myvtm/Module/mod_accessauth/AccessAuthFSM.cpp

#include "stdafx.h"
#include "AccessAuthFSM.h"
#include "mod_AccessAuth.h"
#include "Event.h"
#include "access_basefun.h"
#include  <stdio.h>
#include  <stdlib.h>
#include "fileutil.h"
#include "CommEntityUtil.hpp"
#include "comm.h"
#include "PinPad_client_g.h"
using namespace PinPad;

#ifdef RVC_OS_WIN
#include  <io.h>
#include <stdint.h>"
#include "MyBase64.h"
#include <TlHelp32.h>
#include <iphlpapi.h>
#include <ws2tcpip.h>
#include <Winsock2.h>
#include <algorithm>
#pragma comment(lib, "IPHLPAPI.lib")
#define ALLOW_MULTI_NETWORKD_CARDS

#else
#include "CommEntityRestful.hpp"
#include "SpUtility.h"
#endif // RVC_OS_WIN

int HexBuf2StrBuf(PBYTE hexBuf, char** strBuf, DWORD len)
{
	char* tmpStr = *strBuf;
	int count = 0;
	for (int i = 0; i < len; ++i) {
		sprintf(tmpStr + count, "%0.2X", hexBuf[i]);
		count += 2;
	}
	return 0;
}
int StrBuf2HexBuf(LPCTSTR strBuf, PBYTE* hexBuf)
{
	int len = strlen(strBuf);
	if (len == 0 || len % 2 != 0)
		return 0;
	BYTE* buf = new BYTE[len / 2];
	if (buf == NULL)
		return 0;
	int j = 0;
	for (int i = 0; i < len;) {
		int tmpVal;
		sscanf(strBuf + i, "%2X", &tmpVal);
		buf[j] = tmpVal;
		i += 2;
		j++;
	}
	*hexBuf = buf;
	return j;
}

CAccessAuthFSM::CAccessAuthFSM()
	:m_finishAccess(0), m_nAccessFailedCount(0)
	, m_accessAuthHost(true), m_initDeviceHost(true)
	, m_strNetworkCheckUrl(true), m_strDefaultDNS(true), m_strBackupDNS(true), m_fNetworkChecking(false)
	, m_strDevPubKey(""), m_torelateDiffSyncTimeSecs(180), isServeEvent(false)
{
}

CAccessAuthFSM::~CAccessAuthFSM()
{
	m_iState = FSM_STATE_EXIT;		// 屏蔽退出ASSERT错误
}

void CAccessAuthFSM::OnStateTrans(int iSrcState, int iDstState)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("trans from %s to %s", GetStateName(iSrcState), GetStateName(iDstState));
}

ErrorCodeEnum CAccessAuthFSM::OnInit()
{
	LOG_FUNCTION();
	AddStateHooker(this);
	m_finishAccess = 0;

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Complied at: %s %s", __DATE__, __TIME__);

	//设置初始锁定状态，0
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	spFunction->SetSysVar("LockState", "0", true);

	ErrorCodeEnum Error = LoadCenterConfig();
	if (Error != Error_Succeed) 
	{
		LOG_TRACE("load CenterSetting.ini failed!");
	}

	GetDiffSyncTimeFromCenterSettings();
	return Error_Succeed;
}

ErrorCodeEnum CAccessAuthFSM::OnExit()
{
	RemoveStateHooker(this);
	return Error_Succeed;
}

void CAccessAuthFSM::HttpsLogCallBack(const char* logtxt)
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HttpsLogCallBack")("%s", logtxt);
}

struct TimeSynTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	TimeSynTask(CAccessAuthFSM* fsm) :m_fsm(fsm) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) 
		{
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
			m_fsm->PostEventFIFO(pEvent);
			CSimpleStringA strMsg(true);
			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或重启应用");
			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
			return;
		}
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);

#ifdef RVC_OS_WIN
		IHttpFunc* client;
		client = create_http(m_fsm->HttpsLogCallBack);
		CSessionkeySynReq timeSynReq;
		CSessionkeySynRet timeSynRet;

		timeSynReq.terminalNo = si.strTerminalID.GetData();
		timeSynReq.curTime = CSmallDateTime::GetNow().GetTime64();
		timeSynReq.m_url = m_fsm->GetmAccessAuthHost();
		timeSynReq.m_url += "/api/v3/sessionkey";//v3 新接口，返回title、content
		long beg = GetTickCount();
		bool ret = client->Post(timeSynReq, timeSynRet);
		long end = GetTickCount();

		if (ret) {
			if (timeSynRet.m_userCode.compare(ACS_SUCCESS)) {
				m_fsm->AuthLogWarn(timeSynRet, timeSynReq.m_url, "获取会话密钥");
				if (client) client->Destory();
				return;
			}


			int decodedSessionKeyLen = 0;
			char* decodedSessionKey = MyBase64::Hex2Str(timeSynRet.data.sessionKey.c_str(), decodedSessionKeyLen);

			DWORD rc = m_fsm->HandleTimeSyn(timeSynRet.data.timeDiff, (BYTE*)decodedSessionKey);
			delete decodedSessionKey;
			if (rc == Error_Succeed) {
				auto pEvent = new FSMEvent(CAccessAuthFSM::Event_EndSyncTime);
				m_fsm->PostEventFIFO(pEvent);
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask HandleTimeSyn error = %08X", rc);
			}
		}
		else {
			m_fsm->AuthLogWarn(timeSynRet, timeSynReq.m_url, "获取会话密钥");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_ACS_FAIL;
			m_fsm->PostEventFIFO(pEvent);
		}
		client->Destory();
#else
		struct TimeSynReqStructJson
		{
			std::string terminalNo;
			int curTime;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, curTime)
		} timeSyncReq;
		struct TimeSyncAnsStructJson
		{
			int timeDiff;
			int authVersion;
			std::string sessionKey;
			std::string reserved;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(timeDiff, authVersion, sessionKey, reserved)
		}timeSyncAns;

		timeSyncReq.terminalNo = si.strTerminalID.GetData();
		timeSyncReq.curTime = CSmallDateTime::GetNow().GetTime64();

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v3/sessionkey");
		SP::Module::Restful::FulfillRequestJsonBody(&config, timeSyncReq);
		RestfulClient client = RestfulClient::getInstance();

		std::string test;
		test = config.GetRequestUri();

		config.PreDo();
		client.Do(&config, &result);

		if (result.ResponseOK()) {
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);

			if (!responseStatus.IsOperatedOK()) {
				m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取会话密钥");
				return;
			}

