Show warning when card requires activation (#373)

metsma · web-flow · commit 9c5f9ff203d0 · 2025-10-20T09:05:56.000+03:00
WE2-1114, WE2-1119

Signed-off-by: Raul Metsma &lt;raul@metsma.ee&gt;
diff --git a/.github/workflows/cmake-linux-fedora.yml b/.github/workflows/cmake-linux-fedora.yml
@@ -14,7 +14,7 @@ jobs:
     container: fedora:${{ matrix.container }}
     strategy:
       matrix:
-        container: [41, 42]
+        container: [41, 42, 43]
 
     steps:
       - name: Install Deps
diff --git a/.github/workflows/cmake-linux-ubuntu.yml b/.github/workflows/cmake-linux-ubuntu.yml
@@ -17,7 +17,7 @@ jobs:
     container: ubuntu:${{matrix.container}}
     strategy:
       matrix:
-        container: ['22.04', '24.04', '25.04']
+        container: ['22.04', '24.04', '25.04', '25.10']
         arch: ['amd64', 'arm64']
 
     steps:
diff --git a/.github/workflows/cmake-macos.yml b/.github/workflows/cmake-macos.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
 
@@ -64,7 +64,7 @@ jobs:
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.9.1
+          version: 6.9.3
           arch: clang_64
 
       - name: Configure
diff --git a/.github/workflows/cmake-windows.yml b/.github/workflows/cmake-windows.yml
@@ -6,31 +6,42 @@ env:
   BUILD_TYPE: RelWithDebInfo
   BUILD_NUMBER: ${{github.run_number}}
   CMAKE_BUILD_PARALLEL_LEVEL: 4
+  VCPKG_INSTALLED_DIR: ${{ github.workspace }}/build/vcpkg_installed
+  # Use libelectronic-id vcpkg manifest for dependencies
+  VCPKG_MANIFEST_DIR: ./lib/libelectronic-id/.github
 
 jobs:
   build:
-    runs-on: windows-2022
+    runs-on: windows-2025
     strategy:
       matrix:
         arch: [x64, arm64]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
 
+      - name: Cache vcpkg
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/vcpkg_cache
+          key: vcpkg-${{ matrix.arch }}-${{ hashFiles(format('{0}/vcpkg.json', env.VCPKG_MANIFEST_DIR)) }}
+
       - name: Prepare vcpkg and libraries
-        uses: lukka/run-vcpkg@v7
+        uses: lukka/run-vcpkg@v11
         with:
-          vcpkgArguments: gtest openssl
-          vcpkgTriplet: ${{matrix.arch}}-windows
-          vcpkgGitCommitId: 031ad89ce6c575df35a8e58707ad2c898446c63e
+          vcpkgJsonGlob: ${{ env.VCPKG_MANIFEST_DIR }}/vcpkg.json
+          runVcpkgInstall: true
+        env:
+          VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite
+          VCPKG_DEFAULT_TRIPLET: ${{ matrix.arch }}-windows
 
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.9.1
+          version: 6.9.3
           arch: ${{ matrix.arch == 'arm64' && 'win64_msvc2022_arm64_cross_compiled' || 'win64_msvc2022_64' }}
 
       - name: Setup MS Visual C++ dev env
@@ -40,16 +51,17 @@ jobs:
 
       - name: Install WiX
         run: |
-          dotnet tool install --global wix --version 6.0.1
-          wix extension -g add WixToolset.UI.wixext/6.0.1
-          wix extension -g add WixToolset.Util.wixext/6.0.1
-          wix extension -g add WixToolset.BootstrapperApplications.wixext/6.0.1
+          dotnet tool install --global wix --version 6.0.2
+          wix extension -g add WixToolset.UI.wixext/6.0.2
+          wix extension -g add WixToolset.Util.wixext/6.0.2
+          wix extension -g add WixToolset.BootstrapperApplications.wixext/6.0.2
 
