myvtm/Module/mod_accessauth/mod_AccessAuth.cpp

#include "stdafx.h"
#include "SpBase.h"
#include "mod_AccessAuth.h"
#include "RVCComm.h"
#include "access_basefun.h"
#include <fileutil.h>
#include <iniutil.h>
#include <cmath>
#include "Event.h"
#include "comm.h"
#include "CommEntityRestful.hpp"
#include "CommEntityUtil.hpp"
#include "TokenKeeper_client_g.h"
using namespace TokenKeeper;
#include "PinPad_client_g.h"
using namespace PinPad;

#ifdef RVC_OS_WIN
#include "WMIDeviceQuery.h"
#include <WinCrypt.h>
#include <Strsafe.h>
#include "MyBase64.h"
#endif

struct InitializerInitMKTask : ITaskSp
{
	CAccessAuthFSM* m_fsm;
	CAccessAuthEntity* m_entity;
	InitializerInitMKTask(CAccessAuthFSM* fsm, CAccessAuthEntity* entity) :m_fsm(fsm), m_entity(entity) {}

	void Process()
	{
		CSystemStaticInfo si;
		m_fsm->GetEntityBase()->GetFunction()->GetSystemStaticInfo(si);
		CInitlizerMKReq instanceReq;//oiltest dev module count
		bool initFlag = m_entity->SendInitMKReqACS(instanceReq);
		if (!initFlag)
		{
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5204")("连接密码键盘异常");
			m_entity->EndInitMK(ERR_ACCESSAUTH_CONNECT_PINPAD, "连接密码键盘异常，请检查");//，待完善细化错误码oiltest
			return;
		}

		if (m_fsm->containsChinese(m_fsm->GetmAccessAuthHost().GetData()))
		{
			m_entity->EndInitMK(ERR_INITIALIZER_EXCEPTION, CSimpleStringA::Format("初始化服务连接失败，URL含中文。").GetData());
			return;
		}

		auto tmkpair = m_entity->GenerateTmkToKMC();
		instanceReq.encRandom = tmkpair.first;

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("iniTerminalInfo: %s", instanceReq.iniTerminalInfo.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("auth:%s", instanceReq.auth.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("curEdkKeyCheck: %s", instanceReq.curEdkKeyCheck.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("curKeyIndex: %s", instanceReq.curKeyIndex.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("curTpkKeyCheck: %s", instanceReq.curTpkKeyCheck.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("encRandom: %s", instanceReq.encRandom.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("publicKey: %s", instanceReq.publicKey.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("terminalNo: %s", instanceReq.terminalNo.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("terminalVersion: %s", instanceReq.terminalVersion.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("user: %s", instanceReq.user.c_str());
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("loginWay: %d", instanceReq.loginWay);

		CInitlizerMKAns instanceAns;

		HttpClientResponseResult result;
		HttpClientRequestConfig config(HttpRequestMethod::POST, m_entity->GetInitUrl().GetData(), &SpGetToken);
		config.SetChildUri("/api/v6/initmk");
		SP::Module::Restful::FulfillRequestJsonBody(&config, instanceReq);
		RestfulClient client = RestfulClient::getInstance();
		PROCESS_LINK_CONTEXT("LR0402502Initmk");
		config.PreDo();

		client.Do(&config, &result, &nextLink);
		if (result.ResponseOK()) {
			SP::Module::Restful::CommResponseJson responseStatus;
			SP::Module::Restful::GetStatusFromDebranchResponse(result.content, responseStatus);
			if (!responseStatus.IsOperatedOK()) {
				CSimpleStringA errMsg = CSimpleStringA::Format("%s|%s", responseStatus.errorCode.c_str(), responseStatus.errorMsg.c_str());
				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("initmk failed: %s", errMsg.GetData());
				m_entity->EndInitMK(ERR_INITIALIZER_EXCEPTION, errMsg.GetData());
			}
			else {
				//服务端返回成功再将数据写入AcessAuthourization.ini
				CSmartPointer<IConfigInfo> pConfig;
				auto rc = m_entity->GetFunction()->OpenConfig(Config_Run, pConfig);
				rc = pConfig->WriteConfigValue("TerminalPD", "PrivateKey", m_entity->m_privateKey);
				if (rc != Error_Succeed) {
					DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("write pri key failed.");
					m_entity->EndInitMK(ERR_INITIALIZER_EXCEPTION, "私钥写入失败，请重新初始化。");
					return;
				}

				if (m_entity->HasPinPad()) {
					const bool testResult = SP::Module::Restful::ExtractDataFromDebranchResponse(result.content, instanceAns);
					if (m_entity->LoadKeysToPinPadACS(tmkpair.second, instanceAns.TPK, instanceAns.EDK, instanceAns.keyIndex, instanceAns.tpkKeyCheck, instanceAns.edkKeyCheck) == Error_Succeed) {
						m_entity->EndInitMK(Error_Succeed, "");
					}
					else {
						DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5204")("连接密码键盘异常");
						m_entity->EndInitMK(ERR_ACCESSAUTH_CONNECT_PINPAD, "密钥加载失败，请检查密码键盘连接。");//，待完善细化错误码oiltest
					}
				}
				else {
					m_entity->EndInitMK(Error_Succeed, "");
				}
			}
		}
		else {
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("post wk failed: %s", result.WhatError().c_str());
			m_entity->EndInitMK(ERR_INITIALIZER_EXCEPTION, CSimpleStringA::Format("初始化服务连接失败。%s", result.WhatError().c_str()).GetData());
		}
	}
};

struct GetTermSysInfoTask : ITaskSp
{
	CAccessAuthEntity* m_entity;
	GetTermSysInfoTask(CAccessAuthEntity* entity) :m_entity(entity) {}

	void Process()
	{
		m_entity->GetHardWareInfo();
	}
};

typedef struct _REG_TZI_FORMAT
{
	LONG Bias;
	LONG StandardBias;
	LONG DaylightBias;
	SYSTEMTIME StandardDate;
	SYSTEMTIME DaylightDate;
} REG_TZI_FORMAT;

void CAccessAuthSession::Handle_Regist(SpOnewayCallContext<AccessAuthService_Regist_Info>::Pointer ctx)
{
	DbgToBeidou(ctx->link, __FUNCTION__)();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_USER).setAPI(__FUNCTION__)("call Handle_Regist");
	m_pEntity->Regist();
}

void CAccessAuthSession::Handle_UpdateWK(SpOnewayCallContext<AccessAuthService_UpdateWK_Info>::Pointer ctx)
{
	DbgToBeidou(ctx->link, __FUNCTION__)();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_USER).setAPI(__FUNCTION__)("call Handle_UpdateWK");
	m_pEntity->UpdateWK();
}

void CAccessAuthSession::Handle_InitializeNew(SpReqAnsContext<AccessAuthService_InitializeNew_Req, AccessAuthService_InitializeNew_Ans>::Pointer ctx)
{
	DbgToBeidou(ctx->link, __FUNCTION__)();
	DbgWithLink(LOG_LEVEL_INFO, ctx->link.checkEmpty() ? LOG_TYPE_SYSTEM : LOG_TYPE_USER).setAPI(__FUNCTION__)("Handle_InitializeNew");
	m_pEntity->m_ctx = ctx;

	m_pEntity->m_strUserID = ctx->Req.strUserID.GetData();
	m_pEntity->m_strPassword = ctx->Req.strPassword.GetData();

	m_pEntity->BeginInitMKACS();
}

void CAccessAuthSession::Handle_InitDev(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer ctx)
{
	DbgToBeidou(ctx->link, __FUNCTION__)();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_USER).setAPI(__FUNCTION__)("call Handle_InitDev");
	m_pEntity->InitDevice(ctx);
}

void CAccessAuthSession::Handle_GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer ctx)
{
	DbgToBeidou(ctx->link, __FUNCTION__)();
	m_pEntity->GetNetMsg(ctx);
}

void CAccessAuthEntity::OnStarted()
{
	//设置时区为北京标准时区
	if (!SetLocalTimeZoneByKeyName("China Standard Time", FALSE))
	{
		
