myvtm/Module/mod_accessauth/AccessAuthFSM.h

#pragma once

#include "SpBase.h"
#include "SpFSM.h"
#include "Blob.h"
#include "EventCode.h"
#include "AccessAuthConn.h"
#include "IHttpFunc.h"

#ifdef RVC_OS_WIN
#include "AccessAuthErrorCode.h"
#include "json.h"
typedef CAutoArray<CSimpleStringA>  NetworkAddressesList;
#define MACSESION 6
#else
#include <mutex>
#include "publicFunExport.h"
#include <winpr/sysinfo.h>
static void GetLocalTimeRVC(SYSTEMTIME& stTime)
{
	GetLocalTime(&stTime);
}
#endif // RVC_OS_WIN

#define ACS_SUCCESS "0"
#define REFLECTION(var) #var
#define JUAGEHTTPS(ret) (ret.m_sysCode == 200 || ret.m_sysCode == 201)

#ifdef RVC_OS_WIN
typedef struct CSessionkeySynReq : CHTTPReq {
	string terminalNo;
	long curTime;

	string ToJson() {
		Json::Value value;
		value[REFLECTION(terminalNo)] = terminalNo;
		value[REFLECTION(curTime)] = curTime;
		Json::FastWriter writer;
		string strData = writer.write(value);

		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CSessionkeySynReq")
			("req=%s at CSessionkeySynReq", strData.c_str());

		return strData;
	}
} CSessionkeySynReq;

typedef struct CSessionkeySynRet : CHTTPRet {
	struct data {
		long timeDiff;
		string sessionKey;
	} data;
	bool Parse(string strData) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CSessionkeySynRet")
			("ret=%s at CSessionkeySynRet", strData.c_str());

		Json::Value root;
		Json::Reader reader;
		reader.parse(strData, root, false);

		data.timeDiff = root["data"][REFLECTION(timeDiff)].asInt();
		data.sessionKey = root["data"][REFLECTION(sessionKey)].asString();
		return true;
	}
} CSessionkeySynRet;

typedef struct CAccessAuthUpdateWKReq : CHTTPReq {
	string terminalNo;
	string encRandom;
	string tpkKeyCheck; //tpk密钥校验值
	string edkKeyCheck; //edk密钥校验值
	string keyIndex; //密钥序号
	string ToJson() {
		Json::Value value;
		value[REFLECTION(terminalNo)] = terminalNo;
		value[REFLECTION(encRandom)] = encRandom;
		value[REFLECTION(tpkKeyCheck)] = tpkKeyCheck;
		value[REFLECTION(edkKeyCheck)] = edkKeyCheck;
		value[REFLECTION(keyIndex)] = keyIndex;
		Json::FastWriter writer;
		string strData = writer.write(value);
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CAccessAuthUpdateWKReq")
			("req=%s at CAccessAuthUpdateWKReq", strData.c_str());

		return strData;
	}
} CAccessAuthUpdateWKReq;

typedef struct CAccessAuthUpdateWKRet : CHTTPRet {
	string tpk;
	string edk;
	string tpkKeyCheck; //密钥校验值
	string edkKeyCheck; //edk密钥校验值
	string keyIndex; //密钥序号

	bool Parse(string strData) {
		Json::Value root;
		Json::Reader reader;
		reader.parse(strData, root, false);

		tpk = root["data"][REFLECTION(tpk)].asString();
		edk = root["data"][REFLECTION(edk)].asString();
		tpkKeyCheck = root["data"][REFLECTION(tpkKeyCheck)].asString();
		edkKeyCheck = root["data"][REFLECTION(edkKeyCheck)].asString();
		keyIndex = root["data"][REFLECTION(keyIndex)].asString();

		return true;
	}
} CAccessAuthUpdateWKRet;
#endif // RVC_OS_WIN

typedef struct CAccessAuthGetTokenReq :public CHTTPReq {
public:
	string installVersion;//终端版本（新加字段）
	string terminalCharacter;
	string terminalNo;
	string sessionTempPubKey;
	string encTerminalInfo;
	string publicKeySM;
	string pinPadID;
	string existPinPad;