			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, timeSyncAns);

			auto printFunc = [&timeSyncAns]() {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("timeDiff: %d", timeSyncAns.timeDiff);
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("authVersion: %d", timeSyncAns.authVersion);
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("sessionKey: %s", timeSyncAns.sessionKey.c_str());
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("reserved: %s", timeSyncAns.reserved.c_str());
			};
			printFunc();

			int decodedSessionKeyLen = 0;
			char* decodedSessionKey = Hex2Str(timeSyncAns.sessionKey.c_str(), decodedSessionKeyLen);
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("decodedSessionKey=%s,%d", decodedSessionKey, decodedSessionKeyLen);
			DWORD rc = Error_InvalidState;
			rc = m_fsm->HandleTimeSyn(timeSyncAns.timeDiff, (BYTE*)decodedSessionKey);
			delete decodedSessionKey;
			if (rc == Error_Succeed) {
				auto pEvent = new FSMEvent(CAccessAuthFSM::Event_EndSyncTime);
				m_fsm->PostEventFIFO(pEvent);
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask HandleTimeSyn error = %08X", rc);
			}
		}
		else {
			std::string errDetail(result.WhatError());
			if (errDetail.find("Error resolving address") != std::string::npos) {
				std::string tmpDetail = SP::Module::Net::GetWWWInfoThroughDig(config.GetBaseUri());
				if (!tmpDetail.empty()) {
					SP::Utility::replaceInPlace(tmpDetail, "\n", "$$");
					const int len = tmpDetail.length();
					int pos = 0, times = 0;
					const int each_size = 450;
					std::vector<std::string> contents;
					while (pos < len) {
						const std::string elem = tmpDetail.substr(pos, (len - pos) > each_size ? each_size : std::string::npos);
						pos = (++times) * each_size;
						contents.push_back(elem);
						LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO,
							CSimpleStringA::Format("[%d]%s", times, elem.c_str()));
					}
				}
				else {
					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
				}
			}
			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取会话密钥");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("TimeSynTask Connect Failed.");

			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_ACS_FAIL;
			m_fsm->PostEventFIFO(pEvent);
		}
#endif // RVC_OS_WIN
	}
};

struct UpdateWKTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	CAccessAuthEntity* m_entity;
	UpdateWKTask(CAccessAuthFSM* fsm, CAccessAuthEntity* entity) :m_fsm(fsm), m_entity(entity) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) 
		{
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			return;
		}
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);
		
#ifdef RVC_OS_WIN
		IHttpFunc* client;
		client = create_http(m_fsm->HttpsLogCallBack);
		CAccessAuthUpdateWKReq updateWKReq;
		updateWKReq.terminalNo = si.strTerminalID.GetData();
		auto tmkpair = m_entity->GenerateTmkToKMC();//first是加密的，seconde是没加密的
		updateWKReq.encRandom = tmkpair.first;

		PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this->m_entity);
		auto errRc = pPinPad->Connect();
		if (errRc == Error_Succeed)
		{
			PinPadService_GetCheckCode_Req req = {};
			PinPadService_GetCheckCode_Ans ans = {};

			req.mSN.Init(1);
			req.wSN.Init(1);
			req.mSN[0] = 1;
			req.wSN[0] = 0;
			errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
			if (errRc == Error_Succeed)
			{
				updateWKReq.tpkKeyCheck = ans.checkcode[0].GetData();
				updateWKReq.keyIndex = ans.index[0].GetData();
			}
			else
			{
				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Get keyChek && keyIndex failed.");
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("connect to pinpad failed.error code:%d", errRc);
		}

		CAccessAuthUpdateWKRet updateWKRet;
		updateWKReq.m_url = m_fsm->GetmAccessAuthHost();
		updateWKReq.m_url += "/api/v5/wkupdate";
		long beg = GetTickCount();
		bool ret = client->Post(updateWKReq, updateWKRet);
		long end = GetTickCount();

		if (ret) {
			if (updateWKRet.m_userCode.compare(ACS_SUCCESS)) {
				m_fsm->doWarnMsg(ERR_ACCESSAUTH_UPDATE_WK,
					GetOutPutStr("%s%s%s%s", "UpdateWKTask", updateWKRet.m_userCode.c_str(), "message", updateWKRet.m_errMsg.c_str()).c_str());
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)
					(GetOutPutStr("%s%s%s%s", "UpdateWKTask", updateWKRet.m_userCode.c_str(), "message", updateWKRet.m_errMsg.c_str()).c_str());
				if (client) client->Destory();
				return;
			}



			ErrorCodeEnum eLoadErr = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKRet.tpk,
				updateWKRet.edk, updateWKRet.keyIndex);
			if (eLoadErr == Error_Succeed) {
				if (client) client->Destory();
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("UpdateWKTask 密钥加载失败，请检查密码键盘连接. error = %08X", eLoadErr);
			}
		}
		else {
			CSimpleStringA acsResoultCode = "RTA520F";
			int acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_x;
			if (updateWKRet.m_sysCode == 6)
			{
				acsResoultCode = "RTA520D";
				acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_6;
			}
			else if (updateWKRet.m_sysCode == 28)
			{
				acsResoultCode = "RTA520E";
				acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_28;
			}
			m_fsm->doWarnMsg(acsErrCode,
				GetOutPutStr("%s%d", "连接总行ACS准入服务失败（StageReport）.", updateWKRet.m_sysCode).c_str());
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setBeginTime(beg).setEndTime(end).
				setResultCode(acsResoultCode.GetData()).
				setResultMsg(updateWKRet.m_errMsg.c_str())
				(GetOutPutStr("%s%d", "连接总行ACS准入服务失败（StageReport）.", updateWKRet.m_sysCode).c_str());
		}
		client->Destory();
#else
		struct UpdateWKReq
		{
			std::string terminalNo;
			std::string encRandom;
			string tpkKeyCheck; //tpk密钥校验值
			string edkKeyCheck; //edk密钥校验值
			string keyIndex; //密钥序号
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(terminalNo, encRandom, tpkKeyCheck, edkKeyCheck, keyIndex)
		} updateWKReq;

		struct UpdateWKAns
		{
			string tmk;
			string tpk;
			string edk;
			string tpkKeyCheck; //密钥校验值
			string edkKeyCheck; //edk密钥校验值
			string keyIndex; //密钥序号
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(tmk, tpk, edk, tpkKeyCheck, edkKeyCheck, keyIndex)
		} updateWKAns;

		updateWKReq.terminalNo = si.strTerminalID.GetData();
		auto tmkpair = m_entity->GenerateTmkToKMC();//first是加密的，seconde是没加密的
		updateWKReq.encRandom = tmkpair.first;

		PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this->m_entity);
		auto errRc = pPinPad->Connect();
		if (errRc == Error_Succeed)
		{
			PinPadService_GetCheckCode_Req req = {};
			PinPadService_GetCheckCode_Ans ans = {};

			req.mSN.Init(1);
			req.wSN.Init(1);
			req.mSN[0] = 1;
			req.wSN[0] = 0;
			errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
			if (errRc == Error_Succeed)
			{
				updateWKReq.tpkKeyCheck = ans.checkcode[0].GetData();
				updateWKReq.keyIndex = ans.index[0].GetData();
			}
			else
			{
				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Get keyChek && keyIndex failed.");
			}

			pPinPad->GetFunction()->CloseSession();
		}
		else
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("connect to pinpad failed.error code:%d", errRc);
		}

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v5/wkupdate");

