myvtm/Module/mod_accessauth/AccessAuthConn.cpp

#include "stdafx.h"
#include "AccessAuthConn.h"
#include "mod_AccessAuth.h"
#include "GetDevInfoHelper.h"
#include "comm.h"
#include "access_basefun.h"
#ifdef RVC_OS_WIN
#pragma comment(lib, "crypt32.lib")
#include <windows.h>
#include <Wincrypt.h>
#endif // RVC_OS_WIN

#include <fstream>
using namespace std;

#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
//oiltest need to public function
int HexBuf2StrBuf(PBYTE hexBuf, char** strBuf, DWORD len)
{
	char* tmpStr = *strBuf;
	int count = 0;
	for (int i = 0; i < len; ++i)
	{
		sprintf(tmpStr + count, "%0.2X", hexBuf[i]);
		count += 2;
	}
	return 0;
}
CAccessAuthConn::CAccessAuthConn(CEntityBase *pEntity, CAccessAuthFSM *pFSM)
	:SpSecureClient(pEntity), m_pFSM(pFSM)
{	
}

CAccessAuthConn::~CAccessAuthConn()
{
}

void CAccessAuthConn::OnDisconnect()
{
	DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("connection disconnected");
}

void CAccessAuthConn::OnPkgAnswer(const CSmartPointer<IPackage> &pRecvPkg)
{
	LOG_FUNCTION();
	string serviceCode = pRecvPkg->GetServiceCode();
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("serviceCode=%s",serviceCode.c_str());
	if (serviceCode == "UpdateWK")
	{
		HandleUpdateWKRet(pRecvPkg);
	}
	else if (serviceCode == "ReqToken")
	{
		HandleReqTokenRet(pRecvPkg);
	}
	else  if (serviceCode == "TermExit")
	{
		HandleTermExitRet(pRecvPkg);
	}
	else if (serviceCode == "StageRep")
	{
		HandleReportStageRet(pRecvPkg);
	}
	else if (serviceCode == "SyncTime")
	{
		HandleSyncTimeRet(pRecvPkg);
	}
	else if (serviceCode == "InitDev")
	{
		HandleInitDeviceRet(pRecvPkg);
	}
	else if (serviceCode == "RepState")
	{
		HandleReportStateRet(pRecvPkg);
	}
	else if (serviceCode == "LockSta")
	{
		HandleLockStateRet(pRecvPkg);
	}
	else if (serviceCode == "CheckMD5")
	{
		HandleCheckMD5Ret(pRecvPkg);
	}
	else if (serviceCode == "UpdMD5")
	{
		HandleUpdateMD5Ret(pRecvPkg);
	}
	else if (serviceCode == "KMCKey") {
		HandleUpdateWKRet(pRecvPkg);
	}
	else
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_UNKOWN, GetOutPutStr("%s%s", "UnKown", serviceCode.c_str()));
	}
}

DWORD CAccessAuthConn::HandleUpdateWKRet(const CSmartPointer<IPackage> &pRecvPkg)
{

	LOG_FUNCTION();
	DWORD rc = Error_Unexpect;
	DWORD dwSysCode, dwUserCode;
	/*string strErrMsg;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;
	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = dwUserCode;
		m_pFSM->doWarnMsg(rc, GetOutPutStr("%s%08x%s%s", "GetErrMsg", rc, "strErrMsg", strErrMsg));
	}
	else
	{
		int nLen = pRecvPkg->GetStructLen("KMCKeyRet");
		if (nLen <= 0)
		{
			
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("KMCKeyRet返回数据为空。");
			pEntity->m_bGetKMCKey = false;
			rc = ERR_INITIALIZER_GET_KMC_KEY_NULL;
		}
		else
		{
			pEntity->m_bGetKMCKey = true;
			BYTE* pBuf = new BYTE[nLen];
			memset(pBuf, 0, nLen);
			int nArrayNum = 0;
			bool bSuc = pRecvPkg->GetStructData("KMCKeyRet", (BYTE*)pBuf, &nLen, &nArrayNum);
			assert(bSuc);
			assert(nLen % sizeof(KMCKeyRet) == 0);
			KMCKeyRet* ret = (KMCKeyRet*)pBuf;
			pEntity->m_TMK = ret->TMK;
			pEntity->m_TPK = ret->TPK;
			pEntity->m_EDK = ret->EDK;
			pEntity->m_index = ret->Index;
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("TMK=%s", pEntity->m_TMK.c_str());
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("TPK=%s", pEntity->m_TPK.c_str());
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("EDK=%s", pEntity->m_EDK.c_str());
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Index=%s", pEntity->m_index.c_str());
			rc = pEntity->LoadPinPadWK(true);
		}
	}
	m_pFSM->PostEventFIFO(new FSMEvent(rc == Error_Succeed ? CAccessAuthFSM::Event_UpdateWKSucc : CAccessAuthFSM::Event_UpdateWKFail));*/
	return rc;
}

DWORD CAccessAuthConn::HandleReqTokenRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	LOG_FUNCTION();
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	DWORD rc = Error_Succeed;
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();

	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = dwUserCode;
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg(strErrMsg.c_str());
		m_pFSM->doWarnMsg(rc, strErrMsg);
		if (rc == 0) rc = ERR_ACCESSAUTH_TOKEN_HASH;
	}
	else
	{
		int nRetLen = pRecvPkg->GetStructLen("TOKEN_RT");
		if (nRetLen >0)
		{
			((CAccessAuthEntity*)m_pEntity)->GetOrSetIsFirstSM(1);
			assert(nRetLen == sizeof(RequestTokenRet));
			RequestTokenRet ret;
			memset(&ret, 0, sizeof(ret));
			RequestTokenRet2 ret2;
			memset(&ret2, 0, sizeof(ret2));

			int nArrayNum(0);
			int nArrayNum2(0);
			int nBufLen = sizeof(ret);
			int nBufLen2 = sizeof(ret2);
			pRecvPkg->GetStructData("TOKEN_RT", (BYTE*)&ret, &nBufLen, &nArrayNum);
			pRecvPkg->GetStructData("TOKEN_RET2", (BYTE*)&ret2, &nBufLen2, &nArrayNum2);
			// 生成Hash
			BYTE enToken[512 + 16] = { 0 };
			memcpy(enToken, ret.enToken, 256);
			memcpy(enToken + 256, ret2.enToken, 256);
			memcpy(enToken + 512, ret.sharedSK, 16);
			BYTE sm3[32] = { 0 };
			if (!SM3Hash(enToken,512 + 16,sm3)) {
				DbgWithLink(LOG_LEVEL_ERROR, LOG_TYPE_SYSTEM)("SM3 Hash error at Token Ret.");
			}
			
			if (memcmp(sm3, ret2.retHash, 32) != 0)
			{
				rc = Error_Bug;
				
				((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("返回令牌校验不通过");
				m_pFSM->doWarnMsg(ERR_ACCESSAUTH_TOKEN_HASH, GetOutPutStr("%s%s", "Hash", "返回令牌校验不通过"));
			}
			else
			{
				// 保存令牌和共享会话密钥到令牌管理实体
				//跟良瑜那边确定使用512的长度
				CBlob token;
				token.Alloc(512);
				memcpy(token.m_pData, enToken, 512);

				CBlob sharedSK;
				sharedSK.Alloc(16);
				memcpy(sharedSK.m_pData, ret.sharedSK, 16);
				rc = ((CAccessAuthEntity*)m_pEntity)->SaveTokenAndSharedSK(token, sharedSK);
				if (rc != Error_Succeed)
				{
					((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("保存令牌失败");
					m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SAVE_TOKEN, GetOutPutStr("%s%08X", "SaveTokenAndSharedSK", rc), "保存令牌失败");
				}				
			}
		}
		else
		{
			rc = Error_Bug;
			((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("返回令牌数据非法");	
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_TOKEN, GetOutPutStr("%s%d", "nRetLen", nRetLen), "返回令牌数据非法");
		}
	}

	m_pFSM->PostEventFIFO(new FSMEvent(rc==Error_Succeed ? CAccessAuthFSM::Event_ReqTokenSucc:CAccessAuthFSM::Event_ReqTokenFail));
	return rc;
}

DWORD CAccessAuthConn::HandleTermExitRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	ErrorCodeEnum rc = Error_Succeed;
	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = (ErrorCodeEnum)dwSysCode;
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_TERM_EXIT, GetOutPutStr("%s%08X%s%s", "GetErrMsg", dwSysCode, "strErrMsg", strErrMsg.c_str()));
		return rc;
	}

	return rc;
}

DWORD CAccessAuthConn::HandleReportStageRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	ErrorCodeEnum rc = Error_Succeed;
	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = (ErrorCodeEnum)dwSysCode;
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_REPORT_STATE, GetOutPutStr("%s%08X%s%s", "GetErrMsg", dwSysCode, "strErrMsg", strErrMsg.c_str()));
		return rc;
	}

	return rc;
}

DWORD CAccessAuthConn::SendWKUpdatePackage()
{
	LOG_FUNCTION();
	assert(IsConnectionOK());
	KMCKeyReq req;
	memset(req.TerminalNo,0,sizeof(req.TerminalNo));
	CSystemStaticInfo si;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;
	pEntity->GetFunction()->GetSystemStaticInfo(si);
	strcpy(req.TerminalNo, si.strTerminalID.GetData());
	//req.TerminalNo = TerminalNo;
	CSmartPointer<IEntityFunction> pFunc = m_pEntity->GetFunction();
	CSmartPointer<IPackage> package = CreateNewPackage("KMCKey");
	package->AddStruct("KMCKeyReq", false, false, (BYTE*)& req, sizeof(req));
	return SendPackage(package) != "" ? Error_Succeed : Error_Unexpect;
}

