATE_WK_REQ,
- GetOutPutStr("%s%d%s%s", "RvcCreateUpdateReq", nRet, "AuthErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- }
- else
- {
- int nRet = CreateUpdateReq(pBuf, &nLen, nAlgFlag);
- if (nRet != 0)
- {
- strErrMsg = CSimpleStringA::Format("调用KMC接口CreateUpdateReq失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATEUPDATEREQ, (const char*)strErrMsg);
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_UPDATE_WK_REQ,
- GetOutPutStr("%s%d%s%s", "CreateUpdateReq", nRet, "AuthErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- }
- return Error_Succeed;
- }
- ErrorCodeEnum CAccessAuthEntity::ParseWKUpdateResult(char *pBuf, int nLen, int nAlgFlag)
- {
- // 调用KMC解析返回
- Dbg("ParseUpdateRes: [%s], len: %d, alg: %d", pBuf, nLen, nAlgFlag);
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- int nRet = RvcParseUpdateRes(pBuf, nLen, nAlgFlag-1, &m_pkeys);
- if (nRet != 0)
- {
- strErrMsg = CSimpleStringA::Format("调用KMC接口RvcParseUpdateRes失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCPARSEUPDATERES, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_PARSE_UPDATE_RES,
- GetOutPutStr("%s%d%s%s", "RvcParseUpdateRes", nRet, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- char* pKeyBuf = RvcGetKey(m_pkeys, TMKCHK, pBuf);
- if (NULL == pKeyBuf)
- {
- strErrMsg = CSimpleStringA::Format("调用KMC接口RvcGetKey(ParseWKUpdateResult)失败, 错误信息[%s], 返回值[%d]", (const char*)GetKMCLastErrMsg(), nRet);
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
- GetOutPutStr("%s%s", "RvcGetKey", pKeyBuf).c_str());
- return Error_Unexpect;
- }
- //int nCapability = GetPinPadCapability();
- //if (nCapability == 1 || nCapability == 3)
- //{
- // Dbg("print DES WK after update");
- // PrintAllKeys(false);
- //}
- //if (nCapability == 2 || nCapability == 3)
- //{
- // Dbg("print SM WK after update");
- // PrintAllKeys(true);
- //}
- Dbg("parse wk update result succ");
- return Error_Succeed;
- }
- CSimpleStringA CAccessAuthEntity::GetKMCLastErrMsg()
- {
- char szBuf[256];
- memset(szBuf, 0, 256);
- int nBufLen = 256;
- RvcGetLastErrorMsg(szBuf, &nBufLen);
- return szBuf;
- }
- ErrorCodeEnum CAccessAuthEntity::ReleaseKMC()
- {
- ::RvcRelease();
- return Error_Succeed;
- }
- //ErrorCodeEnum CAccessAuthEntity::PrintAllKeys(bool bSM)
- //{
- // // 取出主密钥
- // char keyBuf[64];
- // int nKeyBufLen = 64;
- // memset(keyBuf, 0, 64);
- //
- // char chkBuf[16];
- // int nChkBufLen = 16;
- // memset(chkBuf, 0, 16);
- //
- // int nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csTMK : cTMK);
- // if (nRet != 0)
- // {
- // Dbg("get %s TMK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
- // return Error_Unexpect;
- // }
- //
- // Dbg("get %s TMK succeed: [%s], checkcode: [%s]",
- // bSM ? "SM" : "DES",
- // ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
- // ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
- //
- // // 取出TPK
- // nKeyBufLen = 64;
- // memset(keyBuf, 0, 64);
- //
- // nChkBufLen = 16;
- // memset(chkBuf, 0, 16);
- //
- // nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csTPK : cTPK);
- // if (nRet != 0)
- // {
- // Dbg("get %s TPK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
- // return Error_Unexpect;
- // }
- //
- // Dbg("get %s TPK succeed: [%s], checkcode: [%s]",
- // bSM ? "SM" : "DES",
- // ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
- // ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
- //
- //
- // // 取出EDK
- // nKeyBufLen = 64;
- // memset(keyBuf, 0, 64);
- //
- // nChkBufLen = 16;
- // memset(chkBuf, 0, 16);
- //
- // nRet = GetKey(keyBuf, &nKeyBufLen, chkBuf, &nChkBufLen, bSM ? csEDK : cEDK);
- // if (nRet != 0)
- // {
- // Dbg("get %s EDK error, %s (%d)", bSM ? "SM" : "DES", (const char*)GetKMCLastErrMsg(), nRet);
- // return Error_Unexpect;
- // }
- //
- // Dbg("get %s EDK succeed: [%s], checkcode: [%s]",
- // bSM ? "SM" : "DES",
- // ByteArrayToHexStr((BYTE*)keyBuf, nKeyBufLen).c_str(),
- // ByteArrayToHexStr((BYTE*)chkBuf, nChkBufLen).c_str());
- // return Error_Succeed;
- //}
- // 加载新WK
- ErrorCodeEnum CAccessAuthEntity::LoadPinPadWK(bool bSM)
- {
- #ifdef IGNORE_PINPAD
- return Error_Succeed;
- #else
- // 1:3des only; 2: sm4 only; 3: both 3des and sm4
- //int nCapability = GetPinPadCapability();
- //Dbg("pinpad capability: %d", nCapability);
-
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- char *retKeyBuf = NULL;
- if (!bSM)
- {
- // support des key
- // 读取工作密钥TPK
- char keyBuf[64];
- memset(keyBuf, 0, 64);
- retKeyBuf = RvcGetKey(m_pkeys, TPK, keyBuf);
- if (NULL == retKeyBuf)
- {
- strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get des TPK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
- GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- PinPadService_LoadKeys_Req req = {};