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_SETTIMEZONE,GetOutPutStr("%s%s","设置时区错误","False").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5202")(GetOutPutStr("%s%s", "设置时区错误", "False").c_str());
	}

	m_FSM.Init(this);
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	auto rc = GetFunction()->GetSystemStaticInfo(m_info);
	if (rc != Error_Succeed)
	{
		strErrMsg = "GetSystemStaticInfo fail";
		SetAuthErrMsg((const char*)strErrMsg);

		m_FSM.doWarnMsg(ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO,
			GetOutPutStr("%s%08X", "获取系统静态信息错误", rc).c_str(), strErrMsg.GetData());
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X", "获取系统静态信息错误", rc).c_str());
	}

	CSmartPointer<GetTermSysInfoTask> getTermSysInfoTask = new GetTermSysInfoTask(this);
	GetFunction()->PostThreadPoolTask(getTermSysInfoTask.GetRawPointer());
}

void CAccessAuthEntity::OnPreStart(CAutoArray<CSimpleStringA> strArgs,CSmartPointer<ITransactionContext> pTransactionContext) 
{ 	
	ErrorCodeEnum Error = Error_Succeed;	
	pTransactionContext->SendAnswer(Error) ;
}

void CAccessAuthEntity::OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer<ITransactionContext> pTransactionContext) 
{ 
	m_FSM.PostExitEvent();
	pTransactionContext->SendAnswer(Error_Succeed); 
}

void CAccessAuthEntity::OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName)
{
}

// 开始准入
ErrorCodeEnum CAccessAuthEntity::Regist()
{		
	m_FSM.PostEventFIFO(new FSMEvent(CAccessAuthFSM::Event_StartRegist));
	return Error_Succeed;
}

string CAccessAuthEntity::ByteArrayToHexStr(BYTE *pBuf, int nBufLen)
{
	char szBuf[1024];
	memset(szBuf, 0, sizeof(szBuf));

	for(int i=0; i<nBufLen; i++)
	{
		BYTE b1 = (pBuf[i] >> 4) & 0x0F;
		BYTE b2 = pBuf[i] & 0x0F;
		
		if (b1 <= 9)
			szBuf[i*2] = '0' + b1;
		else
			szBuf[i*2] = 'A' + b1 - 10;

		if (b2 <= 9)
			szBuf[i*2+1] = '0' + b2;
		else
			szBuf[i*2+1] = 'A' + b2 - 10;
	}


	return szBuf;
}

// 生成临时SM2密钥对
DWORD CAccessAuthEntity::CreateSM2KeyPair(CBlob &pubKey, CBlob &priKey)
{
	int nPubKeyLen = 256;
	int nPriKeyLen = 256;
	pubKey.Alloc(nPubKeyLen);
	priKey.Alloc(nPriKeyLen);

	
	if (!::CreateSM2KeyPair((BYTE*)(pubKey.m_pData), &nPubKeyLen, (BYTE*)(priKey.m_pData), &nPriKeyLen))
	{
		SetAuthErrMsg("创建SM2密钥对失败");
		CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
		
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_CREATE_RSA_KEY_PAIR,
			GetOutPutStr("%s%s","CreateRsaKeyPair","False").c_str(), true, "创建SM2密钥对失败");
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("创建SM2密钥对失败");
		return ERR_ACCESSAUTH_CREATE_RSA_KEY_PAIR;
	}

	pubKey.Resize(nPubKeyLen);
	priKey.Resize(nPriKeyLen);
	return Error_Succeed;
}

// 保存到令牌管理实体中
DWORD CAccessAuthEntity::SaveSM2KeyPair(const CBlob &pubKey, const CBlob &priKey)
{
	LOG_FUNCTION();
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
	DWORD rc = pTokenServiceClient->Connect();
	if (rc != Error_Succeed)
	{
		strErrMsg = "连接令牌管理实体失败";
		SetAuthErrMsg(strErrMsg.GetData());
		rc = ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE;
		m_FSM.doWarnMsg(rc,
			"连接令牌管理实体失败", true);
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5206")
			(GetOutPutStr("%s%08X%s%s", "Connect", rc, "strErrMsg", strErrMsg.GetData()).c_str());
		pTokenServiceClient->SafeDelete();
	}
	else
	{
		TokenService_SetKeyPair_Req req;
		req.pub_key = pubKey;
		req.pri_key = priKey;
		TokenService_SetKeyPair_Ans ans;
		rc = pTokenServiceClient->SetKeyPair(req, ans, 3000);
		pTokenServiceClient->GetFunction()->CloseSession();
		if (rc != Error_Succeed)
		{
			strErrMsg = "保存密钥对失败";
			SetAuthErrMsg(strErrMsg.GetData());
			rc = ERR_ACCESSAUTH_FROM_TOKEN_SERVICE_SET_KEYS;
			m_FSM.doWarnMsg(rc,
				"保存密钥对失败", true);
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5207")
				(GetOutPutStr("%s%08X%s%s", "SetKeyPair", rc, "strErrMsg", strErrMsg.GetData()).c_str());
		}
	}

	
	return rc;
}

ErrorCodeEnum CAccessAuthEntity::SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK)
{
	LOG_FUNCTION();
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

	TokenService_ClientBase *pTokenServiceClient = new TokenService_ClientBase(this);
	ErrorCodeEnum rc = pTokenServiceClient->Connect();
	if (rc != Error_Succeed)
	{
		strErrMsg = "连接令牌管理实体失败";
		SetAuthErrMsg(strErrMsg.GetData());		

		string outStr = GetOutPutStr("%s%08X%s%s", "Connect", rc, "strErrMsg", strErrMsg.GetData());
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_CONNECT_TOKEN_SERVICE, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(outStr.c_str());
		pTokenServiceClient->SafeDelete();
	}
	else
	{
		TokenService_SetToken_Req req = {};
		req.token = token;
		TokenService_SetToken_Ans ans;
		rc = pTokenServiceClient->SetToken(req, ans, 5000);
		if (rc == Error_Succeed)
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM).setAPI("SetToken")
				("save token succ, token: [%s]", ByteArrayToHexStr((BYTE*)token.m_pData, token.m_iLength).c_str());
		else
		{
			strErrMsg = "保存令牌失败";
			SetAuthErrMsg(strErrMsg.GetData());

			string outStr = GetOutPutStr("%s%08X%s%s", "SetToken", rc, "strErrMsg", strErrMsg.GetData());
			m_FSM.doWarnMsg(ERR_ACCESSAUTH_FROM_TOKEN_SERVICE_SET_TOKEN, outStr.c_str());
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(outStr.c_str());
		}