	string ToJson() {
#ifdef RVC_OS_WIN
		Json::Value value;
		value[REFLECTION(installVersion)] = installVersion;
		value[REFLECTION(terminalCharacter)] = terminalCharacter;
		value[REFLECTION(terminalNo)] = terminalNo;
		value[REFLECTION(sessionTempPubKey)] = sessionTempPubKey;
		value[REFLECTION(encTerminalInfo)] = encTerminalInfo;
		value[REFLECTION(publicKeySM)] = publicKeySM;
		value[REFLECTION(pinPadID)] = pinPadID;
		value[REFLECTION(existPinPad)] = existPinPad;

		Json::FastWriter writer;
		string strData = writer.write(value);
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CAccessAuthGetTokenReq")
			("req=%s at CAccessAuthGetTokenReq", strData.c_str());

		return strData;
#else
		RVCJson rvcJson(true);
		rvcJson.AddStringToObject(REFLECTION(installVersion), (char*)installVersion.c_str());
		rvcJson.AddStringToObject(REFLECTION(terminalCharacter), (char*)terminalCharacter.c_str());
		rvcJson.AddStringToObject(REFLECTION(terminalNo), (char*)terminalNo.c_str());
		rvcJson.AddStringToObject(REFLECTION(sessionTempPubKey), (char*)sessionTempPubKey.c_str());
		rvcJson.AddStringToObject(REFLECTION(encTerminalInfo), (char*)encTerminalInfo.c_str());
		rvcJson.AddStringToObject(REFLECTION(publicKeySM), (char*)publicKeySM.c_str());
		rvcJson.AddStringToObject(REFLECTION(pinPadID), (char*)pinPadID.c_str());
		rvcJson.AddStringToObject(REFLECTION(existPinPad), (char*)existPinPad.c_str());
		string ret;
		char* tmp = rvcJson.GetJsonStr();
		ret.assign(tmp);
		delete tmp;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CAccessAuthGetTokenReq")
			("req=%s at CAccessAuthGetTokenReq", ret.c_str());
		return ret;
#endif // RVC_OS_WIN
	}
}CAccessAuthGetTokenReq;

typedef struct CAccessAuthGetTokenRet : CHTTPRet {
	typedef struct AccessToken {
		string enToken;
		string retHash;
	} AccessToken;
	typedef struct SharedKey {
		string enToken;
		string sharedSK;
		string retHash;
	} ShareKey;
	struct data {
		AccessToken accessToken;
		SharedKey sharedKey;
#ifdef RVC_OS_WIN
		int flag; //0：非高故障设备，1：高故障设备
		string warnMessage; //告警提示信息
#endif // RVC_OS_WIN
	} data;
	bool Parse(string strData) {
#ifdef RVC_OS_WIN
		Json::Value root;
		Json::Reader reader;
		reader.parse(strData, root, false);

		data.accessToken.enToken = root["data"][REFLECTION(accessToken)][REFLECTION(enToken)].asString();
		data.accessToken.retHash = root["data"][REFLECTION(accessToken)][REFLECTION(retHash)].asString();
		data.sharedKey.enToken = root["data"][REFLECTION(sharedKey)][REFLECTION(enToken)].asString();
		data.sharedKey.sharedSK = root["data"][REFLECTION(sharedKey)][REFLECTION(sharedSK)].asString();
		data.sharedKey.retHash = root["data"][REFLECTION(sharedKey)][REFLECTION(retHash)].asString();
		data.flag = root["data"][REFLECTION(flag)].asInt();
		data.warnMessage = root["data"][REFLECTION(warnMessage)].asString();

		return true;
#else
		Dbg("ret=%s at CAccessAuthGetTokenRet", strData.c_str());
		if (m_userCode.compare(ACS_SUCCESS)) return true;
		RVCJson rvcJson;
		rvcJson.SetJson(strData.c_str());

