Return PIN locked info

metsma · mrts · commit e7490d08ad8e · 2025-10-16T14:47:34.000+03:00
WE2-1114

Signed-off-by: Raul Metsma &lt;raul@metsma.ee&gt;
diff --git a/.github/vcpkg.json b/.github/vcpkg.json
@@ -0,0 +1,5 @@
+{
+    "name": "web-eid-app",
+    "dependencies": ["openssl", "gtest"],
+    "builtin-baseline": "bc38a15b0bee8bc48a49ea267cc32fbb49aedfc4"
+}
diff --git a/.github/workflows/cmake-windows.yml b/.github/workflows/cmake-windows.yml
@@ -5,6 +5,8 @@ on: [push, pull_request]
 env:
   BUILD_TYPE: RelWithDebInfo
   CMAKE_BUILD_PARALLEL_LEVEL: 3
+  VCPKG_MANIFEST_DIR: .github
+  VCPKG_INSTALLED_DIR: ${{ github.workspace }}/build/vcpkg_installed
 
 jobs:
   build:
@@ -14,15 +16,25 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
+    - name: Cache vcpkg
+      uses: actions/cache@v4
+      with:
+        path: ${{ github.workspace }}/vcpkg_cache
+        key: vcpkg-${{ hashFiles(format('{0}/vcpkg.json', env.VCPKG_MANIFEST_DIR)) }}
+
     - name: Prepare vcpkg and libraries
-      uses: lukka/run-vcpkg@v7
+      uses: lukka/run-vcpkg@v11
       with:
-        vcpkgArguments: gtest:x64-windows openssl:x64-windows
-        vcpkgTriplet: x64-windows
-        vcpkgGitCommitId: 031ad89ce6c575df35a8e58707ad2c898446c63e
+        vcpkgJsonGlob: ${{ env.VCPKG_MANIFEST_DIR }}/vcpkg.json
+        runVcpkgInstall: true
+      env:
+        VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite
 
     - name: Configure CMake
-      run: cmake -A x64 "-DCMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" "-DCMAKE_BUILD_TYPE=${env:BUILD_TYPE}" -S . -B build
+      run: |
+        cmake -A x64 -S . -B build  "-DCMAKE_BUILD_TYPE=${env:BUILD_TYPE}" `
+          "-DCMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" `
+          "-DVCPKG_MANIFEST_DIR=${{ env.VCPKG_MANIFEST_DIR }}"
 
     - name: Build
       run: cmake --build build --config ${env:BUILD_TYPE}
diff --git a/include/electronic-id/electronic-id.hpp b/include/electronic-id/electronic-id.hpp
@@ -24,8 +24,8 @@
 
 #include "enums.hpp"
 
-#include <optional>
 #include <functional>
+#include <optional>
 
 namespace electronic_id
 {
@@ -37,11 +37,17 @@ class ElectronicID
 public:
     using ptr = std::shared_ptr<ElectronicID>;
     using PinMinMaxLength = std::pair<uint8_t, uint8_t>;
-    using PinRetriesRemainingAndMax = std::pair<uint8_t, int8_t>;
     using byte_vector = pcsc_cpp::byte_vector;
     using byte_type = pcsc_cpp::byte_type;
     using Signature = std::pair<byte_vector, SignatureAlgorithm>;
 
+    struct PinInfo
+    {
+        uint8_t retryCount;
+        int8_t maxRetry;
+        bool pinActive;
+    };
+
     enum Type : uint8_t {
         EstEID,
         FinEID,
@@ -68,7 +74,7 @@ class ElectronicID
 
     virtual PinMinMaxLength authPinMinMaxLength() const = 0;
 
-    virtual PinRetriesRemainingAndMax authPinRetriesLeft() const = 0;
+    virtual PinInfo authPinInfo() const = 0;
 
     virtual pcsc_cpp::byte_vector signWithAuthKey(byte_vector&& pin,
                                                   const byte_vector& hash) const = 0;
@@ -80,7 +86,7 @@ class ElectronicID
 
     virtual PinMinMaxLength signingPinMinMaxLength() const = 0;
 
-    virtual PinRetriesRemainingAndMax signingPinRetriesLeft() const = 0;
+    virtual PinInfo signingPinInfo() const = 0;
 
     virtual Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
                                          const HashAlgorithm hashAlgo) const = 0;
diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp
@@ -78,9 +78,9 @@ class MsCryptoApiElectronicID : public ElectronicID
         return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};
     }
 