- req.initializeflag = false;
- req.workingkey1 = keyBuf;
- // 读取加密密钥EDK
- memset(keyBuf, 0, 64);
- retKeyBuf = RvcGetKey(m_pkeys, EDK, keyBuf);
- if (NULL == retKeyBuf)
- {
- strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get des EDK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
- GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- req.workingkey2 = keyBuf;
- Dbg("load des key to pinpad...");
- PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
- auto rc = pPinPad->Connect();
- if (rc == Error_Succeed)
- {
- PinPadService_LoadKeys_Ans ans = {};
- rc = pPinPad->LoadKeys(req, ans, 30000);
- if (rc == Error_Succeed)
- Dbg("load des key to pinpad succ");
- else
- {
- strErrMsg = "加载DES密钥到PinPad失败";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_LOADKEYS2PINPAD, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_LOAD_KEYS_TO_PINPAD,
- GetOutPutStr("%s%08x%s%s", "LoadKeys", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "连接PinPad实体失败";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->SafeDelete();
- return rc;
- }
- else
- //if (nCapability == 2 || nCapability == 3)
- {
- // support sm key
- // 读取工作密钥TPK
- char keyBuf[64];
- memset(keyBuf, 0, 64);
- retKeyBuf = RvcGetKey(m_pkeys, TPK, keyBuf);
- if (NULL == retKeyBuf)
- {
- strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get sm TPK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
- GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- PinPadService_LoadKeysSM_Req req = {};
- req.smflag = 1;
- req.initializeflag = false;
- req.workingkey1 = keyBuf;
- // 读取加密密钥EDK
- memset(keyBuf, 0, 64);
- retKeyBuf = RvcGetKey(m_pkeys, EDK, keyBuf);
- if (NULL == retKeyBuf)
- {
- strErrMsg = CSimpleStringA::Format("RvcGetKey(LoadPinPadWK()), get sm EDK fail, ErrMsg: [%s]", (const char*)GetKMCLastErrMsg());
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_RVCGETKEY, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_KEY,
- GetOutPutStr("%s%s%s%s", "RvcGetKey", retKeyBuf, "strErrMsg", (const char*)GetKMCLastErrMsg()).c_str());
- return Error_Unexpect;
- }
- req.workingkey2 = keyBuf;
- Dbg("load sm key to pinpad...");
- PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
- auto rc = pPinPad->Connect();
- if (rc == Error_Succeed)
- {
- PinPadService_LoadKeysSM_Ans ans = {};
- rc = pPinPad->LoadKeysSM(req, ans, 30000);
- if (rc == Error_Succeed)
- Dbg("load sm key to pinpad succ");
- else
- {
- strErrMsg = "加载SM密钥到PinPad失败";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_LOADKEYS2PINPAD, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_LOAD_KEYS_TO_PINPAD,
- GetOutPutStr("%s%08x%s%s", "LoadKeys", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "连接PinPad实体失败";
- SetAuthErrMsg((const char*)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char*)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char*)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->SafeDelete();
- return rc;
- }
- #endif
- }
- // 将16进制字符串转成BYTE数据
- bool CAccessAuthEntity::HexStrToByteArray(const char* pHex, BYTE *pBuf, int *pBufLen)
- {
- int nHexLen = strlen(pHex);
- if (nHexLen %2 != 0)
- {
- Dbg("error hex string length");
- return false;
- }
- if (nHexLen /2 > *pBufLen)
- {
- Dbg("not enough buf length");
- return false;
- }
- for(int i=0; i<nHexLen; i++)
- {
- BYTE b =0;
- char ch1 = pHex[i];
- if (ch1 >='0' && ch1<='9')
- b = ch1 - '0';
- else if (ch1 >='A' && ch1 <='F')
- b = ch1 - 'A' + 10;
- else
- {
- Dbg("invalid hex string");
- return false;
- }
- if (i %2 ==0)
- {
- pBuf[i/2] = b;
- }
- else
- {
- pBuf[i/2] = pBuf[i/2] << 4 | b;
- }
- }
- *pBufLen = nHexLen / 2;
- return true;
- }
- string CAccessAuthEntity::ByteArrayToHexStr(BYTE *pBuf, int nBufLen)
- {
- char szBuf[1024];
- memset(szBuf, 0, sizeof(szBuf));
- for(int i=0; i<nBufLen; i++)
- {
- BYTE b1 = (pBuf[i] >> 4) & 0x0F;
- BYTE b2 = pBuf[i] & 0x0F;
-
- if (b1 <= 9)
- szBuf[i*2] = '0' + b1;
- else
- szBuf[i*2] = 'A' + b1 - 10;
- if (b2 <= 9)
- szBuf[i*2+1] = '0' + b2;
- else
- szBuf[i*2+1] = 'A' + b2 - 10;
- }
- return szBuf;
- }
- // 调用密码键盘加密
- ErrorCodeEnum CAccessAuthEntity::EncryptDataWithPinPad(const CBlob &raw, CBlob &enc)
- {
- #ifdef IGNORE_PINPAD
- enc.Alloc(raw.m_iLength);
- memcpy(enc.m_pData, raw.m_pData, raw.m_iLength);
- return Error_Succeed;
- #else
- //EnDecryptInfo srcInfo;
- //memset(&srcInfo, 0, sizeof(srcInfo));
- //string strHex = ByteArrayToHexStr((BYTE*)raw.m_pData, raw.m_iLength);
- //srcInfo.dwSize = strHex.length();
- //memcpy(srcInfo.data, strHex.c_str(), strHex.length());
- //
- //EnDecryptInfo destInfo;
- //memset(&destInfo, 0, sizeof(destInfo));
- //destInfo.dwSize = 512;
- //// 改为测试数据
- ////memset(&srcInfo, 0, sizeof(srcInfo));
