pcacc
/
myvtm


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
							#ifndef __MOD_ACCESSAUTH_H
#define __MOD_ACCESSAUTH_H
#include "SpBase.h"
#include "EventCode.h"
#include "AccessAuthFSM.h"
#include "modVer.h"
#include "AccessAuthorization_server_g.h"
using namespace AccessAuthorization;

// 准入服务 0x502
class CAccessAuthEntity;

class CAccessAuthSession : public AccessAuthService_ServerSessionBase
{
public:
	CAccessAuthSession(CAccessAuthEntity *pEntity) : m_pEntity(pEntity) {}
	virtual ~CAccessAuthSession() {}

	virtual void Handle_Regist(SpOnewayCallContext<AccessAuthService_Regist_Info>::Pointer ctx);	
	virtual void Handle_Unregist(SpOnewayCallContext<AccessAuthService_Unregist_Info>::Pointer ctx);
	virtual void Handle_InitDev(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer ctx);
	virtual void Handle_UpdateWK(SpOnewayCallContext<AccessAuthService_UpdateWK_Info>::Pointer ctx);
	virtual void Handle_InitializeNew(SpReqAnsContext<AccessAuthService_InitializeNew_Req, AccessAuthService_InitializeNew_Ans>::Pointer ctx);
	virtual void Handle_SyncTime(SpOnewayCallContext<AccessAuthService_SyncTime_Info>::Pointer ctx);	
	
private:
	CAccessAuthEntity *m_pEntity;
};

class CAccessAuthEntity : public CEntityBase, public ISysVarListener
{
public:
	CAccessAuthEntity() :m_nAuthVersion(1), m_bGetKMCKey(false){}
	virtual ~CAccessAuthEntity() {}

	virtual const char* GetEntityVersion() const { return MODULE_VERSION_FULL; }
	virtual const char *GetEntityName() const { return "AccessAuthorization"; }

	virtual bool IsService()const{return true;}

	virtual void OnStarted();
	virtual void OnPreStart(CAutoArray<CSimpleStringA> strArgs,CSmartPointer<ITransactionContext> pTransactionContext); 
	virtual void OnPreClose(EntityCloseCauseEnum eCloseCause,CSmartPointer<ITransactionContext> pTransactionContext);
	virtual void OnSysVarEvent(const char *pszKey, const char *pszValue,const char *pszOldValue,const char *pszEntityName);
		
	virtual CServerSessionBase *OnNewSession(const char* /*pszRemoteEntityName*/, const char * /*pszClass*/){
		return new CAccessAuthSession(this);
	}

	// 开始准入
	ErrorCodeEnum Regist();
	void UpdateWK();

	// 重新准入
	ErrorCodeEnum Reregist();

	// 准入退出
	ErrorCodeEnum Unregist(int nReason, int nWay);

	// 时间同步
	DWORD SyncTime();

	// 状态上报
	ErrorCodeEnum PushTerminalStage(char cNewStage, DWORD dwNewStageTime, char cOldStage, DWORD dwOldStageTime);

	// KMC初始化
	DWORD InitKMC();
		
	// 获取WK更新请求包
	// @nAlgFlag:  1:3des only; 2: sm4 only; 3: both 3des and sm4
	ErrorCodeEnum GetKmcWKUpdateData(char *pBuf, int &nLen, int  nAlgFlag);

	// 解析WK
	// @nAlgFlag:  1:3des only; 2: sm4 only; 3: both 3des and sm4
	DWORD ParseWKUpdateResult(char *pBuf, int nLen, int  nAlgFlag);

	// 获取KMC错误
	CSimpleStringA GetKMCLastErrMsg();

	// 释放KMC
	ErrorCodeEnum ReleaseKMC();

	// 加载新WK
	DWORD LoadPinPadWK(bool bSM);
	
	bool HexStrToByteArray(const char* pHex, BYTE *pBuf, int *pBufLen);
	string ByteArrayToHexStr(BYTE *pBuf, int nBufLen);

	// 调用PinPad加密(只支持DES加密，不支持SM)
	DWORD EncryptDataWithPinPad(const CBlob &raw, CBlob &enc);

	// 生成SM2密钥对
	DWORD CreateSM2KeyPair(CBlob &pubKey, CBlob &priKey);

	// 保存密钥对到令牌实体
	DWORD SaveSM2KeyPair(const CBlob &pubKey, const CBlob &priKey);

	// 保存Token和共享会话密钥到令牌实体
	ErrorCodeEnum SaveTokenAndSharedSK(const CBlob &token, const CBlob &sharedSK);

	// 是否使用PinPad
	bool HasPinPad();
	// 机型是否配置密码键盘
	bool IsMachineTypeConfigurePinPad(CSimpleStringA strMachineType);

	int GetPinPadCapability();

