Show locked card warning

client/Application.cpp

@@ -944,10 +944,9 @@ void Application::showClient(QStringList files, bool crypto, bool sign, bool new
 	if(files.isEmpty())
 		return;
 	QMetaObject::invokeMethod(w, [&] {
-		using enum ria::qdigidoc4::Pages;
 		if(sign)
 			sign = files.size() != 1 || !CONTAINER_EXT.contains(QFileInfo(files.value(0)).suffix(), Qt::CaseInsensitive);
-		w->selectPage(crypto && !sign ? CryptoIntro : SignIntro);
+		w->selectPage(crypto && !sign ? MainWindow::CryptoIntro : MainWindow::SignIntro);
 		w->openFiles(std::move(files), false, sign);
 	});
 }

client/MainWindow.cpp

@@ -50,7 +50,7 @@ using namespace std::chrono;
 
 MainWindow::MainWindow( QWidget *parent )
 	: QWidget( parent )
-	, ui( new Ui::MainWindow )
+	, ui(std::make_unique<Ui::MainWindow>())
 {
 	setAttribute(Qt::WA_DeleteOnClose, true);
 	setAcceptDrops( true );
@@ -125,12 +125,7 @@ MainWindow::MainWindow( QWidget *parent )
 	updateMyEid(qApp->signer()->smartcard()->data());
 }
 
-MainWindow::~MainWindow()
-{
-	digiDoc.reset();
-	cryptoDoc.reset();
-	delete ui;
-}
+MainWindow::~MainWindow() noexcept = default;
 
 void MainWindow::adjustDrops()
 {
@@ -709,27 +704,34 @@ void MainWindow::updateMyEid(const QSmartCardData &data)
 		return;
 	bool pin1Blocked = data.retryCount(QSmartCardData::Pin1Type) == 0;
 	bool pin2Blocked = data.retryCount(QSmartCardData::Pin2Type) == 0;
+	bool pin1Locked = data.pinLocked(QSmartCardData::Pin1Type);
 	bool pin2Locked = data.pinLocked(QSmartCardData::Pin2Type);
 	ui->myEid->warningIcon(
-		pin1Blocked ||
+		pin1Blocked || pin1Locked ||
 		pin2Blocked || pin2Locked ||
 		data.retryCount(QSmartCardData::PukType) == 0);
 	ui->signContainerPage->cardChanged(data.signCert(), pin2Blocked || pin2Locked);
-	ui->cryptoContainerPage->cardChanged(data.authCert(), pin1Blocked);
-
-	if(pin1Blocked)
-		ui->warnings->showWarning({WarningType::UnblockPin1Warning, 0,
-			[this]{ changePinClicked(QSmartCardData::Pin1Type, QSmartCard::UnblockWithPuk); }});
-
-	if(pin2Locked && pin2Blocked)
-		ui->warnings->showWarning({WarningType::ActivatePin2WithPUKWarning, 0,
-			[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::ActivateWithPuk); }});
-	else if(pin2Blocked)
-		ui->warnings->showWarning({WarningType::UnblockPin2Warning, 0,
-			[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::UnblockWithPuk); }});
-	else if(pin2Locked)
-		ui->warnings->showWarning({WarningType::ActivatePin2Warning, 0,
-			[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::ActivateWithPin); }});
+	ui->cryptoContainerPage->cardChanged(data.authCert(), pin1Blocked || pin1Locked);
+
+	using enum WarningText::WarningType;
+	if(pin1Locked)
+		ui->warnings->showWarning({LockedCardWarning});
+	else
+	{
+		if(pin1Blocked)
+			ui->warnings->showWarning({UnblockPin1Warning, 0,
+				[this]{ changePinClicked(QSmartCardData::Pin1Type, QSmartCard::UnblockWithPuk); }});
+
+		if(pin2Locked && pin2Blocked)
+			ui->warnings->showWarning({ActivatePin2WithPUKWarning, 0,
+				[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::ActivateWithPuk); }});
+		else if(pin2Blocked)
+			ui->warnings->showWarning({UnblockPin2Warning, 0,
+				[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::UnblockWithPuk); }});
+		else if(pin2Locked)
+			ui->warnings->showWarning({ActivatePin2Warning, 0,
+				[this]{ changePinClicked(QSmartCardData::Pin2Type, QSmartCard::ActivateWithPin); }});
+	}
 
