Return PIN locked info

metsma · metsma · commit 18931c8e72a3 · 2025-10-01T13:44:43.000+03:00
WE2-1114

Signed-off-by: Raul Metsma &lt;raul@metsma.ee&gt;
diff --git a/include/electronic-id/electronic-id.hpp b/include/electronic-id/electronic-id.hpp
@@ -24,8 +24,8 @@
 
 #include "enums.hpp"
 
-#include <optional>
 #include <functional>
+#include <optional>
 
 namespace electronic_id
 {
@@ -37,11 +37,17 @@ class ElectronicID
 public:
     using ptr = std::shared_ptr<ElectronicID>;
     using PinMinMaxLength = std::pair<uint8_t, uint8_t>;
-    using PinRetriesRemainingAndMax = std::pair<uint8_t, int8_t>;
     using byte_vector = pcsc_cpp::byte_vector;
     using byte_type = pcsc_cpp::byte_type;
     using Signature = std::pair<byte_vector, SignatureAlgorithm>;
 
+    struct PinInfo
+    {
+        uint8_t retryCount;
+        int8_t maxRetry;
+        bool pinActive;
+    };
+
     enum Type : uint8_t {
         EstEID,
         FinEID,
@@ -68,7 +74,7 @@ class ElectronicID
 
     virtual PinMinMaxLength authPinMinMaxLength() const = 0;
 
-    virtual PinRetriesRemainingAndMax authPinRetriesLeft() const = 0;
+    virtual PinInfo authPinInfo() const = 0;
 
     virtual pcsc_cpp::byte_vector signWithAuthKey(byte_vector&& pin,
                                                   const byte_vector& hash) const = 0;
@@ -80,7 +86,7 @@ class ElectronicID
 
     virtual PinMinMaxLength signingPinMinMaxLength() const = 0;
 
-    virtual PinRetriesRemainingAndMax signingPinRetriesLeft() const = 0;
+    virtual PinInfo signingPinInfo() const = 0;
 
     virtual Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
                                          const HashAlgorithm hashAlgo) const = 0;
diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp
@@ -78,9 +78,9 @@ class MsCryptoApiElectronicID : public ElectronicID
         return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};
     }
 
-    PinRetriesRemainingAndMax authPinRetriesLeft() const override
+    PinInfo authPinInfo() const override
     {
-        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};
+        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};
     }
 
     byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;
@@ -92,9 +92,9 @@ class MsCryptoApiElectronicID : public ElectronicID
         return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};
     }
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override
+    PinInfo signingPinInfo() const override
     {
-        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};
+        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};
     }
 
     Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.cpp b/src/electronic-ids/pcsc/EIDIDEMIA.cpp
@@ -107,8 +107,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const SmartCard::Session& session, by
     return std::move(response.data);
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDIDEMIA::authPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDIDEMIA::authPinInfoImpl(const SmartCard::Session& session) const
 {
     selectMain(session);
     return pinRetriesLeft(session, AUTH_PIN_REFERENCE);
@@ -154,15 +153,14 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const SmartCard::Sessi
             {isECC ? SignatureAlgorithm::ES : SignatureAlgorithm::RS, hashAlgo}};
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDIDEMIA::signingPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDIDEMIA::signingPinInfoImpl(const SmartCard::Session& session) const
 {
     selectADF2(session);
     return pinRetriesLeft(session, SIGN_PIN_REFERENCE);
 }
 
-ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,
-                                                                  byte_type pinReference)
+ElectronicID::PinInfo EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,
+                                                byte_type pinReference)
 {
     auto ref = byte_type(pinReference & 0x0F);
     const CommandApdu GET_DATA_ODD {
@@ -175,7 +173,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCar
     TLV max = info[0x9A];
     TLV tries = info[0x9B];
     if (max && tries) {
-        return {*tries.begin, *max.begin};
+        return {*tries.begin, int8_t(*max.begin), true};
     }
     THROW(SmartCardError, "Command GET DATA ODD failed: missing expected info");
 }
diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.hpp b/src/electronic-ids/pcsc/EIDIDEMIA.hpp
@@ -42,21 +42,18 @@ class EIDIDEMIA : public PcscElectronicID
     byte_vector getCertificateImpl(const SmartCard::Session& session,
                                    const CertificateType type) const override;
 