	// 保存准入版本及会话密钥
	bool SaveAuthVerAndKey(int nAuthVer, BYTE *pKey);

	inline int  GetAuthVersion(){ return m_nAuthVersion; }

	// 调用准入会话密钥加密
	ErrorCodeEnum EncryptDataWithSessionKey(const CBlob &raw, CBlob &enc);

	bool GetTerminalFingerPrint(BYTE *pBuf, int &nBufLen);
	bool GetTerminalPublicKey(BYTE *pBuf, int &nBufLen);
	bool GetTerminalPublicKey(BYTE* pBuf, int& nBufLen, string& pubkey);

	bool GetMD5Hash(const char *pStr, BYTE md5[16]);
	
	DWORD InitDevice(SpReqAnsContext<AccessAuthService_InitDev_Req, AccessAuthService_InitDev_Ans>::Pointer &ctx);

	void SetAuthErrMsg(const char *pszErrMsg) { m_strAuthErrMsg = pszErrMsg; }
	const char *GetAuthErrMsg() { return m_strAuthErrMsg; }

	// 获取密码键盘ID和外设ID
	//oilyang@20210510 add:in order to avoid getting info out of async, check if has pinpad while getting info
	// 返回1：只有PinPadID；2：只有DeviceID；3：两者都有；0：失败
	int GetPinPadIDAndDeviceID(CSimpleStringA &strPinPadID, CSimpleStringA &strDeviceID,bool &bHasPinPad);

	// 密码键盘是否支持校验码
	bool HasCkCodeFlg();

	// 设置时区
	wstring ANSIToUnicode(const string& str);
	BOOL SetLocalTimeZoneByKeyName(const TCHAR* szTimeZoneKeyName, BOOL isDaylightSavingTime);

	int ConvertStr2Byte(string input, BYTE* output, int outputLen);
	void printPasswdError();
	DWORD LoadKeysToPinPadNew(string TMK, string TPK, string EDK, string index);
	BYTE m_AuthSessionKey[140];
	virtual void OnSelfTest(EntityTestEnum eTestType, CSmartPointer<ITransactionContext> pTransactionContext)
	{
		pTransactionContext->SendAnswer(Error_Succeed);
	}
	/*type=0 means read first or not while type=1 for writing not first*/
	/*return 1 means first access auth as 0 means not first access auth*/
	int GetOrSetIsFirstSM(int type);

	string m_TMK;
	string m_TPK;
	string m_EDK;
	string m_index;
	bool m_bGetKMCKey;

	CSimpleStringA m_strUserID, m_strPassword, m_strInitUrl;
	SpReqAnsContext<AccessAuthService_InitializeNew_Req, AccessAuthService_InitializeNew_Ans>::Pointer m_ctx;

	void BeginInitMKACS();
	bool SendInitMKReqACS(CInitlizerMKReq& initMKReq);
	CSimpleStringA GetInitUrl()
	{
		return m_strInitUrl;
	}
	void EndInitMK(DWORD rc, const char* pszErrMsg);
	ErrorCodeEnum LoadKeysToPinPadACS(string TMK, string TPK, string EDK, string index);
	DWORD m_eErrNum;
	CSimpleStringA m_strLastErrMsg;

	int HexBuf2StrBuf(PBYTE hexBuf, char** strBuf, DWORD len)
	{
		char* tmpStr = *strBuf;
		int count = 0;
		for (int i = 0; i < len; ++i)
		{
			sprintf(tmpStr + count, "%0.2X", hexBuf[i]);
			count += 2;
		}
		return 0;
	}


	int StrBuf2HexBuf(LPCTSTR strBuf, PBYTE* hexBuf)
	{
		int len = strlen(strBuf);
		if (len == 0 || len % 2 != 0)
			return 0;
		BYTE* buf = new BYTE[len / 2];
		if (buf == NULL)
			return 0;
		int j = 0;
		for (int i = 0; i < len;)
		{
			int tmpVal;
			sscanf(strBuf + i, "%2X", &tmpVal);
			buf[j] = tmpVal;
			//buf[j] = char2int(strBuf[i])*16 + char2int(strBuf[i+1]);
			i += 2;
			j++;
		}
		//memcpy(buf,strBuf,len);
		*hexBuf = buf;
		return j;
	}

protected:
	CAccessAuthFSM m_FSM;

	int m_nAuthVersion;		// 准入请求版本： 1 借助KMC密钥验证；2 借助终端密钥动态生成会话密钥验证
	CSystemStaticInfo m_info;

	CSimpleStringA m_strAuthErrMsg;
};
#endif //__MOD_ACCESSAUTH_H