		SP::Module::Restful::FulfillRequestJsonBody(&config, updateWKReq);

		std::string test;
		test = config.GetRequestUri();
		Dbg("请求地址：%s.", test.c_str());

		RestfulClient client = RestfulClient::getInstance();
		config.PreDo();
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("to Post with new restful....");
		client.Do(&config, &result);
		if (result.ResponseOK()) {
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask Connect With Restful Success.");
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
			if (!responseStatus.IsOperatedOK()) {
				m_fsm->doWarnMsg(ERR_ACCESSAUTH_UPDATE_WK,
					GetOutPutStr("%s%s%s%s", "UpdateWKTask", responseStatus.errorCode.c_str(), "message", responseStatus.errorMsg.c_str()).c_str(), true);
				return;
			}
			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, updateWKAns);

			DWORD rc = m_entity->LoadKeysToPinPadACS(tmkpair.second, updateWKAns.tpk, updateWKAns.edk, updateWKAns.keyIndex);
			if (rc == Error_Succeed) {
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("UpdateWKTask 密钥加载失败，请检查密码键盘连接。 error = %08X", rc);
			}
		}
		else {
			m_fsm->doWarnMsg(ERROR_ACCESSAUTH_CONNECT_ACS,
				GetOutPutStr("%s%s", "连接总行ACS准入服务失败（UpdateWKTask）.", result.WhatError().c_str()).c_str(), true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520G")("UpdateWKTask Connect Failed.");
		}

	UpdateWKRetError:

		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
		m_fsm->PostEventFIFO(pEvent);
#endif // RVC_OS_WIN
	}
};

struct GetTokenTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	CAccessAuthEntity* m_entity;
	GetTokenTask(CAccessAuthFSM* fsm, CAccessAuthEntity* entity) :m_fsm(fsm), m_entity(entity) {}

	void Process()
	{
		if (m_fsm->GetmAccessAuthHost().IsNullOrEmpty()) {
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_AccessAuth_NULL, "准入Url为空");
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenCancel);
			pEvent->param1 = AccessAuthorization_UserErrorCode_AccessAuth_NULL;
			m_fsm->PostEventFIFO(pEvent);
			CSimpleStringA strMsg(true);
			strMsg = CSimpleStringA::Format("准入服务地址为空，请下载集中配置或尝试重启应用");
			m_fsm->doWarnMsg(AccessAuthorization_UserErrorCode_AccessAuth_NULL, strMsg.GetData(), true);
			return;
		}
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);
		
#ifdef RVC_OS_WIN
		IHttpFunc* client;
		client = create_http(m_fsm->HttpsLogCallBack);
		CAccessAuthGetTokenReq getTokenReq;

		if (m_fsm->GetTokenReq(&getTokenReq) != Error_Succeed) {
			if (client) client->Destory();
			return;
		}

		CAccessAuthGetTokenRet getTokenRet;
		getTokenReq.m_url = m_fsm->GetmAccessAuthHost();
		getTokenReq.m_url += "/api/v3/access"; //v3新接口，返回title，content

		long beg = GetTickCount();
		bool ret = client->Post(getTokenReq, getTokenRet);
		long end = GetTickCount();

		if (ret) {
			if (getTokenRet.m_userCode.compare(ACS_SUCCESS)) {
				m_fsm->AuthLogWarn(getTokenRet, getTokenReq.m_url, "获取准入token");
				if (client) client->Destory();
				return;
			}


			if (getTokenRet.data.flag != 0 /*&& flag？*/) //判断是否需要告警，通过标志位,标志位待确定
			{
				CSimpleStringA tmsg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
					getTokenRet.m_userCode.c_str(), getTokenRet.data.warnMessage.c_str());
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", tmsg.GetData(), true);
			}
			else
			{
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", "", true);
			}

			DWORD rc = m_fsm->HandleGetToken((BYTE*)getTokenRet.data.sharedKey.enToken.c_str(), (BYTE*)getTokenRet.data.sharedKey.sharedSK.c_str(),
				(BYTE*)getTokenRet.data.accessToken.enToken.c_str(), (BYTE*)getTokenRet.data.accessToken.retHash.c_str());
			if (rc == Error_Succeed) {
				FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenSucc);
				m_fsm->PostEventFIFO(pEvent);
				if (client) client->Destory();
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask HandleGetToken error = %08X", rc);
			}
		}
		else {
			m_fsm->AuthLogWarn(getTokenRet, getTokenReq.m_url, "获取准入token");
		}
		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
		m_fsm->PostEventFIFO(pEvent);
		if (client) client->Destory();
#else
		CAutoArray<CSimpleStringA> devNames;
		DWORD rc = m_fsm->GetAllDevices(m_entity, devNames);

		///**TODO(Gifur@3/11/2022): 诗友确定是否还需要连分行！！！！！ */
		CAccessAuthGetTokenReq getTokenReq;
		if (m_fsm->GetTokenReq(&getTokenReq) != Error_Succeed)
		{
			FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
			m_fsm->PostEventFIFO(pEvent);
			return;
		}

		struct GetTokenReq
		{
			string installVersion;//终端版本（新加字段）
			string terminalCharacter;
			string terminalNo;
			string sessionTempPubKey;
			string encTerminalInfo;
			string publicKeySM;
			string pinPadID;
			string existPinPad;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(installVersion, terminalCharacter, terminalNo,
				sessionTempPubKey, encTerminalInfo, publicKeySM, pinPadID, existPinPad)
		} getTokenReqJson;

		struct AccessTokenJson
		{
			string enToken;
			string retHash;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(enToken, retHash)
		};
		struct SharedKeyJson
		{
			string enToken;
			string sharedSK;
			string retHash;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(enToken, sharedSK, retHash)
		};

		struct GetTokenAns
		{
			AccessTokenJson accessToken;
			SharedKeyJson sharedKey;
			bool flag;
			string warnMessage;
			JSONCONVERT2OBJECT_MEMEBER_REGISTER(accessToken, sharedKey, flag, warnMessage)
		} getTokenAns;

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_fsm->GetmAccessAuthHost().GetData(), &SpGetToken);
		config.SetChildUri("/api/v3/access");

		getTokenReqJson.installVersion = getTokenReq.installVersion;
		getTokenReqJson.terminalCharacter = getTokenReq.terminalCharacter;
		getTokenReqJson.terminalNo = getTokenReq.terminalNo;
		getTokenReqJson.sessionTempPubKey = getTokenReq.sessionTempPubKey;
		getTokenReqJson.encTerminalInfo = getTokenReq.encTerminalInfo;
		getTokenReqJson.publicKeySM = getTokenReq.publicKeySM;
		getTokenReqJson.pinPadID = getTokenReq.pinPadID;
		getTokenReqJson.existPinPad = getTokenReq.existPinPad;


		SP::Module::Restful::FulfillRequestJsonBody(&config, getTokenReqJson);

		std::string test;
		test = config.GetRequestUri();