-    PinRetriesRemainingAndMax authPinRetriesLeft() const override
+    PinInfo authPinInfo() const override
     {
-        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};
+        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};
     }
 
     byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;
@@ -92,9 +92,9 @@ class MsCryptoApiElectronicID : public ElectronicID
         return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};
     }
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override
+    PinInfo signingPinInfo() const override
     {
-        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};
+        return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};
     }
 
     Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.cpp b/src/electronic-ids/pcsc/EIDIDEMIA.cpp
@@ -107,8 +107,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const SmartCard::Session& session, by
     return std::move(response.data);
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDIDEMIA::authPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDIDEMIA::authPinInfoImpl(const SmartCard::Session& session) const
 {
     selectMain(session);
     return pinRetriesLeft(session, AUTH_PIN_REFERENCE);
@@ -154,15 +153,14 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const SmartCard::Sessi
             {isECC ? SignatureAlgorithm::ES : SignatureAlgorithm::RS, hashAlgo}};
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDIDEMIA::signingPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDIDEMIA::signingPinInfoImpl(const SmartCard::Session& session) const
 {
     selectADF2(session);
     return pinRetriesLeft(session, SIGN_PIN_REFERENCE);
 }
 
-ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,
-                                                                  byte_type pinReference)
+ElectronicID::PinInfo EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,
+                                                byte_type pinReference)
 {
     auto ref = byte_type(pinReference & 0x0F);
     const CommandApdu GET_DATA_ODD {
@@ -175,7 +173,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCar
     TLV max = info[0x9A];
     TLV tries = info[0x9B];
     if (max && tries) {
-        return {*tries.begin, *max.begin};
+        return {*tries.begin, int8_t(*max.begin), true};
     }
     THROW(SmartCardError, "Command GET DATA ODD failed: missing expected info");
 }
diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.hpp b/src/electronic-ids/pcsc/EIDIDEMIA.hpp
@@ -42,21 +42,18 @@ class EIDIDEMIA : public PcscElectronicID
     byte_vector getCertificateImpl(const SmartCard::Session& session,
                                    const CertificateType type) const override;
 
-    PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+    PinInfo authPinInfoImpl(const SmartCard::Session& session) const override;
     virtual KeyInfo authKeyRef(const SmartCard::Session& session) const;
     byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                     const byte_vector& hash) const override;
 
-    PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+    PinInfo signingPinInfoImpl(const SmartCard::Session& session) const override;
     virtual KeyInfo signKeyRef(const SmartCard::Session& session) const;
     Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                      const byte_vector& hash,
                                      const HashAlgorithm hashAlgo) const override;
 
-    static PinRetriesRemainingAndMax pinRetriesLeft(const SmartCard::Session& session,
-                                                    byte_type pinReference);
+    static PinInfo pinRetriesLeft(const SmartCard::Session& session, byte_type pinReference);
 
     static void selectMain(const SmartCard::Session& session);
     static void selectADF1(const SmartCard::Session& session);
diff --git a/src/electronic-ids/pcsc/EIDThales.cpp b/src/electronic-ids/pcsc/EIDThales.cpp
@@ -48,17 +48,15 @@ namespace
 
 constexpr byte_type PIN_PADDING_CHAR = 0x00;
 constexpr byte_type ECDSA_ALGO = 0x04;
-constexpr byte_type SIGNING_PIN_REFERENCE = 0x82;
 
 const auto SELECT_MAIN_AID = CommandApdu::select(
     0x04, {0xa0, 0x00, 0x00, 0x00, 0x63, 0x50, 0x4b, 0x43, 0x53, 0x2d, 0x31, 0x35});
 
 } // namespace
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDThales::authPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDThales::authPinInfoImpl(const SmartCard::Session& session) const
 {
-    return pinRetriesLeft(session, authPinReference());
+    return pinRetriesLeft(session, authPinReference(), true);
 }
 
 byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,
@@ -68,8 +66,8 @@ byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,
     return readFile(session, type.isAuthentication() ? authCertFile() : signCertFile());
 }
 
-ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCard::Session& session,
-                                                                  byte_type pinReference) const
+ElectronicID::PinInfo EIDThales::pinRetriesLeft(const SmartCard::Session& session,
+                                                byte_type pinReference, bool pinActive) const
 {
     const auto GET_DATA = smartcard().protocol() == SmartCard::Protocol::T1
         ? CommandApdu {0x00, 0xCB, 0x00, 0xFF, {0xA0, 0x03, 0x83, 0x01, pinReference}, 0x00}
@@ -78,8 +76,9 @@ ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCar
     if (!response.isOK()) {
         THROW(SmartCardError, "Command GET DATA failed with error " + response);
     }
-    if (TLV info = TLV(response.data).find(0xA0)[0xdf21]) {
-        return {*info.begin, maximumPinRetries()};
+    if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
+        TLV pinChanged = info[0xdf2f];
+        return {*count.begin, maximumPinRetries(), pinActive || !pinChanged || *pinChanged.begin};
     }
     THROW(SmartCardError,
           "Command GET DATA failed: received data does not contain the PIN remaining retries info");
@@ -147,10 +146,9 @@ byte_vector EIDThales::sign(const SmartCard::Session& session, const HashAlgorit
     return std::move(signature.data);
 }
 
-ElectronicID::PinRetriesRemainingAndMax
-EIDThales::signingPinRetriesLeftImpl(const SmartCard::Session& session) const
+ElectronicID::PinInfo EIDThales::signingPinInfoImpl(const SmartCard::Session& session) const
 {
-    return pinRetriesLeft(session, SIGNING_PIN_REFERENCE);
+    return pinRetriesLeft(session, SIGNING_PIN_REFERENCE, true);
 }
 
 byte_vector EIDThales::signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
diff --git a/src/electronic-ids/pcsc/EIDThales.hpp b/src/electronic-ids/pcsc/EIDThales.hpp
@@ -42,25 +42,24 @@ class EIDThales : public PcscElectronicID
     virtual constexpr byte_type signingKeyReference() const = 0;
 
     byte_vector getCertificateImpl(const SmartCard::Session& session,
-                                   const CertificateType type) const override;
-    PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const override;
-    PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const override;
+                                   CertificateType type) const override;
+    PinInfo authPinInfoImpl(const SmartCard::Session& session) const override;
+    PinInfo signingPinInfoImpl(const SmartCard::Session& session) const override;
     byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                     const byte_vector& hash) const override;
     Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                      const byte_vector& hash,
-                                     const HashAlgorithm hashAlgo) const override;
+                                     HashAlgorithm hashAlgo) const override;
 
-    PinRetriesRemainingAndMax pinRetriesLeft(const SmartCard::Session& session,
-                                             byte_type pinReference) const;
-    byte_vector sign(const SmartCard::Session& session, const HashAlgorithm hashAlgo,
+    PinInfo pinRetriesLeft(const SmartCard::Session& session, byte_type pinReference,
+                           bool pinActive) const;
+    byte_vector sign(const SmartCard::Session& session, HashAlgorithm hashAlgo,
                      const byte_vector& hash, byte_vector&& pin, byte_type pinReference,
                      PinMinMaxLength pinMinMaxLength, byte_type keyReference,
                      byte_type signatureAlgo) const;
 
     static constexpr byte_type AUTH_KEY_REFERENCE = 0x01;
+    static constexpr byte_type SIGNING_PIN_REFERENCE = 0x82;
 };
 
-} // namespace electronic_id
+} // namespace electronic_id
diff --git a/src/electronic-ids/pcsc/EstEIDThales.hpp b/src/electronic-ids/pcsc/EstEIDThales.hpp
@@ -47,6 +47,11 @@ class EstEIDThales : public EIDThales
     }
     constexpr byte_type signingKeyReference() const override { return 0x05; }
     constexpr PinMinMaxLength signingPinMinMaxLength() const override { return {5, 12}; }
+    PinInfo signingPinInfoImpl(const SmartCard::Session& session) const override
+    {
+        // EstEID cards must change PIN2 first to use signing key
+        return pinRetriesLeft(session, SIGNING_PIN_REFERENCE, false);
+    }
 };
 
