#ifndef __MOD_ACCESSAUTH_H
#define __MOD_ACCESSAUTH_H
#include "SpBase.h"
#include "EventCode.h"
#include "AccessAuthFSM.h"
#include "modVer.h"
#include "AccessAuthorization_server_g.h"
using namespace AccessAuthorization;

// 准入服务 0x502
class CAccessAuthEntity;

class CAccessAuthSession : public AccessAuthService_ServerSessionBase
{
public:
	CAccessAuthSession(CAccessAuthEntity *pEntity) : m_pEntity(pEntity) {}
	virtual ~CAccessAuthSession() {}

	virtual void Handle_Regist(SpOnewayCallContext<AccessAuthService_Regist_Info>::Pointer ctx);	
	virtual void Handle_Unregist(SpOnewayCallContext<AccessAuthService_Unregist_Info>::Pointer ctx);
	virtual void Handle_Reregist(SpOnewayCallContext<AccessAuthService_Reregist_Info>::Pointer ctx);
	virtual void Handle_PushTerminalStage(SpOnewayCallContext<AccessAuthService_PushTerminalStage_Info>::Pointer ctx);
	virtual void Handle_InitDev(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer ctx);
	virtual void Handle_SyncTime(SpOnewayCallContext<AccessAuthService_SyncTime_Info>::Pointer ctx);	
	
private:
	CAccessAuthEntity *m_pEntity;
};

class CAccessAuthEntity : public CEntityBase, public ISysVarListener
{
public:
	CAccessAuthEntity() :m_nAuthVersion(1), m_bGetKMCKey(false){}
	virtual ~CAccessAuthEntity() {}

	virtual const char* GetEntityVersion() const { return MODULE_VERSION_FULL; }
	virtual const char *GetEntityName() const { return "AccessAuthorization"; }

	virtual bool IsService()const{return true;}

	virtual void OnStarted();
	virtual void OnPreStart(CAutoArray<CSimpleStringA> strArgs,CSmartPointer<ITransactionContext> pTransactionContext); 
	virtual void OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer<ITransactionContext> pTransactionContext);
	virtual void OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName);
		
	virtual CServerSessionBase *OnNewSession(const char* /*pszRemoteEntityName*/, const char * /*pszClass*/){
		return new CAccessAuthSession(this);
	}

	// 开始准入
	ErrorCodeEnum Regist();

	// 重新准入
	ErrorCodeEnum Reregist();

	// 准入退出
	ErrorCodeEnum Unregist(int nReason, int nWay);

	// 时间同步
	DWORD SyncTime();

	// 状态上报
	ErrorCodeEnum PushTerminalStage(char cNewStage, DWORD dwNewStageTime, char cOldStage, DWORD dwOldStageTime);

	// KMC初始化
	DWORD InitKMC();
		
	// 获取WK更新请求包
	// @nAlgFlag:  1:3des only; 2: sm4 only; 3: both 3des and sm4
	ErrorCodeEnum GetKmcWKUpdateData(char *pBuf, int &nLen, int  nAlgFlag);

	// 解析WK
	// @nAlgFlag:  1:3des only; 2: sm4 only; 3: both 3des and sm4
	DWORD ParseWKUpdateResult(char *pBuf, int nLen, int  nAlgFlag);

	// 获取KMC错误
	CSimpleStringA GetKMCLastErrMsg();

	// 释放KMC
	ErrorCodeEnum ReleaseKMC();

	// 加载新WK
	DWORD LoadPinPadWK(bool bSM);
	
	bool HexStrToByteArray(const char* pHex, BYTE *pBuf, int *pBufLen);
	string ByteArrayToHexStr(BYTE *pBuf, int nBufLen);

	// 调用PinPad加密(只支持DES加密，不支持SM)
	DWORD EncryptDataWithPinPad(const CBlob &raw, CBlob &enc);

	// 生成SM2密钥对
	DWORD CreateSM2KeyPair(CBlob &pubKey, CBlob &priKey);

	// 保存密钥对到令牌实体
	DWORD SaveSM2KeyPair(const CBlob &pubKey, const CBlob &priKey);

	// 保存Token和共享会话密钥到令牌实体
	ErrorCodeEnum SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK);

	// 是否使用PinPad
	bool HasPinPad();
	// 机型是否配置密码键盘
	bool IsMachineTypeConfigurePinPad(CSimpleStringA strMachineType);

	int GetPinPadCapability();

	// 保存准入版本及会话密钥
	bool SaveAuthVerAndKey(int nAuthVer, BYTE *pKey);

	inline int  GetAuthVersion(){ return m_nAuthVersion; }

	// 调用准入会话密钥加密
	ErrorCodeEnum EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc);

	bool GetTerminalFingerPrint(BYTE *pBuf, int &nBufLen);
	bool GetTerminalPublicKey(BYTE *pBuf, int &nBufLen);
	bool GetMD5Hash(const char *pStr, BYTE md5[16]);
	
	DWORD InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx);

	void SetAuthErrMsg(const char *pszErrMsg) { m_strAuthErrMsg = pszErrMsg; }
	const char *GetAuthErrMsg() { return m_strAuthErrMsg; }

	// 获取密码键盘ID和外设ID
	//oilyang@20210510 add:in order to avoid getting info out of async, check if has pinpad while getting info
	// 返回1：只有PinPadID；2：只有DeviceID；3：两者都有；0：失败
	int GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimpleStringA &strDeviceID,bool &bHasPinPad);

	// 密码键盘是否支持校验码
	bool HasCkCodeFlg();

	// 设置时区
	wstring ANSIToUnicode(const string& str);
	BOOL SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime);

	int ConvertStr2Byte(string input, BYTE* output, int outputLen);
	void printPasswdError();
	DWORD LoadKeysToPinPadNew(string TMK, string TPK, string EDK, string index);
	BYTE m_AuthSessionKey[140];
	virtual void OnSelfTest(EntityTestEnum eTestType, CSmartPointer<ITransactionContext> pTransactionContext)
	{
		pTransactionContext->SendAnswer(Error_Succeed);
	}
	/*type=0 means read first or not while type=1 for writing not first*/
	/*return 1 means first access auth as 0 means not first access auth*/
	int GetOrSetIsFirstSM(int type);

	string m_TMK;
	string m_TPK;
	string m_EDK;
	string m_index;
	bool m_bGetKMCKey;
protected:
	CAccessAuthFSM m_FSM;

	int m_nAuthVersion;		// 准入请求版本： 1 借助KMC密钥验证；2 借助终端密钥动态生成会话密钥验证
	CSystemStaticInfo m_info;

	CSimpleStringA m_strAuthErrMsg;
};
#endif //__MOD_ACCESSAUTH_H