		TokenService_SetSharedSK_Req req2 = {};
		req2.ssk = sharedSK;
		TokenService_SetSharedSK_Ans ans2 = {};
		rc = pTokenServiceClient->SetSharedSK(req2, ans2, 5000);
		if (rc != Error_Succeed)
		{
			strErrMsg = "保存会话密钥失败";
			SetAuthErrMsg(strErrMsg.GetData());

			string outStr = GetOutPutStr("%s%08X%s%s", "SetSharedSK", rc, "strErrMsg", strErrMsg.GetData());
			m_FSM.doWarnMsg(ERR_ACCESSAUTH_FROM_TOKEN_SERVICE_SET_SHAREKEY, outStr.c_str());
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(outStr.c_str());
		}
		pTokenServiceClient->GetFunction()->CloseSession();
	}
	return rc;
}

bool CAccessAuthEntity::HasPinPad()
{
	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	//oilyang@20210514 
	if (!IsMachineTypeConfigurePinPad(m_info.strMachineType))
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("MachineType[%s], not exist pinpad", m_info.strMachineType.GetData());
		return false;
	}
	else
	{
		// 其它VTM机型，全部有内置密码键盘
		return true;
	}
}

// 1:3des only; 2: sm4 only; 3: both 3des and sm4
// 由当前已初始化的密钥文件决定，兼容旧版本终端
int CAccessAuthEntity::GetPinPadCapability()
{
	LOG_FUNCTION();
	int nCapability = 0;
	if (!IsMachineTypeConfigurePinPad(m_info.strMachineType))
		return nCapability;

	PinPadService_ClientBase *pPinPad = new PinPadService_ClientBase(this);
	auto rc = pPinPad->Connect();
	if (rc == Error_Succeed)
	{
		PinPadService_QueryFunc_Req req;
		PinPadService_QueryFunc_Ans ans;

		rc = pPinPad->QueryFunc(req, ans, 3000);
		if (rc == Error_Succeed)
		{
			nCapability = ans.encryptkey;
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("QueryFunc from pinpad succ, nCapability[%d]", nCapability);
		}
		else if (rc != Error_DevNotAvailable)
		{
			SetAuthErrMsg("从PinPad获取主密钥类型失败");
			CSmartPointer<IEntityFunction> spFunction = this->GetFunction();

			m_FSM.doWarnMsg(ERR_ACCESSAUTH_FROM_PINPAD,
				GetOutPutStr("%s%s%s%s", "QueryFunc", "False", "AuthErrMsg", "从PinPad获取主密钥类型失败").c_str());
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5205")
				(GetOutPutStr("%s%s%s%s", "QueryFunc", "False", "AuthErrMsg", "从PinPad获取主密钥类型失败").c_str());
		}

		pPinPad->GetFunction()->CloseSession();
	}
	else
	{
		SetAuthErrMsg("连接PinPad实体失败");
		CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_CONNECT_PINPAD,
			GetOutPutStr("%s%08X%s%s", "Connect", rc,"AuthErrMsg", "连接PinPad实体失败").c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)(GetOutPutStr("%s%08X%s%s", "Connect", rc, "AuthErrMsg", "连接PinPad实体失败").c_str());

		pPinPad->SafeDelete();
	}

	return nCapability;
}

void CAccessAuthEntity::printPasswdError(const string& strErrMsg){
	SetAuthErrMsg(strErrMsg.c_str());
	GetFunction()->SetSysVar("AuthErrMsg", strErrMsg.c_str());
	m_FSM.doWarnMsg( ERROR_ACCESSAUTH_OPENCRYPTCONTEXT, strErrMsg.c_str(),true, strErrMsg);
	DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA520C")(strErrMsg.c_str());
}

bool CAccessAuthEntity::SaveAuthKey(BYTE *pKey)
{
	memset(m_AuthSessionKey, 0, 140);
	CSimpleStringA runInfoPath, iniPath;
	auto rc = GetFunction()->GetPath("runinfo", runInfoPath);
	if (rc != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("GetPath runinfo error=%d.", rc);
		return false;
	}

	char privateKey[BUF_SIZE] = { 0 };
	iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "AccessAuthorization.ini";
	char* tmp = inifile_read_str(iniPath.GetData(), "TerminalPD", "PrivateKey", "");
	strcpy(privateKey, tmp);
	delete tmp;

	if (strlen(privateKey) <= 0) {
		iniPath = runInfoPath + SPLIT_SLASH_STR "runcfg" SPLIT_SLASH_STR "Initializer.ini";
		char* tmp2 = inifile_read_str(iniPath.GetData(), "TerminalPD", "PrivateKey", "");
		strcpy(privateKey, tmp2);
		delete tmp2;
		if (strlen(privateKey) <= 0)
		{
			printPasswdError("私钥为空，请重置秘钥进行初始化");
			return false;
		}
	}

	int decodedPrivateKeyLen;

	char* pDecodedPrivateKey = SP::Module::Util::Hex2Str(privateKey, decodedPrivateKeyLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("privateKey len:%d, decodedPrivateKeyLen=%d", strlen(privateKey), decodedPrivateKeyLen);

	char pDecryptPrivateKey[BUF_SIZE] = { 0 };
	int decryprtLen = BUF_SIZE;
	if (!DecWithSM4_ECB("s5da69gnh4!963@6s5da69gnh4!963@6", (BYTE*)pDecodedPrivateKey, decodedPrivateKeyLen, (BYTE*)pDecryptPrivateKey, &decryprtLen)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("DecWithSM4_ECB decrypt privateKey error. SM4解密私钥失败");
		printPasswdError("终端初始化未完成，请重置秘钥进行初始化");
		delete[] pDecodedPrivateKey;
		return false;
	}
	delete[] pDecodedPrivateKey;

	char pPlainKey[KEY_SIZE];
	int plainKeyLen = KEY_SIZE;
	char pKeyLen[4] = { 0 };
	memcpy(pKeyLen, pKey, 4);
	int kenLen = SP::Module::Util::Char2Int(pKeyLen);
	char* pEncodeKey = SP::Module::Util::Str2Hex((char*)pKey, kenLen + 4);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("kenLen=%d", kenLen);
	delete [] pEncodeKey;
	char* key = new char[kenLen + 1];
	memset(key, 0, kenLen + 1);
	memcpy(key, pKey + 4, kenLen);
	if (!DecWithSM2PriKey((BYTE*)key, kenLen, (BYTE*)pPlainKey, &plainKeyLen, (BYTE*)pDecryptPrivateKey, decryprtLen)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("使用私钥解密失败！");
		printPasswdError("终端初始化未完成，请重置秘钥进行初始化");
		delete[] key;
		return false;
	}
	if (plainKeyLen != KEY_SIZE) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI("SaveAuthVerAndKey")("私钥解密后的会话密钥长度不等于16！");
	}