-} // namespace electronic_id
+} // namespace electronic_id
diff --git a/src/electronic-ids/pcsc/PcscElectronicID.hpp b/src/electronic-ids/pcsc/PcscElectronicID.hpp
@@ -65,15 +65,9 @@ class PcscElectronicID : public ElectronicID
         return signWithSigningKeyImpl(card.beginSession(), std::move(pin), hash, hashAlgo);
     }
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override
-    {
-        return signingPinRetriesLeftImpl(card.beginSession());
-    }
+    PinInfo signingPinInfo() const override { return signingPinInfoImpl(card.beginSession()); }
 
-    ElectronicID::PinRetriesRemainingAndMax authPinRetriesLeft() const override
-    {
-        return authPinRetriesLeftImpl(card.beginSession());
-    }
+    PinInfo authPinInfo() const override { return authPinInfoImpl(card.beginSession()); }
 
     // The following pure virtual *Impl functions are the interface of all
     // PC/SC electronic ID implementations,
@@ -86,15 +80,13 @@ class PcscElectronicID : public ElectronicID
     virtual byte_vector signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                             const byte_vector& hash) const = 0;
 
-    virtual PinRetriesRemainingAndMax
-    authPinRetriesLeftImpl(const SmartCard::Session& session) const = 0;
+    virtual PinInfo authPinInfoImpl(const SmartCard::Session& session) const = 0;
 
     virtual Signature signWithSigningKeyImpl(const SmartCard::Session& session, byte_vector&& pin,
                                              const byte_vector& hash,
                                              const HashAlgorithm hashAlgo) const = 0;
 
-    virtual PinRetriesRemainingAndMax
-    signingPinRetriesLeftImpl(const SmartCard::Session& session) const = 0;
+    virtual PinInfo signingPinInfoImpl(const SmartCard::Session& session) const = 0;
 };
 
 } // namespace electronic_id
diff --git a/src/electronic-ids/pkcs11/PKCS11CardManager.hpp b/src/electronic-ids/pkcs11/PKCS11CardManager.hpp
@@ -135,7 +135,7 @@ class PKCS11CardManager
         std::string serialNumber;
         CK_SLOT_ID slotID;
         std::vector<CK_BYTE> cert, certID;
-        int8_t retry;
+        uint8_t retry;
         bool pinpad;
         uint8_t minPinLen, maxPinLen;
     };
@@ -362,7 +362,7 @@ class PKCS11CardManager
         return objectHandle;
     }
 
-    static constexpr int8_t pinRetryCount(CK_FLAGS flags) noexcept
+    static constexpr uint8_t pinRetryCount(CK_FLAGS flags) noexcept
     {
         // As PKCS#11 does not provide an API for querying remaining PIN retries, we currently
         // simply assume max retry count of 3, which is quite common. We might need to revisit this
diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp
@@ -255,9 +255,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::authPinMinMaxLength() const
     return {authToken.minPinLen, authToken.maxPinLen};
 }
 
-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::authPinRetriesLeft() const
+ElectronicID::PinInfo Pkcs11ElectronicID::authPinInfo() const
 {
-    return {authToken.retry, module.retryMax};
+    return {authToken.retry, module.retryMax, true};
 }
 
 pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(byte_vector&& pin,
@@ -295,9 +295,9 @@ ElectronicID::PinMinMaxLength Pkcs11ElectronicID::signingPinMinMaxLength() const
     return {signingToken.minPinLen, signingToken.maxPinLen};
 }
 
-ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::signingPinRetriesLeft() const
+ElectronicID::PinInfo Pkcs11ElectronicID::signingPinInfo() const
 {
-    return {signingToken.retry, module.retryMax};
+    return {signingToken.retry, module.retryMax, true};
 }
 
 ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(byte_vector&& pin,
diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp
@@ -58,13 +58,13 @@ class Pkcs11ElectronicID : public ElectronicID
     JsonWebSignatureAlgorithm authSignatureAlgorithm() const override;
     PinMinMaxLength authPinMinMaxLength() const override;
 
-    PinRetriesRemainingAndMax authPinRetriesLeft() const override;
+    PinInfo authPinInfo() const override;
     byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;
 
     const std::set<SignatureAlgorithm>& supportedSigningAlgorithms() const override;
     PinMinMaxLength signingPinMinMaxLength() const override;
 
-    PinRetriesRemainingAndMax signingPinRetriesLeft() const override;
+    PinInfo signingPinInfo() const override;
     Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,
                                  const HashAlgorithm hashAlgo) const override;
 
diff --git a/tests/integration/test-authenticate.cpp b/tests/integration/test-authenticate.cpp
@@ -53,7 +53,7 @@ TEST(electronic_id_test, authenticate)
             "currently supported");
     }
 