		RestfulClient client = RestfulClient::getInstance();
		config.PreDo();
		client.Do(&config, &result);
		if (result.ResponseOK()) {
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
			if (!responseStatus.IsOperatedOK()) {
				m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
				return;
			}
			SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, getTokenAns);

			if (getTokenAns.flag != false/*&& flag？*/) //判断是否需要告警，通过标志位,标志位待确定
			{
				CSimpleStringA tmsg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
					responseStatus.errorCode.c_str(), getTokenAns.warnMessage.c_str());
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", tmsg.GetData(), true);
			}
			else
			{
				m_fsm->GetEntityBase()->GetFunction()->SetSysVar("AuthErrMsg", "", true);
			}
				
			DWORD rc = m_fsm->HandleGetToken((BYTE*)getTokenAns.sharedKey.enToken.c_str(), (BYTE*)getTokenAns.sharedKey.sharedSK.c_str(),
				(BYTE*)getTokenAns.accessToken.enToken.c_str(), (BYTE*)getTokenAns.accessToken.retHash.c_str());

			if (rc == Error_Succeed) {
				FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenSucc);
				m_fsm->PostEventFIFO(pEvent);
				return;
			}
			else {
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask HandleGetToken error = %08X", rc);
			}
		}
		else {
			std::string errDetail(result.WhatError());
			if (errDetail.find("Error resolving address") != std::string::npos) {
				std::string tmpDetail = SP::Module::Net::GetWWWInfoThroughDig(config.GetBaseUri());
				if (!tmpDetail.empty()) {
					SP::Utility::replaceInPlace(tmpDetail, "\n", "$$");
					const int len = tmpDetail.length();
					int pos = 0, times = 0;
					const int each_size = 450;
					std::vector<std::string> contents;
					while (pos < len) {
						const std::string elem = tmpDetail.substr(pos, (len - pos) > each_size ? each_size : std::string::npos);
						pos = (++times) * each_size;
						contents.push_back(elem);
						LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO,
							CSimpleStringA::Format("[%d]%s", times, elem.c_str()));
					}
				}
				else {
					LogWarn(Severity_Low, Error_Debug, ERROR_ACCESSAUTH_ACS_DIGINFO, errDetail.c_str());
				}
			}

			m_fsm->AuthLogWarn(result, config.GetRequestUri(), "获取准入token");
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTokenTask Connect Failed.");
		}
		FSMEvent* pEvent = new FSMEvent(CAccessAuthFSM::Event_ReqTokenFail);
		m_fsm->PostEventFIFO(pEvent);
#endif // RVC_OS_WIN
	}
};

struct InitDeviceTask :public ITaskSp
{
	CAccessAuthFSM* m_fsm;
	InitDeviceReq m_req;
	InitDeviceTask(CAccessAuthFSM* fsm, InitDeviceReq req) :m_fsm(fsm), m_req(req) {}

	void Process()
	{
#ifdef RVC_OS_WIN
		if (m_fsm->GetmInitDeviceHost().IsNullOrEmpty()) {
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_InitDev_NULL, "加密通道Url为空");
			return;
		}
		m_fsm->SetDevPubKey("");
		IHttpFunc* client;
		client = create_http(m_fsm->HttpsLogCallBack);
		CAccessAuthInitDeviceReq initDeviceReq;
		initDeviceReq.cr1 = m_req.CR1;
		initDeviceReq.cr3 = m_req.CR3;
		initDeviceReq.cDevPubKey = m_req.CDevPubKey;
		initDeviceReq.r2 = m_req.R2;
		initDeviceReq.vendor = m_req.Verdor;
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);
		initDeviceReq.terminalNo = si.strTerminalID;
		CAccessAuthInitDeviceRet initDeviceRet;
		initDeviceReq.m_url = m_fsm->GetmInitDeviceHost();
		initDeviceReq.m_url = initDeviceReq.m_url + "/api/v3/initdevice";
		long beg = GetTickCount();
		bool ret = client->Post(initDeviceReq, initDeviceRet);
		long end = GetTickCount();

		if (ret) {
			if (initDeviceRet.m_userCode.compare(ACS_SUCCESS)) {
				m_fsm->AuthLogWarn(initDeviceRet, initDeviceReq.m_url, "初始设备", false);
			}
			else {
				if (m_fsm->m_ctxInitDev != NULL) {
					m_fsm->m_ctxInitDev->Ans.R1 = initDeviceRet.r1.c_str();
					m_fsm->m_ctxInitDev->Ans.EncR2 = initDeviceRet.cr2.c_str();
					m_fsm->m_ctxInitDev->Ans.R3 = initDeviceRet.r3.c_str();
					m_fsm->SetDevPubKey(initDeviceRet.devPubKey.c_str());
					m_fsm->m_ctxInitDev->Answer(Error_Succeed);
					m_fsm->m_ctxInitDev.Clear();
				}
			}
		}
		else {
			m_fsm->AuthLogWarn(initDeviceRet, initDeviceReq.m_url, "初始设备", false);
		}
		if (client) client->Destory();
#else
		return;
#endif // RVC_OS_WIN
	}
};


void CAccessAuthFSM::doWarnMsg(int errReason, std::string errMsg, bool bNeedEvent, string varMsg)
{
#ifdef RVC_OS_WIN
	auto fullErrMsg = varMsg.length() > 0 ? varMsg : errMsg;
#else
	const std::string errMsgStr = SP::Utility::GBK2UTF8(errMsg);
	const std::string varMsgStr = SP::Utility::GBK2UTF8(varMsg);
	auto fullErrMsg = varMsgStr.length() > 0 ? varMsgStr : errMsgStr;
#endif // RVC_OS_WIN
	if (bNeedEvent) 
	{
#ifdef RVC_OS_WIN
		std::string alaramMSg(fullErrMsg);
		if (alaramMSg.length() >= 255) {
			std::string tmp = alaramMSg.substr(0, 252);
			tmp += "...";
			alaramMSg = tmp;
		}
		const ErrorCodeEnum ec = m_pEntity->GetFunction()->SetSysVar("AuthErrMsg", alaramMSg.c_str(), true);
#else
		const ErrorCodeEnum ec = m_pEntity->GetFunction()->SetSysVar("AuthErrMsg", fullErrMsg.c_str(), true);
#endif // RVC_OS_WIN
		if (ec != Error_Succeed) {
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Update SysVar failed: 0x%X", ec);
		}
		
		if (errReason == ERR_ACCESSAUTH_SERVICE_FAILED)
		{
			m_pEntity->GetFunction()->SetSysVar("AuthErrMsg", errMsg.c_str(), true);
			LogEvent(Severity_Middle, ERR_ACCESSAUTH_SERVICE_FAILED, errMsg.c_str());
		}
		else
		{
			LogEvent(Severity_Middle, checkErrType(errReason), errMsg.c_str());
		}
	}
	LogWarn(Severity_Middle, Error_Unexpect, errReason, errMsg.c_str());
}

void CAccessAuthFSM::s1_on_entry()
{
	CSimpleStringA strEntryStatus = GetEntryPermitSysVar();
	if (strEntryStatus.Compare("L") == 0) {
		PostEventFIFO(new FSMEvent(Event_AccessAuthSucc));
	} 
	else {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("EntryStatus: %s", strEntryStatus.GetData());
		SetEntryPermitSysVar("I");
	}
	GetEntityBase()->GetFunction()->SetSysVar("AccessHavePath", "Y");//oiltmp to delete
}

void CAccessAuthFSM::s1_on_exit()
{
}

unsigned int CAccessAuthFSM::s1_on_event(FSMEvent* pEvent)
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("s1_on_event: %d", pEvent->iEvt);
	return 0;
}
void CAccessAuthFSM::s2_on_entry()
{
	LOG_FUNCTION();

	m_finishAccess = 0;
	SetEntryPermitSysVar("C");
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("开始第%d次准入", m_nAccessFailedCount);