	memcpy(m_AuthSessionKey, pPlainKey, KEY_SIZE);
	delete[] key;

	return true;
}

// 使用密钥加密
ErrorCodeEnum CAccessAuthEntity::EncryptDataWithKey(const CBlob &raw, CBlob &enc, BYTE* key)
{
	LOG_FUNCTION();
	//这里不需要delete,由CBlob析构函数去执行
	BYTE* pEncData = new BYTE[1024];
	int pEncDataSize = 1024;
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("pEncDataSize=%d", pEncDataSize);
	char* pPlainInfo = SP::Module::Util::Str2Hex((char*)raw.m_pData, raw.m_iLength);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("raw Length=%d", raw.m_iLength);
	delete[] pPlainInfo;

	if (!EncWithSM4_ECB(key, (BYTE*)(raw.m_pData), raw.m_iLength, pEncData, &pEncDataSize)) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("会话密钥加密准入信息失败！");
		SetAuthErrMsg("会话密钥加密准入信息失败");
		return Error_Unexpect;
	}
	
	enc.Attach(pEncData,pEncDataSize);

	char* tmp = SP::Module::Util::Str2Hex((char*)pEncData, pEncDataSize);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("pEncData size:%d", pEncDataSize);
	delete[] tmp;

	tmp = SP::Module::Util::Str2Hex((char*)enc.m_pData, enc.m_iLength);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("EncWithSM4_ECB data size:%d", enc.m_iLength);
	delete[] tmp;

	return Error_Succeed;
}

// 生成RSA密钥对，并导出公钥
bool CAccessAuthEntity::GetTerminalPublicKey(BYTE* pBuf, int& nBufLen, string& pubkey)
{
	LOG_FUNCTION();
	CSimpleString runCfgPath(true);
	auto rc = GetFunction()->GetPath("RunCfg", runCfgPath);
	if (rc != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("GetPath RunCfg error=%d.", rc);
		return false;
	}
	if (!ExistsDirA(runCfgPath)) {
		if (!CreateDirA(runCfgPath, TRUE))
		{
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("Create %s dir failed!", runCfgPath.GetData());
		}
	}
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("Dir=%s", runCfgPath.GetData());

	CSmartPointer<IConfigInfo> pConfig;
	rc = GetFunction()->OpenConfig(Config_Run, pConfig);
	if (rc != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("OpenConfig Config_Run error=%d.", rc);
		return false;
	}
	CSimpleString publicKey;
	rc = pConfig->ReadConfigValue("TerminalPD", "PublicKey", publicKey);
	if (rc != Error_Succeed || publicKey.IsNullOrEmpty()) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("ReadConfig publicKey error=%d or publicKey is NULL.", rc);
	}

	BYTE btPublicKey[BUF_SIZE] = { 0 }, btPrivateKey[BUF_SIZE] = { 0 };
	int iPublicKeyLen = sizeof(btPublicKey);
	int iPrivateKeyLen = sizeof(btPrivateKey);
	if (!::CreateSM2KeyPair(btPublicKey, &iPublicKeyLen, btPrivateKey, &iPrivateKeyLen)) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("Create SM2 key pair error.");
		return false;
	}
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("iPublicKeyLen=%d,iPrivateKeyLen=%d", iPublicKeyLen, iPrivateKeyLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("[btPublicKey=%s]", (char*)btPublicKey);

	char* pEncode = SP::Module::Util::Str2Hex((char*)btPublicKey, iPublicKeyLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("pEncode=%s,%d", pEncode, strlen(pEncode));

	m_publicKey = pEncode;
	pubkey = pEncode;
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("write public key success.");

	BYTE pCryptPrivateKey[BUF_SIZE] = { 0 };
	int cryptPrivateKeyLen = BUF_SIZE;
	if (!EncWithSM4_ECB("s5da69gnh4!963@6s5da69gnh4!963@6", btPrivateKey, iPrivateKeyLen, pCryptPrivateKey, &cryptPrivateKeyLen)) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("sm4 crypt privateKey error.");
		/*rc = pConfig->WriteConfigValue("TerminalPD", "PublicKey", "");*/
		m_publicKey = "";
		delete[] pEncode;
		return false;
	}

	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("sm4 encrypt pri key success.");
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("cryptPrivateKeyLen=%d", cryptPrivateKeyLen);

	char* pEncodedCryptPrivateKey = SP::Module::Util::Str2Hex((char*)pCryptPrivateKey, cryptPrivateKeyLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("encode pri key success.");

	m_privateKey = pEncodedCryptPrivateKey;
	/*//不在这里写入私钥，将逻辑修改到函数外部，等服务端返回成功后再写入私钥
	rc = pConfig->WriteConfigValue("TerminalPD", "PrivateKey", pEncodedCryptPrivateKey);
	if (rc != Error_Succeed) {
		rc = pConfig->WriteConfigValue("TerminalPD", "PublicKey", "");
		delete[] pEncodedCryptPrivateKey;
		return false;
	}
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("write pri key success.");*/
	publicKey = pEncode;
	delete[] pEncode;
	delete[] pEncodedCryptPrivateKey;

	char* pDecode = SP::Module::Util::Hex2Str(publicKey.GetData(), nBufLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("pDecode=[%s],len=%d", pDecode, nBufLen);

	memcpy(pBuf, pDecode, nBufLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("GetTerminalPublicKey")("pBuf[0]=%02X,nBufLen=%d", pBuf[0], nBufLen);

	delete[] pDecode;

	return true;
}

ErrorCodeEnum CAccessAuthEntity::GetPinPadModel(CSimpleStringA& pinpadModel, bool& bPinPadOnline)
{
	bPinPadOnline = false;
	int waitMS = 0;

	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	ErrorCodeEnum errCode = spConfig->ReadConfigValueInt("AccessAuthorization", "WaitPinPadMS", waitPinPadMS);
	if (waitPinPadMS <= 0)
	{
		waitPinPadMS = DEFALT_WAIT_PINPAD_MS; //默认不等待
	}

	CSimpleStringA strErrMsg;
	CSmartPointer<IEntityFunction> spFunction = this->GetFunction();
	std::map<std::string, std::string> errInfo;
	//oilyang@20210514 
	if (!IsMachineTypeConfigurePinPad(m_info.strMachineType))
	{
		pinpadModel = "";
		return Error_Succeed;
	}

	ErrorCodeEnum nRet = Error_Unexpect;
	ErrorCodeEnum rc = Error_Unexpect;
	do 
	{
		auto pPinPadClient = new PinPadService_ClientBase(this);
		if ((rc = pPinPadClient->Connect()) == Error_Succeed)
		{
			PinPadService_GetDevInfo_Req req = {};
			PinPadService_GetDevInfo_Ans ans = {};

			rc = pPinPadClient->GetDevInfo(req, ans, 3000);
			if (rc == Error_Succeed)
			{
				bPinPadOnline = true;
				nRet = Error_Succeed;
				DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("pinpad model: %s", ans.model.GetData());