DWORD CAccessAuthConn::SendGetTokenPackage()
{
	LOG_FUNCTION();
	assert(IsConnectionOK());

	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();	
	CSmartPointer<IPackage> package = CreateNewPackage("ReqToken");
	// 获取外设及PinPadID
	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("GetPinPadIDAndDeviceID ret: %d, PinPadID: %s, DeviceID: %s", nRet, (const char*)strPinPadID, (const char*)strDeviceID);
	std::regex pattern(".+-[Ff][Ww][Bb]-.+");
	if (std::regex_match(strDeviceID.GetData(), pattern))
	{
		strDeviceID = "";
		strPinPadID = "";
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("Clear DeviceID and PinPadID because not match regex!!");
	}
	// 生成临时RSA密钥对
	CBlob pubKey;
	CBlob priKey;
	char* smVer = GetSMVersion();
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("sm vetsion=%s",smVer);
	DWORD rc = ((CAccessAuthEntity*)m_pEntity)->CreateSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed)
		return rc;
	//@test 先不保存密钥至tokenkeeper
	// 保存到令牌管理实体中
	rc = ((CAccessAuthEntity*)m_pEntity)->SaveSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed)
		return rc;
	

	// 加密机加密数据的时候，会在数据前加四字节的数据长度，然后作为一个整体加密，
	// 解密时会先解密，然后取四字节长度后面的数据，比如加密数据 "12345678" 会先加 "0008" 变成"000812345678" 
	// 送进去加密。所以前端在调用密码键盘做加密时，应该按照这个格式来加密数据。
	RequestTokenReq1 req1;
	memset(&req1, 0, sizeof(req1));

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);

	// 设备号
	strncpy(&req1.szTerminalNo[0], (const char*)si.strTerminalID, sizeof(req1.szTerminalNo)-1);

	// 拷贝临时公钥
	memset(req1.tpk,0,sizeof(req1.tpk));
	if (pubKey.m_iLength > 70 ) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时公钥长度(%d)大于70", pubKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(&req1.tpk[0], sizeof(req1.tpk) - 70, pubKey.m_pData, pubKey.m_iLength);
	// 拷贝临时私钥
	if (priKey.m_iLength > 70) {
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("临时私钥长度(%d)大于70", priKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(&req1.tpk[70], sizeof(req1.tpk) - 70 , priKey.m_pData,priKey.m_iLength);
	// 获取设备信息
	BYTE *pBuf = (BYTE*)&req1.encTerminalInfo;

	// 设置长度
	sprintf((char*)pBuf, "%.4d", sizeof(RequestTokenInfo));

	RequestTokenInfo *pInfo = (RequestTokenInfo*)(pBuf+4);

	strncpy(pInfo->szTerminalNo, (const char*)si.strTerminalID, sizeof(pInfo->szTerminalNo)-1);
	
	if (nRet == 2 || nRet == 3)
		strncpy(pInfo->szPadDeviceID, (const char*)strDeviceID, sizeof(pInfo->szPadDeviceID) - 1);
	
	strncpy(pInfo->szMachineType, (const char*)si.strMachineType, sizeof(pInfo->szMachineType)-1);

	// 设备版本，低两位为小版本号，高两位为大版本号 	Binary	4
	DWORD ver32 = si.MachineVersion.GetVersion32();
	for(int i=0; i<4; i++)
		pInfo->machineVersion[3-i] = ((BYTE*)&ver32)[i];
	
	//	安装版本，其中包含软件框架版本	binary	8
	__int64 ver64 = si.InstallVersion.GetVersion64();
	for(int i=0; i<8; i++)
		pInfo->installVersion[7 - i] = ((BYTE*)&ver64)[i];

	{
#ifdef RVC_OS_WIN
		hostent *ent = gethostbyname(NULL);
		if (ent && ent->h_addr_list[0] != NULL)
		{
			int i = 0;
			for (; ent->h_addr_list[i] != NULL; ++i)
			{
				struct in_addr *in = (struct in_addr*)ent->h_addr_list[i];
				if (in->S_un.S_un_b.s_b1 == 99 || in->S_un.S_un_b.s_b1 == 10)
					break;
			}

			if (ent->h_addr_list[i] == NULL)
				i = 0;

			auto in = (struct in_addr*)ent->h_addr_list[i];

			pInfo->ip[0] = in->S_un.S_un_b.s_b1;
			pInfo->ip[1] = in->S_un.S_un_b.s_b2;
			pInfo->ip[2] = in->S_un.S_un_b.s_b3;
			pInfo->ip[3] = in->S_un.S_un_b.s_b4;
		}
#else
		char ip[32] = { 0 };
		if (getIPFromLinux(ip)) DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("Get IP From Linux Error ex.");
		else {
			if (ip2byte(ip, pInfo->ip)) DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("Ip 2 Byte Error");
			else {
				for (int i = 0; i < 4; i++) {
					DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("ip[%d]=%d", i, (int)pInfo->ip[i]);
				}
			}
		}
#endif 
	}

	strncpy(pInfo->szSites, si.strSite, sizeof(pInfo->szSites)-1);

	si.EnrolGPS.GetBinaryLongitude(&pInfo->currentGPS[0]);
	si.EnrolGPS.GetBinaryLatitude(&pInfo->currentGPS[4]);
	
	CSimpleStringA ts;
	//@test 
	rc = m_pEntity->GetFunction()->GetSysVar("TerminalStage", ts);
	//ts = "A";
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR, GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "TerminalStage", ts));
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(ts.GetLength() >=1);
	pInfo->chTerminalState = ts[0];

	CSimpleStringA rs;
	//@test
	rc = m_pEntity->GetFunction()->GetSysVar("RunState", rs);
	//rs = "O";
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR, GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "RunState", rs));
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(rs.GetLength() >=1);
	pInfo->chRunState = rs[0];


	// xkm@20150702  修改加密长度，保证调用CryptoAPI加密时不超过112长度
	CBlob raw, enc;	
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	if (pEntity->GetAuthVersion() == 2)
	{
		// 使用会话密钥加密
		DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("使用会话密钥加密....");
		raw.Refer(pBuf, sizeof(RequestTokenInfo)+4);
		rc = pEntity->EncryptDataWithSessionKey(raw, enc);
	}
	else
	{
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("使用密码键盘加密...");
		//add by zl 20190102 简版没有密码键盘单独处理（在终端被注销，DB中公钥被删除时会出现此种情况）
		if (si.strMachineType.IsStartWith("RVC.IL", true))
		{
			((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("简化版终端被注销或解绑，请先重新安装应用或初始化密钥!");
			spFunction->SetSysVar("AuthErrMsg", "简化版终端被注销或解绑，请先重新安装应用或初始化密钥!", false);
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("简化版终端被注销或解绑，请先重新安装应用或初始化密钥!");
			return Error_Unexpect;
		} 
		else
		{
			// 调用密码键盘加密(只支持DES，不支持SM)
			raw.Refer(pBuf, sizeof(req1.encTerminalInfo));
			rc = pEntity->EncryptDataWithPinPad(raw, enc);
		}		
	}

	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_ENCRYPT_KEY, GetOutPutStr("%s%08X", "CryptEncrypt", rc));
		return ERR_ACCESSAUTH_ENCRYPT_KEY;
	}

	memcpy(pBuf, enc.m_pData, enc.m_iLength);

	
	package->AddStruct("TOKEN_R1", false, false, (BYTE*)&req1, sizeof(RequestTokenReq1));

	// 获取硬件信息
	CAutoArray<CSimpleStringA> devNames;
	rc = SpGetAllDevices(m_pEntity, devNames);
	if (rc != Error_Succeed)
	{
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("从root.ini获取终端设备信息失败");		
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE, GetOutPutStr("%s%08X", "SpGetAllDevices", rc));
		return ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE;
	}

	int nDevEntityCount = devNames.GetCount();
	if (nDevEntityCount >0)
	{
		int nBufLen = nDevEntityCount * sizeof(RequestTokenReq2);
		char *pBuf = new char[nBufLen];
		memset(pBuf, 0, nBufLen);