- ////memcpy(srcInfo.data, "30303132353637383536373839404142", 32);
- //Dbg("begin encrpyt data by pinpad");
- //ErrorCodeEnum rc = m_pPinPad->EncryptData(srcInfo, destInfo);
- //if (rc != Error_Succeed)
- //{
- // Dbg("pinpad encrypt data error, %s(%d)", (const char *)GetPinPadLastErrMsg(), rc);
- // return rc;
- //}
- //Dbg("pinpad encrypt data succeed: [%s]", destInfo.data);
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- PinPadService_EncryptData_Req req = {};
- PinPadService_EncryptData_Ans ans = {};
- req.data = ByteArrayToHexStr((BYTE*)raw.m_pData, raw.m_iLength).c_str();
- Dbg("begin encrpyt data with pinpad");
- PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
- auto rc = pPinPad->Connect();
- if (rc == Error_Succeed)
- {
- rc = pPinPad->EncryptData(req, ans, 10000);
- if (rc == Error_Succeed)
- Dbg("encrypt data with pinpad succ: [%s]", (const char*)ans.ciphertext);
- else
- {
- strErrMsg = "encrypt data with pinpad fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_PINPADENCDATA, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%08x%s%s", "EncryptData", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "connect to pinpad entity fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08x%s%s", "Connect", rc, "strErrMsg", strErrMsg).c_str());
- }
- pPinPad->SafeDelete();
- if (rc != Error_Succeed)
- return rc;
- /*
- // 解密看看能否还原
- EnDecryptInfo srcInfo2;
- srcInfo2.dwSize = 512;
- memset(&srcInfo2, 0, sizeof(srcInfo2));
- nRet = m_pPinPad->DecryptData(destInfo, srcInfo2);
- if (nRet != ERROR_SUCCESS)
- {
- Dbg("pinpad decrypt data error, %s(%d)", (const char *) GetPinPadLastErrMsg(), nRet);
- return rc;
- }
- Dbg("pinpad decrypt data succeed: [%s]", srcInfo2.data);
-
- // 拷入测试数据
- //memset(req1.encTerminalInfo, 0, sizeof(req1.encTerminalInfo));
- */
- BYTE buf[512];
- int nLen = 512;
- memset(buf, 0, 512);
- if (!HexStrToByteArray((const char*)ans.ciphertext, buf, &nLen))
- {
- strErrMsg = "convert encrypted data to byte array fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_HEXSTRTOBYTEARRAR, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_HEX_TO_BYTE,
- GetOutPutStr("%s%s%s%s", "HexStrToByteArray", "False", "strErrMsg", strErrMsg).c_str());
- return Error_Unexpect;
- }
- enc.Alloc(nLen);
- memcpy(enc.m_pData, buf, nLen);
- return Error_Succeed;
- #endif
- }
- // 生成临时RSA密钥对
- ErrorCodeEnum CAccessAuthEntity::CreateRsaKeyPair(CBlob &pubKey, CBlob &priKey)
- {
- int nPubKeyLen = 140;
- int nPriKeyLen = 620;
- pubKey.Alloc(nPubKeyLen);
- priKey.Alloc(nPriKeyLen);
- if (!::CreateRsaKeyPair((BYTE *)pubKey.m_pData, &nPubKeyLen, (BYTE *)priKey.m_pData, &nPriKeyLen))
- {
- SetAuthErrMsg("创建RSA密钥对失败");
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- spFunction->SetSysVar("AuthErrMsg", "创建RSA密钥对失败", true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CREATERSAKEYPAIR, "创建RSA密钥对失败!");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CREATE_RSA_KEY_PAIR,
- GetOutPutStr("%s%s","CreateRsaKeyPair","False").c_str());
- return Error_Unexpect;
- }
- pubKey.Resize(nPubKeyLen);
- priKey.Resize(nPriKeyLen);
- return Error_Succeed;
- }
- // 保存到令牌管理实体中
- ErrorCodeEnum CAccessAuthEntity::SaveRsaKeyPair(const CBlob &pubKey, const CBlob &priKey)
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
- ErrorCodeEnum rc = pTokenServiceClient->Connect();
- if (rc != Error_Succeed)
- {
- strErrMsg = "连接令牌管理实体失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNECTTOKENMANAGER, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE,
- GetOutPutStr("%s%08X%s%s", "Connect", rc,"strErrMsg", strErrMsg).c_str());
- }
- else
- {
- TokenService_SetKeyPair_Req req;
- req.pub_key = pubKey;
- req.pri_key = priKey;
- TokenService_SetKeyPair_Ans ans;
- rc = pTokenServiceClient->SetKeyPair(req, ans, 3000);
- pTokenServiceClient->GetFunction()->CloseSession();
- if (rc != Error_Succeed)
- {
- strErrMsg = "保存密钥对失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVERSAKEYPAIR, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
- GetOutPutStr("%s%08X%s%s", "SetKeyPair", rc,"strErrMsg", (const char*)strErrMsg).c_str());
- }
- else
- Dbg("set rsa key pair succ");
- }
- pTokenServiceClient->SafeDelete();
- return rc;
- }
- ErrorCodeEnum CAccessAuthEntity::SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK)
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
- ErrorCodeEnum rc = pTokenServiceClient->Connect();
- if (rc != Error_Succeed)
- {
- strErrMsg = "连接令牌管理实体失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNECTTOKENMANAGER, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE,
- GetOutPutStr("%s%08X%s%s", "Connect", rc,"strErrMsg", (const char*)strErrMsg).c_str());
- }
- else
- {
- TokenService_SetToken_Req req = {};
- req.token = token;