				// CM = V2.0#PM = V1.0#MID = 75500001#PID = 12345678#FWID = V1234567#Vendor = nantian
				// 密码键盘ID，PID，8到16字节;  设备ID，MID，8到16字节;  固件版本号，FWID，8字节
				pinpadModel = ans.model;
				
				pPinPadClient->GetFunction()->CloseSession();
				pPinPadClient->SafeDelete();
				pPinPadClient = NULL;
				break;
			}
			pPinPadClient->GetFunction()->CloseSession();
		}
		
		pPinPadClient->SafeDelete();
		pPinPadClient = NULL;
		waitMS += INTERVAL_WAIT_PINPAD_MS;

		if (waitPinPadMS > 0) //配置有效时才进行等待，不然直接跳出循环
		{
			Sleep(INTERVAL_WAIT_PINPAD_MS); //等待200ms
		}
	} 
	while (bPinPadOnline == false && waitMS < waitPinPadMS); //获取pinpad成功，或者时间超过阈值跳出

	if (rc == Error_NotInit)
	{
		strErrMsg = "PinPad超时未打开";
		SetAuthErrMsg(strErrMsg.GetData());

		string outStr = GetOutPutStr("%s%08X%s%s", "GetDevInfo", rc, "strErrMsg", strErrMsg.GetData());
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_PINPAD_OPEN_OVERTIME, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5204")(outStr.c_str());

		errInfo["errcode"] = "RTA5204";
		errInfo["msg"] = "PinPad超时未打开";
		errInfo["getLastErr"] = to_string(GetLastError());
		pinpadModel = generateJsonStr(errInfo).second.c_str();

	}
	else if(rc == Error_DevNotAvailable)
	{
		strErrMsg = "PinPad打开失败";
		SetAuthErrMsg(strErrMsg.GetData());

		string outStr = GetOutPutStr("%s%08X%s%s", "GetDevInfo", rc, "strErrMsg", strErrMsg.GetData());
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_PINPAD_OPEN_FAILED, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5218")(outStr.c_str());

		errInfo["errcode"] = "RTA5218";
		errInfo["msg"] = "PinPad打开失败";
		errInfo["getLastErr"] = to_string(GetLastError());
		pinpadModel = generateJsonStr(errInfo).second.c_str();
	}
	else if(rc != Error_Succeed)
	{
		strErrMsg = "连接PinPad取数据异常";
		SetAuthErrMsg(strErrMsg.GetData());

		string outStr = GetOutPutStr("%s%08X%s%s", "GetPinPadModel", rc, "strErrMsg", strErrMsg.GetData());
		m_FSM.doWarnMsg(ERR_ACCESSAUTH_PINPAD_GETDATA_FAILED, outStr.c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5205")(outStr.c_str());

		errInfo["errcode"] = "RTA5205";
		errInfo["msg"] = "连接PinPad取数据异常";
		errInfo["getLastErr"] = to_string(GetLastError());
		pinpadModel = generateJsonStr(errInfo).second.c_str();
	}

	return nRet;
}

wstring CAccessAuthEntity::ANSIToUnicode(const string& str)
{
	int  len = 0;
	len = str.length();

	int  unicodeLen = ::MultiByteToWideChar(CP_ACP,
		0,
		str.c_str(),
		-1,
		NULL,
		0); 

	wchar_t *  pUnicode;  
	pUnicode = new  wchar_t[unicodeLen+1];  
	memset(pUnicode,0,(unicodeLen+1)*sizeof(wchar_t));  
	::MultiByteToWideChar( CP_ACP,
		0,
		str.c_str(),
		-1,
		(LPWSTR)pUnicode,
		unicodeLen);

	wstring  rt;  
	rt = (wchar_t*)pUnicode;
	delete  pUnicode; 

	return  rt;  
}

//China Standard Time
BOOL CAccessAuthEntity::SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime)
{
#ifdef RVC_OS_WIN
	HKEY hKey;
	LONG ErrorCode;
	TCHAR szSubKey[256];
	TCHAR szStandardName[32];
	TCHAR szDaylightName[32];
	REG_TZI_FORMAT regTZI;
	DWORD dwByteLen;

	// 检测入口参数
	if ((szTimeZoneKeyName == NULL) || (strlen(szTimeZoneKeyName) == 0))
	{
		// 时区标识符不能为空
		return FALSE;
	}

	StringCchCopy(szSubKey, 256, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\"));
	StringCchCat(szSubKey, 256, szTimeZoneKeyName);
	ErrorCode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szSubKey, 0, KEY_QUERY_VALUE, &hKey);
	if (ErrorCode != ERROR_SUCCESS)
	{

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("RegOpenKeyEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time fail");
		return FALSE;
	}

	// 标准名
	dwByteLen = sizeof(szStandardName);
	ErrorCode = RegQueryValueEx(hKey, TEXT("Std"), NULL, NULL, reinterpret_cast<LPBYTE>(&szStandardName), &dwByteLen);
	if (ErrorCode != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Std fail");
		return FALSE;
	}

	// 夏时制名
	dwByteLen = sizeof(szDaylightName);
	ErrorCode = RegQueryValueEx(hKey, TEXT("Dlt"), NULL, NULL, reinterpret_cast<LPBYTE>(&szDaylightName), &dwByteLen);
	if (ErrorCode != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\Dlt fail");
		return FALSE;
	}

	// 时区信息
	dwByteLen = sizeof(regTZI);
	ErrorCode = RegQueryValueEx(hKey, TEXT("TZI"), NULL, NULL, reinterpret_cast<LPBYTE>(&regTZI), &dwByteLen);
	RegCloseKey(hKey);
	if ((ErrorCode != ERROR_SUCCESS) || (dwByteLen > sizeof(regTZI)))
	{

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("RegQueryValueEx Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\China Standard Time\\TZI fail");
		return FALSE;
	}

	// 开启权限
	HANDLE hToken;
	TOKEN_PRIVILEGES tkp;
	BOOL isOK;

	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
	{

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("OpenProcessToken Standard Time\\Dlt fail");
		return FALSE;
	}

	LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME, &tkp.Privileges[0].Luid);
	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
	if (GetLastError() != ERROR_SUCCESS)
	{
		CloseHandle(hToken);

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("AdjustTokenPrivileges fail");
		return FALSE;
	}

	// 设置新时区
	DYNAMIC_TIME_ZONE_INFORMATION tzi;
	tzi.Bias = regTZI.Bias;
	tzi.StandardDate = regTZI.StandardDate;
	tzi.StandardBias = regTZI.StandardBias;
	tzi.DaylightDate = regTZI.DaylightDate;
	tzi.DaylightBias = regTZI.DaylightBias;
	tzi.DynamicDaylightTimeDisabled = !isDaylightSavingTime;
	wcscpy(tzi.StandardName, ANSIToUnicode(szStandardName).c_str());
	wcscpy(tzi.DaylightName, ANSIToUnicode(szDaylightName).c_str());
	wcscpy(tzi.TimeZoneKeyName, ANSIToUnicode(szTimeZoneKeyName).c_str());

	isOK = SetDynamicTimeZoneInformation(&tzi);	// 设置动态时区
	if (!isOK)
	{

		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("SetDynamicTimeZoneInformation fail");
	}