		RequestTokenReq2 *pDevInfo = (RequestTokenReq2*)pBuf;

		for(int i=0; i<nDevEntityCount; i++)
		{
			CSimpleStringA strVersion, strModel, strVendor;
			rc = SpGetDeviceInfo(m_pEntity, devNames[i], strModel, strVendor, strVersion);
			if (rc == Error_Succeed)
			{
				strncpy(pDevInfo->szType, (const char*)devNames[i], sizeof(pDevInfo->szType)-1);
				strncpy(pDevInfo->szModal, (const char*)strModel, sizeof(pDevInfo->szModal)-1);
				strncpy(pDevInfo->szFactory,(const char*)strVendor, sizeof(pDevInfo->szFactory)-1);

				if (strVersion.GetLength() >0)
				{
					CAutoArray<CSimpleStringA> arr = strVersion.Split('.');
					for(int i=0; i<4 && i<arr.GetCount(); i++)
					{
						WORD w = (WORD) atoi(arr[i]);
						((BYTE*)pDevInfo->version)[i*2] = (w >> 8) & 0xFF;
						((BYTE*)pDevInfo->version)[i*2+1] = w & 0xFF;
					}
				}
			}

			pDevInfo++;
		}
		
		package->AddStruct("TOKEN_R2", false, false, (BYTE*)pBuf, nBufLen, nDevEntityCount);
		delete[] pBuf;		
	}	

	// 添加扩展校验信息
	RequestTokenReq3 req3 = {};
	CSimpleStringA strHash1;

	//add by zl 20170719,只有当VerifyCodeSign=1时才校验签名证书hash值
	int nVerifyCodeSign = 0;
	CSmartPointer<IConfigInfo> spConfig;
	ErrorCodeEnum Error = m_pEntity->GetFunction()->OpenConfig(Config_CenterSetting, spConfig);
	if (Error_Succeed == Error) 
	{
		Error = spConfig->ReadConfigValueInt("SpBase", "VerifyCodeSign", nVerifyCodeSign);
		if (Error_Succeed == Error)
		{
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("get VerifyCodeSign[%d] from CenterSetting.ini", nVerifyCodeSign);
		} 
		else
		{
			DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("get VerifyCodeSign from CenterSetting.ini failed");
		}
	}

	if (1 == nVerifyCodeSign)
	{
		if (GetSpBaseSignCertHash(strHash1))
		{
			strncpy(req3.szSignCertHash, strHash1, 40);
			DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("spshell hash value=%s",req3.szSignCertHash);
		}
		else
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SPSHELL_HASH, GetOutPutStr("%s%s", "GetSpBaseSignCertHash", "False"));
	}

	CSimpleStringA strHash2;
	if (GetUKeyRootCertHash(strHash2))
		strncpy(req3.szUKeyRootHash, strHash2, strHash2.GetLength());

	req3.nAuthVersion = pEntity->GetAuthVersion();

	// 上报指纹用于准入校验
	// 更改了指纹大小，16->32,另外16字节通过REQ0上传
	BYTE fingerPrint[32] = { 0 };
	int nBufLen = sizeof(fingerPrint);
	if (!pEntity->GetTerminalFingerPrint(fingerPrint, nBufLen))
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT, GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False"));
		return ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT;
	}
	memcpy(req3.FingerPrint, fingerPrint, 16);

	//告知服务器终端是否进行过国密改造
	RequestTokenReq0 req0;
	memcpy(req0.FingerPrintSM, fingerPrint + 16, 16);
	req0.isSM = 1;
	req0.isFirst = ((CAccessAuthEntity*)m_pEntity)->GetOrSetIsFirstSM(0);
	package->AddStruct("TOKEN_R0", false, false, (BYTE*)& req0, sizeof(RequestTokenReq0));
	if (req3.nAuthVersion ==1)
	{
		// 非自定义密钥准入，需主动上报设备公钥
		nBufLen = sizeof(req3.PublicKey);
		memset(req3.PublicKey,0,nBufLen);
		if (!pEntity->GetTerminalPublicKey(req3.PublicKey, nBufLen))
		{
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY, GetOutPutStr("%s%s", "GetTerminalPublicKey", "False"));
			return ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY;
		}
	}

	package->AddStruct("TOKEN_R3", false, false, (BYTE*)&req3, sizeof(req3));
	
	if (nRet == 1 || nRet == 3)
	{
		RequestTokenReq4 req4 = {};
		strncpy(req4.szPinPadID, (const char*)strPinPadID, sizeof(req4.szPinPadID) - 1);
		strncpy(req4.terminalNo, si.strTerminalID.GetData(), sizeof(req4.terminalNo) - 1);
		package->AddStruct("TOKEN_R4", false, false, (BYTE*)&req4, sizeof(req4));
	}
	
	RequestTokenReq5 req5 = {};
	// 获取密码键盘链接状态
	//if (((CAccessAuthEntity*)m_pEntity)->HasPinPad())
	if (bHasPinPad)
	{		
		req5.chExistPinPad = '1';
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("has pinpad");			
	}
	else
	{
		// 没有密码键盘
		req5.chExistPinPad = '0';
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_USER)("has no pinpad");	
	}
	package->AddStruct("TOKEN_R5", false, false, (BYTE*)&req5, sizeof(req5));

	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("send token request package");
	SendPackage(package);
	return Error_Succeed;
}

DWORD CAccessAuthConn::SendExitNoticePackage(int nReason, int nWay)
{
	assert(IsConnectionOK());

	TerminalExitReq req;
	memset(&req, 0, sizeof(req));

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);

	// 设备号
	strncpy(&req.szTerminalNo[0], (const char*)si.strTerminalID, sizeof(req.szTerminalNo)-1);
	
	req.nTriggerReason = (BYTE) nReason;
	req.nRebootWay = (BYTE) nWay;
	
	CSimpleStringA strStage;
	m_pEntity->GetFunction()->GetSysVar("TerminalStage", strStage);
	req.chTerminalStage = strStage[0];

	CSmartPointer<IPackage> package = CreateNewPackage("TermExit");
	package->AddStruct("EXIT_REQ", false, false, (BYTE*)&req, sizeof(req));
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("send terminal exit package");
	SendPackage(package);
	return Error_Succeed;
}

DWORD CAccessAuthConn::SendTerminalStagePackage(char cNewStage, CSmallDateTime dtNewStageTime,
												   char cOldStage, CSmallDateTime dtOldStageTime)
{
	assert(IsConnectionOK());

	TerminalStageReport req = {};

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);

	strncpy(req.szTerminalNo, si.strTerminalID, sizeof(req.szTerminalNo) - 1);

	{
#ifdef RVC_OS_WIN
		hostent *ent = gethostbyname(NULL);
		if (ent && ent->h_addr_list[0] != NULL)
		{
			int i = 0;
			for (; ent->h_addr_list[i] != NULL; ++i)
			{
				struct in_addr *in = (struct in_addr*)ent->h_addr_list[i];
				if (in->S_un.S_un_b.s_b1 == 99 || in->S_un.S_un_b.s_b1 == 10)
					break;
			}

			if (ent->h_addr_list[i] == NULL)
				i = 0;

			auto in = (struct in_addr*)ent->h_addr_list[i];

			req.IP[0] = in->S_un.S_un_b.s_b1;
			req.IP[1] = in->S_un.S_un_b.s_b2;
			req.IP[2] = in->S_un.S_un_b.s_b3;
			req.IP[3] = in->S_un.S_un_b.s_b4;
		}
#else
		char ip[32] = { 0 };
		if (getIPFromLinux(ip)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Get IP From Linux Error.");
		else {
			if (ip2byte(ip, req.IP)) DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Ip 2 Byte Error");
			else {
				for (int i = 0; i < 4; i++) {
					DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("ip[%d]=%d", i, (int)req.IP[i]);
				}
			}
		}
#endif // RVS_OS_WIN
	}

	strncpy(req.szSites, si.strSite, sizeof(req.szSites)-1);
	si.EnrolGPS.GetBinaryLongitude(&req.CurrentGPS[0]);
	si.EnrolGPS.GetBinaryLatitude(&req.CurrentGPS[4]);
	
	CSimpleStringA strSysVarVal;
	m_pEntity->GetFunction()->GetSysVar("RunState", strSysVarVal);
	req.cRunState = strSysVarVal[0];

	req.cNewStage = cNewStage;
	req.dwNewStageTime = dtNewStageTime;
	req.cLastStage = cOldStage;
	req.dwLastStageTime = dtOldStageTime;