 	const qint64 DAY = 24 * 60 * 60;
 	qint64 expiresIn = 106 * DAY;
@@ -741,12 +743,12 @@ void MainWindow::updateMyEid(const QSmartCardData &data)
 	if(expiresIn <= 0)
 	{
 		ui->myEid->invalidIcon(true);
-		ui->warnings->showWarning({WarningType::CertExpiredError});
+		ui->warnings->showWarning({CertExpiredError});
 	}
 	else if(expiresIn <= 105 * DAY)
 	{
 		ui->myEid->warningIcon(true);
-		ui->warnings->showWarning({WarningType::CertExpiryWarning});
+		ui->warnings->showWarning({CertExpiryWarning});
 	}
 }
 

client/MainWindow.h

@@ -37,11 +37,18 @@ class MainWindow final : public QWidget
 	Q_OBJECT
 
 public:
+	enum Pages : unsigned char {
+		SignIntro,
+		SignDetails,
+		CryptoIntro,
+		CryptoDetails,
+		MyEid
+	};
 	explicit MainWindow(QWidget *parent = nullptr);
-	~MainWindow() final;
+	~MainWindow() noexcept final;
 
 	void openFiles(QStringList files, bool addFile = false, bool forceCreate = false);
-	void selectPage(ria::qdigidoc4::Pages page);
+	void selectPage(Pages page);
 	void showSettings(int page);
 
 protected:
@@ -59,8 +66,7 @@ class MainWindow final : public QWidget
 	void convertToCDoc();
 	ria::qdigidoc4::ContainerState currentState();
 	bool encrypt();
-	void loadPicture();
-	void navigateToPage( ria::qdigidoc4::Pages page, const QStringList &files = QStringList(), bool create = true );
+	void navigateToPage(Pages page, const QStringList &files = QStringList(), bool create = true);
 	void onCryptoAction(int action, const QString &id, const QString &phone);
 	void onSignAction(int action, const QString &idCode, const QString &info2);
 	void openContainer(bool signature);
@@ -78,5 +84,5 @@ class MainWindow final : public QWidget
 
 	std::unique_ptr<CryptoDoc> cryptoDoc;
 	std::unique_ptr<DigiDoc> digiDoc;
-	Ui::MainWindow *ui;
+	std::unique_ptr<Ui::MainWindow> ui;
 };

client/QSmartCard.cpp

@@ -480,7 +480,10 @@
 		{
 			d->retry[QSmartCardData::PinType(type)] = quint8(retry.data[0]);
 			auto changed = info[0xDF2F];
-			d->locked[QSmartCardData::PinType(type)] = changed && changed.data[0] == 0;
+			d->locked[QSmartCardData::PinType(type)] = (changed && changed.data[0] == 0);
+			// FIXME: remove from production
+			if (type == QSmartCardData::Pin1Type && qEnvironmentVariableIsSet("PIN1_LOCKED"))
+				d->locked[QSmartCardData::PinType(type)] = true;
 		}
 		else
 			return false;

client/common_enums.h

@@ -53,34 +53,4 @@ enum Actions : unsigned char {
     ClearCryptoWarning,
 };
 
-enum Pages : unsigned char {
-    SignIntro,
-    SignDetails,
-    CryptoIntro,
-    CryptoDetails,
-    MyEid
-};
-
-enum WarningType : unsigned char {
-    NoWarning = 0,
-
-    CertExpiredError,
-    CertExpiryWarning,
-    UnblockPin1Warning,
-    UnblockPin2Warning,
-    ActivatePin2Warning,
-    ActivatePin1WithPUKWarning,
-    ActivatePin2WithPUKWarning,
-
-    InvalidSignatureError,
-    InvalidTimestampError,
-    UnknownSignatureWarning,
-    UnknownTimestampWarning,
-    UnsupportedAsicSWarning,
-    UnsupportedAsicCadesWarning,
-    UnsupportedDDocWarning,
-    UnsupportedCDocWarning,
-    EmptyFileWarning,
-};
-
 }

