Show warning when card requires activation

WE2-1114

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

.github/workflows/cmake-macos.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
 
@@ -64,7 +64,7 @@ jobs:
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.9.1
+          version: 6.9.3
           arch: clang_64
 
       - name: Configure

.github/workflows/cmake-windows.yml

@@ -9,14 +9,14 @@ env:
 
 jobs:
   build:
-    runs-on: windows-2022
+    runs-on: windows-2025
     strategy:
       matrix:
         arch: [x64, arm64]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
 
@@ -30,7 +30,7 @@ jobs:
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.9.1
+          version: 6.9.3
           arch: ${{ matrix.arch == 'arm64' && 'win64_msvc2022_arm64_cross_compiled' || 'win64_msvc2022_64' }}
 
       - name: Setup MS Visual C++ dev env
@@ -40,10 +40,10 @@ jobs:
 
       - name: Install WiX
         run: |
-          dotnet tool install --global wix --version 6.0.1
-          wix extension -g add WixToolset.UI.wixext/6.0.1
-          wix extension -g add WixToolset.Util.wixext/6.0.1
-          wix extension -g add WixToolset.BootstrapperApplications.wixext/6.0.1
+          dotnet tool install --global wix --version 6.0.2
+          wix extension -g add WixToolset.UI.wixext/6.0.2
+          wix extension -g add WixToolset.Util.wixext/6.0.2
+          wix extension -g add WixToolset.BootstrapperApplications.wixext/6.0.2
 
       - name: Configure
         run: |

install/vcpkg.json

@@ -0,0 +1,5 @@
+{
+    "name": "web-eid-app",
+    "dependencies": ["openssl", "gtest"],
+    "builtin-baseline": "bc38a15b0bee8bc48a49ea267cc32fbb49aedfc4"
+}

lib/libelectronic-id

@@ -40,10 +40,10 @@ struct PinInfo
     using PinMinMaxLength = std::pair<uint8_t, uint8_t>;
     using PinRetriesCount = std::pair<int8_t, int8_t>;
 
-    PinMinMaxLength pinMinMaxLength = {0, 0};
-    PinRetriesCount pinRetriesCount = {0, -1};
+    PinMinMaxLength pinMinMaxLength {0, 0};
+    PinRetriesCount pinRetriesCount {0, -1};
     bool readerHasPinPad = false;
-    bool pinIsBlocked = false;
+    constexpr bool pinIsBlocked() const { return pinRetriesCount.first == 0; }
 
     static constexpr int PIN_PAD_PIN_ENTRY_TIMEOUT = pcsc_cpp::PIN_PAD_PIN_ENTRY_TIMEOUT;
 };
@@ -55,6 +55,7 @@ struct EidCertificateAndPinInfo
     QSslCertificate certificate {};
     CertificateInfo certInfo;
     PinInfo pinInfo;
+    bool cardActive = true;
 };
 
 Q_DECLARE_METATYPE(EidCertificateAndPinInfo)

src/controller/certandpininfo.hpp

@@ -50,7 +50,7 @@ EidCertificateAndPinInfo getCertificateWithStatusAndInfo(const ElectronicID::ptr
     auto serialNumber = certificate.subjectInfo(QSslCertificate::SerialNumber).join(' ');
 
     // http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf
-    if (serialNumber.size() > 6 && serialNumber.startsWith(QStringLiteral("PNO"))
+    if (serialNumber.size() > 6 && serialNumber.startsWith(QLatin1String("PNO"))
         && serialNumber[5] == '-')
         serialNumber.remove(0, 6);
 