	CSmartPointer<IPackage> package = CreateNewPackage("StageRep");
	package->AddStruct("STAGEREP", false, false, (BYTE*)&req, sizeof(req));
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("send ReportTerminalStage package");
	SendPackage(package);
	return Error_Succeed;
}

bool CAccessAuthConn::GetSpBaseSignCertHash(CSimpleStringA &strHash)
{
	auto pFunc = m_pEntity->GetFunction();
	CSimpleStringA strPath;
	pFunc->GetPath("Bin", strPath);
	strPath += "\\spbase.dll";

	return (pFunc->VerifySignature(strPath, strHash) == Error_Succeed);
}

static inline bool is_base64(unsigned char c) 
{
	return (isalnum(c) || (c == '+') || (c == '/'));
}

int base64_decode(const unsigned char * pEncodedString, long lEncodedLen,
	unsigned char * pBytesDecoded, long &lDecodedLen)
{
	static const std::string base64_chars =
		"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		"abcdefghijklmnopqrstuvwxyz"
		"0123456789+/";

	unsigned char * pBytesDecodedStart = pBytesDecoded;
	const long lENCODEDLEN = lEncodedLen;
	int i = 0;
	int j = 0;
	int in_ = 0;
	unsigned char char_array_4[4], char_array_3[3];

	while (lEncodedLen-- && (pEncodedString[in_] != '='))
	{
		if (!is_base64(pEncodedString[in_]))
		{
			if (0x0D == pEncodedString[in_] || 0x0A == pEncodedString[in_])
			{
				in_++;
				continue;
			}
			return -1;
		}
		char_array_4[i++] = pEncodedString[in_]; in_++;
		if (i == 4) {
			for (i = 0; i <4; i++)
				char_array_4[i] = base64_chars.find(char_array_4[i]);

			char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
			char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
			char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];

			for (i = 0; (i < 3); i++)
			{
				*pBytesDecoded = char_array_3[i];
				++pBytesDecoded;
			}
			i = 0;
		}
	}

	if (i) {
		for (j = i; j <4; j++)
			char_array_4[j] = 0;

		for (j = 0; j <4; j++)
			char_array_4[j] = base64_chars.find(char_array_4[j]);

		char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
		char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
		char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];

		for (j = 0; (j < i - 1); j++)
		{
			*pBytesDecoded = char_array_3[j];
			++pBytesDecoded;
		}
	}
	*pBytesDecoded = 0;
	lDecodedLen = pBytesDecoded - pBytesDecodedStart;
	return 0;
}

bool CAccessAuthConn::GetUKeyRootCertHash(CSimpleStringA &strHash)
{
	LOG_FUNCTION();
	bool bRet = false;
	auto pFunc = m_pEntity->GetFunction();
	CSimpleStringA strPath;
	pFunc->GetPath("Cfg", strPath);
	
#ifdef RVC_OS_WIN
	strPath += "\\certs\\RootCert.pem";
	auto hFile = CreateFile(strPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	if (hFile == INVALID_HANDLE_VALUE)
#else
	strPath += "/certs/RootCert.pem";
	DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("RootCert Path=%s", strPath.GetData());
	fstream hFile;
	hFile.open(strPath.GetData(), ios::in);
	if(!hFile.is_open())
#endif
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE, GetOutPutStr("%s%s%s", "读写config配置文件错误", "strPath", strPath).c_str());
	}
	else
	{
		BYTE data[2048] = {};
		DWORD nReadLen = 0;
#ifdef RVC_OS_WIN
		if (!ReadFile(hFile, data, 2048, &nReadLen, NULL) || nReadLen <= 0)
		{
#else
		if(hFile >> data)
		{
#endif
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE,GetOutPutStr("%s%s", "读写config配置文件错误", "False").c_str());
		}
		else
		{
			// 去年头尾标识 -----BEGIN CERTIFICATE-----   -----END CERTIFICATE-----
			const char *pszHead = "-----BEGIN CERTIFICATE-----\r\n";
			const char *pszTail = "-----END CERTIFICATE-----\r\n";

			int nStart = strlen(pszHead);
			int nLen = nReadLen - nStart - strlen(pszTail);
			data[nStart + nLen] = 0;
			const char *pCert = (char*) &data[nStart];
			BYTE buf[2048] = {};
			long nRetLen = 2048;
			base64_decode((BYTE*)pCert, nLen, buf, nRetLen);
			
			BYTE hash[32] = {0};
			if(SM3Hash(buf,nRetLen,hash))
			{
				char* szBuf;
				
				szBuf = Str2Hex((char *)hash,32);
				
				strHash = szBuf;
				delete[] szBuf;
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("Ex RootCert.pem hash=%s",strHash.GetData());
				bRet = true;

			}
			else
				m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_HASH, GetOutPutStr("%s%s", "Sha1Hash", "False").c_str());
		}
#ifdef RVC_OS_WIN
		CloseHandle(hFile);
#else
		hFile.close();
#endif
		
	}

	return bRet;
}

bool CAccessAuthConn::Sha1Hash(BYTE *pData, int nDataLen, BYTE hash[])
{
	return true;
}

//同步时间
DWORD CAccessAuthConn::SendSyncTimePackage()
{
	assert(IsConnectionOK());

	SyncTimeReq req;
	memset(&req, 0, sizeof(req));

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);

	// 设备号
	strncpy(&req.szTerminalNo[0], (const char*)si.strTerminalID, sizeof(req.szTerminalNo) - 1);

	// 终端时间
	req.dwCurTime = (DWORD)CSmallDateTime::GetNow();

	SyncTimeReq2 req2;
	req2.isSm = 1;
		
	CSmartPointer<IPackage> package = CreateNewPackage("SyncTime");
	package->AddStruct("SYNC_R1", false, false, (BYTE*)&req, sizeof(req));
	package->AddStruct("SYNC_R2", false, false, (BYTE*)&req2, sizeof(req2));
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("send sync time package");
	return SendPackage(package) == "" ? Error_Unexpect : Error_Succeed;
}


DWORD CAccessAuthConn::SendSyncTimePackageNew()
{
	DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("SendSyncTimePackageNew");

	assert(IsConnectionOK());
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	DWORD rc = Error_Succeed;
	SyncTimeReq req;
	memset(&req, 0, sizeof(req));

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);

	// 设备号
	strncpy(&req.szTerminalNo[0], (const char*)si.strTerminalID, sizeof(req.szTerminalNo) - 1);

	// 终端时间
	req.dwCurTime = (DWORD)CSmallDateTime::GetNow();
	CSmartPointer<IPackage> package = CreateNewPackage("SyncTime");
	package->AddStruct("SYNC_R1", false, false, (BYTE*)&req, sizeof(req));
	if (SendPackage(package) == "")
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("send sync time package failed");
		return Error_Unexpect;
	}
	else
	{
		DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("send sync time package success");
	}

	CSmartPointer<IPackage> pRecvPkg = ReceivePackage(5);
	if (pRecvPkg == NULL)
	{
		DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("ReceivePackage failed, don't revceive SyncTime ans");
		return Error_Unexpect;
	}

	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = dwUserCode;
		m_pFSM->doWarnMsg(dwUserCode, GetOutPutStr("%s%08X%s%s", "GetErrMsg", dwUserCode, "strErrMsg", strErrMsg.c_str()).c_str());
	}		
	else
	{
		int nRetLen = pRecvPkg->GetStructLen("SYNC_A1");
		if (nRetLen >0)
		{
			assert(nRetLen == sizeof(SyncTimeAns));
			SyncTimeAns ret;
			memset(&ret, 0, sizeof(ret));

			int nArrayNum(0);
			int nBufLen = sizeof(ret);
			pRecvPkg->GetStructData("SYNC_A1", (BYTE*)&ret, &nBufLen, &nArrayNum);

			// 比较终端和服务器时间， 时差小于3分钟不纠正	
			DWORD dwTimeDiff = ret.nTimeDiff;
			if (dwTimeDiff > 180)
			{
				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("time diff is too large (%ds), sync time now", dwTimeDiff);

				CSmallDateTime dtServerTime(CSmallDateTime::GetNow() + dwTimeDiff);
				SYSTEMTIME stServerTime = dtServerTime.ToSystemTime();
#ifdef RVC_OS_WIN
				if (SetLocalTime(&stServerTime))
#else
				get_system_time();
				if(set_system_time_by_sec((int)dwTimeDiff))
#endif // RVC_OS_WIN
					DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("sync time with server succeed, server time: [%s]", (const char*)dtServerTime.ToTimeString());
				else
				{
					m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SET_LOCALE_TIME, GetOutPutStr("%s%s", "stServerTime", dtServerTime.ToTimeString()).c_str());
					rc = ERR_ACCESSAUTH_SET_LOCALE_TIME;
				}
			}
			else
			{
				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("time diff is acceptable (%ds)", dwTimeDiff);
			}
		}
		else
		{
			
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SYNC_TIME,	GetOutPutStr("%s%d", "GetStructLen", nRetLen).c_str());
			rc = ERR_ACCESSAUTH_SYNC_TIME;
		}
	}

	return rc;
}

DWORD CAccessAuthConn::HandleSyncTimeRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	LOG_FUNCTION();
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	DWORD rc = Error_Succeed;
	int nAuthVersion = 1;		// 默认使用KMC准入
	BYTE *pSessionKey = NULL;