client/widgets/ContainerPage.cpp

@@ -328,13 +328,14 @@ void ContainerPage::transition(CryptoDoc *container, const QSslCertificate &cert
 		ui->rightPane->addWidget(new AddressItem(std::move(key), AddressItem::Icon, ui->rightPane));
 	}
 	if(hasUnsupported)
-		emit warning({UnsupportedCDocWarning});
+		emit warning({WarningText::UnsupportedCDocWarning});
 	ui->leftPane->setModel(container->documentModel());
 	updatePanes(container->state());
 }
 
 void ContainerPage::transition(DigiDoc* container)
 {
+	using enum WarningText::WarningType;
 	disconnect(ui->leftPane, &ItemList::removed, container, nullptr);
 	connect(ui->leftPane, &ItemList::removed, container, [this, container](int index) {
 		deleteConfirm(container, index);
@@ -386,7 +387,7 @@ void ContainerPage::transition(DigiDoc* container)
 	});
 
 	clear(ClearSignatureWarning);
-	std::map<ria::qdigidoc4::WarningType, int> errors;
+	std::map<WarningText::WarningType, int> errors;
 	setHeader(container->fileName());
 	ui->leftPane->init(fileName, QT_TRANSLATE_NOOP("ItemList", "Container files"));
 

client/widgets/SignatureItem.cpp

@@ -34,7 +34,7 @@ struct SignatureItem::Private: public Ui::SignatureItem
 {
 	DigiDocSignature signature;
 
-	ria::qdigidoc4::WarningType error = ria::qdigidoc4::NoWarning;
+	WarningText::WarningType error = WarningText::NoWarning;
 	QString serial;
 	QString roleText;
 };
@@ -77,8 +77,9 @@ void SignatureItem::init()
 {
 	const SslCertificate cert = ui->signature.cert();
 
+	using enum WarningText::WarningType;
 	ui->serial.clear();
-	ui->error = ria::qdigidoc4::NoWarning;
+	ui->error = NoWarning;
 	QString nameText;
 	if(!cert.isNull())
 	{
@@ -120,12 +121,12 @@ void SignatureItem::init()
 	case DigiDocSignature::Invalid:
 		ui->status->setLabel(QStringLiteral("error"));
 		ui->status->setText(isSignature ? tr("Signature is not valid") : tr("Timestamp is not valid"));
-		ui->error = isSignature ? ria::qdigidoc4::InvalidSignatureError : ria::qdigidoc4::InvalidTimestampError;
+		ui->error = isSignature ? InvalidSignatureError : InvalidTimestampError;
 		break;
 	case DigiDocSignature::Unknown:
 		ui->status->setLabel(QStringLiteral("error"));
 		ui->status->setText(isSignature ? tr("Signature is unknown") : tr("Timestamp is unknown"));
-		ui->error = isSignature ? ria::qdigidoc4::UnknownSignatureWarning : ria::qdigidoc4::UnknownTimestampWarning;
+		ui->error = isSignature ? UnknownSignatureWarning : UnknownTimestampWarning;
 		break;
 	}
 
@@ -183,7 +184,7 @@ bool SignatureItem::eventFilter(QObject *o, QEvent *e)
 	return Item::eventFilter(o, e);
 }
 
-ria::qdigidoc4::WarningType SignatureItem::getError() const
+WarningText::WarningType SignatureItem::getError() const
 {
 	return ui->error;
 }

client/widgets/SignatureItem.h

@@ -21,6 +21,8 @@
 
 #include "widgets/Item.h"
 
+#include "widgets/WarningItem.h"
+
 class DigiDocSignature;
 
 class SignatureItem final : public Item
@@ -31,7 +33,7 @@ class SignatureItem final : public Item
 	explicit SignatureItem(DigiDocSignature s, QWidget *parent = nullptr);
 	~SignatureItem() final;
 