- TokenService_SetToken_Ans ans;
- rc = pTokenServiceClient->SetToken(req, ans, 5000);
- if (rc == Error_Succeed)
- Dbg("save token succ, token: [%s]", ByteArrayToHexStr((BYTE*)token.m_pData, token.m_iLength).c_str());
- else
- {
- strErrMsg = "保存令牌失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVETOKEN, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
- GetOutPutStr("%s%08X%s%s", "SetToken", rc,"strErrMsg", strErrMsg).c_str());
- }
- TokenService_SetSharedSK_Req req2 = {};
- req2.ssk = sharedSK;
- TokenService_SetSharedSK_Ans ans2 = {};
- rc = pTokenServiceClient->SetSharedSK(req2, ans2, 5000);
- if (rc == Error_Succeed)
- Dbg("save shared session key succ");
- else
- {
- strErrMsg = "保存会话密钥失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_SAVETOKEN, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_TOKEN_SERVICE,
- GetOutPutStr("%s%08X%s%s", "SetSharedSK", rc,"strErrMsg", (const char*)strErrMsg).c_str());
- }
- pTokenServiceClient->GetFunction()->CloseSession();
- }
- pTokenServiceClient->SafeDelete();
- return rc;
- }
- bool CAccessAuthEntity::HasPinPad()
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- CSystemStaticInfo info;
- auto rc = GetFunction()->GetSystemStaticInfo(info);
- if (rc != Error_Succeed)
- {
- strErrMsg = "HasPinPad()=>GetSystemStaticInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
- GetOutPutStr("%s%08X", "GetSystemStaticInfo", rc).c_str());
- return true;
- }
- if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true)) // 回单打印机、简化版
- {
- Dbg("MachineType[%s], not exist pinpad", info.strMachineType);
- return false;
- }
- else if (stricmp(info.strMachineType, "RVC.PAD") == 0) // Pad机型
- {
- // 根据PinPad实体状态确定是否连接密码键盘
- bool bPinPadExist = false;
- auto pPinPadClient = new PinPadService_ClientBase(this);
- if (pPinPadClient->Connect() != Error_Succeed)
- {
- Dbg("connect PinPad fail, assume no pinpad");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%s", "Connect", "False").c_str());
- }
- else
- {
- PinPadService_GetDevInfo_Req req = {};
- PinPadService_GetDevInfo_Ans ans = {};
- auto rc = pPinPadClient->GetDevInfo(req, ans, 3000);
- if (rc != Error_Succeed)
- {
- strErrMsg = "PinPad::GetDevInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%08X", "GetDevInfo", rc).c_str());
- }
- else
- {
- Dbg("PinPad::GetDevInfo() return state: %d", ans.state);
- bPinPadExist = ans.state != DEVICE_STATUS_NOT_READY;
- }
- pPinPadClient->GetFunction()->CloseSession();
- }
- pPinPadClient->SafeDelete();
- pPinPadClient = NULL;
- return bPinPadExist;
- }
- else
- {
- // 其它VTM机型,全部有内置密码键盘
- return true;
- }
- }
- // 1:3des only; 2: sm4 only; 3: both 3des and sm4
- // 由当前已初始化的密钥文件决定,兼容旧版本终端
- int CAccessAuthEntity::GetPinPadCapability()
- {
- int nCapability = 0;
- PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
- auto rc = pPinPad->Connect();
- if (rc == Error_Succeed)
- {
- PinPadService_QueryFunc_Req req;
- PinPadService_QueryFunc_Ans ans;
- rc = pPinPad->QueryFunc(req,ans,3000);
- if (rc == Error_Succeed)
- {
- nCapability = ans.reserved1;
- Dbg("QueryFunc from pinpad succ, nCapability[%d]", nCapability);
- }
- else
- {
- SetAuthErrMsg("从PinPad获取主密钥类型失败");
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- spFunction->SetSysVar("AuthErrMsg", "从PinPad获取主密钥类型失败", true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_GETPINPADCAPABILITY, "从PinPad获取主密钥类型失败");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%s%s%s", "QueryFunc", "False", "AuthErrMsg", "从PinPad获取主密钥类型失败").c_str());
- }
- pPinPad->GetFunction()->CloseSession();
- }
- else
- {
- SetAuthErrMsg("连接PinPad实体失败");
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- spFunction->SetSysVar("AuthErrMsg", "连接PinPad实体失败", true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, "连接PinPad实体失败");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08X%s%s", "Connect", rc,"AuthErrMsg", "连接PinPad实体失败").c_str());
- }
- pPinPad->SafeDelete();
- return nCapability;
- }
- bool CAccessAuthEntity::SaveAuthVerAndKey(int nAuthVer, BYTE *pKey)
- {
- m_nAuthVersion = nAuthVer;
- if (m_nAuthVersion == 2)
- memcpy(m_AuthSessionKey, pKey, 140);
- else
- memset(m_AuthSessionKey, 0, 140);
- return true;
- }
- static BYTE* ConvertHexStrToBytes(const char *pszStr)
- {
- if (pszStr == NULL || strlen(pszStr) == 0)
- return NULL;
- int nLen = strlen(pszStr) / 2;
- BYTE *pRet = (BYTE*)malloc(nLen);
- memset(pRet, 0, nLen);
- for (int i = 0; i < nLen; i++)
- {
- int nTmp(0);
- if (sscanf(&pszStr[i * 2], "%2X", &nTmp) != 1)
- {
- free(pRet);
- return NULL;
- }
- pRet[i] = (BYTE)nTmp;
- }
- return pRet;
- }
- // 使用准入会话密钥加密
- ErrorCodeEnum CAccessAuthEntity::EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc)
- {
- assert(m_nAuthVersion ==2);