//	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
//	{
//		rc = dwUserCode;
//		m_pFSM->doWarnMsg(rc, GetOutPutStr("%s%08X%s%s", "GetErrMsg", rc,"strErrMsg", strErrMsg.c_str()).c_str());
//
//	}
//	else
//	{
//		int nRetLen = pRecvPkg->GetStructLen("SYNC_A1");
//		if (nRetLen >0)
//		{
//			assert(nRetLen == sizeof(SyncTimeAns));
//			SyncTimeAns ret;
//			memset(&ret, 0, sizeof(ret));
//
//			int nArrayNum(0);
//			int nBufLen = sizeof(ret);
//			pRecvPkg->GetStructData("SYNC_A1", (BYTE*)&ret, &nBufLen, &nArrayNum);
//
//			// 比较终端和服务器时间， 时差小于3分钟不纠正	
//			DWORD dwTimeDiff = ret.nTimeDiff;
//			if (dwTimeDiff > 180)
//			{
//				DbgWithLink(LOG_LEVEL_WARN, LOG_TYPE_SYSTEM)("time diff is too large (%ds), sync time now", dwTimeDiff);
//
//				CSmallDateTime dtServerTime(CSmallDateTime::GetNow() + dwTimeDiff);
//				SYSTEMTIME stServerTime = dtServerTime.ToSystemTime();
//				
//#ifdef RVC_OS_WIN
//				if (SetLocalTime(&stServerTime))
//#else
//				if (set_system_time_by_sec(dwTimeDiff))
//#endif // RVC_OS_WIN
//					DbgWithLink(LOG_LEVEL_INFO, LOG_TYPE_SYSTEM)("sync time with server succeed, server time: [%s]", (const char*)dtServerTime.ToTimeString());
//				else
//				{
//					m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SET_LOCALE_TIME, GetOutPutStr("%s%s", "设置本地时间错误", dtServerTime.ToTimeString()).c_str());
//					rc = ERR_ACCESSAUTH_SET_LOCALE_TIME;
//				}
//			}
//			else
//			{
//				DbgWithLink(LOG_LEVEL_DEBUG, LOG_TYPE_SYSTEM)("time diff is acceptable (%ds)", dwTimeDiff);
//			}
//
//			// 检查准入请求版本 //会话密钥缓存
//			Dbg("auth version: %d", ret.nAuthVersion);
//			if (ret.nAuthVersion == 1) {
//				rc = ERR_ACCESSAUTH_AUTH_VERSION;
//				auto pEntity = (CAccessAuthEntity*)m_pEntity;
//				pEntity->GetFunction()->ShowFatalError("时间同步时，获取准入加密版本错误，请先进行密钥初始化");
//				pEntity->SetAuthErrMsg("时间同步时，获取准入加密版本错误，请先进行密钥初始化");
//			}
//			else {
//				bool saveRet = ((CAccessAuthEntity*)m_pEntity)->SaveAuthVerAndKey(ret.nAuthVersion, ret.SessionKey);
//				if (!saveRet) {
//					Dbg("SaveAuthVerAndKey faild.");
//					rc = ERR_ACCESSAUTH_SYNC_TIME;
//				}
//			}
//		}
//		else
//		{
//			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SYNC_TIME,	GetOutPutStr("%s%d", "时间同步错误", nRetLen).c_str());
//			rc = ERR_ACCESSAUTH_SYNC_TIME;
//		}
//	}
//	m_pFSM->PostEventFIFO(new FSMEvent(rc == Error_Succeed ? CAccessAuthFSM::Event_EndSyncTime : CAccessAuthFSM::Event_CheckMD5Fail));
	
	return rc;
}

DWORD CAccessAuthConn::SendInitDevicePackage(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx)
{
	assert(IsConnectionOK());

	InitDeviceReq req;
	memset(&req, 0, sizeof(req));
	
	strncpy(req.vtmCR1, (const char*)ctx->Req.EncR1, sizeof(req.vtmCR1));
	strncpy(req.R2, (const char*)ctx->Req.R2, sizeof(req.R2));
	strncpy(req.vtmCR3, (const char*)ctx->Req.EncR3, sizeof(req.vtmCR3));
	strncpy(req.CDevPubKey, (const char*)ctx->Req.EncDevPubKey, sizeof(req.CDevPubKey));
	strncpy(req.Verdor, (const char*)ctx->Req.Vendor, sizeof(req.Verdor));

	CSmartPointer<IPackage> package = CreateNewPackage("InitDev");
	package->AddStruct("InitDevR", false, false, (BYTE*)&req, sizeof(req));

	InitDeviceReq0 req0;
	req0.isSM = 1;
	package->AddStruct("SMSyn", false, false, (BYTE*)& req0, sizeof(req0));

	if (SendPackage(package) == "")
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_INIT_DEV_SEND_PKG,	GetOutPutStr("%s%s", "发送初始化设备数据包失败", "").c_str());
		return ERR_ACCESSAUTH_INIT_DEV_SEND_PKG;
	}
	else
	{
		//Dbg("send init device req succ, CR1:%s, R2:%s, CR3:%s, CDevPubKey:%s",  (const char*)ctx->Req.EncR1, 
		//	(const char*)ctx->Req.R2, (const char*)ctx->Req.EncR3, (const char*)ctx->Req.EncDevPubKey);
		m_ctxInitDev = ctx;
		return Error_Succeed;
	}
}

DWORD CAccessAuthConn::HandleInitDeviceRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;
	ErrorCodeEnum rc = Error_Succeed;

	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = (ErrorCodeEnum)dwSysCode;

		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_INIT_DEV, GetOutPutStr("%s%08X%s%s", "初始化设备错误", rc,"strErrMsg", strErrMsg.c_str()).c_str());
	}
	else if (m_ctxInitDev == NULL)
	{
		Dbg("m_ctxInitDev is NULL");
		rc = Error_Unexpect;
	}
	else
	{
		int nRetLen = pRecvPkg->GetStructLen("InitDevA");
		if (nRetLen > 0)
		{
			assert(nRetLen == sizeof(InitDeviceAns));
			InitDeviceAns ret;
			memset(&ret, 0, sizeof(ret));

			int nArrayNum(0);
			int nBufLen = sizeof(ret);
			pRecvPkg->GetStructData("InitDevA", (BYTE*)&ret, &nBufLen, &nArrayNum);

			Dbg("init device succ");

			//Dbg("init device ret, R1:%s, CR2:%s, R3:%s", ret.R1, ret.CR2, ret.R3);
			m_ctxInitDev->Ans.R1 = ret.R1;
			m_ctxInitDev->Ans.EncR2 = ret.CR2;
			m_ctxInitDev->Ans.R3 = ret.R3;
		}
		else
		{
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_INIT_DEV, GetOutPutStr("%s%d", "GetStructLen", nRetLen).c_str());
			rc = Error_Bug;
		}
	}

	if (m_ctxInitDev != NULL)
	{
		m_ctxInitDev->Answer(rc);
		m_ctxInitDev.Clear();
	}

	return rc;
}

//上报状态
DWORD CAccessAuthConn::SendReportStatePackage(const char*pszEventType, DWORD dwErrCode, const char *pszErrMsg)
{
	auto pFunc = m_pEntity->GetFunction();

	CSystemStaticInfo ssInfo;
	pFunc->GetSystemStaticInfo(ssInfo);

	ReportStateReq req = {};
	strncpy(req.TerminalNo, ssInfo.strTerminalID, sizeof(req.TerminalNo) - 1);
	strncpy(req.EventType, pszEventType, sizeof(req.EventType) - 1);
	req.ErrorCode = dwErrCode;
	if (pszErrMsg != NULL)
		strncpy(req.ErrorMsg, pszErrMsg, sizeof(req.ErrorMsg) - 1);

	auto package = CreateNewPackage("RepState");
	package->AddStruct("REPSTA_R", false, false, (BYTE*)&req, sizeof(req));

	return SendPackage(package) != "" ? Error_Succeed : Error_Unexpect;
}

DWORD CAccessAuthConn::HandleReportStateRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	DWORD rc = Error_Succeed;
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;

	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = dwUserCode;
		m_pFSM->doWarnMsg(rc, strErrMsg);
	}
	
	return rc;
}

//同步锁定状态
DWORD CAccessAuthConn::SendLockStatePackage()
{
	LockStateReq req = {0};

	auto pFunc = m_pEntity->GetFunction();
	CSystemStaticInfo info;
	DWORD rc = pFunc->GetSystemStaticInfo(info);
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO, GetOutPutStr("%s%08X", "GetSystemStaticInfo", rc).c_str());
		return ERR_ACCESSAUTH_GET_SYSTEM_STATIC_INFO;
	}
	strncpy(req.TerminalNo, (const char*)info.strTerminalID, sizeof(req.TerminalNo)-1);