	CSmartPointer<TimeSynTask> timeSynTask = new TimeSynTask(this);
	GetEntityBase()->GetFunction()->PostThreadPoolTask(timeSynTask.GetRawPointer());
}

void CAccessAuthFSM::s2_on_exit()
{
}

unsigned int CAccessAuthFSM::s2_on_event(FSMEvent* pEvent)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("s2 receives event id: %d", pEvent->iEvt);

	if (pEvent->iEvt == Event_EndSyncTime) 
	{
		pEvent->SetHandled();

		CSmartPointer<GetTokenTask> getTokenTask = new GetTokenTask(this, (CAccessAuthEntity*)m_pEntity);
		GetEntityBase()->GetFunction()->PostThreadPoolTask(getTokenTask.GetRawPointer());
		return 0;

	} 
	else if (pEvent->iEvt == Event_ReqTokenCancel)
	{ //这里貌似会触发健康发起重试

		auto pEntity = (CAccessAuthEntity*)m_pEntity;
		if (pEvent->param1 == AccessAuthorization_UserErrorCode_AccessAuth_NULL) 
		{
			CSimpleStringA strMsg = CSimpleStringA::Format("准入Url为空");
			pEntity->SetAuthErrMsg(strMsg);
		} 
		else if (pEvent->param1 == AccessAuthorization_UserErrorCode_ACS_FAIL) 
		{
			pEntity->SetAuthErrMsg("访问总行ACS失败");
		} 
		else 
		{
			CSimpleStringA strErrMsg = CSimpleStringA::Format("准入超时(%d)", m_finishAccess);
			pEntity->GetFunction()->ShowFatalError(strErrMsg);
		}

		SetEntryPermitSysVar("A");
		m_nAccessFailedCount++;
		pEvent->SetHandled();

	}
	else if (pEvent->iEvt == Event_ReqTokenFail) 
	{  //而这里不会触发健康发起重试

		SetEntryPermitSysVar("F");
		pEvent->SetHandled();

		auto pEntity = (CAccessAuthEntity*)m_pEntity;
		CSimpleStringA strErrMsg = CSimpleStringA::Format("%s", (const char*)pEntity->GetAuthErrMsg());
		// 发送准入失败事件,暂时不发送事件进去关门界面，原因关门界面显示中文乱码
		doWarnMsg(EVENT_ACCESSAUTH_FAILED, strErrMsg.GetData(), true);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520B")("准入失败");
		pEntity->GetFunction()->ShowFatalError(strErrMsg);

		m_nAccessFailedCount = 0;

	} 
	else if (pEvent->iEvt == Event_ReqTokenSucc) 
	{

		SetEntryPermitSysVar("L");
		LogEvent(Severity_Middle, EVENT_ACCESSAUTH_SUCCEED, "终端准入成功");
		m_pEntity->GetFunction()->ShowStartupInfo("准入成功");
		m_nAccessFailedCount = 0;
		pEvent->SetHandled();
		PostEventFIFO(new FSMEvent(Event_AccessAuthSucc));

	} 

	return 0;
}

void CAccessAuthFSM::s3_on_entry()
{
	LOG_FUNCTION();
	LogWarn(Severity_Low, Error_Debug, AccessAuthorization_UserErrorCode_Start, "终端准入成功");
}

unsigned int CAccessAuthFSM::s3_on_event(FSMEvent* event)
{
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("s3 receives event id: %d", event->iEvt);
	return 0;
}

CSimpleStringA CAccessAuthFSM::GetEntryPermitSysVar()
{
	CSimpleStringA strValue(true);
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	spFunction->GetSysVar("EntryPermit", strValue);
	return strValue;
}

ErrorCodeEnum CAccessAuthFSM::SetEntryPermitSysVar(const CSimpleStringA& newVal)
{
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Set EntryPermit with %s", newVal.GetData());
	return spFunction->SetSysVar("EntryPermit", (const char*)newVal);
}

ErrorCodeEnum CAccessAuthFSM::LoadCenterConfig()
{
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = spFunction->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error) 
	{
		spConfig->ReadConfigValue("AccessAuthorization", "HostUrl", m_accessAuthHost);
		spConfig->ReadConfigValue("AccessAuthorization", "HostInitDeviceUrl", m_initDeviceHost);
	}

	return Error;
}

ErrorCodeEnum CAccessAuthFSM::GetIntFromCS(const char* pcSection, const char* pcKey, int& retInt)
{
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = spFunction->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error) 
	{

		Error = spConfig->ReadConfigValueInt(pcSection, pcKey, retInt);
		if (Error_Succeed != Error) 
		{
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("get retInt from CenterSetting.ini failed");
		}
	}
	return Error;
}

ErrorCodeEnum CAccessAuthFSM::GetStrFromCS(const char* pcSection, const char* pcKey, CSimpleStringA& retStr)
{
	retStr = "";
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = spFunction->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error) 
	{
		Error = spConfig->ReadConfigValue(pcSection, pcKey, retStr);
		if (Error_Succeed != Error) 
		{
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("GetStrFromCS")
				("get retStr from CenterSetting.ini failed");
		}
	}
	return Error;
}

bool CAccessAuthFSM::DecryptWithSessionKey(BYTE* encText, int encTextLen, BYTE* decTest, int& decTestLen)
{
	BYTE key[16] = { 0 };
	memcpy(key, ((CAccessAuthEntity*)m_pEntity)->m_AuthSessionKey, 16);
#ifdef RVC_OS_WIN
	char* keyTmp = MyBase64::Str2Hex((char*)key, 16);
#else
	char* keyTmp = Str2Hex((char*)key, 16);
#endif // RVC_OS_WIN
	delete keyTmp;

	if (!DecWithSM4_ECB(key, encText, encTextLen, decTest, &decTestLen)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("DecryptWithSessionKey ECB error.");
		return false;
	}
#ifdef RVC_OS_WIN
	keyTmp = MyBase64::Str2Hex((char*)decTest, decTestLen);
#else
	keyTmp = Str2Hex((char*)decTest, decTestLen);
#endif // RVC_OS_WIN
	delete keyTmp;
	return true;
}