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- // 将准入会话密钥导到CSP中
- HCRYPTPROV hProv(0);
- if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
- {
- DWORD dwLastError = GetLastError();
- Dbg("open RVC keyset fail: %d", dwLastError);
- //如果返回错误码NTE_BAD_KEYSET(0x80090016L),密钥集丢失,提示重新初始化密钥
- if (dwLastError == NTE_BAD_KEYSET)
- {
- strErrMsg = "windows密钥集丢失,请重新初始化密钥!";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_OPEN_CRYPT_CONTEXT,
- GetOutPutStr("%s%s%s%d", "CryptAcquireContext", "False", "dwLastError", dwLastError).c_str());
- }
- return Error_Unexpect;
- }
- else
- Dbg("open RVC keyset succ");
- HCRYPTKEY hExchKey(0);
- if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
- {
- strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CRYPT_GET_UESR_KEY,
- GetOutPutStr("%s%s%s%d", "CryptGetUserKey", "False", "dwLastError", GetLastError()).c_str());
- CryptReleaseContext(hProv, 0);
- return Error_Unexpect;
- }
- Dbg("get exchange key succ");
- // 将会话密钥导入到持久容器中
- HCRYPTKEY hSessionKey(0);
- if (!CryptImportKey(hProv, m_AuthSessionKey, sizeof(m_AuthSessionKey), hExchKey, 0, &hSessionKey))
- {
- strErrMsg = CSimpleStringA::Format("import session key fail: %d, 请重新初始化密钥", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_IMPORTSESSIONKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CRYPT_IMPORT_KEY,
- GetOutPutStr("%s%s%s%d", "CryptImportKey", "False", "dwLastError", GetLastError()).c_str());
- CryptDestroyKey(hExchKey);
- CryptReleaseContext(hProv, 0);
- return Error_Unexpect;
- }
- // 使用会话密钥加密数据
- DWORD dwDataLen = raw.m_iLength;
- BYTE *pEncData = new BYTE[128];
- memset(pEncData, 0, 128);
- memcpy(pEncData, raw.m_pData, raw.m_iLength);
- if (!CryptEncrypt(hSessionKey, 0, TRUE, 0, pEncData, &dwDataLen, 128))
- {
- strErrMsg = CSimpleStringA::Format("encrypt data fail: %d, 请重新初始化密钥", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_CRYPTWITHSESSIONKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_ENCRYPT_SESSION_KEY,
- GetOutPutStr("%s%s%s%d", "CryptEncrypt", "False", "dwLastError", GetLastError()).c_str());
- CryptDestroyKey(hSessionKey);
- CryptDestroyKey(hExchKey);
- CryptReleaseContext(hProv, 0);
- return Error_Unexpect;
- }
-
- enc.Attach(pEncData, dwDataLen);
- CryptDestroyKey(hSessionKey);
- CryptDestroyKey(hExchKey);
- CryptReleaseContext(hProv, 0);
- return Error_Succeed;
- }
- bool CAccessAuthEntity::GetMD5Hash(const char *pStr, BYTE md5[16])
- {
- HCRYPTPROV hCryptProv;
- bool bRet = false;
- if (CryptAcquireContextA(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET))
- {
- HCRYPTHASH hHash;
- if (CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash))
- {
- CryptHashData(hHash, (LPBYTE)pStr, strlen(pStr), 0);
- DWORD dwLen = 16;
- CryptGetHashParam(hHash, HP_HASHVAL, (LPBYTE)&md5[0], &dwLen, 0);
- bRet = true;
- }
- else
- {
- LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, CSimpleStringA::Format("CryptCreateHash fail: %d", GetLastError()));
- }
- CryptDestroyHash(hHash);
- }
- else
- {
- LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, CSimpleStringA::Format("CryptAcquireContextA fail: %d", GetLastError()));
- }
- CryptReleaseContext(hCryptProv, 0);
- return bRet;
- }
- static char* ConvertBytesToHexStr(BYTE *pBuf, int nLen)
- {
- char *pRet = (char*)malloc(nLen * 2 + 1);
- memset(pRet, 0, nLen * 2 + 1);
- char *p = pRet;
- for (int i = 0; i < nLen; i++)
- {
- BYTE b = pBuf[i];
- BYTE l = (b >> 4) & 0x0F;
- if (l >= 10)
- *p = l - 10 + 'A';
- else
- *p = l + '0';
- p++;
- BYTE r = b & 0x0F;
- if (r >= 10)
- *p = r - 10 + 'A';
- else
- *p = r + '0';
- p++;
- }
- return pRet;
- }
- bool CAccessAuthEntity::GetTerminalFingerPrint(BYTE *pBuf, int &nBufLen)
- {
- char szTmp[1024] = {};
- int nTmpBufLen = 1024;
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- CSimpleStringA strRet;
- if (!QueryWMIDevice(Processor, "ProcessorId", szTmp, &nTmpBufLen))
- {
- strErrMsg = CSimpleStringA::Format("query cpu id fail: %d, 请重启设备", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETCPUID, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
- GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());
- return false;
- }
- strRet = szTmp;
- //Dbg("cpu id: %s", szTmp);
- nTmpBufLen = 1024;
- memset(szTmp, 0, sizeof(szTmp));
- if (!QueryWMIDevice(BaseBoard, "SerialNumber", szTmp, &nTmpBufLen))
- {
- strErrMsg = CSimpleStringA::Format("query baseboard sn fail: %d, 请重启设备", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETBASEBOARDSN, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
- GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
- return false;
- }
- //Dbg("baseboard sn: %s", szTmp);
- strRet += "|";
- strRet += szTmp;
- nTmpBufLen = 1024;
- memset(szTmp, 0, sizeof(szTmp));