-    PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+    PinInfo authPinInfoImpl(const SmartCard::Session& session) const override;
     virtual KeyInfo authKeyRef(const SmartCard::Session& session) const;
     byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                     const byte_vector& hash) const override;
 
-    PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+    PinInfo signingPinInfoImpl(const SmartCard::Session& session) const override;
     virtual KeyInfo signKeyRef(const SmartCard::Session& session) const;
     Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                      const byte_vector& hash,
                                      const HashAlgorithm hashAlgo) const override;
 
-    static PinRetriesRemainingAndMax pinRetriesLeft(const SmartCard::Session& session,
-                                                    byte_type pinReference);
+    static PinInfo pinRetriesLeft(const SmartCard::Session& session, byte_type pinReference);
 
     static void selectMain(const SmartCard::Session& session);
     static void selectADF1(const SmartCard::Session& session);
diff --git a/src/electronic-ids/pcsc/EIDThales.cpp b/src/electronic-ids/pcsc/EIDThales.cpp
@@ -55,10 +55,9 @@ const auto SELECT_MAIN_AID = CommandApdu::select(
 
 } // namespace
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDThales::authPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDThales::authPinInfoImpl(const SmartCard::Session& session) const
 {
-    return pinRetriesLeft(session, authPinReference());
+    return pinRetriesLeft(session, authPinReference(), true);
 }
 
 byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,
@@ -68,8 +67,8 @@ byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,
     return readFile(session, type.isAuthentication() ? authCertFile() : signCertFile());
 }
 
-ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCard::Session& session,
-                                                                  byte_type pinReference) const
+ElectronicID::PinInfo EIDThales::pinRetriesLeft(const SmartCard::Session& session,
+                                                byte_type pinReference, bool pinActive) const
 {
     const auto GET_DATA = smartcard().protocol() == SmartCard::Protocol::T1
         ? CommandApdu {0x00, 0xCB, 0x00, 0xFF, {0xA0, 0x03, 0x83, 0x01, pinReference}, 0x00}
@@ -78,8 +77,9 @@ ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCar
     if (!response.isOK()) {
         THROW(SmartCardError, "Command GET DATA failed with error " + response);
     }
-    if (TLV info = TLV(response.data).find(0xA0)[0xdf21]) {
-        return {*info.begin, maximumPinRetries()};
+    if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
+        TLV pinChanged = info[0xdf2f];
+        return {*count.begin, maximumPinRetries(), pinActive || *pinChanged.begin};
     }
     THROW(SmartCardError,
           "Command GET DATA failed: received data does not contain the PIN remaining retries info");
@@ -147,10 +147,9 @@ byte_vector EIDThales::sign(const SmartCard::Session& session, const HashAlgorit
     return std::move(signature.data);
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDThales::signingPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDThales::signingPinInfoImpl(const SmartCard::Session& session) const
 {
-    return pinRetriesLeft(session, SIGNING_PIN_REFERENCE);
+    return pinRetriesLeft(session, SIGNING_PIN_REFERENCE, false);
 }
 
 byte_vector EIDThales::signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
diff --git a/src/electronic-ids/pcsc/EIDThales.hpp b/src/electronic-ids/pcsc/EIDThales.hpp
@@ -42,25 +42,23 @@ class EIDThales : public PcscElectronicID
     virtual constexpr byte_type signingKeyReference() const = 0;
 
     byte_vector getCertificateImpl(const SmartCard::Session& session,
-                                   const CertificateType type) const override;
-    PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const override;
-    PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+                                   CertificateType type) const override;
+    PinInfo authPinInfoImpl(const SmartCard::Session& session) const override;
+    PinInfo signingPinInfoImpl(const SmartCard::Session& session) const override;
     byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                     const byte_vector& hash) const override;
     Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                      const byte_vector& hash,
-                                     const HashAlgorithm hashAlgo) const override;
+                                     HashAlgorithm hashAlgo) const override;
 
-    PinRetriesRemainingAndMax pinRetriesLeft(const SmartCard::Session& session,
-                                             byte_type pinReference) const;
-    byte_vector sign(const SmartCard::Session& session, const HashAlgorithm hashAlgo,
+    PinInfo pinRetriesLeft(const SmartCard::Session& session, byte_type pinReference,
+                           bool pinActive) const;
+    byte_vector sign(const SmartCard::Session& session, HashAlgorithm hashAlgo,
                      const byte_vector& hash, byte_vector&& pin, byte_type pinReference,
                      PinMinMaxLength pinMinMaxLength, byte_type keyReference,
                      byte_type signatureAlgo) const;
 
     static constexpr byte_type AUTH_KEY_REFERENCE = 0x01;
 };
 