       - name: Configure
         run: |
           cmake "-GNinja" -S . -B build `
             "-DCMAKE_TOOLCHAIN_FILE=${env:RUNVCPKG_VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" `
-            "-DCMAKE_BUILD_TYPE=${env:BUILD_TYPE}"
+            "-DCMAKE_BUILD_TYPE=${env:BUILD_TYPE}" `
+            "-DVCPKG_MANIFEST_DIR=${{ env.VCPKG_MANIFEST_DIR }}"
 
       - name: Build
         run: |
diff --git a/lib/libelectronic-id b/lib/libelectronic-id
@@ -1 +1 @@
-Subproject commit dfb29b8eef499507b5ea9858ea61a835e48bf308
+Subproject commit e7490d08ad8ec62c447cafa79684bd6c033dfb97
diff --git a/src/controller/certandpininfo.hpp b/src/controller/certandpininfo.hpp
@@ -40,10 +40,10 @@ struct PinInfo
     using PinMinMaxLength = std::pair<uint8_t, uint8_t>;
     using PinRetriesCount = std::pair<int8_t, int8_t>;
 
-    PinMinMaxLength pinMinMaxLength = {0, 0};
-    PinRetriesCount pinRetriesCount = {0, -1};
+    PinMinMaxLength pinMinMaxLength {0, 0};
+    PinRetriesCount pinRetriesCount {0, -1};
     bool readerHasPinPad = false;
-    bool pinIsBlocked = false;
+    constexpr bool pinIsBlocked() const { return pinRetriesCount.first == 0; }
 
     static constexpr int PIN_PAD_PIN_ENTRY_TIMEOUT = pcsc_cpp::PIN_PAD_PIN_ENTRY_TIMEOUT;
 };
@@ -55,6 +55,7 @@ struct EidCertificateAndPinInfo
     QSslCertificate certificate {};
     CertificateInfo certInfo;
     PinInfo pinInfo;
+    bool cardActive = true;
 };
 
 Q_DECLARE_METATYPE(EidCertificateAndPinInfo)
diff --git a/src/controller/command-handlers/certificatereader.cpp b/src/controller/command-handlers/certificatereader.cpp
@@ -50,7 +50,7 @@ EidCertificateAndPinInfo getCertificateWithStatusAndInfo(const ElectronicID::ptr
     auto serialNumber = certificate.subjectInfo(QSslCertificate::SerialNumber).join(' ');
 
     // http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf
-    if (serialNumber.size() > 6 && serialNumber.startsWith(QStringLiteral("PNO"))
+    if (serialNumber.size() > 6 && serialNumber.startsWith(QLatin1String("PNO"))
         && serialNumber[5] == '-')
         serialNumber.remove(0, 6);
 
@@ -61,16 +61,29 @@ EidCertificateAndPinInfo getCertificateWithStatusAndInfo(const ElectronicID::ptr
     CertificateInfo certInfo {
         certificateType, certificate.expiryDate() < QDateTime::currentDateTimeUtc(),
         certificate.effectiveDate() > QDateTime::currentDateTimeUtc(), std::move(subject)};
-    PinInfo pinInfo {certificateType.isAuthentication() ? eid->authPinMinMaxLength()
-                                                        : eid->signingPinMinMaxLength(),
-                     certificateType.isAuthentication() ? eid->authPinRetriesLeft()
-                                                        : eid->signingPinRetriesLeft(),
-                     eid->smartcard().readerHasPinPad()};
-    if (pinInfo.pinRetriesCount.first == 0) {
-        pinInfo.pinIsBlocked = true;
+    auto info = certificateType.isAuthentication() ? eid->authPinInfo() : eid->signingPinInfo();
+    PinInfo pinInfo {.pinMinMaxLength = certificateType.isAuthentication()
+                         ? eid->authPinMinMaxLength()
+                         : eid->signingPinMinMaxLength(),
+                     .pinRetriesCount {
+                         info.retryCount,
+                         info.maxRetry,
+                     },
+                     .readerHasPinPad = eid->smartcard().readerHasPinPad()};
+    bool cardActivated = info.pinActive;
+    if (certificateType == CertificateType::AUTHENTICATION && eid->type() == ElectronicID::EstEID
+        && eid->name() == "EstEIDThales") {
+        cardActivated = eid->signingPinInfo().pinActive;
     }
 