-    GTEST_ASSERT_GE(cardInfo->authPinRetriesLeft().first, 0U);
+    GTEST_ASSERT_GE(cardInfo->authPinInfo().retryCount, 0U);
 
     byte_vector pin {'1', '2', '3', '4'};
     pin.reserve(64);
diff --git a/tests/integration/test-signing.cpp b/tests/integration/test-signing.cpp
@@ -46,7 +46,7 @@ static void signing(HashAlgorithm hashAlgo)
 
     byte_vector cert = cardInfo->getCertificate(CertificateType::SIGNING);
 
-    GTEST_ASSERT_GE(cardInfo->signingPinRetriesLeft().first, 0U);
+    GTEST_ASSERT_GE(cardInfo->signingPinInfo().retryCount, 0U);
 
     byte_vector pin;
     if (cardInfo->name() == "EstEID IDEMIA v1" || cardInfo->name() == "EstEIDThales")
diff --git a/tests/mock/test-get-certificate.cpp b/tests/mock/test-get-certificate.cpp

Original file line number	Diff line number	Diff line change
`@@ -78,9 +78,9 @@ class MsCryptoApiElectronicID : public ElectronicID`
`78`	`78`	`return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};`
`79`	`79`	`}`
`80`	`80`
`81`		`- PinRetriesRemainingAndMax authPinRetriesLeft() const override`
	`81`	`+ PinInfo authPinInfo() const override`
`82`	`82`	`{`
`83`		`- return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};`
	`83`	`+ return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override;`
`@@ -92,9 +92,9 @@ class MsCryptoApiElectronicID : public ElectronicID`
`92`	`92`	`return {PIN_LENGTH_PLACEHOLDER, PIN_LENGTH_PLACEHOLDER};`
`93`	`93`	`}`
`94`	`94`
`95`		`- PinRetriesRemainingAndMax signingPinRetriesLeft() const override`
	`95`	`+ PinInfo signingPinInfo() const override`
`96`	`96`	`{`
`97`		`- return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER};`
	`97`	`+ return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER, true};`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash,`
Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,7 @@ byte_vector EIDIDEMIA::signWithAuthKeyImpl(const SmartCard::Session& session, by`
`107`	`107`	`return std::move(response.data);`
`108`	`108`	`}`
`109`	`109`
`110`		`-ElectronicID::PinRetriesRemainingAndMax`
`111`		`-EIDIDEMIA::authPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`110`	`+ElectronicID::PinInfo EIDIDEMIA::authPinInfoImpl(const SmartCard::Session& session) const`
`112`	`111`	`{`
`113`	`112`	`selectMain(session);`
`114`	`113`	`return pinRetriesLeft(session, AUTH_PIN_REFERENCE);`
`@@ -154,15 +153,14 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const SmartCard::Sessi`
`154`	`153`	`{isECC ? SignatureAlgorithm::ES : SignatureAlgorithm::RS, hashAlgo}};`
`155`	`154`	`}`
`156`	`155`
`157`		`-ElectronicID::PinRetriesRemainingAndMax`
`158`		`-EIDIDEMIA::signingPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`156`	`+ElectronicID::PinInfo EIDIDEMIA::signingPinInfoImpl(const SmartCard::Session& session) const`
`159`	`157`	`{`
`160`	`158`	`selectADF2(session);`
`161`	`159`	`return pinRetriesLeft(session, SIGN_PIN_REFERENCE);`
`162`	`160`	`}`
`163`	`161`
`164`		`-ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,`
`165`		`- byte_type pinReference)`
	`162`	`+ElectronicID::PinInfo EIDIDEMIA::pinRetriesLeft(const SmartCard::Session& session,`
	`163`	`+ byte_type pinReference)`
`166`	`164`	`{`
`167`	`165`	`auto ref = byte_type(pinReference & 0x0F);`
`168`	`166`	`const CommandApdu GET_DATA_ODD {`
`@@ -175,7 +173,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::pinRetriesLeft(const SmartCar`