		auto dataJson = rvcJson.GetJsonValue(REFLECTION(data));
		auto tokenJson = dataJson->GetJsonValue(REFLECTION(accessToken));

		data.accessToken.enToken = tokenJson->GetStringValue(REFLECTION(enToken));
		data.accessToken.retHash = tokenJson->GetStringValue(REFLECTION(retHash));
		tokenJson->Destory();
		delete tokenJson;

		auto sharedJson = dataJson->GetJsonValue(REFLECTION(sharedKey));

		data.sharedKey.enToken = sharedJson->GetStringValue(REFLECTION(enToken));
		data.sharedKey.sharedSK = sharedJson->GetStringValue(REFLECTION(sharedSK));
		char* tmp = sharedJson->GetStringValue(REFLECTION(retHash));
		data.sharedKey.retHash = tmp == NULL ? "" : tmp;

		sharedJson->Destory();
		delete sharedJson;
		dataJson->Destory();
		delete dataJson;

		rvcJson.Destory();
		Dbg("leave CAccessAuthGetTokenRet.");
		return true;
#endif // RVC_OS_WIN
	}
} CAccessAuthGetTokenRet;

typedef struct CInitlizerMKReq : CHTTPReq {
	string enrolAddr;
	string enrolGPS;
	string installVersion;
	string ip;
	string machineModel;
	string machineType;
	string padDeviceID;
	string site;
	string terminalNo;
	string factory;
	string modal;
	string type;
	string version;
	string terminalCharacter; //终端特征值（fingerPrint + fingerPrintSM）
	string pinPadID;
	string publicKey;
	string user; //操作人
	string password; //密码
	string auth;//预留鉴权
	int loginWay;//1表示错误页发起，需要传入登录密码；0表示用户桌面发起，不需要传入登录密码
	string encRandom; //tmk pk加密的随机密钥
	string tpkKeyCheck; //密钥校验值
	string edkKeyCheck; //密钥校验值
	string keyIndex; //密钥序号

	string ToJson() {
#ifdef RVC_OS_WIN
		Json::Value value;
		value[REFLECTION(enrolAddr)] = enrolAddr;
		value[REFLECTION(enrolGPS)] = enrolGPS;
		value[REFLECTION(installVersion)] = installVersion;
		value[REFLECTION(ip)] = ip;
		value[REFLECTION(machineModel)] = machineModel;
		value[REFLECTION(machineType)] = machineType;
		value[REFLECTION(padDeviceID)] = padDeviceID;
		value[REFLECTION(site)] = site;
		value[REFLECTION(terminalNo)] = terminalNo;
		value[REFLECTION(factory)] = factory;
		value[REFLECTION(modal)] = modal;
		value[REFLECTION(type)] = type;
		value[REFLECTION(version)] = version;
		value[REFLECTION(terminalCharacter)] = terminalCharacter;
		value[REFLECTION(pinPadID)] = pinPadID;
		value[REFLECTION(publicKey)] = publicKey;
		value[REFLECTION(user)] = user;
		value[REFLECTION(password)] = password;
		value[REFLECTION(auth)] = auth;
		value[REFLECTION(loginWay)] = loginWay;
		value[REFLECTION(encRandom)] = encRandom;
		value[REFLECTION(tpkKeyCheck)] = tpkKeyCheck;
		value[REFLECTION(edkKeyCheck)] = edkKeyCheck;
		value[REFLECTION(keyIndex)] = keyIndex;
		Json::FastWriter writer;
		string strData = writer.write(value);