int CAccessAuthFSM::RtsMapToUserCodeBakup(const char* pRtsCode, DWORD dwDefaultUserCode)
{
	CSmartPointer<IConfigInfo> pConfig;
	m_pEntity->GetFunction()->OpenConfig(Config_Software, pConfig);
	int tmpUserCode = 0;
	pConfig->ReadConfigValueInt("RtsToUserCode", pRtsCode, tmpUserCode);
	if (tmpUserCode > 0)
		return tmpUserCode;
	else
		return dwDefaultUserCode;
}

int CAccessAuthFSM::RtsMapToUserCode(const char* pRtsCode, DWORD dwDefaultUserCode)
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("RtsCode:%s", pRtsCode);
	CSmartPointer<IConfigInfo> pConfig;
	m_pEntity->GetFunction()->OpenConfig(Config_CenterSetting, pConfig);
	int tmpUserCode = 0;
	pConfig->ReadConfigValueInt("RtsToUserCode", pRtsCode, tmpUserCode);
	if (tmpUserCode > 0) 
	{
		return tmpUserCode;
	} 
	else 
	{
		std::map<std::string, DWORD> RtsToUserCode;
		RtsToUserCode["RTS1705"] = 0x5029000e;
		RtsToUserCode["RTS1707"] = 0x50290019;
		RtsToUserCode["RTS1711"] = 0x5029000b;
		RtsToUserCode["RTS1712"] = 0x50290018;
		RtsToUserCode["RTS1713"] = 0x50290019;
		RtsToUserCode["RTS1714"] = 0x5029000a;
		RtsToUserCode["RTS1715"] = 0x5029000f;

		if (RtsToUserCode.find(pRtsCode) != RtsToUserCode.end()) {
			return RtsToUserCode[pRtsCode];
		} 
		else 
		{
			return dwDefaultUserCode;
		}
	}
}

DWORD CAccessAuthFSM::HandleTimeSyn(long nTimeDiff, BYTE* nSessionKey)
{
	// 比较终端和服务器时间， 时差小于3分钟（默认，可通过集中配置配置）不纠正	
	const long dwTimeDiff = nTimeDiff > 0 ? nTimeDiff : 0 - nTimeDiff;
	const long torelateTime = m_torelateDiffSyncTimeSecs > 0 ? m_torelateDiffSyncTimeSecs : 0 - m_torelateDiffSyncTimeSecs;
	if (torelateTime < dwTimeDiff) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("HandleTimeSyn")
			("time diff is too large (%ds), sync time now", nTimeDiff);

		CSmallDateTime dtServerTime((DWORD)(CSmallDateTime::GetNow()) + nTimeDiff);
		SYSTEMTIME stServerTime = dtServerTime.ToSystemTime();
#ifdef RVC_OS_WIN
		if (SetLocalTime(&stServerTime)) {
#else
		if (set_system_time_by_sec(nTimeDiff)) {
#endif // RVC_OS_WIN
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("sync time with server succeed, server time: [%s]", (const char*)dtServerTime.ToTimeString());
			LogWarn(Severity_Low, Error_Debug, AccessAuthorization_UserErrorCode_Sync_Time_Succ,
				CSimpleStringA::Format("sync time succ:  server time: [%s],diff[%ld],threshold:[%d]", 
					(const char*)dtServerTime.ToTimeString(), nTimeDiff, m_torelateDiffSyncTimeSecs));
		}
		else {
			LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_Sync_Time_Failed,
				CSimpleStringA::Format("sync time failed:  server time: [%s],diff[%ld],threshold:[%d](GLE=%u)",
					(const char*)dtServerTime.ToTimeString(), nTimeDiff, m_torelateDiffSyncTimeSecs, GetLastError()));
			return ERR_ACCESSAUTH_SET_LOCALE_TIME;
		}
	} 
	else {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("HandleTimeSyn")
			("time diff is acceptable (%lds), threshold(%d),", nTimeDiff, m_torelateDiffSyncTimeSecs);
	}

	//会话密钥缓存
	if (((CAccessAuthEntity*)m_pEntity)->SaveAuthKey(nSessionKey))
		return Error_Succeed;
	return Error_Unexpect;
}

DWORD CAccessAuthFSM::HandleGetToken(BYTE* enToken1, BYTE* sharedKey, BYTE* enToken2, BYTE* retHash)
{
	DWORD rc = Error_Succeed;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("retHash=%s", (char*)retHash);

	char* enToken1_acs, * sharedKey_acs, * enToken2_acs, * hash_acs;
	int enToken1_acs_len = 0, sharedKey_acs_len = 0, enToken2_acs_len = 0, hash_acs_len = 0;

#ifdef RVC_OS_WIN
	enToken1_acs = MyBase64::Hex2Str((char*)enToken1, enToken1_acs_len);
	sharedKey_acs = MyBase64::Hex2Str((char*)sharedKey, sharedKey_acs_len);
	enToken2_acs = MyBase64::Hex2Str((char*)enToken2, enToken2_acs_len);
	hash_acs = MyBase64::Hex2Str((char*)retHash, hash_acs_len);
#else
	enToken1_acs = Hex2Str((char*)enToken1, enToken1_acs_len);
	sharedKey_acs = Hex2Str((char*)sharedKey, sharedKey_acs_len);
	enToken2_acs = Hex2Str((char*)enToken2, enToken2_acs_len);
	hash_acs = Hex2Str((char*)retHash, hash_acs_len);
#endif // RVC_OS_WIN

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("enToken1_acs_len=%d", enToken1_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("sharedKey_acs_len=%d", sharedKey_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("enToken2_acs_len=%d", enToken2_acs_len);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("HandleGetToken")("hash_acs_len=%d", hash_acs_len);

	memset(enToken1, 0, strlen((char*)enToken1));
	memset(sharedKey, 0, strlen((char*)sharedKey));
	memset(enToken2, 0, strlen((char*)enToken2));
	memset(retHash, 0, strlen((char*)retHash));

	memcpy(enToken1, enToken1_acs, enToken1_acs_len);
	memcpy(sharedKey, sharedKey_acs, sharedKey_acs_len);
	memcpy(enToken2, enToken2_acs, enToken2_acs_len);
	memcpy(retHash, hash_acs, hash_acs_len);

	delete enToken1_acs;
	delete sharedKey_acs;
	delete enToken2_acs;
	delete hash_acs;

	BYTE enToken[512 + 16] = { 0 };
	memcpy(enToken, enToken1, 256);
	memcpy(enToken + 256, enToken2, 256);
	memcpy(enToken + 512, sharedKey, 16);

	BYTE sm3[32] = { 0 };
	if (!SM3Hash(enToken, 512 + 16, sm3)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("SM3 Hash error at Token Ret.");
	}
	if (memcmp(sm3, retHash, 32) != 0) 
	{
		rc = Error_Bug;
		pEntity->SetAuthErrMsg("返回令牌校验不通过");
		pEntity->GetFunction()->SetSysVar("AuthErrMsg", "返回令牌校验不通过", true);
#ifdef RVC_OS_WIN
		char* sm3Ret = MyBase64::Str2Hex((char*)sm3, 32);
#else
		char* sm3Ret = Str2Hex((char*)sm3, 32);
#endif // RVC_OS_WIN
		delete sm3Ret;
		doWarnMsg(ERR_ACCESSAUTH_TOKEN_HASH, "返回令牌校验不通过", true);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%s", "Hash", "返回令牌校验不通过").c_str());
	} 
	else 
	{
		CBlob token;
		token.Alloc(512);
		memcpy(token.m_pData, enToken, 512);