`175`	`173`	`TLV max = info[0x9A];`
`176`	`174`	`TLV tries = info[0x9B];`
`177`	`175`	`if (max && tries) {`
`178`		`- return {tries.begin, max.begin};`
	`176`	`+ return {tries.begin, int8_t(max.begin), true};`
`179`	`177`	`}`
`180`	`178`	`THROW(SmartCardError, "Command GET DATA ODD failed: missing expected info");`
`181`	`179`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,17 +48,15 @@ namespace`
`48`	`48`
`49`	`49`	`constexpr byte_type PIN_PADDING_CHAR = 0x00;`
`50`	`50`	`constexpr byte_type ECDSA_ALGO = 0x04;`
`51`		`-constexpr byte_type SIGNING_PIN_REFERENCE = 0x82;`
`52`	`51`
`53`	`52`	`const auto SELECT_MAIN_AID = CommandApdu::select(`
`54`	`53`	`0x04, {0xa0, 0x00, 0x00, 0x00, 0x63, 0x50, 0x4b, 0x43, 0x53, 0x2d, 0x31, 0x35});`
`55`	`54`
`56`	`55`	`} // namespace`
`57`	`56`
`58`		`-ElectronicID::PinRetriesRemainingAndMax`
`59`		`-EIDThales::authPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`57`	`+ElectronicID::PinInfo EIDThales::authPinInfoImpl(const SmartCard::Session& session) const`
`60`	`58`	`{`
`61`		`- return pinRetriesLeft(session, authPinReference());`
	`59`	`+ return pinRetriesLeft(session, authPinReference(), true);`
`62`	`60`	`}`
`63`	`61`
`64`	`62`	`byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,`
`@@ -68,8 +66,8 @@ byte_vector EIDThales::getCertificateImpl(const SmartCard::Session& session,`
`68`	`66`	`return readFile(session, type.isAuthentication() ? authCertFile() : signCertFile());`
`69`	`67`	`}`
`70`	`68`
`71`		`-ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCard::Session& session,`
`72`		`- byte_type pinReference) const`
	`69`	`+ElectronicID::PinInfo EIDThales::pinRetriesLeft(const SmartCard::Session& session,`
	`70`	`+ byte_type pinReference, bool pinActive) const`
`73`	`71`	`{`
`74`	`72`	`const auto GET_DATA = smartcard().protocol() == SmartCard::Protocol::T1`
`75`	`73`	`? CommandApdu {0x00, 0xCB, 0x00, 0xFF, {0xA0, 0x03, 0x83, 0x01, pinReference}, 0x00}`
`@@ -78,8 +76,9 @@ ElectronicID::PinRetriesRemainingAndMax EIDThales::pinRetriesLeft(const SmartCar`
`78`	`76`	`if (!response.isOK()) {`
`79`	`77`	`THROW(SmartCardError, "Command GET DATA failed with error " + response);`
`80`	`78`	`}`
`81`		`- if (TLV info = TLV(response.data).find(0xA0)[0xdf21]) {`
`82`		`- return {*info.begin, maximumPinRetries()};`
	`79`	`+ if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {`
	`80`	`+ TLV pinChanged = info[0xdf2f];`
	`81`	`+ return {count.begin, maximumPinRetries(), pinActive \|\| !pinChanged \|\| pinChanged.begin};`
`83`	`82`	`}`
`84`	`83`	`THROW(SmartCardError,`
`85`	`84`	`"Command GET DATA failed: received data does not contain the PIN remaining retries info");`
`@@ -147,10 +146,9 @@ byte_vector EIDThales::sign(const SmartCard::Session& session, const HashAlgorit`
`147`	`146`	`return std::move(signature.data);`
`148`	`147`	`}`
`149`	`148`
`150`		`-ElectronicID::PinRetriesRemainingAndMax`
`151`		`-EIDThales::signingPinRetriesLeftImpl(const SmartCard::Session& session) const`
	`149`	`+ElectronicID::PinInfo EIDThales::signingPinInfoImpl(const SmartCard::Session& session) const`
`152`	`150`	`{`
`153`		`- return pinRetriesLeft(session, SIGNING_PIN_REFERENCE);`
	`151`	`+ return pinRetriesLeft(session, SIGNING_PIN_REFERENCE, true);`
`154`	`152`	`}`
`155`	`153`
`156`	`154`	`byte_vector EIDThales::signWithAuthKeyImpl(const SmartCard::Session& session, byte_vector&& pin,`