		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CInitlizerMKReq")("CInitlizerMKReq:%s", strData.c_str());

		return strData;
#else
		RVCJson rvcJson(true);
		rvcJson.AddStringToObject(REFLECTION(enrolAddr), (char*)enrolAddr.c_str());
		rvcJson.AddStringToObject(REFLECTION(enrolGPS), (char*)enrolGPS.c_str());
		rvcJson.AddStringToObject(REFLECTION(installVersion), (char*)installVersion.c_str());
		rvcJson.AddStringToObject(REFLECTION(ip), (char*)ip.c_str());
		rvcJson.AddStringToObject(REFLECTION(machineModel), (char*)machineModel.c_str());
		rvcJson.AddStringToObject(REFLECTION(machineType), (char*)machineType.c_str());
		rvcJson.AddStringToObject(REFLECTION(padDeviceID), (char*)padDeviceID.c_str());
		rvcJson.AddStringToObject(REFLECTION(site), (char*)site.c_str());
		rvcJson.AddStringToObject(REFLECTION(terminalNo), (char*)terminalNo.c_str());
		rvcJson.AddStringToObject(REFLECTION(factory), (char*)factory.c_str());
		rvcJson.AddStringToObject(REFLECTION(modal), (char*)modal.c_str());
		rvcJson.AddStringToObject(REFLECTION(type), (char*)type.c_str());
		rvcJson.AddStringToObject(REFLECTION(version), (char*)version.c_str());
		rvcJson.AddStringToObject(REFLECTION(terminalCharacter), (char*)terminalCharacter.c_str());
		rvcJson.AddStringToObject(REFLECTION(pinPadID), (char*)pinPadID.c_str());
		rvcJson.AddStringToObject(REFLECTION(publicKey), (char*)publicKey.c_str());
		rvcJson.AddStringToObject(REFLECTION(user), (char*)user.c_str());
		rvcJson.AddStringToObject(REFLECTION(password), (char*)password.c_str());
		rvcJson.AddStringToObject(REFLECTION(auth), (char*)auth.c_str());
		rvcJson.AddNumberToObject(REFLECTION(loginWay), loginWay);
		rvcJson.AddStringToObject(REFLECTION(encRandom), (char*)encRandom.c_str());
		rvcJson.AddStringToObject(REFLECTION(tpkKeyCheck), (char*)tpkKeyCheck.c_str());
		rvcJson.AddStringToObject(REFLECTION(edkKeyCheck), (char*)edkKeyCheck.c_str());
		rvcJson.AddStringToObject(REFLECTION(keyIndex), (char*)keyIndex.c_str());
		string ret;
		char* tmp = rvcJson.GetJsonStr();
		ret.assign(tmp);
		delete tmp;
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CInitlizerMKReq")("req=%s at CInitlizerMKReq", ret.c_str());
		rvcJson.Destory();
		return ret;
#endif // RVC_OS_WIN
	}
} CInitlizerMKReq;

typedef struct CInitlizerMKRet : CHTTPRet {
#ifdef RVC_OS_WIN
	string tpk;
	string edk;
	string tpkKeyCheck;
	string edkKeyCheck;
	string keyIndex;

	bool Parse(string strData) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("CInitlizerMKRet")("ret=%s at CInitlizerMKRet", strData.c_str());

		Json::Value root;
		Json::Reader reader;
		reader.parse(strData, root, false);
		tpk = root["data"][REFLECTION(tpk)].asString();
		edk = root["data"][REFLECTION(edk)].asString();
		tpkKeyCheck = root["data"][REFLECTION(tpkKeyCheck)].asString();
		edkKeyCheck = root["data"][REFLECTION(edkKeyCheck)].asString();
		keyIndex = root["data"][REFLECTION(keyIndex)].asString();
		return true;
	}
#else
	struct data {
		string TMK;
		string TPK;
		string EDK;
		string tpkKeyCheck;
		string edkKeyCheck;
		string keyIndex;
		string reserved;
	} data;
	bool Parse(string strData) {
		Dbg("ret=%s at CInitlizerMKRet", strData.c_str());
		if (m_userCode.compare(ACS_SUCCESS)) return true;
		RVCJson rvcJson;
		rvcJson.SetJson((char*)strData.c_str());
		auto retJson = rvcJson.GetJsonValue(REFLECTION(data));
		data.TMK = retJson->GetStringValue(REFLECTION(tmk));
		data.TPK = retJson->GetStringValue(REFLECTION(tpk));
		data.EDK = retJson->GetStringValue(REFLECTION(edk));
		data.tpkKeyCheck = retJson->GetStringValue(REFLECTION(tpkKeyCheck));
		data.edkKeyCheck = retJson->GetStringValue(REFLECTION(edkKeyCheck));
		data.keyIndex = retJson->GetStringValue(REFLECTION(keyIndex));
		rvcJson.Destory();
		retJson->Destory();
		delete retJson;
		return true;
	}
#endif // RVC_OS_WIN
} CInitlizerMKRet;