-} // namespace electronic_id
+} // namespace electronic_id
diff --git a/src/electronic-ids/pcsc/PcscElectronicID.hpp b/src/electronic-ids/pcsc/PcscElectronicID.hpp
@@ -65,15 +65,9 @@ class PcscElectronicID : public ElectronicID
         return signWithSigningKeyImpl(card.beginSession(), std::move(pin), hash, hashAlgo);
     }
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override
-    {
-        return signingPinRetriesLeftImpl(card.beginSession());
-    }
+    PinInfo signingPinInfo() const override { return signingPinInfoImpl(card.beginSession()); }
 
-    ElectronicID::PinRetriesRemainingAndMax authPinRetriesLeft() const override
-    {
-        return authPinRetriesLeftImpl(card.beginSession());
-    }
+    PinInfo authPinInfo() const override { return authPinInfoImpl(card.beginSession()); }
 
     // The following pure virtual *Impl functions are the interface of all
     // PC/SC electronic ID implementations,
@@ -86,15 +80,13 @@ class PcscElectronicID : public ElectronicID
     virtual byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                             const byte_vector& hash) const = 0;
 
-    virtual PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const = 0;
+    virtual PinInfo authPinInfoImpl(const SmartCard::Session& session) const = 0;
 
     virtual Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                              const byte_vector& hash,
                                              const HashAlgorithm hashAlgo) const = 0;
 
-    virtual PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const = 0;
+    virtual PinInfo signingPinInfoImpl(const SmartCard::Session& session) const = 0;
 };
 
 } // namespace electronic_id
diff --git a/src/electronic-ids/pkcs11/PKCS11CardManager.hpp b/src/electronic-ids/pkcs11/PKCS11CardManager.hpp
@@ -135,7 +135,7 @@ class PKCS11CardManager
         std::string serialNumber;
         CK_SLOT_ID slotID;
         std::vector<CK_BYTE> cert, certID;
-        int8_t retry;
+        uint8_t retry;
         bool pinpad;
         uint8_t minPinLen, maxPinLen;
     };
@@ -362,7 +362,7 @@ class PKCS11CardManager
         return objectHandle;
     }
 
-    static constexpr int8_t pinRetryCount(CK_FLAGS flags) noexcept
+    static constexpr uint8_t pinRetryCount(CK_FLAGS flags) noexcept
     {
         // As PKCS#11 does not provide an API for querying remaining PIN retries, we currently
         // simply assume max retry count of 3, which is quite common. We might need to revisit this
diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp
@@ -255,9 +255,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::authPinMinMaxLength() const
     return {authToken.minPinLen, authToken.maxPinLen};
 }
 
-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::authPinRetriesLeft() const
+ElectronicID::PinInfo Pkcs11ElectronicID::authPinInfo() const
 {
-    return {authToken.retry, module.retryMax};
+    return {authToken.retry, module.retryMax, true};
 }
 
 pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(byte_vector&& pin,
@@ -295,9 +295,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::signingPinMinMaxLength() const
     return {signingToken.minPinLen, signingToken.maxPinLen};
 }
 
-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::signingPinRetriesLeft() const
+ElectronicID::PinInfo Pkcs11ElectronicID::signingPinInfo() const
 {
-    return {signingToken.retry, module.retryMax};
+    return {signingToken.retry, module.retryMax, true};
 }
 
 ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(byte_vector&& pin,
diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp
@@ -58,13 +58,13 @@ class Pkcs11ElectronicID : public ElectronicID
     JsonWebSignatureAlgorithm authSignatureAlgorithm() const override;
     PinMinMaxLength authPinMinMaxLength() const override;
 
-    PinRetriesRemainingAndMax authPinRetriesLeft() const override;
+    PinInfo authPinInfo() const override;
     byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;
 
     const std::set<SignatureAlgorithm>& supportedSigningAlgorithms() const override;
     PinMinMaxLength signingPinMinMaxLength() const override;
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override;
+    PinInfo signingPinInfo() const override;
     Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
                                  const HashAlgorithm hashAlgo) const override;
 
diff --git a/tests/integration/test-authenticate.cpp b/tests/integration/test-authenticate.cpp
@@ -53,7 +53,7 @@ TEST(electronic_id_test, authenticate)
             "currently supported");
     }
 