@@ -61,16 +61,29 @@ EidCertificateAndPinInfo getCertificateWithStatusAndInfo(const ElectronicID::ptr
     CertificateInfo certInfo {
         certificateType, certificate.expiryDate() < QDateTime::currentDateTimeUtc(),
         certificate.effectiveDate() > QDateTime::currentDateTimeUtc(), std::move(subject)};
-    PinInfo pinInfo {certificateType.isAuthentication() ? eid->authPinMinMaxLength()
-                                                        : eid->signingPinMinMaxLength(),
-                     certificateType.isAuthentication() ? eid->authPinRetriesLeft()
-                                                        : eid->signingPinRetriesLeft(),
-                     eid->smartcard().readerHasPinPad()};
-    if (pinInfo.pinRetriesCount.first == 0) {
-        pinInfo.pinIsBlocked = true;
+    auto info = certificateType.isAuthentication() ? eid->authPinInfo() : eid->signingPinInfo();
+    PinInfo pinInfo {.pinMinMaxLength = certificateType.isAuthentication()
+                         ? eid->authPinMinMaxLength()
+                         : eid->signingPinMinMaxLength(),
+                     .pinRetriesCount {
+                         info.retryCount,
+                         info.maxRetry,
+                     },
+                     .readerHasPinPad = eid->smartcard().readerHasPinPad()};
+    bool cardActive = info.pinActive;
+    if (certificateType == CertificateType::AUTHENTICATION && eid->type() == ElectronicID::EstEID
+        && eid->name() == "EstEIDThales") {
+        cardActive = eid->signingPinInfo().pinActive;
     }
 
-    return {eid, std::move(certificateDer), certificate, std::move(certInfo), std::move(pinInfo)};
+    return {
+        .eid = eid,
+        .certificateBytesInDer = std::move(certificateDer),
+        .certificate = certificate,
+        .certInfo = std::move(certInfo),
+        .pinInfo = std::move(pinInfo),
+        .cardActive = cardActive,
+    };
 }
 
 } // namespace

src/controller/command-handlers/certificatereader.cpp

@@ -112,11 +112,9 @@ void CertificateWidgetInfo::setCertificateInfo(const EidCertificateAndPinInfo& c
     info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
                       .arg(subject, issuer, effectiveDate, expiryDate, warning));
     info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
-                                      || cardCertPinInfo.pinInfo.pinIsBlocked);
-    if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
-        warnIcon->show();
-        warn->show();
-    }
+                                      || cardCertPinInfo.pinInfo.pinIsBlocked());
+    warnIcon->setVisible(warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked());
+    warn->setVisible(warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked());
 }
 
 void CertificateWidgetInfo::languageChange()

src/ui/certificatewidget.cpp

@@ -211,6 +211,28 @@ height: 24px;
    <property name="bottomMargin">
     <number>20</number>
    </property>
+   <item>
+    <widget class="QLabel" name="lockedWarning">
+     <property name="styleSheet">
+      <string notr="true">background-color: #FAE7C9;
+color: #003168;
+font-family: Roboto, Helvetica;
+font-size: 14px;
+padding: 10px;
+border: none;
+border-radius: 4px;</string>
+     </property>
+     <property name="text">
+      <string>Signing with an ID-card isn't possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</string>
+     </property>
+     <property name="wordWrap">
+      <bool>true</bool>
+     </property>
+     <property name="openExternalLinks">
+      <bool>true</bool>
+     </property>
+    </widget>
+   </item>
    <item>
     <widget class="QStackedWidget" name="pageStack">
      <property name="currentIndex">

src/ui/dialog.ui

@@ -157,6 +157,10 @@
         <source>Operation failed</source>
         <translation>Operace se nezdařila</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Chyba ovladače karty. Zkuste to prosím znovu.</translation>
@@ -193,6 +197,10 @@
         <source>Try again</source>
         <translation>Zkuste to znovu</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Zrušit</translation>

src/ui/translations/cs.ts

@@ -155,13 +155,17 @@
         <source>Operation failed</source>
         <translation>Der Vorgang ist fehlgeschlagen</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Kartentreiberfehler. Bitte versuche es erneut.</translation>
     </message>
     <message>
         <source>Card driver error</source>
-        <translation>Kartentreiberfehler.</translation>
+        <translation>Kartentreiberfehler</translation>
     </message>
     <message>
         <source>An error occurred in the Smart Card service required to use the ID-card. Make sure that the ID-card and the card reader are connected correctly or relaunch the Smart Card service.</source>
@@ -191,6 +195,10 @@
         <source>Try again</source>
         <translation>Versuch es noch einmal</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Abbrechen</translation>