	// 关闭权限
	tkp.Privileges[0].Attributes = 0;
	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
	CloseHandle(hToken);

	return isOK;
#else
	//temporarily not relased at linux
	return TRUE;
#endif // RVC_OS_WIN
}

bool CAccessAuthEntity::IsMachineTypeConfigurePinPad(const CSimpleStringA& strMachineType)
{
	CSmartPointer<IConfigInfo> spConfig;
	GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	CSimpleStringA mcType = CSimpleStringA("CoreBootList.") + strMachineType;
	CSimpleStringA loaderConifg("");
	ErrorCodeEnum errCode = spConfig->ReadConfigValue("VtmLoader", mcType.GetData(), loaderConifg);

	if (errCode != Error_Succeed)
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Get VtmLoader config failed!");
	}

	if (string(loaderConifg.GetData()).find("PinPad") != string::npos) //集中配置配了启动pinpad实体
	{
		return true;
	}
	else
	{
		return  false;
	}
}

void CAccessAuthEntity::UpdateWK()
{
	m_FSM.UpdateWK();
}

void CAccessAuthEntity::BeginInitMKACS()
{
	LOG_FUNCTION();
	// 1:3des only; 2: sm4 only; 3: both 3des and sm4
	int nCapability = GetPinPadCapability();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("pinpad capability: %d", nCapability);

	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error)
	{
		Error = spConfig->ReadConfigValue("AccessAuthorization", "HostInitUrl", m_strInitUrl);
		if (Error_Succeed != Error)
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("get InitUrl from CenterSetting failed");
			return;
		}

	} else {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("open InitUrl from CenterSetting.ini failed");
		return;
	}
	CSmartPointer<InitializerInitMKTask> initUpdateWKTask = new InitializerInitMKTask(&this->m_FSM, this);
	GetFunction()->PostThreadPoolTask(initUpdateWKTask.GetRawPointer());
}

bool CAccessAuthEntity::SendInitMKReqACS(CInitlizerMKReq& initMKReq)
{
	LOG_FUNCTION();
	CSmartPointer<IEntityFunction> pFunc = GetFunction();
	ErrorCodeEnum nRet = Error_Unexpect;

	CBlob encInfo;
	char* hexStr = "21009872C31CBC00D0C8F421D09CF707";
	BYTE key[KEY_SIZE] = { 0 };
	PBYTE btTmp(NULL);
	SP::Module::Util::StrBuf2HexBuf(hexStr, &btTmp);
	memcpy(key, btTmp, KEY_SIZE);
	if (btTmp != NULL) {
		delete[] btTmp;
		btTmp = NULL;
	}
	nRet = (ErrorCodeEnum)m_FSM.GetEncTerminalInfoWithKey(encInfo, key);
	if (nRet != Error_Succeed)
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetEncTerminalInfo failed:%d", nRet);
		return false;
	}
	char* pTmp = SP::Module::Util::Str2Hex((char*)encInfo.m_pData, encInfo.m_iLength);
	initMKReq.iniTerminalInfo = pTmp;
	delete[] pTmp;
	CSystemStaticInfo si;
	pFunc->GetSystemStaticInfo(si);
	initMKReq.terminalVersion = si.InstallVersion.ToString();
	initMKReq.terminalNo = si.strTerminalID.GetData();

	BYTE xPublicKey[148];
	int nBufLen = sizeof(xPublicKey);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SendInitMKReqACS")("开始获取公钥。。。");
	memset(xPublicKey, 0, nBufLen);
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("SendInitMKReqACS")("nBufLen=%d", nBufLen);
	if (!GetTerminalPublicKey(xPublicKey, nBufLen, initMKReq.publicKey))
	{
		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
			GetOutPutStr("%s%s", "GetTerminalPublicKey", "False").c_str());
		return false;
	}

	initMKReq.user = m_strUserID.GetData();
	if (!m_strUserID.IsNullOrEmpty() && !m_strPassword.IsNullOrEmpty())
	{
		LogWarn(Severity_Low, Error_Succeed, AccessAuthorization_UserErrorCode_Init_From_ClosePage, "Init by ClosePage.");
		initMKReq.loginWay = 1;
	}
	else
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("no need to call login again as User Desktop have logined.");
		initMKReq.loginWay = 0;
	}

	PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this);
	auto errRc = pPinPad->Connect();
	if (errRc == Error_Succeed)
	{
		PinPadService_GetCheckCode_Req req = {};
		PinPadService_GetCheckCode_Ans ans = {};

		req.mSN.Init(1);
		req.wSN.Init(1);
		req.mSN[0] = 1;
		req.wSN[0] = 0;
		errRc = (*pPinPad)(EntityResource::getLink().upgradeLink())->GetCheckCode(req, ans, 10000);
		if (errRc == Error_Succeed)
		{
			initMKReq.curTpkKeyCheck = ans.checkcode[0].GetData();
			initMKReq.curKeyIndex = ans.index[0].GetData();
		}
		else
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("Get keyChek && keyIndex failed.");
		}

		pPinPad->GetFunction()->CloseSession();
	}
	else
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("connect to pinpad failed.error code:%d", errRc);
	}

	return true;
}

void CAccessAuthEntity::EndInitMK(DWORD rc, const char *pszErrMsg)
{
	LOG_FUNCTION();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setLogCode(AccessAuthService_LogCode_InitializeNew)
		("EndInitMK:rc:%d,errMsg:%s", rc, pszErrMsg);
	GetFunction()->KillTimer(22);

	m_strLastErrMsg = pszErrMsg;

	if (rc != Error_Succeed)
	{
		LogWarn(Severity_Middle, Error_Unexpect, rc,
			GetOutPutStr("%s%08X%s%s", "EndInitMK", rc,"pszErrMsg", pszErrMsg).c_str());

		GetFunction()->ShowFatalError(pszErrMsg);
	}
	else
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("初始化成功。。。");
	}

	m_eErrNum = rc;

	bool bSuc = rc == Error_Succeed;

	// 通知UI窗口
	if (m_ctx != NULL) {
		m_ctx->Ans.Errcode = rc;
		m_ctx->Ans.ErrMsg = m_strLastErrMsg;
		m_ctx->Answer(Error_Succeed);
	}

