#ifndef __MOD_ACCESSAUTH_H #define __MOD_ACCESSAUTH_H #include "SpBase.h" #include "EventCode.h" #include "AccessAuthFSM.h" #include "modVer.h" #include "AccessAuthorization_server_g.h" using namespace AccessAuthorization; // 准入服务 0x502 class CAccessAuthEntity; class CAccessAuthSession : public AccessAuthService_ServerSessionBase { public: CAccessAuthSession(CAccessAuthEntity *pEntity) : m_pEntity(pEntity) {} virtual ~CAccessAuthSession() {} virtual void Handle_Regist(SpOnewayCallContext::Pointer ctx); virtual void Handle_Unregist(SpOnewayCallContext::Pointer ctx); virtual void Handle_InitDev(SpReqAnsContext::Pointer ctx); virtual void Handle_UpdateWK(SpOnewayCallContext::Pointer ctx); virtual void Handle_InitializeNew(SpReqAnsContext::Pointer ctx); virtual void Handle_SyncTime(SpOnewayCallContext::Pointer ctx); private: CAccessAuthEntity *m_pEntity; }; class CAccessAuthEntity : public CEntityBase, public ISysVarListener { public: CAccessAuthEntity() :m_nAuthVersion(1), m_bGetKMCKey(false){} virtual ~CAccessAuthEntity() {} virtual const char* GetEntityVersion() const { return MODULE_VERSION_FULL; } virtual const char *GetEntityName() const { return "AccessAuthorization"; } virtual bool IsService()const{return true;} virtual void OnStarted(); virtual void OnPreStart(CAutoArray strArgs,CSmartPointer pTransactionContext); virtual void OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer pTransactionContext); virtual void OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName); virtual CServerSessionBase *OnNewSession(const char* /*pszRemoteEntityName*/, const char * /*pszClass*/){ return new CAccessAuthSession(this); } // 开始准入 ErrorCodeEnum Regist(); void UpdateWK(); // 重新准入 ErrorCodeEnum Reregist(); // 准入退出 ErrorCodeEnum Unregist(int nReason, int nWay); // 时间同步 DWORD SyncTime(); // 状态上报 ErrorCodeEnum PushTerminalStage(char cNewStage, DWORD dwNewStageTime, char cOldStage, DWORD dwOldStageTime); // KMC初始化 DWORD InitKMC(); // 获取WK更新请求包 // @nAlgFlag: 1:3des only; 2: sm4 only; 3: both 3des and sm4 ErrorCodeEnum GetKmcWKUpdateData(char *pBuf, int &nLen, int nAlgFlag); // 解析WK // @nAlgFlag: 1:3des only; 2: sm4 only; 3: both 3des and sm4 DWORD ParseWKUpdateResult(char *pBuf, int nLen, int nAlgFlag); // 获取KMC错误 CSimpleStringA GetKMCLastErrMsg(); // 释放KMC ErrorCodeEnum ReleaseKMC(); // 加载新WK DWORD LoadPinPadWK(bool bSM); bool HexStrToByteArray(const char* pHex, BYTE *pBuf, int *pBufLen); string ByteArrayToHexStr(BYTE *pBuf, int nBufLen); // 调用PinPad加密(只支持DES加密，不支持SM) DWORD EncryptDataWithPinPad(const CBlob &raw, CBlob &enc); // 生成SM2密钥对 DWORD CreateSM2KeyPair(CBlob &pubKey, CBlob &priKey); // 保存密钥对到令牌实体 DWORD SaveSM2KeyPair(const CBlob &pubKey, const CBlob &priKey); // 保存Token和共享会话密钥到令牌实体 ErrorCodeEnum SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK); // 是否使用PinPad bool HasPinPad(); // 机型是否配置密码键盘 bool IsMachineTypeConfigurePinPad(CSimpleStringA strMachineType); int GetPinPadCapability(); // 保存准入版本及会话密钥 bool SaveAuthVerAndKey(int nAuthVer, BYTE *pKey); inline int GetAuthVersion(){ return m_nAuthVersion; } // 调用准入会话密钥加密 ErrorCodeEnum EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc); bool GetTerminalFingerPrint(BYTE *pBuf, int &nBufLen); bool GetTerminalPublicKey(BYTE *pBuf, int &nBufLen); bool GetTerminalPublicKey(BYTE* pBuf, int& nBufLen, string& pubkey); bool GetMD5Hash(const char *pStr, BYTE md5[16]); DWORD InitDevice(SpReqAnsContext::Pointer &ctx); void SetAuthErrMsg(const char *pszErrMsg) { m_strAuthErrMsg = pszErrMsg; } const char *GetAuthErrMsg() { return m_strAuthErrMsg; } // 获取密码键盘ID和外设ID //oilyang@20210510 add:in order to avoid getting info out of async, check if has pinpad while getting info // 返回1：只有PinPadID；2：只有DeviceID；3：两者都有；0：失败 int GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimpleStringA &strDeviceID,bool &bHasPinPad); // 密码键盘是否支持校验码 bool HasCkCodeFlg(); // 设置时区 wstring ANSIToUnicode(const string& str); BOOL SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime); int ConvertStr2Byte(string input, BYTE* output, int outputLen); void printPasswdError(); DWORD LoadKeysToPinPadNew(string TMK, string TPK, string EDK, string index); BYTE m_AuthSessionKey[140]; virtual void OnSelfTest(EntityTestEnum eTestType, CSmartPointer pTransactionContext) { pTransactionContext->SendAnswer(Error_Succeed); } /*type=0 means read first or not while type=1 for writing not first*/ /*return 1 means first access auth as 0 means not first access auth*/ int GetOrSetIsFirstSM(int type); string m_TMK; string m_TPK; string m_EDK; string m_index; bool m_bGetKMCKey; CSimpleStringA m_strUserID, m_strPassword, m_strInitUrl; SpReqAnsContext::Pointer m_ctx; void BeginInitMKACS(); bool SendInitMKReqACS(CInitlizerMKReq& initMKReq); CSimpleStringA GetInitUrl() { return m_strInitUrl; } void EndInitMK(DWORD rc, const char* pszErrMsg); ErrorCodeEnum LoadKeysToPinPadACS(string TMK, string TPK, string EDK, string index); DWORD m_eErrNum; CSimpleStringA m_strLastErrMsg; int HexBuf2StrBuf(PBYTE hexBuf, char** strBuf, DWORD len) { char* tmpStr = *strBuf; int count = 0; for (int i = 0; i < len; ++i) { sprintf(tmpStr + count, "%0.2X", hexBuf[i]); count += 2; } return 0; } int StrBuf2HexBuf(LPCTSTR strBuf, PBYTE* hexBuf) { int len = strlen(strBuf); if (len == 0 || len % 2 != 0) return 0; BYTE* buf = new BYTE[len / 2]; if (buf == NULL) return 0; int j = 0; for (int i = 0; i < len;) { int tmpVal; sscanf(strBuf + i, "%2X", &tmpVal); buf[j] = tmpVal; //buf[j] = char2int(strBuf[i])*16 + char2int(strBuf[i+1]); i += 2; j++; } //memcpy(buf,strBuf,len); *hexBuf = buf; return j; } protected: CAccessAuthFSM m_FSM; int m_nAuthVersion; // 准入请求版本： 1 借助KMC密钥验证；2 借助终端密钥动态生成会话密钥验证 CSystemStaticInfo m_info; CSimpleStringA m_strAuthErrMsg; }; #endif //__MOD_ACCESSAUTH_H