#ifdef RVC_OS_WIN
typedef struct CAccessAuthInitDeviceReq : CHTTPReq {
	string cr1;
	string cr3;
	string r2;
	string cDevPubKey;
	string vendor;
	string terminalNo;
	string ToJson() {
		Json::Value value;
		value[REFLECTION(cr1)] = cr1;
		value[REFLECTION(cr3)] = cr3;
		value[REFLECTION(r2)] = r2;
		value[REFLECTION(cDevPubKey)] = cDevPubKey;
		value[REFLECTION(vendor)] = vendor;
		value[REFLECTION(terminalNo)] = terminalNo;

		Json::FastWriter writer;
		string strData = writer.write(value);
		Dbg("CAccessAuthInitDeviceReq:%s", strData.c_str());
		return strData;
}
} CAccessAuthInitDeviceReq;

typedef struct CAccessAuthInitDeviceRet : CHTTPRet {
	string r3;
	string cr2;
	string r1;
	string devPubKey;

	bool Parse(string strData) {
		Json::Value root;
		Json::Reader reader;
		reader.parse(strData, root, false);
		r3 = root["data"][REFLECTION(r3)].asString();
		cr2 = root["data"][REFLECTION(cr2)].asString();
		r1 = root["data"][REFLECTION(r1)].asString();
		devPubKey = root["data"][REFLECTION(devPubKey)].asString();

		return true;
	}
} CAccessAuthInitDeviceRet;
#endif // RVC_OS_WIN

class MyMutex;
class CAccessAuthFSM : public FSMImpl<CAccessAuthFSM>, public IFSMStateHooker
{
public:
	CAccessAuthFSM();
	virtual ~CAccessAuthFSM();

	virtual void OnStateTrans(int iSrcState, int iDstState);
	virtual ErrorCodeEnum OnInit();
	virtual ErrorCodeEnum OnExit();

	enum{s1, s2, s3};

	enum
	{
		Event_StartRegist = EVT_USER+1,
		Event_ConnectionOK,
		Event_EndSyncTime,
		Event_ReqTokenFail,
		Event_ReqTokenSucc,
		Event_ReqTokenCancel,
		Event_AccessAuthSucc
	};

	BEGIN_FSM_STATE(CAccessAuthFSM)
		FSM_STATE_ENTRY(s1, "Isolate",s1_on_entry,s1_on_exit,s1_on_event)
		FSM_STATE_ENTRY(s2, "Checking",s2_on_entry,s2_on_exit,s2_on_event)
		FSM_STATE_ENTRY(s3, "Authorized", s3_on_entry, s3_on_exit, s3_on_event)
	END_FSM_STATE()

	BEGIN_FSM_RULE(CAccessAuthFSM,s1)
		FSM_RULE_ENTRY_ANY(s1, s2, Event_StartRegist)
		FSM_RULE_ENTRY_ANY(s1, s3, Event_AccessAuthSucc)
		FSM_RULE_ENTRY_ANY(s2, s1, Event_ReqTokenCancel)
		FSM_RULE_ENTRY_ANY(s2, s3, Event_AccessAuthSucc)
	END_FSM_RULE()

	void s1_on_entry();
	void s1_on_exit();
	unsigned int s1_on_event(FSMEvent* event);

	void s2_on_entry();
	void s2_on_exit();
	unsigned int s2_on_event(FSMEvent* event);