- if (!QueryWMIDevice(DiskDrive, "SerialNumber", szTmp, &nTmpBufLen))
- {
- strErrMsg = CSimpleStringA::Format("query harddisk sn fail: %d, 请重启设备", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_DISKDRIVESN, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
- GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "DiskDrive", GetLastError()).c_str());
- return false;
- }
- //Dbg("harddisk sn: %s", szTmp);
- strRet += "|";
- strRet += szTmp;
- Dbg("device info: [%s]", (const char*)strRet);
- // md5 hash
- BYTE md5[16] = {};
- if (!GetMD5Hash((const char*)strRet, md5))
- {
- strErrMsg = "get md5 hash as fingerprint fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
- GetOutPutStr("%s%s%s%s", "GetMD5Hash", "False", "strErrMsg", (const char*)strErrMsg).c_str());
- return false;
- }
- if (nBufLen < 16)
- {
- //Dbg("buf len is too small");
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETMD5HASH, "buf len is too small fail");
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
- GetOutPutStr("%s%d", "nBufLen", nBufLen).c_str());
- return false;
- }
- nBufLen = 16;
- memcpy(pBuf, md5, nBufLen);
- char *pszMd5 = ConvertBytesToHexStr(md5, 16);
- //Dbg("fringerprint: [%s]", pszMd5);
- free(pszMd5);
- return true;
- }
- #define RSAPUBKEY_BITLEN 1024
- struct PublicKeyBlob
- {
- PUBLICKEYSTRUC publickeystruc;
- RSAPUBKEY rsapubkey;
- BYTE modulus[RSAPUBKEY_BITLEN / 8];
- };
- // 生成RSA密钥对,并导出公钥
- bool CAccessAuthEntity::GetTerminalPublicKey(BYTE *pBuf, int &nBufLen)
- {
- if (nBufLen < sizeof(PublicKeyBlob))
- {
- Dbg("buf len is too small, must >= %d", sizeof(PublicKeyBlob));;
- return false;
- }
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- HCRYPTPROV hProv(0);
- if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
- {
- DWORD dwLastError = GetLastError();
- if (dwLastError != NTE_BAD_KEYSET)
- {
- strErrMsg = "windows密钥集丢失,请重新初始化密钥!";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptAcquireContext", "False", "strErrMsg", strErrMsg).c_str());
- return false;
- }
- Dbg("RVC keyset not exist, create now");
- if (!CryptAcquireContext(&hProv, "RVC", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET))
- {
- strErrMsg = "windows密钥集丢失,请重新初始化密钥!";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptAcquireContext", "False", "strErrMsg", strErrMsg).c_str());
- CryptReleaseContext(hProv, 0);
- return false;
- }
- Dbg("create RVC keyset succ");
- }
- else
- Dbg("open RVC keyset succ");
- HCRYPTKEY hExchKey(0);
- if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
- {
- DWORD dwLastError = GetLastError();
- if (dwLastError != NTE_NO_KEY)
- {
- strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥!", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptGetUserKey", "False", "strErrMsg", strErrMsg).c_str());
- CryptReleaseContext(hProv, 0);
- return false;
- }
- Dbg("exchange key not exist, now create it!");
- if (!CryptGenKey(hProv, AT_KEYEXCHANGE, RSA1024BIT_KEY | CRYPT_EXPORTABLE, &hExchKey))
- {
- strErrMsg = CSimpleStringA::Format("create exchange key fail: %d, 请重新初始化密钥!", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GENEXCHANGEKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptGenKey", "False", "strErrMsg", strErrMsg).c_str());
- CryptReleaseContext(hProv, 0);
- return false;
- }
- Dbg("create exchange key succ");
- CryptDestroyKey(hExchKey);
- hExchKey = 0;
- if (!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchKey))
- {
- strErrMsg = CSimpleStringA::Format("get exchange key fail: %d, 请重新初始化密钥!", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_GETEXCHANGEKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptGetUserKey", "False", "strErrMsg", strErrMsg).c_str());
- CryptReleaseContext(hProv, 0);
- return false;
- }
- }
- Dbg("get exchange key succ");
- Dbg("export public key now");
- if (!CryptExportKey(hExchKey, 0, PUBLICKEYBLOB, 0, pBuf, (DWORD*)&nBufLen))
- {
- strErrMsg = CSimpleStringA::Format("export public key fail: %d, 请重新初始化密钥!", GetLastError());
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, Error_Unexpect, ERROR_ACCESSAUTH_EXPORTKEY, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
- GetOutPutStr("%s%s%s%s", "CryptExportKey", "False", "strErrMsg", strErrMsg).c_str());
- CryptDestroyKey(hExchKey);
- CryptReleaseContext(hProv, 0);
- return false;
- }
- assert(nBufLen == sizeof(PublicKeyBlob));
- Dbg("export public key succ, len = %d ", nBufLen);
- char *pszPubKey = ConvertBytesToHexStr(pBuf, nBufLen);
- //Dbg("public key blob: [%s]", pszPubKey);
- free(pszPubKey);
- CryptDestroyKey(hExchKey);
- CryptReleaseContext(hProv, 0);
- return true;
- }
- ErrorCodeEnum CAccessAuthEntity::InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx)
- {
- return m_FSM.InitDevice(ctx);