	CSmartPointer<IPackage> pkt = CreateNewPackage("LockSta");
	pkt->AddStruct("LockStateReq", false, false, (LPBYTE)&req, sizeof(LockStateReq));
	if (SendPackage(pkt) == "")
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_LOCK_SEND_PKG,	GetOutPutStr("%s%08X", "SendLockStatePackage", Error_Unexpect).c_str());
		return ERR_ACCESSAUTH_LOCK_SEND_PKG;
	}
	else
	{
		Dbg("send  Lock State req success");
	}		

	return Error_Succeed;
}

DWORD CAccessAuthConn::HandleLockStateRet(const CSmartPointer<IPackage> &pRecvPkg)
{
	DWORD rc = Error_Succeed;
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;

	if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = dwUserCode;
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg(strErrMsg.c_str());
		CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
		spFunction->SetSysVar("AuthErrMsg", strErrMsg.c_str(), true);

		m_pFSM->doWarnMsg(rc, GetOutPutStr("%s%08X%s%s", "GetErrMsg", rc,"AuthErrMsg", strErrMsg.c_str()).c_str());

		return rc;
	}

	int nLen = pRecvPkg->GetStructLen("LockStateAns");
	if (nLen > 0) 
	{
		BYTE *pBuf = new BYTE[nLen];
		memset(pBuf, 0, nLen);
		int nArrayNum = 0;

		if (pRecvPkg->GetStructData("LockStateAns", pBuf, &nLen, &nArrayNum)) 
		{
			Dbg("收到LockStateAns");

			LockStateAns * pRet = (LockStateAns*)pBuf;
			int nState = pRet->LockState;
			Dbg("nLockState[%d]",nState);

			//设置系统变量LockState, 0，正常；1，锁定；2，罚出；(准入服务返回，6:罚出 7：锁定)
			CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
			if (6 == nState)
			{
				spFunction->SetSysVar("LockState", "2", true);
			}
			else if (7 == nState)
			{
				spFunction->SetSysVar("LockState", "1", true);
			}
		} 
		else 
		{
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_LOCK_STATE, GetOutPutStr("%s%s", "GetStructLen", "False").c_str());
			return ERR_ACCESSAUTH_LOCK_STATE;
		}
		delete pBuf;
	}
	else
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_LOCK_STATE, GetOutPutStr("%s%s%s%d", "GetStructData", "False","nLen", nLen).c_str());
		return ERR_ACCESSAUTH_LOCK_STATE;
	}

	return rc;
}

DWORD CAccessAuthConn::SendCheckMD5Package(const char* pMD5Value)
{
	assert(IsConnectionOK());
	CheckMD5Req req;
	memset(&req, 0, sizeof(req));

	CSimpleStringA strMD5Value = pMD5Value;
	Dbg("MD5[%s]", strMD5Value.GetData());

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);	

	strncpy(&req.TerminalNo[0], (const char*)si.strTerminalID, sizeof(req.TerminalNo)-1);// 设备号
	strncpy(req.MD5Value, strMD5Value, 16);//MD5值

	CSmartPointer<IPackage> pkt = CreateNewPackage("CheckMD5");
	pkt->AddStruct("MD5REQ", false, false, (BYTE*)&req, sizeof(req));

	Dbg("send check MD5 request now");
	return SendPackage(pkt) != "" ? Error_Succeed : Error_Unexpect;			
}

DWORD CAccessAuthConn::SendUpdateMD5Package(const char* pMD5Value)
{
	assert(IsConnectionOK());
	CheckMD5Req req;
	memset(&req, 0, sizeof(req));

	CSimpleStringA strMD5Value = pMD5Value;
	Dbg("MD5[%s]", strMD5Value.GetData());

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);	

	strncpy(&req.TerminalNo[0], (const char*)si.strTerminalID, sizeof(req.TerminalNo)-1);// 设备号
	strncpy(req.MD5Value, strMD5Value, 16);//MD5值

	CSmartPointer<IPackage> pkt = CreateNewPackage("UpdMD5");
	pkt->AddStruct("MD5REQ", false, false, (BYTE*)&req, sizeof(req));

	Dbg("send update MD5 request now");
	return SendPackage(pkt) != "" ? Error_Succeed : Error_Unexpect;			
}

DWORD CAccessAuthConn::HandleCheckMD5Ret(const CSmartPointer<IPackage> &pRecvPkg)
{
	ErrorCodeEnum rc = Error_Succeed;
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;

	/*if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = (ErrorCodeEnum)dwSysCode;
		m_pFSM->doWarnMsg(dwUserCode, strErrMsg);
		CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	}

	m_pFSM->PostEventFIFO(new FSMEvent(rc==Error_Succeed ? CAccessAuthFSM::Event_CheckMD5Succ:CAccessAuthFSM::Event_CheckMD5Fail));*/

	return rc;
}

DWORD CAccessAuthConn::HandleUpdateMD5Ret(const CSmartPointer<IPackage> &pRecvPkg)
{
	ErrorCodeEnum rc = Error_Succeed;
	DWORD dwSysCode, dwUserCode;
	string strErrMsg;

	/*if (pRecvPkg->GetErrMsg(dwSysCode, dwUserCode, strErrMsg))
	{
		rc = (ErrorCodeEnum)dwSysCode;
		m_pFSM->doWarnMsg(dwUserCode, strErrMsg);
		CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
	}

	m_pFSM->PostEventFIFO(new FSMEvent(rc==Error_Succeed ? CAccessAuthFSM::Event_CheckMD5Succ:CAccessAuthFSM::Event_CheckMD5Fail));*/

	return rc;
}
DWORD CAccessAuthConn::HandleTimeSyn(int nTimeDiff,BYTE nAuthVersion,BYTE* nSessionKey) {
	// 比较终端和服务器时间， 时差小于3分钟不纠正	
	DWORD dwTimeDiff = nTimeDiff;
	if (dwTimeDiff > 180)
	{
		Dbg("time diff is too large (%ds), sync time now", dwTimeDiff);

		CSmallDateTime dtServerTime(CSmallDateTime::GetNow() + dwTimeDiff);
		SYSTEMTIME stServerTime = dtServerTime.ToSystemTime();
#ifdef RVC_OS_WIN
		if (SetLocalTime(&stServerTime))
#else
		if (set_system_time_by_sec(dwTimeDiff))
#endif // RVC_OS_WIN
			Dbg("sync time with server succeed, server time: [%s]", (const char*)dtServerTime.ToTimeString());
		else
		{
			//LogWarn(Severity_Middle, Error_Unexpect, ERR_ACCESSAUTH_SET_LOCALE_TIME,
			//	GetOutPutStr("%s%s", "stServerTime", dtServerTime.ToTimeString()).c_str());
			return ERR_ACCESSAUTH_SET_LOCALE_TIME;
		}
	}
	else
	{
		Dbg("time diff is acceptable (%ds)", dwTimeDiff);
	}

	// 检查准入请求版本 //会话密钥缓存
	Dbg("auth version: %d", nAuthVersion);
	if (((CAccessAuthEntity*)m_pEntity)->SaveAuthVerAndKey(nAuthVersion, nSessionKey)) {
		return Error_Succeed;
	} else {
        return Error_Unexpect;
	}
}
DWORD CAccessAuthConn::HandleLockState(int nState)
{
	Dbg("%s:lock state: %d", __FUNCTION__, nState);

    DWORD rc = Error_Succeed;
	//设置系统变量LockState, 0，正常；1，锁定；2，罚出；(准入服务返回，6:罚出 7：锁定)
	CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();

	if (6 == nState)
	{
		rc = spFunction->SetSysVar("LockState", "2", true);
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("终端已罚出");
	}
	else if (7 == nState)
	{
		rc = spFunction->SetSysVar("LockState", "1", true);
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("终端已锁定");
	}

	return rc;
}
DWORD CAccessAuthConn::HandleGetToken(BYTE* enToken1, BYTE* sharedKey, BYTE* enToken2, BYTE* retHash) {
	DWORD rc = Error_Succeed;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;
	pEntity->GetOrSetIsFirstSM(1);

	Dbg("retHash=%s", (char*)retHash);

	char* enToken1_acs, * sharedKey_acs, * enToken2_acs, * hash_acs;
	int enToken1_acs_len = 0, sharedKey_acs_len = 0, enToken2_acs_len = 0, hash_acs_len = 0;
	enToken1_acs = Hex2Str((char*)enToken1, enToken1_acs_len);
	sharedKey_acs = Hex2Str((char*)sharedKey, sharedKey_acs_len);
	enToken2_acs = Hex2Str((char*)enToken2, enToken2_acs_len);
	hash_acs = Hex2Str((char*)retHash, hash_acs_len);

	Dbg("enToken1_acs_len=%d", enToken1_acs_len);
	Dbg("sharedKey_acs_len=%d", sharedKey_acs_len);
	Dbg("enToken2_acs_len=%d", enToken2_acs_len);
	Dbg("hash_acs_len=%d", hash_acs_len);

	memset(enToken1, 0, strlen((char*)enToken1));
	memset(sharedKey, 0, strlen((char*)sharedKey));
	memset(enToken2, 0, strlen((char*)enToken2));
	memset(retHash, 0, strlen((char*)retHash));

	memcpy(enToken1, enToken1_acs, enToken1_acs_len);
	memcpy(sharedKey, sharedKey_acs, sharedKey_acs_len);
	memcpy(enToken2, enToken2_acs, enToken2_acs_len);
	memcpy(retHash, hash_acs, hash_acs_len);

	delete enToken1_acs;
	delete sharedKey_acs;
	delete enToken2_acs;
	delete hash_acs;