	void s3_on_entry();

	void s3_on_exit() {
		LOG_FUNCTION();
	}
	unsigned int s3_on_event(FSMEvent* event);

public:
	static void HttpsLogCallBack(const char* logtxt);
	CSimpleStringA GetmAccessAuthHost() { return m_accessAuthHost; }
	CSimpleStringA GetmInitDeviceHost() { return m_initDeviceHost; }
	bool DecryptWithSessionKey(BYTE* encText, int encTextLen, BYTE* decTest, int& decTestLen);
	//oilyang@20210813 add bNeedEvent.
	//no need to throw event defaultly except the KEY error to call for Close Page
	void doWarnMsg(int errReason, std::string errMsg, bool bNeedEvent = false, string varMsg = "");
	int RtsMapToUserCode(const char* pRtsCode, DWORD dwDefaultUserCode = ERR_ACCESSAUTH_UNKOWN);
	int RtsMapToUserCodeBakup(const char* pRtsCode, DWORD dwDefaultUserCode = ERR_ACCESSAUTH_UNKOWN);
	DWORD HandleTimeSyn(long nTimeDiff, BYTE* nSessionKey);
	DWORD HandleGetToken(BYTE* token, BYTE* sharedKey, BYTE* token2, BYTE* retHash);
	DWORD GetEncTerminalInfo(CBlob& encInfo);
	DWORD GetTmk(string& tmk);
	DWORD GetTokenReq(CAccessAuthGetTokenReq* getTokenReq);
	DWORD GetAllDevices(CEntityBase* pEntity, CAutoArray<CSimpleStringA>& devs);
	void UpdateWK();
	DWORD InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx);
	
	template<class T>
	void AuthLogWarn(const T& ret, const string& url, const string& method, bool bNeedEvent = true);

	void GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer& ctx);
#ifdef RVC_OS_WIN
	DWORD GetDeviceInfo(CEntityBase* pCallerEntity, const CSimpleStringA& devDeviceName,
		CSimpleStringA& strModel, CSimpleStringA& strVendor, CSimpleStringA& strVersion);
	int IsInternetEnv();
#endif // RVC_OS_WIN

	CSimpleStringA GetEntryPermitSysVar();
	ErrorCodeEnum SetEntryPermitSysVar(const CSimpleStringA& newVal);
	ErrorCodeEnum LoadCenterConfig();

	ErrorCodeEnum GetIntFromCS(const char* pcSection, const char* pcKey, int& retInt);
	ErrorCodeEnum GetStrFromCS(const char* pcSection, const char* pcKey, CSimpleStringA& retStr);

	void SetNetworkCheckingState(bool busing = true)
	{
		m_fNetworkChecking = busing;
	}
	BOOL IsCenterSettingFilesExist();
	void SetDevPubKey(CSimpleStringA csDevPubKey) { m_strDevPubKey = csDevPubKey; }
	CSimpleStringA GetDevPubKey() { return m_strDevPubKey; }

#ifdef RVC_OS_LINUX
	bool m_bAccessACS;
	CSimpleStringA GetmTerminalList() { return m_terminalList; }
#endif // RVC_OS_LINUX

private:
	void GetDiffSyncTimeFromCenterSettings();

public:
	SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer m_ctxInitDev;

private:
	int m_nAccessFailedCount;
	CSimpleStringA m_accessAuthHost, m_initDeviceHost;
	bool m_fNetworkChecking;
	int m_torelateDiffSyncTimeSecs;

	int m_finishAccess;
	CSimpleStringA m_strNetworkCheckUrl;
	//DNS Settings
	CSimpleStringA m_strDefaultDNS;
	CSimpleStringA m_strBackupDNS;
	CSimpleStringA m_strDevPubKey;
	bool isServeEvent;

#ifdef RVC_OS_LINUX
	CSimpleStringA m_terminalList;
	int m_nCheckMD5;
#endif // RVC_OS_LINUX
};