-    GTEST_ASSERT_GE(cardInfo->authPinRetriesLeft().first, 0U);
+    GTEST_ASSERT_GE(cardInfo->authPinInfo().retryCount, 0U);
 
     byte_vector pin {'1', '2', '3', '4'};
     pin.reserve(64);
diff --git a/tests/integration/test-signing.cpp b/tests/integration/test-signing.cpp
@@ -46,7 +46,7 @@ static void signing(HashAlgorithm hashAlgo)
 
     byte_vector cert = cardInfo->getCertificate(CertificateType::SIGNING);
 
-    GTEST_ASSERT_GE(cardInfo->signingPinRetriesLeft().first, 0U);
+    GTEST_ASSERT_GE(cardInfo->signingPinInfo().retryCount, 0U);
 
     byte_vector pin;
     if (cardInfo->name() == "EstEID IDEMIA v1" || cardInfo->name() == "EstEIDThales")
diff --git a/tests/mock/test-get-certificate.cpp b/tests/mock/test-get-certificate.cpp

Original file line number	Diff line number	Diff line change
`@@ -78,9 +78,9 @@ class MsCryptoApiElectronicID : public ElectronicID`
`78`	`78`	`return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};`
`79`	`79`	`}`
`80`	`80`
`81`		`- PinRetriesRemainingAndMax authPinRetriesLeft() const override`
	`81`	`+ PinInfo authPinInfo() const override`
`82`	`82`	`{`
`83`		`- return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};`
	`83`	`+ return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;`
`@@ -92,9 +92,9 @@ class MsCryptoApiElectronicID : public ElectronicID`
`92`	`92`	`return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};`
`93`	`93`	`}`
`94`	`94`
`95`		`- PinRetriesRemainingAndMax signingPinRetriesLeft() const override`
	`95`	`+ PinInfo signingPinInfo() const override`
`96`	`96`	`{`
`97`		`- return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};`
	`97`	`+ return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,`
Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const SmartCard::Session& session, by`
`107`	`107`	`return std::move(response.data);`
`108`	`108`	`}`
`109`	`109`
`110`		`-ElectronicID::PinRetriesRemainingAndMax`
`111`		`-EIDIDEMIA::authPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`110`	`+ElectronicID::PinInfo EIDIDEMIA::authPinInfoImpl(const SmartCard::Session& session) const`
`112`	`111`	`{`
`113`	`112`	`selectMain(session);`
`114`	`113`	`return pinRetriesLeft(session, AUTH_PIN_REFERENCE);`
`@@ -154,15 +153,14 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const SmartCard::Sessi`
`154`	`153`	`{isECC ? SignatureAlgorithm::ES : SignatureAlgorithm::RS, hashAlgo}};`
`155`	`154`	`}`
`156`	`155`
`157`		`-ElectronicID::PinRetriesRemainingAndMax`
`158`		`-EIDIDEMIA::signingPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`156`	`+ElectronicID::PinInfo EIDIDEMIA::signingPinInfoImpl(const SmartCard::Session& session) const`
`159`	`157`	`{`
`160`	`158`	`selectADF2(session);`
`161`	`159`	`return pinRetriesLeft(session, SIGN_PIN_REFERENCE);`
`162`	`160`	`}`
`163`	`161`
`164`		`-ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,`
`165`		`- byte_type pinReference)`
	`162`	`+ElectronicID::PinInfo EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,`
	`163`	`+ byte_type pinReference)`
`166`	`164`	`{`
`167`	`165`	`auto ref = byte_type(pinReference & 0x0F);`
`168`	`166`	`const CommandApdu GET_DATA_ODD {`
`@@ -175,7 +173,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCar`
`175`	`173`	`TLV max = info[0x9A];`
`176`	`174`	`TLV tries = info[0x9B];`
`177`	`175`	`if (max && tries) {`
`178`		`- return {tries.begin, max.begin};`
	`176`	`+ return {tries.begin, int8_t(max.begin), true};`
`179`	`177`	`}`
`180`	`178`	`THROW(SmartCardError, "Command GET DATA ODD failed: missing expected info");`
`181`	`179`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,10 +55,9 @@ const auto SELECT_MAIN_AID = CommandApdu::select(`
`55`	`55`
`56`	`56`	`} // namespace`
`57`	`57`
`58`		`-ElectronicID::PinRetriesRemainingAndMax`