		CBlob sharedSK;
		sharedSK.Alloc(16);
		memcpy(sharedSK.m_pData, sharedKey, 16);
		rc = pEntity->SaveTokenAndSharedSK(token, sharedSK);
		if (rc != Error_Succeed) 
		{
			pEntity->SetAuthErrMsg("保存令牌失败");
			pEntity->GetFunction()->SetSysVar("AuthErrMsg", "保存令牌失败", true);
			pEntity->SetAuthErrMsg("保存令牌失败");
			doWarnMsg(ERR_ACCESSAUTH_SAVE_TOKEN, "保存令牌失败", true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5208")(GetOutPutStr("%s%08X", "SaveTokenAndSharedSK", rc).c_str());
		}
	}
	return rc;
}

DWORD CAccessAuthFSM::GetEncTerminalInfo(CBlob& encInfo)
{
	LOG_FUNCTION();
	RequestTokenReq1 req1;
	memset(&req1, 0, sizeof(req1));
	BYTE* pBuf = (BYTE*)&req1.encTerminalInfo;

	// 设置长度
	sprintf((char*)pBuf, "%.4d", sizeof(RequestTokenInfo));

	RequestTokenInfo* pInfo = (RequestTokenInfo*)(pBuf + 4);

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);
	strncpy(pInfo->szTerminalNo, (const char*)si.strTerminalID, sizeof(pInfo->szTerminalNo) - 1);

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("GetPinPadIDAndDeviceID ret: %d, PinPadID: %s, DeviceID: %s", nRet, (const char*)strPinPadID, (const char*)strDeviceID);
	if (nRet == 2 || nRet == 3) {
		strncpy(pInfo->szPadDeviceID, (const char*)strDeviceID, sizeof(pInfo->szPadDeviceID) - 1);
	}

	strncpy(pInfo->szMachineType, (const char*)si.strMachineType, sizeof(pInfo->szMachineType) - 1);

	// 设备版本，低两位为小版本号，高两位为大版本号 Binary	4
	DWORD ver32 = si.MachineVersion.GetVersion32();
	for (int i = 0; i < 4; i++) {
		pInfo->machineVersion[3 - i] = ((BYTE*)&ver32)[i];
	}

	//	安装版本，其中包含软件框架版本	binary	8
	__int64 ver64 = si.InstallVersion.GetVersion64();
	for (int i = 0; i < 8; i++) {
		pInfo->installVersion[7 - i] = ((BYTE*)&ver64)[i];
	}
#ifdef RVC_OS_WIN	
	hostent* ent = gethostbyname(NULL);
	if (ent && ent->h_addr_list[0] != NULL) {
		int i = 0;
		for (; ent->h_addr_list[i] != NULL; ++i) {
			struct in_addr* in = (struct in_addr*)ent->h_addr_list[i];
			if (in->S_un.S_un_b.s_b1 == 99 || in->S_un.S_un_b.s_b1 == 10)
				break;
		}

		if (ent->h_addr_list[i] == NULL)
			i = 0;

		auto in = (struct in_addr*)ent->h_addr_list[i];

		pInfo->ip[0] = in->S_un.S_un_b.s_b1;
		pInfo->ip[1] = in->S_un.S_un_b.s_b2;
		pInfo->ip[2] = in->S_un.S_un_b.s_b3;
		pInfo->ip[3] = in->S_un.S_un_b.s_b4;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("ip:%d.%d.%d.%d", pInfo->ip[0], pInfo->ip[1], pInfo->ip[2], pInfo->ip[3]);
	}
#else
	char ip[32] = { 0 };
	if (getIPFromLinux(ip)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Get IP From Linux Error ex.");
	else {
		if (ip2byte(ip, pInfo->ip)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Ip 2 Byte Error");
		else {
			for (int i = 0; i < 4; i++) {
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("ip[%d]=%d", i, (int)pInfo->ip[i]);
			}
		}
	}
#endif //#ifdef RVC_OS_WIN
	strncpy(pInfo->szSites, si.strSite, sizeof(pInfo->szSites) - 1);

	si.EnrolGPS.GetBinaryLongitude(&pInfo->currentGPS[0]);
	si.EnrolGPS.GetBinaryLatitude(&pInfo->currentGPS[4]);

	CSimpleStringA ts;
	DWORD rc = m_pEntity->GetFunction()->GetSysVar("TerminalStage", ts);
	if (rc != Error_Succeed) 
	{
		doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR,
			GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "TerminalStage", ts).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "TerminalStage", ts).c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(ts.GetLength() >= 1);
	pInfo->chTerminalState = ts[0];

	CSimpleStringA rs;
	rc = m_pEntity->GetFunction()->GetSysVar("RunState", rs);
	if (rc != Error_Succeed) 
	{
		doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR,
			GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "RunState", rs).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "RunState", ts).c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(rs.GetLength() >= 1);
	pInfo->chRunState = rs[0];


	CBlob raw;
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	// 使用会话密钥加密
	raw.Refer(pBuf, sizeof(RequestTokenInfo) + 4);
	rc = pEntity->EncryptDataWithSessionKey(raw, encInfo);

	if (rc != Error_Succeed) 
	{
		doWarnMsg(ERR_ACCESSAUTH_ENCRYPT_KEY,
			GetOutPutStr("%s%08X", "CryptEncrypt", rc).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X", "CryptEncrypt", rc).c_str());
		return ERR_ACCESSAUTH_ENCRYPT_KEY;
	}
	return Error_Succeed;
}

//密钥加密并转成可见字符
DWORD CAccessAuthFSM::GetTmk(string& tmk)
{
	BYTE tmp[140];
	CBlob pubKey;
	CBlob priKey;
	DWORD rc = ((CAccessAuthEntity*)m_pEntity)->CreateSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	rc = ((CAccessAuthEntity*)m_pEntity)->SaveSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	memset(tmp, 0, sizeof(tmp));
	if (pubKey.m_iLength > 70) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时公钥长度(%d)大于70。。。", pubKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(tmp, sizeof(tmp) - 70, pubKey.m_pData, pubKey.m_iLength);
	if (priKey.m_iLength > 70) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时私钥长度(%d)大于70。。。", priKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(&tmp[70], sizeof(tmp) - 70, priKey.m_pData, priKey.m_iLength);
	char* pRet = new char[512];
	HexBuf2StrBuf(tmp, &pRet, 140);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("data=%s,%d", pRet, strlen(pRet));
	tmk.assign(pRet);
	delete[] pRet;

	return Error_Succeed;
}

DWORD CAccessAuthFSM::GetTokenReq(CAccessAuthGetTokenReq* getTokenReq)
{
	DWORD rc;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