	BYTE enToken[512 + 16] = { 0 };
	memcpy(enToken, enToken1, 256);
	memcpy(enToken + 256, enToken2, 256);
	memcpy(enToken + 512, sharedKey, 16);
	
	
	BYTE sm3[32] = { 0 };
	if (!SM3Hash(enToken, 512 + 16, sm3)) {
		Dbg("SM3 Hash error at Token Ret.");
	}
 	if (memcmp(sm3, retHash, 32) != 0)
	{
		rc = Error_Bug;
		pEntity->SetAuthErrMsg("返回令牌校验不通过");
		pEntity->GetFunction()->SetSysVar("AuthErrMsg", "返回令牌校验不通过", true);
		char* sm3Ret = Str2Hex((char *)sm3, 32);
		Dbg("sm3Ret=%s", (char*)sm3Ret);
		delete sm3Ret;
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_TOKEN_HASH,
			GetOutPutStr("%s%s", "Hash", "返回令牌校验不通过").c_str(),true);
	}
	else
	{
		CBlob token;
		token.Alloc(512);
		memcpy(token.m_pData, enToken, 512);

		CBlob sharedSK;
		sharedSK.Alloc(16);
		memcpy(sharedSK.m_pData, sharedKey, 16);
		rc = pEntity->SaveTokenAndSharedSK(token, sharedSK);
		if (rc != Error_Succeed)
		{
			pEntity->SetAuthErrMsg("保存令牌失败");
			pEntity->GetFunction()->SetSysVar("AuthErrMsg", "保存令牌失败", true);
			pEntity->SetAuthErrMsg("保存令牌失败");
			m_pFSM->doWarnMsg(ERR_ACCESSAUTH_SAVE_TOKEN,
				GetOutPutStr("%s%08X", "SaveTokenAndSharedSK", rc).c_str(),true);
		}
	}

	return rc;
}
DWORD CAccessAuthConn::GetEncTerminalInfo(CBlob& encInfo) {
	LOG_FUNCTION();
	RequestTokenReq1 req1;
	memset(&req1, 0, sizeof(req1));
	BYTE* pBuf = (BYTE*)& req1.encTerminalInfo;

	// 设置长度
	sprintf((char*)pBuf, "%.4d", sizeof(RequestTokenInfo));

	RequestTokenInfo* pInfo = (RequestTokenInfo*)(pBuf + 4);

	CSystemStaticInfo si;
	m_pEntity->GetFunction()->GetSystemStaticInfo(si);
	strncpy(pInfo->szTerminalNo, (const char*)si.strTerminalID, sizeof(pInfo->szTerminalNo) - 1);

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID, bHasPinPad);
	Dbg("GetPinPadIDAndDeviceID ret: %d, PinPadID: %s, DeviceID: %s", nRet, (const char*)strPinPadID, (const char*)strDeviceID);
	if (nRet == 2 || nRet == 3){
		strncpy(pInfo->szPadDeviceID, (const char*)strDeviceID, sizeof(pInfo->szPadDeviceID) - 1);
	}
		
	strncpy(pInfo->szMachineType, (const char*)si.strMachineType, sizeof(pInfo->szMachineType) - 1);

	// 设备版本，低两位为小版本号，高两位为大版本号 Binary	4
	DWORD ver32 = si.MachineVersion.GetVersion32();
	for (int i = 0; i < 4; i++) {
		pInfo->machineVersion[3 - i] = ((BYTE*)& ver32)[i];
	}

	//	安装版本，其中包含软件框架版本	binary	8
	__int64 ver64 = si.InstallVersion.GetVersion64();
	for (int i = 0; i < 8; i++){
		pInfo->installVersion[7 - i] = ((BYTE*)& ver64)[i];
	}
#ifdef RVC_OS_WIN	
	hostent* ent = gethostbyname(NULL);
	if (ent && ent->h_addr_list[0] != NULL)
	{
		int i = 0;
		for (; ent->h_addr_list[i] != NULL; ++i)
		{
			struct in_addr* in = (struct in_addr*)ent->h_addr_list[i];
			if (in->S_un.S_un_b.s_b1 == 99 || in->S_un.S_un_b.s_b1 == 10)
				break;
		}

		if (ent->h_addr_list[i] == NULL)
			i = 0;

		auto in = (struct in_addr*)ent->h_addr_list[i];

		pInfo->ip[0] = in->S_un.S_un_b.s_b1;
		pInfo->ip[1] = in->S_un.S_un_b.s_b2;
		pInfo->ip[2] = in->S_un.S_un_b.s_b3;
		pInfo->ip[3] = in->S_un.S_un_b.s_b4;
		Dbg("ip:%d.%d.%d.%d", pInfo->ip[0], pInfo->ip[1], pInfo->ip[2], pInfo->ip[3]);
	}
#else
	char ip[32] = { 0 };
	if (getIPFromLinux(ip)) Dbg("Get IP From Linux Error ex.");
	else {
		if (ip2byte(ip, pInfo->ip)) Dbg("Ip 2 Byte Error");
		else {
			for (int i = 0; i < 4; i++) {
				Dbg("ip[%d]=%d", i, (int)pInfo->ip[i]);
			}
		}
	}
#endif //#ifdef RVC_OS_WIN
	strncpy(pInfo->szSites, si.strSite, sizeof(pInfo->szSites) - 1);

	si.EnrolGPS.GetBinaryLongitude(&pInfo->currentGPS[0]);
	si.EnrolGPS.GetBinaryLatitude(&pInfo->currentGPS[4]);

	CSimpleStringA ts;
	DWORD rc = m_pEntity->GetFunction()->GetSysVar("TerminalStage", ts);
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR,
			GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "TerminalStage", ts).c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(ts.GetLength() >= 1);
	pInfo->chTerminalState = ts[0];

	CSimpleStringA rs;
	rc = m_pEntity->GetFunction()->GetSysVar("RunState", rs);
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_SYS_VAR,
			GetOutPutStr("%s%08X%s%s", "GetSysVar", rc, "RunState", rs).c_str());
		return ERR_ACCESSAUTH_GET_SYS_VAR;
	}
	assert(rs.GetLength() >= 1);
	pInfo->chRunState = rs[0];


	CBlob raw;
	auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	if (pEntity->GetAuthVersion() == 2)
	{
		// 使用会话密钥加密
		Dbg("使用会话密钥加密。。。");
		raw.Refer(pBuf, sizeof(RequestTokenInfo) + 4);
		rc = pEntity->EncryptDataWithSessionKey(raw, encInfo);
	}
	else
	{
		//后续基本废弃
		Dbg("使用密码键盘加密。。。");
		raw.Refer(pBuf, sizeof(req1.encTerminalInfo));
		rc = pEntity->EncryptDataWithPinPad(raw, encInfo);
	}
	if (rc != Error_Succeed)
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_ENCRYPT_KEY,
			GetOutPutStr("%s%08X", "CryptEncrypt", rc).c_str());
		return ERR_ACCESSAUTH_ENCRYPT_KEY;
	}
	return Error_Succeed;
}
//密钥加密并转成可见字符
DWORD CAccessAuthConn::GetTmk(string &tmk) {
	BYTE tmp[140];
	CBlob pubKey;
	CBlob priKey;
	DWORD rc = ((CAccessAuthEntity*)m_pEntity)->CreateSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	rc = ((CAccessAuthEntity*)m_pEntity)->SaveSM2KeyPair(pubKey, priKey);
	if (rc != Error_Succeed) return rc;
	memset(tmp, 0, sizeof(tmp));
	if (pubKey.m_iLength > 70) {
		Dbg("临时公钥长度(%d)大于70。。。", pubKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(tmp, sizeof(tmp) - 70, pubKey.m_pData, pubKey.m_iLength);
	if (priKey.m_iLength > 70) {
		Dbg("临时私钥长度(%d)大于70。。。", priKey.m_iLength);
		return Error_TooSmallBuffer;
	}
	memcpy_s(&tmp[70], sizeof(tmp) - 70, priKey.m_pData, priKey.m_iLength);
	//CBlob raw, enc;
	//auto pEntity = ((CAccessAuthEntity*)m_pEntity);
	// 使用会话密钥加密
	//Dbg("使用会话密钥加密。。。");
	//raw.Refer(tmp, 140);
	//rc = pEntity->EncryptDataWithSessionKey(raw, enc);
	//if (rc != Error_Succeed) return rc;
	//char *ret = MyBase64::Str2Hex((char*)enc.m_pData, enc.m_iLength);
	//Dbg("data=%s,%d", ret, enc.m_iLength);
	char *pRet = new char[512];
	HexBuf2StrBuf(tmp, &pRet, 140);
	Dbg("data=%s,%d", pRet, strlen(pRet));
	tmk.assign(pRet);
	delete[] pRet;
	
	return Error_Succeed;
}
DWORD CAccessAuthConn::GetModalInfo(BYTE** pDevInfo, int & nDevEntityCount) {