`59`		`-EIDThales::authPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`58`	`+ElectronicID::PinInfo EIDThales::authPinInfoImpl(const SmartCard::Session& session) const`
`60`	`59`	`{`
`61`		`- return pinRetriesLeft(session, authPinReference());`
	`60`	`+ return pinRetriesLeft(session, authPinReference(), true);`
`62`	`61`	`}`
`63`	`62`
`64`	`63`	`byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,`
`@@ -68,8 +67,8 @@ byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,`
`68`	`67`	`return readFile(session, type.isAuthentication() ? authCertFile() : signCertFile());`
`69`	`68`	`}`
`70`	`69`
`71`		`-ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCard::Session& session,`
`72`		`- byte_type pinReference) const`
	`70`	`+ElectronicID::PinInfo EIDThales::pinRetriesLeft(const SmartCard::Session& session,`
	`71`	`+ byte_type pinReference, bool pinActive) const`
`73`	`72`	`{`
`74`	`73`	`const auto GET_DATA = smartcard().protocol() == SmartCard::Protocol::T1`
`75`	`74`	`? CommandApdu {0x00, 0xCB, 0x00, 0xFF, {0xA0, 0x03, 0x83, 0x01, pinReference}, 0x00}`
`@@ -78,8 +77,9 @@ ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCar`
`78`	`77`	`if (!response.isOK()) {`
`79`	`78`	`THROW(SmartCardError, "Command GET DATA failed with error " + response);`
`80`	`79`	`}`
`81`		`- if (TLV info = TLV(response.data).find(0xA0)[0xdf21]) {`
`82`		`- return {*info.begin, maximumPinRetries()};`
	`80`	`+ if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {`
	`81`	`+ TLV pinChanged = info[0xdf2f];`
	`82`	`+ return {count.begin, maximumPinRetries(), pinActive \|\| pinChanged.begin};`
`83`	`83`	`}`
`84`	`84`	`THROW(SmartCardError,`
`85`	`85`	`"Command GET DATA failed: received data does not contain the PIN remaining retries info");`
`@@ -147,10 +147,9 @@ byte_vector EIDThales::sign(const SmartCard::Session& session, const HashAlgorit`
`147`	`147`	`return std::move(signature.data);`
`148`	`148`	`}`
`149`	`149`
`150`		`-ElectronicID::PinRetriesRemainingAndMax`
`151`		`-EIDThales::signingPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`150`	`+ElectronicID::PinInfo EIDThales::signingPinInfoImpl(const SmartCard::Session& session) const`
`152`	`151`	`{`
`153`		`- return pinRetriesLeft(session, SIGNING_PIN_REFERENCE);`
	`152`	`+ return pinRetriesLeft(session, SIGNING_PIN_REFERENCE, false);`
`154`	`153`	`}`
`155`	`154`
`156`	`155`	`byte_vector EIDThales::signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,`
Original file line number	Diff line number	Diff line change
`@@ -255,9 +255,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::authPinMinMaxLength() const`
`255`	`255`	`return {authToken.minPinLen, authToken.maxPinLen};`
`256`	`256`	`}`
`257`	`257`
`258`		`-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::authPinRetriesLeft() const`
	`258`	`+ElectronicID::PinInfo Pkcs11ElectronicID::authPinInfo() const`
`259`	`259`	`{`
`260`		`- return {authToken.retry, module.retryMax};`
	`260`	`+ return {authToken.retry, module.retryMax, true};`
`261`	`261`	`}`
`262`	`262`
`263`	`263`	`pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(byte_vector&& pin,`
`@@ -295,9 +295,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::signingPinMinMaxLength() const`
`295`	`295`	`return {signingToken.minPinLen, signingToken.maxPinLen};`
`296`	`296`	`}`
`297`	`297`
`298`		`-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::signingPinRetriesLeft() const`
	`298`	`+ElectronicID::PinInfo Pkcs11ElectronicID::signingPinInfo() const`
`299`	`299`	`{`
`300`		`- return {signingToken.retry, module.retryMax};`
	`300`	`+ return {signingToken.retry, module.retryMax, true};`
`301`	`301`	`}`
`302`	`302`
`303`	`303`	`ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(byte_vector&& pin,`