- }
- // 返回1:只有PinPadID;2:只有DeviceID;3:两者都有;0:没有;-1表示失败
- int CAccessAuthEntity::GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimpleStringA &strDeviceID)
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- CSystemStaticInfo info;
- auto rc = GetFunction()->GetSystemStaticInfo(info);
- if (rc != Error_Succeed)
- {
- strErrMsg = "GetPinPadIDAndDeviceID()=>GetSystemStaticInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
- GetOutPutStr("%s%08X", "GetSystemStaticInfo", rc).c_str());
- return -1;
- }
- if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true)) // 回单打印机、简化版
- return 0;
- int nRet = -1;
- auto pPinPadClient = new PinPadService_ClientBase(this);
- bool bPinPadID = false;
- bool bDeviceID = false;
- bool bVendor = false;
- CSimpleStringA strVendor;
- CSimpleStringA strPID;
- CSimpleStringA strMID;
- rc = pPinPadClient->Connect();
- if (rc == Error_Succeed)
- {
- PinPadService_GetDevInfo_Req req = {};
- PinPadService_GetDevInfo_Ans ans = {};
- rc = pPinPadClient->GetDevInfo(req, ans, 3000);
- if (rc == Error_Succeed)
- {
- if (ans.state == DEVICE_STATUS_NORMAL)
- {
- nRet = 0;
- Dbg("pinpad model: %s", (const char*)ans.model);
- // CM = V2.0#PM = V1.0#MID = 75500001#PID = 12345678#FWID = V1234567#Vendor = nantian
- // 密码键盘ID,PID,8到16字节; 设备ID,MID,8到16字节; 固件版本号,FWID,8字节
- CSimpleStringA str = ans.model;
- if (!str.IsNullOrEmpty())
- {
- auto arr = str.Split('#');
- if (arr.GetCount() > 0)
- {
- for (int i = 0; i < arr.GetCount(); i++)
- {
- auto arr2 = arr[i].Split('=');
- if (arr2.GetCount() != 2)
- continue;
- //if (arr2[0] == "PID")
- if(!strnicmp((LPCTSTR)arr2[0], "PID", strlen("PID")))
- {
- strPID = arr2[1];
- if (!strPID.IsNullOrEmpty())
- bPinPadID = true;
- }
- //else if (arr2[0] == "MID")
- else if(!strnicmp((LPCTSTR)arr2[0], "MID", strlen("MID")))
- {
- strMID = arr2[1];
- if (!strMID.IsNullOrEmpty())
- bDeviceID = true;
- }
- //else if (arr2[0] == "Vendor")
- else if(!strnicmp((LPCTSTR)arr2[0], "Vendor", strlen("Vendor")))
- {
- strVendor = arr2[1];
- if (!strVendor.IsNullOrEmpty())
- bVendor = true;
- }
- }
- }
- }
- }
- else
- {
- Dbg("pinpad not exist, state: %d", ans.state);
- }
- }
- else
- {
- strErrMsg = "PinPad::GetDevInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%08X%s%s", "GetDevInfo", rc, "strErrMsg", (const char*)strErrMsg ).c_str());
- }
- pPinPadClient->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "连接PinPad实体失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%08X%s%s", "Connect", rc, "strErrMsg", "连接PinPad实体失败").c_str());
- }
- pPinPadClient->SafeDelete();
- pPinPadClient = NULL;
- if (bPinPadID)
- {
- if (bVendor)
- strPinPadID = strVendor + "_" + strPID;
- else
- strPinPadID = strPID;
- nRet += 1;
- }
- if (bDeviceID)
- {
- if (bVendor)
- strDeviceID = strVendor + "_" + strMID;
- else
- strDeviceID = strMID;
- nRet += 2;
- }
- return nRet;
- }
- bool CAccessAuthEntity::HasCkCodeFlg()
- {
- CSimpleStringA strErrMsg;
- CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
- CSystemStaticInfo info;
- auto rc = GetFunction()->GetSystemStaticInfo(info);
- if (rc != Error_Succeed)
- {
- strErrMsg = "HasCkCodeFlg()=>GetSystemStaticInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETSTATICINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
- GetOutPutStr("%s%08X%s%s", "GetSystemStaticInfo", rc, "strErrMsg", (const char*)strErrMsg).c_str());
- return false;
- }
- if (info.strMachineType.IsStartWith("RPM", true) || info.strMachineType.IsStartWith("RVC.CardStore", true) || info.strMachineType.IsStartWith("RVC.IL", true)) // 回单打印机、简化版
- {
- Dbg("MachineType is [%s], not exist pinpad entity", info.strMachineType);
- return false;
- }
-
- auto pPinPadClient = new PinPadService_ClientBase(this);
- bool bCheckCode = false;
- CSimpleStringA strSpeficiCM;
- if (pPinPadClient->Connect() == Error_Succeed)
- {
- PinPadService_GetDevInfo_Req req = {};
- PinPadService_GetDevInfo_Ans ans = {};
- auto rc = pPinPadClient->GetDevInfo(req, ans, 3000);
- if (rc == Error_Succeed)
- {
- if (ans.state == DEVICE_STATUS_NORMAL)
- {
- Dbg("pinpad model: %s", (const char*)ans.model);
- // CM = V2.0#PM = V1.0#MID = 75500001#PID = 12345678#FWID = V1234567#Vendor = nantian
- // 密码键盘ID,PID,8到16字节; 设备ID,MID,8到16字节; 固件版本号,FWID,8字节
- CSimpleStringA str = ans.model;
- if (!str.IsNullOrEmpty())
- {
- auto arr = str.Split('#');
- if (arr.GetCount() > 0)
- {
- for (int i = 0; i < arr.GetCount(); i++)
- {
- auto arr2 = arr[i].Split('=');
- if (arr2.GetCount() != 2)
- continue;
- if(!strnicmp((LPCTSTR)arr2[0], "CM", strlen("CM")))
- {
- strSpeficiCM = arr2[1];
- if (strSpeficiCM.GetLength() > 3 && _strnicmp(strSpeficiCM, "V2.0", strlen("V2.0")) == 0)
- {
- //Support checkcode, then operate checkcode routine..