}

ErrorCodeEnum CAccessAuthEntity::LoadKeysToPinPadACS(string TMK, string TPK, string EDK, string index, string tpkCheck, string edkCheck)
{
	LOG_FUNCTION();
	//加载到密码键盘
	PinPadService_ClientBase* pPinPad = new PinPadService_ClientBase(this);
	auto rc = pPinPad->Connect();
	if (rc == Error_Succeed)
	{
		PinPadService_LoadKeysSM_Req req = {};
		req.initializeflag = true;
		req.smflag = 1;
		req.masterkey = TMK.c_str();

		req.workingkey1 = TPK.c_str();
		req.workingkey2 = EDK.c_str();
		req.reserved3 = index.c_str();
		req.reserved4 = tpkCheck.c_str();

		if (!req.initializeflag) DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM).setAPI("LoadKeysToPinPadACS")("initializeflag is false");
		PinPadService_LoadKeysSM_Ans ans = {};
		rc = pPinPad->LoadKeysSM(req, ans, 30000);
		if (rc != Error_Succeed)
		{
			DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("load sm key to pinpad failed.");
			return Error_Unexpect;
		}

		pPinPad->GetFunction()->CloseSession();
	}
	else
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("connect to pinpad failed %x", rc);
		return Error_Unexpect;
	}

	return Error_Succeed;
}

DWORD CAccessAuthEntity::InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer& ctx)
{
	return m_FSM.InitDevice(ctx);
}

void CAccessAuthEntity::GetNetMsg(SpReqAnsContext<AccessAuthService_GetNetMsg_Req, AccessAuthService_GetNetMsg_Ans>::Pointer& ctx)
{
	m_FSM.GetNetMsg(ctx);
	return;
}

bool CAccessAuthEntity::GenerateRandomNum()
{
	LOG_FUNCTION();
	const int MAX_KEY_SIZE = 256;
	//get public key-->send random number --> set working key
	int ret1, ret2, ret3, ret4;
	unsigned int ram[4];
#ifdef RVC_OS_WIN
	ret1 = rand_s(&ram[0]);
	ret2 = rand_s(&ram[1]);
	ret3 = rand_s(&ram[2]);
	ret4 = rand_s(&ram[3]);
	if ((ret1 != 0) || (ret2 != 0) || (ret3 != 0) || (ret4 != 0))
		return false;

	ZeroMemory(m_btRam, 16);
#else
	ram[0] = rand();
	ram[1] = rand();
	ram[2] = rand();
	ram[3] = rand();

	memset(m_btRam, 0, 16);
#endif // RVC_OS_WIN
	for (int i = 0, j = 0; j < 4; ++j)
	{
		m_btRam[i + 0] = ((ram[j] & 0xff000000) >> 24);
		m_btRam[i + 1] = ((ram[j] & 0x00ff0000) >> 16);
		m_btRam[i + 2] = ((ram[j] & 0x0000ff00) >> 8);
		m_btRam[i + 3] = (ram[j] & 0x000000ff);
		i += 4;
	}
	return true;
}
pair<string, string> CAccessAuthEntity::GenerateTmkToKMC()
{
	LOG_FUNCTION();
	if (!GenerateRandomNum())
		return make_pair("", "");
#ifdef DEVOPS_ON_ST /*DevOps流水线编译，ST环境*/
	CSimpleStringA tmpPubKey = "0445FAF2B721207A39A9F3DEE3B3D89E2EF8924882968D31FC54FDA4F41D3D94AED4DA1B3C38B17193AD2952BD24407B7C01A80E65630A2FAD5073691613EAA814";
#elif defined(DEVOPS_ON_UAT)/*DevOps流水线编译，UAT环境*/
	CSimpleStringA	tmpPubKey = "040AEC50A1FC9C5E9B1162FE4520C9E18E6F471A3F6DB77B147F0A464B5BFD0EDBE08AE8377C458CA204456E7A86568AAA9240F1C843E47988A6A197B232539DC8";
#elif defined(DEVOPS_ON_PRD)/*DevOps流水线编译，PRD环境*/
	CSimpleStringA tmpPubKey = "04E0A4FDA2484A1A0FAB0844F59110AEB7A08D314B5E451E816FC0E78CBA383B461474E1167B86FC48D704CB482DD5164A73AB9E019CCE26EE382B89C394B5ACE1";
#elif defined(DEVOPS_ON_DEV)/*DevOps流水线编译，Dev环境*/
	CSimpleStringA tmpPubKey = "0445FAF2B721207A39A9F3DEE3B3D89E2EF8924882968D31FC54FDA4F41D3D94AED4DA1B3C38B17193AD2952BD24407B7C01A80E65630A2FAD5073691613EAA814";
#else/*本地编译等非DevOps环境编译的版本*/
	CSimpleStringA tmpPubKey = "0445FAF2B721207A39A9F3DEE3B3D89E2EF8924882968D31FC54FDA4F41D3D94AED4DA1B3C38B17193AD2952BD24407B7C01A80E65630A2FAD5073691613EAA814";
#endif
	return EncryptedByPubKey(tmpPubKey);
}

pair<string, string> CAccessAuthEntity::EncryptedByPubKey(CSimpleStringA pubKey, bool bNeed04Head)
{
	//TODO: New了那么多对象，什么时候Delete？？  [Gifur@202585]
	if (pubKey.GetLength() <= 0)
		return make_pair("", "");
	PCHAR strRam = new CHAR[512];
	memset(strRam, 0, 512);
	memcpy(strRam, &(m_btRam[0]), 16);
	SP::Module::Util::HexBuf2StrBuf((PBYTE)m_btRam, &strRam, 16);
	const int MAX_KEY_SIZE = 256;
	char random_enc_bypbk[MAX_KEY_SIZE];
	memset(random_enc_bypbk, 0, MAX_KEY_SIZE);
	//公钥加密随机数
	int outMsgLen = MAX_KEY_SIZE;
	PBYTE pxxKey = new BYTE[256];
	PBYTE pOldPubKey = new BYTE[256];
	memset(pOldPubKey, 0, 256);
	memset(pxxKey, 0, 256);

	int size = SP::Module::Util::StrBuf2HexBuf(pubKey.GetData(), &pOldPubKey);
	if (bNeed04Head)
	{
		pxxKey[0] = 0x04;
		memcpy(pxxKey + 1, pOldPubKey, size);
	}
	else {
		memcpy(pxxKey, pOldPubKey, 65);
	}
	int retSM2 = EncWithSM2PubKey((unsigned char*)m_btRam, 16, (unsigned char*)random_enc_bypbk, &outMsgLen, (unsigned char*)pxxKey, 65);
	if (!retSM2 || outMsgLen != 113)
	{
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("EncWithSM2PubKey failed outMsgLen:%d.", outMsgLen);
		return make_pair("", "");
	}

	PBYTE tmp_enc_bypbk = new BYTE[112];
	memset(tmp_enc_bypbk, 0, 112);
	
	if (bNeed04Head)
	{
		memcpy(tmp_enc_bypbk, &(random_enc_bypbk[1]), 112);
	}
	else
	{
		memcpy(tmp_enc_bypbk, &(random_enc_bypbk[1]), 64);
		memcpy(tmp_enc_bypbk + 64, &(random_enc_bypbk[97]), 16);
		memcpy(tmp_enc_bypbk + 80, &(random_enc_bypbk[65]), 32);
	}


	PCHAR pBlock = new CHAR[512];
	memset(pBlock, 0, 512);
	BYTE tmpRandomEnc[512];
	memset(tmpRandomEnc, 0, 512);
	memcpy(tmpRandomEnc, &(tmp_enc_bypbk[0]), outMsgLen - 1);
	size = SP::Module::Util::HexBuf2StrBuf((PBYTE)tmpRandomEnc, &pBlock, 112);
	return make_pair(pBlock, strRam);
}

void CAccessAuthEntity::GetHardWareInfo()
{
	std::map<std::string, std::string> errInfo;