-    return {eid, std::move(certificateDer), certificate, std::move(certInfo), std::move(pinInfo)};
+    return {
+        .eid = eid,
+        .certificateBytesInDer = std::move(certificateDer),
+        .certificate = certificate,
+        .certInfo = std::move(certInfo),
+        .pinInfo = std::move(pinInfo),
+        .cardActive = cardActivated,
+    };
 }
 
 } // namespace
diff --git a/src/ui/certificatewidget.cpp b/src/ui/certificatewidget.cpp
@@ -112,11 +112,9 @@ void CertificateWidgetInfo::setCertificateInfo(const EidCertificateAndPinInfo& c
     info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
                       .arg(subject, issuer, effectiveDate, expiryDate, warning));
     info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
-                                      || cardCertPinInfo.pinInfo.pinIsBlocked);
-    if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
-        warnIcon->show();
-        warn->show();
-    }
+                                      || cardCertPinInfo.pinInfo.pinIsBlocked());
+    warnIcon->setVisible(warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked());
+    warn->setVisible(warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked());
 }
 
 void CertificateWidgetInfo::languageChange()
diff --git a/src/ui/dialog.ui b/src/ui/dialog.ui
@@ -211,6 +211,28 @@ height: 24px;
    <property name="bottomMargin">
     <number>20</number>
    </property>
+   <item>
+    <widget class="QLabel" name="lockedWarning">
+     <property name="styleSheet">
+      <string notr="true">background-color: #FAE7C9;
+color: #003168;
+font-family: Roboto, Helvetica;
+font-size: 14px;
+padding: 10px;
+border: none;
+border-radius: 4px;</string>
+     </property>
+     <property name="text">
+      <string>Signing with an ID-card isn't possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</string>
+     </property>
+     <property name="wordWrap">
+      <bool>true</bool>
+     </property>
+     <property name="openExternalLinks">
+      <bool>true</bool>
+     </property>
+    </widget>
+   </item>
    <item>
     <widget class="QStackedWidget" name="pageStack">
      <property name="currentIndex">
diff --git a/src/ui/translations/cs.ts b/src/ui/translations/cs.ts
@@ -157,6 +157,10 @@
         <source>Operation failed</source>
         <translation>Operace se nezdařila</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Chyba ovladače karty. Zkuste to prosím znovu.</translation>
@@ -193,6 +197,10 @@
         <source>Try again</source>
         <translation>Zkuste to znovu</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Zrušit</translation>
diff --git a/src/ui/translations/de.ts b/src/ui/translations/de.ts
@@ -155,13 +155,17 @@
         <source>Operation failed</source>
         <translation>Der Vorgang ist fehlgeschlagen</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Kartentreiberfehler. Bitte versuche es erneut.</translation>
     </message>
     <message>
         <source>Card driver error</source>
-        <translation>Kartentreiberfehler.</translation>
+        <translation>Kartentreiberfehler</translation>
     </message>
     <message>
         <source>An error occurred in the Smart Card service required to use the ID-card. Make sure that the ID-card and the card reader are connected correctly or relaunch the Smart Card service.</source>
@@ -191,6 +195,10 @@
         <source>Try again</source>
         <translation>Versuch es noch einmal</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Abbrechen</translation>
diff --git a/src/ui/translations/en.ts b/src/ui/translations/en.ts
@@ -155,6 +155,10 @@
         <source>Operation failed</source>
         <translation>Operation failed</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation>PIN entry disabled</translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Card driver error. Please try again.</translation>
@@ -191,6 +195,10 @@
         <source>Try again</source>
         <translation>Try again</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Cancel</translation>