- bCheckCode = true;
- }
- }
- }
- }
- }
- }
- else
- {
- Dbg("pinpad not exist, state: %d", ans.state);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%d", "ans.state", ans.state).c_str());
- }
- }
- else
- {
- strErrMsg = "PinPad::GetDevInfo() fail";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Middle, rc, ERROR_ACCESSAUTH_GETPINPADINFO, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_FROM_PINPAD,
- GetOutPutStr("%s%08X", "GetDevInfo", rc).c_str());
- }
- pPinPadClient->GetFunction()->CloseSession();
- }
- else
- {
- strErrMsg = "连接PinPad实体失败";
- SetAuthErrMsg((const char *)strErrMsg);
- spFunction->SetSysVar("AuthErrMsg", (const char *)strErrMsg, true);
- //LogError(Severity_Low, rc, ERROR_ACCESSAUTH_CONNETPINPAD, (const char *)strErrMsg);
- LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_CONNECT_PINPAD,
- GetOutPutStr("%s%s", "strErrMsg", strErrMsg).c_str());
- }
- pPinPadClient->SafeDelete();
- pPinPadClient = NULL;
- return bCheckCode? true:false;
- }
- wstring CAccessAuthEntity::ANSIToUnicode(const string& str)
- {
- int len = 0;
- len = str.length();
- int unicodeLen = ::MultiByteToWideChar(CP_ACP,
- 0,
- str.c_str(),
- -1,
- NULL,
- 0);
- wchar_t * pUnicode;
- pUnicode = new wchar_t[unicodeLen+1];
- memset(pUnicode,0,(unicodeLen+1)*sizeof(wchar_t));
- ::MultiByteToWideChar( CP_ACP,
- 0,
- str.c_str(),
- -1,
- (LPWSTR)pUnicode,
- unicodeLen);
- wstring rt;
- rt = (wchar_t*)pUnicode;
- delete pUnicode;
- return rt;
- }
- //China Standard Time
- BOOL CAccessAuthEntity::SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime)
- {
- HKEY hKey;
- LONG ErrorCode;
- TCHAR szSubKey[256];
- TCHAR szStandardName[32];
- TCHAR szDaylightName[32];
- REG_TZI_FORMAT regTZI;
- DWORD dwByteLen;
- // 检测入口参数
- if ((szTimeZoneKeyName == NULL) || (strlen(szTimeZoneKeyName) == 0))
- {
- // 时区标识符不能为空
- return FALSE;
- }
- StringCchCopy(szSubKey, 256, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\"));
- StringCchCat(szSubKey, 256, szTimeZoneKeyName);
- ErrorCode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szSubKey, 0, KEY_QUERY_VALUE, &hKey);
- if (ErrorCode != ERROR_SUCCESS)
- {
- //LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegOpenKeyEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time fail");
- Dbg("RegOpenKeyEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time fail");
- return FALSE;
- }
- // 标准名
- dwByteLen = sizeof(szStandardName);
- ErrorCode = RegQueryValueEx(hKey, TEXT("Std"), NULL, NULL, reinterpret_cast<LPBYTE>(&szStandardName), &dwByteLen);
- if (ErrorCode != ERROR_SUCCESS)
- {
- RegCloseKey(hKey);
- //LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Std fail");
- Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Std fail");
- return FALSE;
- }
- // 夏时制名
- dwByteLen = sizeof(szDaylightName);
- ErrorCode = RegQueryValueEx(hKey, TEXT("Dlt"), NULL, NULL, reinterpret_cast<LPBYTE>(&szDaylightName), &dwByteLen);
- if (ErrorCode != ERROR_SUCCESS)
- {
- RegCloseKey(hKey);
- //LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Dlt fail");
- Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Dlt fail");
- return FALSE;
- }
- // 时区信息
- dwByteLen = sizeof(regTZI);
- ErrorCode = RegQueryValueEx(hKey, TEXT("TZI"), NULL, NULL, reinterpret_cast<LPBYTE>(®TZI), &dwByteLen);
- RegCloseKey(hKey);
- if ((ErrorCode != ERROR_SUCCESS) || (dwByteLen > sizeof(regTZI)))
- {
- //LogError(Severity_Middle, Error_Unexpect, ErrorCode, "RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\TZI fail");
- Dbg("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\TZI fail");
- return FALSE;
- }
- // 开启权限
- HANDLE hToken;
- TOKEN_PRIVILEGES tkp;
- BOOL isOK;
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
- {
- //LogError(Severity_Middle, Error_Unexpect, GetLastError(), "OpenProcessToken Standard Time\\Dlt fail");
- Dbg("OpenProcessToken Standard Time\\Dlt fail");
- return FALSE;
- }
- LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME, &tkp.Privileges[0].Luid);
- tkp.PrivilegeCount = 1;
- tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
- AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
- if (GetLastError() != ERROR_SUCCESS)
- {
- CloseHandle(hToken);
- //LogError(Severity_Middle, Error_Unexpect, GetLastError(), "AdjustTokenPrivileges fail");
- Dbg("AdjustTokenPrivileges fail");
- return FALSE;
- }
- // 设置新时区
- DYNAMIC_TIME_ZONE_INFORMATION tzi;
- tzi.Bias = regTZI.Bias;
- tzi.StandardDate = regTZI.StandardDate;
- tzi.StandardBias = regTZI.StandardBias;
- tzi.DaylightDate = regTZI.DaylightDate;
- tzi.DaylightBias = regTZI.DaylightBias;
- tzi.DynamicDaylightTimeDisabled = !isDaylightSavingTime;
- wcscpy(tzi.StandardName, ANSIToUnicode(szStandardName).c_str());
- wcscpy(tzi.DaylightName, ANSIToUnicode(szDaylightName).c_str());
- wcscpy(tzi.TimeZoneKeyName, ANSIToUnicode(szTimeZoneKeyName).c_str());
- isOK = SetDynamicTimeZoneInformation(&tzi); // 设置动态时区
- if (!isOK)
- {
- //LogError(Severity_Middle, Error_Unexpect, GetLastError(), "SetDynamicTimeZoneInformation fail");
- Dbg("SetDynamicTimeZoneInformation fail");
- }
- // 关闭权限
- tkp.Privileges[0].Attributes = 0;
- AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
- CloseHandle(hToken);
- return isOK;
- }
- SP_BEGIN_ENTITY_MAP()
- SP_ENTITY(CAccessAuthEntity)
- SP_END_ENTITY_MAP()
|