	CSystemStaticInfo si;
	pEntity->GetFunction()->GetSystemStaticInfo(si);

	getTokenReq->installVersion = si.InstallVersion.ToString();

	BYTE fingerPrint[32] = { 0 };
	int nBufLen = sizeof(fingerPrint);
	if (!pEntity->GetTerminalFingerPrint(fingerPrint, nBufLen)) 
	{
		doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5203")
			(GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False").c_str());
		return ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT;
	}
	char tmp[256] = { 0 };
#ifdef RVC_OS_WIN
	char* fingerPrintHex = MyBase64::Str2Hex((char*)fingerPrint, 64);
#else
	char* fingerPrintHex = Str2Hex((char*)fingerPrint, 64);
#endif // RVC_OS_WIN
	memcpy(tmp, fingerPrintHex, 64);
	getTokenReq->terminalCharacter = tmp;
	delete fingerPrintHex;

	CBlob encInfo;
	if ((rc = GetEncTerminalInfo(encInfo)) != Error_Succeed) 
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetEncTerminalInfo failed:%d", rc);
		return rc;
	}
#ifdef RVC_OS_WIN
	char* pTmp = MyBase64::Str2Hex((char*)encInfo.m_pData, encInfo.m_iLength);
#else
	char* pTmp = Str2Hex((char*)encInfo.m_pData, encInfo.m_iLength);
#endif // RVC_OS_WIN
	getTokenReq->encTerminalInfo = pTmp;
	delete pTmp;
	getTokenReq->terminalNo = si.strTerminalID.GetData();
	string tmpStr = "";
	if ((rc = GetTmk(tmpStr)) != Error_Succeed) return rc;
	getTokenReq->sessionTempPubKey = tmpStr;

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
	getTokenReq->pinPadID = strPinPadID.GetData();
	if (pEntity->HasPinPad()) 
	{
		getTokenReq->existPinPad = "1";
	} 
	else 
	{
		getTokenReq->existPinPad = "0";
	}
	return rc;
}

DWORD CAccessAuthFSM::GetAllDevices(CEntityBase* pEntity, CAutoArray<CSimpleStringA>& devs)
{
	CSmartPointer<IConfigInfo> pConfig;
	DWORD rc = pEntity->GetFunction()->OpenConfig(Config_Root, pConfig);
	if (rc == Error_Succeed) 
	{
		int nCount(0);
		rc = pConfig->ReadConfigValueInt("Device", "Number", nCount);
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("nCount=%d", nCount);
		if (rc == Error_Succeed && nCount > 0) 
		{
			devs.Init(nCount);

			for (int i = 0; i < nCount; i++) 
			{
				CSimpleStringA str = CSimpleStringA::Format("%d", i + 1);
				rc = pConfig->ReadConfigValue("Device", (const char*)str, devs[i]);
			}
		}
	} 
	else 
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetAllDevices OpenConfig error");
	}
	return rc;
}

void CAccessAuthFSM::UpdateWK()
{
	LOG_FUNCTION();
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	pEntity->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
	if (bHasPinPad) {
		CSmartPointer<UpdateWKTask> updateWKTask = new UpdateWKTask(this, pEntity);
		GetEntityBase()->GetFunction()->PostThreadPoolTask(updateWKTask.GetRawPointer());
	}
}

DWORD CAccessAuthFSM::InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer& ctx)
{
#ifdef RVC_OS_WIN
	DWORD rc = 0;

	InitDeviceReq req;
	memset(&req, 0, sizeof(req));
	strncpy(req.CR1, (const char*)ctx->Req.EncR1, sizeof(req.CR1));
	strncpy(req.R2, (const char*)ctx->Req.R2, sizeof(req.R2));
	strncpy(req.CR3, (const char*)ctx->Req.EncR3, sizeof(req.CR3));
	strncpy(req.CDevPubKey, (const char*)ctx->Req.EncDevPubKey, sizeof(req.CDevPubKey));
	strncpy(req.Verdor, (const char*)ctx->Req.Vendor, sizeof(req.Verdor));

	m_ctxInitDev = ctx;
	CSmartPointer<InitDeviceTask> initDeviceTask = new InitDeviceTask(this, req);
	GetEntityBase()->GetFunction()->PostThreadPoolTask(initDeviceTask.GetRawPointer());
#endif // RVC_OS_WIN

	return Error_Succeed;
}

void CAccessAuthFSM::GetDiffSyncTimeFromCenterSettings()
{
	CSmartPointer<IConfigInfo> spConfig;
	GetEntityBase()->GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	int nValue(0);
	spConfig->ReadConfigValueInt(GetEntityBase()->GetEntityName(), "SyncTimeThreshold", nValue);
	if (nValue != 0) {
		m_torelateDiffSyncTimeSecs = nValue;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_BUSINESS_SYSTEM)("Fetch SyncTimeThreshold from CS returns: %d", m_torelateDiffSyncTimeSecs);
	}
}

template<class T>
void CAccessAuthFSM::AuthLogWarn(const T& ret, const string& url, const string& method, bool bNeedEvent)
{
	CSimpleStringA msg;
#ifdef RVC_OS_WIN
	if (ret.m_userCode != "0" && ret.m_sysCode != 200)
#else
	if (!ret.ResponseOK())
#endif // RVC_OS_WIN
	{
		int acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_x;
#ifdef RVC_OS_WIN
	if (ret.m_sysCode == 6) {
#else
	if (ret.statusCode == 6) {
#endif
			acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_6;
			msg = CSimpleStringA::Format("%s失败：域名解析失败，请尝试重启应用", method.c_str());

		}
#ifdef RVC_OS_WIN
	else if (ret.m_sysCode == 28) {
#else
	else if (ret.statusCode == 28) {
#endif
			acsErrCode = ERROR_ACCESSAUTH_CONNECT_ACS_28;
			msg = CSimpleStringA::Format("%s失败：连接总行服务超时，请尝试重启应用", method.c_str());
		}
		else {
			msg = CSimpleStringA::Format("%s失败，请尝试重启应用", method.c_str());
		}
		doWarnMsg(acsErrCode, msg.GetData(), bNeedEvent);
	}
	else {
#ifdef RVC_OS_WIN
		msg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
			ret.m_userCode.c_str(), ret.m_errMsg.c_str());
#else
		SP::Module::Restful::CommResponseJson responseStatus;
		SP::Module::Restful::GetStatusFromDebranchResponse(ret.content, responseStatus);
		msg = CSimpleStringA::Format("{\"errcode\": \"%s\", \"message\": %s}",
			responseStatus.errorCode.c_str(), responseStatus.errorMsg.c_str());
#endif // RVC_OS_WIN
		doWarnMsg(ERR_ACCESSAUTH_SERVICE_FAILED, msg.GetData(), bNeedEvent);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520A")("准入服务端报错");
	}
}

void CAccessAuthFSM::GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer& ctx)
{
	CSimpleStringA tmp;
	ctx->Ans.netStatus = 1; //成功

	ctx->Answer(Error_Succeed);
}