	//oilyang@20231008 to get system info from runcfg first
	//no matter calculating from runcfg succeed or not,we also get system info from system api for update runcfg
	bool bGetFromRunCfg = false;
	CSimpleString csInfo, strErrMsg, strRet;
	CSmartPointer<IConfigInfo> pConfigRun;
	ErrorCodeEnum eErr = GetFunction()->OpenConfig(Config_Run, pConfigRun);
	if (eErr == Error_Succeed && pConfigRun->ReadConfigValue("system", "info", csInfo) == Error_Succeed && !csInfo.IsNullOrEmpty()) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("read device info from runcfg: [%s]", csInfo.GetData());
		CAutoArray<CSimpleStringA> sysInfo = csInfo.Split('|');
		if (sysInfo.GetCount() == 3)
		{
			m_cpuId = sysInfo[0];
			m_mainBoardId = sysInfo[1];
			m_hardDiskId = sysInfo[2];
			bGetFromRunCfg = true;
			m_iGetTermSysInfo = 1;
		}
		else
		{
			m_iGetTermSysInfo = -1;
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setAPI("GetTerminalFingerPrint")("get sm3 hash as fingerprint fail");
		}
	}
	else
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("GetTermSysInfo, OpenConfig Config_Run error=%d.", eErr);

#ifdef RVC_OS_LINUX
	char szTmp[1024] = {};
	string strTmp;
	int nTmpBufLen = 1024;

	CSimpleStringA runInfoPath;
	auto rc = GetFunction()->GetPath("runinfo", runInfoPath);
	if (rc != Error_Succeed) {
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("GetPath runinfo error=%d.", rc);
		return;
	}
	runInfoPath += SPLIT_SLASH_STR "runcfg";

	//CPU
	if (!get_cpu_id_by_system(strTmp, runInfoPath.GetData()))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5213";
			errInfo["msg"] = "调用系统api获取CPU序号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_cpuId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}

		strErrMsg = CSimpleStringA::Format("查询CPU ID失败，请重启机器并重新初始化");
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5213")
			(GetOutPutStr("%s%s", "Processor", "False").c_str());
		return;
	}
	m_cpuId = strTmp.c_str();
	strRet = strTmp.c_str();
	strTmp.clear();

	//主板
	if (!get_board_serial_by_system(strTmp, runInfoPath.GetData()))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5214";
			errInfo["msg"] = "调用系统api获取主板ID号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_mainBoardId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}
		strErrMsg = CSimpleStringA::Format("查询主板序列号失败,  请重启机器并重新初始化");
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5214")
			(GetOutPutStr("%s%s", "BaseBoard", "False").c_str());
		return;
	}
	m_mainBoardId = strTmp.c_str();
	strRet += "|";
	strRet += strTmp.c_str();

	//硬盘
	vector<string> diskArr;
	int errCode = 0;
	if (!get_disk_serial_by_system(diskArr, errCode, runInfoPath.GetData()))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5215";
			errInfo["msg"] = "调用系统api获取硬盘ID号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_hardDiskId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("get_disk_serial_by_system errCode:%d", errCode);
		strErrMsg = CSimpleStringA::Format("查询磁盘序列号失败, 请重启机器并重新初始化");
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5215")
			(GetOutPutStr("%s%s", "DiskDrive", "False").c_str());
		return;
	}
	strRet += "|";
	strTmp = "";
	vector<string>::iterator it = diskArr.begin();
	while (it != diskArr.end()) {
		strTmp += *it;
		it++;
	}
	strRet += strTmp.c_str();
	m_hardDiskId = strTmp.c_str();
#else
	ULONGLONG ullStart = GetTickCount64();
	char szTmp[1024] = {};
	int nTmpBufLen = 1024;
	if (!QueryWMIDevice(Processor, "ProcessorId", szTmp, &nTmpBufLen))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5213";
			errInfo["msg"] = "调用系统api获取CPU序号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_cpuId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}
		strErrMsg = CSimpleStringA::Format("查询 cpu id 失败: %d, 请尝试重启应用", GetLastError());
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());

		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5213")
			(GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "Processor", GetLastError()).c_str());

		return;
	}
	strRet = szTmp;
	m_cpuId = szTmp;

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(BaseBoard, "SerialNumber", szTmp, &nTmpBufLen))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5214";
			errInfo["msg"] = "调用系统api获取主板ID号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_mainBoardId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}
		strErrMsg = CSimpleStringA::Format("查询 baseboard sn 失败: %d, 请尝试重启应用", GetLastError());
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5214")
			(GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "BaseBoard", GetLastError()).c_str());

		return;
	}

	strRet += "|";
	strRet += szTmp;
	m_mainBoardId = szTmp;

	nTmpBufLen = 1024;
	memset(szTmp, 0, sizeof(szTmp));
	if (!QueryWMIDevice(DiskDrive, "SerialNumber", szTmp, &nTmpBufLen))
	{
		if (!bGetFromRunCfg)
		{
			errInfo["errcode"] = "RTA5215";
			errInfo["msg"] = "调用系统api获取硬盘ID号失败";
			errInfo["getLastErr"] = to_string(GetLastError());
			m_hardDiskId = generateJsonStr(errInfo).second.c_str();

			m_iGetTermSysInfo = -1;
		}
		strErrMsg = CSimpleStringA::Format("查询 harddisk sn 失败: %d, 请尝试重启应用", GetLastError());
		SetAuthErrMsg((const char*)strErrMsg);

		LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s%s%d", "QueryWMIDevice", "False", "DiskDrive", GetLastError()).c_str());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5215")
			(GetOutPutStr("%s%s", "DiskDrive", "False").c_str());

		return;
	}

	strRet += "|";
	strRet += szTmp;
	m_hardDiskId = szTmp;

	ULONGLONG ullEnd = GetTickCount64();
	if (ullEnd - ullStart > 5000)
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM).setResultCode("RTA5201")
			("获取系统信息耗时过长:%d秒", (ullEnd - ullStart) / 1000);
		LogWarn(Severity_Middle, Error_Unexpect, AccessAuthorization_UserErrorCode_GetTermCostTooLong,
			CSimpleStringA::Format("获取系统信息耗时过长:%d秒", (ullEnd - ullStart) / 1000));
	}
#endif // RVC_OS_LINUX

	if (!bGetFromRunCfg || csInfo.Compare(strRet) != 0)
	{
		eErr = pConfigRun->WriteConfigValue("system", "info", strRet.GetData());
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("device info changed,before[%s],current[%s],write to runcfg:%d"
			, csInfo.GetData(), strRet.GetData(), eErr);
	}
	else
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("device info: [%s]", strRet.GetData());

	m_iGetTermSysInfo = 1;

	return;

}

SP_BEGIN_ENTITY_MAP()
	SP_ENTITY(CAccessAuthEntity)
SP_END_ENTITY_MAP()