	// 获取硬件信息
	CAutoArray<CSimpleStringA> devNames;
	DWORD rc = GetAllDevices(m_pEntity, devNames);
	if (rc != Error_Succeed)
	{
		((CAccessAuthEntity*)m_pEntity)->SetAuthErrMsg("从root.ini获取终端设备信息失败");
		CSmartPointer<IEntityFunction> spFunction = m_pEntity->GetFunction();
		spFunction->SetSysVar("AuthErrMsg", "从root.ini获取终端设备信息失败", true);

		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE,
			GetOutPutStr("%s%08X", "SpGetAllDevices", rc).c_str());

		return ERR_ACCESSAUTH_READ_WRITE_CONFIG_FILE;
	}
	
	nDevEntityCount = devNames.GetCount();
	if (nDevEntityCount > 0)
	{
		
		int nBufLen = nDevEntityCount * sizeof(RequestTokenReq2);
		*pDevInfo = new BYTE[nBufLen];
		memset(*pDevInfo, 0, nBufLen);
		
		RequestTokenReq2* pTmp = (RequestTokenReq2*)*pDevInfo;

		for (int i = 0; i < nDevEntityCount; i++)
		{
			CSimpleStringA strVersion, strModel, strVendor;
			rc = GetDeviceInfo(m_pEntity, devNames[i], strModel, strVendor, strVersion);
			if (rc == Error_Succeed)
			{
				strncpy(pTmp->szType, (const char*)devNames[i], sizeof(pTmp->szType) - 1);
				strncpy(pTmp->szModal, (const char*)strModel, sizeof(pTmp->szModal) - 1);
				strncpy(pTmp->szFactory, (const char*)strVendor, sizeof(pTmp->szFactory) - 1);

				if (strVersion.GetLength() > 0)
				{
					CAutoArray<CSimpleStringA> arr = strVersion.Split('.');
					for (int i = 0; i < 4 && i < arr.GetCount(); i++)
					{
						WORD w = (WORD)atoi(arr[i]);
						((BYTE*)pTmp->version)[i * 2] = (w >> 8) & 0xFF;
						((BYTE*)pTmp->version)[i * 2 + 1] = w & 0xFF;
					}
				}
			}

			pTmp++;
		}
		//delete pDevInfo
	}
	return Error_Succeed;
}
DWORD CAccessAuthConn::GetTokenReq(CAccessAuthGetTokenReq* getTokenReq)
{
	DWORD rc;
	auto pEntity = (CAccessAuthEntity*)m_pEntity;

	CSystemStaticInfo si;
	pEntity->GetFunction()->GetSystemStaticInfo(si);

	BYTE fingerPrint[32] = { 0 };
	int nBufLen = sizeof(fingerPrint);
	if (!pEntity->GetTerminalFingerPrint(fingerPrint, nBufLen))
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT,
			GetOutPutStr("%s%s", "GetTerminalFingerPrint", "False").c_str());
		return ERR_ACCESSAUTH_GET_TERMINAL_FINGERPRINT;
	}
	char tmp[256] = { 0 };
	char* fingerPrintHex = Str2Hex((char*)(fingerPrint + 16), 16);
	memcpy(tmp, fingerPrintHex, 32);
	delete fingerPrintHex;

	getTokenReq->TOKEN_R0.fingerPrintSM = tmp;
	getTokenReq->TOKEN_R0.isFirst = pEntity->GetOrSetIsFirstSM(0);
	getTokenReq->TOKEN_R0.isSM = 1;

	CBlob encInfo;
	if ((rc = GetEncTerminalInfo(encInfo)) != Error_Succeed)
	{
		Dbg("GetEncTerminalInfo failed:%d",rc);
		return rc;
	}
	char *pTmp =Str2Hex((char*)encInfo.m_pData , encInfo.m_iLength);
	getTokenReq->TOKEN_R1.encTerminalInfo = pTmp;
	delete pTmp;
	getTokenReq->TOKEN_R1.terminalNo = si.strTerminalID.GetData();
	string tmpStr = "";
	if ((rc = GetTmk(tmpStr)) != Error_Succeed) return rc;
	getTokenReq->TOKEN_R1.TPK = tmpStr;

	int nDevEntityCount = 0;
	BYTE* pDevInfo = NULL;
	if ((rc = GetModalInfo(&pDevInfo, nDevEntityCount)) != Error_Succeed) return rc;
	else if (pDevInfo == NULL) {
		Dbg("pDexInfo is NULL.");
	}
	else {
		Dbg("GetModalInfo succ.");
	}
	if (nDevEntityCount > 0 && pDevInfo != NULL) {
		RequestTokenReq2* R2Array = (RequestTokenReq2*)pDevInfo;
		for (int i = 0; i < nDevEntityCount; i++) {
			Dbg("szFactory=%s", R2Array->szFactory);
			getTokenReq->TOKEN_R2[i]->factory = R2Array->szFactory;
			getTokenReq->TOKEN_R2[i]->modal = R2Array->szModal;
			getTokenReq->TOKEN_R2[i]->type = R2Array->szType;
			getTokenReq->TOKEN_R2[i]->versoin =(char*) R2Array->version;
			R2Array++;
		}
		delete pDevInfo;
	}
	memset(tmp, 0, sizeof(tmp));

	fingerPrintHex = Str2Hex((char*)(fingerPrint), 16);
	memcpy(tmp, fingerPrintHex, 32);
	delete fingerPrintHex;

	getTokenReq->TOKEN_R3.authVersion = pEntity->GetAuthVersion();
	getTokenReq->TOKEN_R3.fingerPrint = tmp;
	getTokenReq->TOKEN_R3.kmcSyncFlag = "";
	memset(tmp, 0, sizeof(tmp));
	int publicKeyLen = sizeof(tmp);
	if (!pEntity->GetTerminalPublicKey((BYTE*) tmp, publicKeyLen))
	{
		m_pFSM->doWarnMsg(ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY,
			GetOutPutStr("%s%s", "GetTerminalPublicKey", "False").c_str());
		return ERR_ACCESSAUTH_GET_TERMINAL_PUBKEY;
	}
	Dbg("publicKeyLen=%d",publicKeyLen);
	char* retKey = Str2Hex(tmp, publicKeyLen);
	getTokenReq->TOKEN_R3.publicKey.assign(retKey);
	delete retKey;
	getTokenReq->TOKEN_R3.reserved = "";
	getTokenReq->TOKEN_R3.signCertHash = "";
	getTokenReq->TOKEN_R3.uKeyRootHash ="";

	CSimpleStringA strPinPadID = "", strDeviceID = "";
	bool bHasPinPad = false;
	int nRet = ((CAccessAuthEntity*)m_pEntity)->GetPinPadIDAndDeviceID(strPinPadID, strDeviceID,bHasPinPad);
	getTokenReq->TOKEN_R4.pinPadID = strPinPadID.GetData();
	getTokenReq->TOKEN_R4.reserved = "";
	if (pEntity->HasPinPad())
	{
		getTokenReq->TOKEN_R5.existPinPad = 1;
	}
	else
	{
		getTokenReq->TOKEN_R5.existPinPad = 0;
	}
	return rc;
}
DWORD CAccessAuthConn::GetDeviceInfo(CEntityBase* pCallerEntity, const CSimpleStringA& devDeviceName,
	CSimpleStringA& strModel, CSimpleStringA& strVendor, CSimpleStringA& strVersion)
{
	CSmartPointer<IConfigInfo> pConfig;
	DWORD rc = pCallerEntity->GetFunction()->OpenConfig(Config_Root, pConfig);
	if (rc == Error_Succeed)
	{
		CSimpleStringA strSection = CSimpleStringA("Device.") + devDeviceName;

		pConfig->ReadConfigValue(strSection, "Vendor", strVendor);
		pConfig->ReadConfigValue(strSection, "Version", strVersion);

		strModel = devDeviceName;
		if (!strVendor.IsNullOrEmpty())
		{
			strModel += ".";
			strModel += strVendor;
		}

		if (!strVersion.IsNullOrEmpty())
		{
			strModel += ".";
			strModel += strVersion;
		}
	}

	return rc;
}
DWORD CAccessAuthConn::GetAllDevices(CEntityBase* pEntity, CAutoArray<CSimpleStringA>& devs)
{
	CSmartPointer<IConfigInfo> pConfig;
	DWORD rc = pEntity->GetFunction()->OpenConfig(Config_Root, pConfig);
	if (rc == Error_Succeed)
	{
		int nCount(0);
		rc = pConfig->ReadConfigValueInt("Device", "Number", nCount);
		Dbg("nCount=%d", nCount);
		if (rc == Error_Succeed && nCount > 0)
		{
			devs.Init(nCount);

			for (int i = 0; i < nCount; i++)
			{
				CSimpleStringA str = CSimpleStringA::Format("%d", i + 1);
				rc = pConfig->ReadConfigValue("Device", (const char*)str, devs[i]);
			}
		}
	}
	else {
		Dbg("GetAllDevices OpenConfig error");
	}
	return rc;
}