diff --git a/src/ui/translations/et.ts b/src/ui/translations/et.ts
@@ -107,6 +107,10 @@
         <source>PIN entry cancelled.</source>
         <translation>PIN-koodi sisestamine katkestati.</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Launch the Smart Card service</source>
         <translation>Käivita Kiipkaardi teenus</translation>
@@ -191,6 +195,10 @@
         <source>Try again</source>
         <translation>Proovi uuesti</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation>ID-kaardiga allkirjastamine ei ole veel võimalik. Allkirjastamiseks tuleb DigiDoc4 rakenduses PIN2-koodi muuta. &lt;a href=&quot;https://www.id.ee/artikkel/id-kaardi-pin-ja-puk-koodide-muutmine/&quot;&gt;Lisainfo&lt;/a&gt;</translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Katkesta</translation>
diff --git a/src/ui/translations/fi.ts b/src/ui/translations/fi.ts
@@ -135,6 +135,10 @@
         <source>Operation failed</source>
         <translation>Toiminto epäonnistui</translation>
     </message>
+    <message>
+        <source>PIN entry disabled</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Card driver error. Please try again.</source>
         <translation>Kortinlukijan virhe. Yritä uudelleen.</translation>
@@ -163,6 +167,10 @@
         <source>Try again</source>
         <translation>Yritä uudelleen</translation>
     </message>
+    <message>
+        <source>Signing with an ID-card isn&apos;t possible yet. PIN2 code must be changed in DigiDoc4 application in order to sign. &lt;a href=&quot;https://www.id.ee/en/article/changing-id-card-pin-codes-and-puk-code/&quot;&gt;Additional information&lt;/a&gt;</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Cancel</source>
         <translation>Peruuta</translation>
@@ -177,7 +185,7 @@
     </message>
     <message>
         <source>https://www.id.ee/en/article/how-to-check-that-your-id-card-reader-is-working/</source>
-        <translation type="unfinished">https://www.id.ee/en/article/how-to-check-that-your-id-card-reader-is-working/</translation>
+        <translation>https://www.id.ee/en/article/how-to-check-that-your-id-card-reader-is-working/</translation>
     </message>
     <message>
         <source>By signing, I agree to the transfer of my name and personal identification code to the service provider.</source>
@@ -257,15 +265,15 @@
     </message>
     <message>
         <source>The inserted ID-card does not contain a certificate for the requested operation. Please insert an ID-card that supports the requested operation.</source>
-        <translation type="unfinished">Asennettu henkilökortti ei sisällä varmennetta pyydettyä toimintoa varten. Aseta sisään henkilökortti, joka tukee pyydettyä toimintoa.</translation>
+        <translation>Asennettu henkilökortti ei sisällä varmennetta pyydettyä toimintoa varten. Aseta sisään henkilökortti, joka tukee pyydettyä toimintoa.</translation>
     </message>
     <message>
         <source>Please enter PIN for authentication in the PIN dialog window that opens.</source>
-        <translation type="unfinished">Syötä PIN todennusta varten avautuvaan PIN-valintaikkunaan.</translation>
+        <translation>Syötä PIN todennusta varten avautuvaan PIN-valintaikkunaan.</translation>
     </message>
     <message>
         <source>Please enter PIN for signing in the PIN dialog window that opens.</source>
-        <translation type="unfinished">Syötä PIN kirjautumista varten avautuvaan PIN-valintaikkunaan.</translation>
+        <translation>Syötä PIN kirjautumista varten avautuvaan PIN-valintaikkunaan.</translation>
     </message>
     <message>
         <source>EN</source>
diff --git a/src/ui/translations/fr.ts b/src/ui/translations/fr.ts
diff --git a/src/ui/translations/hr.ts b/src/ui/translations/hr.ts
diff --git a/src/ui/translations/nl.ts b/src/ui/translations/nl.ts
diff --git a/src/ui/translations/ru.ts b/src/ui/translations/ru.ts
diff --git a/src/ui/translations/sk.ts b/src/ui/translations/sk.ts
diff --git a/src/ui/webeiddialog.cpp b/src/ui/webeiddialog.cpp
diff --git a/src/ui/webeiddialog.hpp b/src/ui/webeiddialog.hpp