-	ria::qdigidoc4::WarningType getError() const;
+	WarningText::WarningType getError() const;
 	void initTabOrder(QWidget *item) final;
 	bool isSelfSigned(const QString& cardCode) const;
 	QWidget* lastTabWidget() final;

client/widgets/VerifyCert.cpp

@@ -48,7 +48,7 @@ VerifyCert::VerifyCert(QWidget *parent)
 		CertificateDetails::showCertificate(c, this,
 			pinType == QSmartCardData::Pin1Type ? QStringLiteral("-auth") : QStringLiteral("-sign"));
 	});
-	connect(ui->checkCert, &QToolButton::clicked, this, [this]{
+	connect(ui->checkCert, &QToolButton::clicked, this, [this] {
 		auto *dlg = WarningDialog::create(this);
 		QString readMore = tr("Read more <a href=\"https://www.id.ee/en/article/validity-of-id-card-certificates/\">here</a>.");
 		switch(c.validateOnline())
@@ -118,17 +118,18 @@ void VerifyCert::update(QSmartCardData::PinType type, const QSmartCardData &data
 	update();
 }
 
-void VerifyCert::update(QSmartCardData::PinType type, const SslCertificate &cert)
+void VerifyCert::update(QSmartCardData::PinType type, SslCertificate cert)
 {
 	pinType = type;
-	c = cert;
+	c = std::move(cert);
 	update();
 }
 
 void VerifyCert::update()
 {
 	if(cardData.isNull() && c.isNull())
 		return clear();
+	bool isLockedCard = !cardData.isNull() && cardData.pinLocked(QSmartCardData::Pin1Type);
 	bool isLockedPin = !cardData.isNull() && pinType == QSmartCardData::Pin2Type && cardData.pinLocked(pinType);
 	bool isBlockedPin = !cardData.isNull() && cardData.retryCount(pinType) == 0;
 	bool isBlockedPuk = !cardData.isNull() && cardData.retryCount(QSmartCardData::PukType) == 0;
@@ -183,6 +184,9 @@ void VerifyCert::update()
 		{
 			ui->validUntil->setText(tr("Certificate has expired!"));
 			ui->validUntil->setLabel(QStringLiteral("error"));
+			icon = QStringLiteral(":/images/icon_alert_large_error.svg");
+			ui->info->setLabel(QStringLiteral("error"));
+			ui->info->setText(tr("PIN%1 can not be used because the certificate has expired.").arg(pinType));
 		}
 		else if(qint64 leftDays = std::max<qint64>(0, QDateTime::currentDateTime().daysTo(c.expiryDate().toLocalTime())); leftDays <= 105 && !c.isNull())
 		{
@@ -194,18 +198,20 @@ void VerifyCert::update()
 
 		ui->changePIN->setText(tr("Change PIN%1").arg(pinType));
 		ui->forgotPinLink->setText(tr("Change with PUK code"));
-		ui->changePIN->setHidden((isBlockedPin && isBlockedPuk) || isTempelType);
+		ui->changePIN->setHidden(isLockedCard || (isBlockedPin && isBlockedPuk) || isTempelType);
 
 		if(isTempelType)
 		{
 			ui->info->setLabel({});
 			ui->info->setText(tr("PIN can be changed only using eToken utility"));
 		}
-		else if(isInvalidCert)
+		else if(isLockedCard)
 		{
-			icon = QStringLiteral(":/images/icon_alert_large_error.svg");
-			ui->info->setLabel(QStringLiteral("error"));
-			ui->info->setText(tr("PIN%1 can not be used because the certificate has expired.").arg(pinType));
+			icon = QStringLiteral(":/images/icon_alert_large_warning.svg");
+			ui->info->setLabel(QStringLiteral("warning"));
+			ui->info->setText(pinType == QSmartCardData::Pin1Type ?
+				tr("The ID-card must be activated in order to authenticate") :
+				tr("The ID-card must be activated in order to sign"));
 		}
 		else if(isBlockedPin)
 		{
@@ -234,9 +240,9 @@ void VerifyCert::update()
 	if(!icon.isEmpty())
 		ui->nameIcon->load(icon);
 
-	ui->links->setHidden(pinType == QSmartCardData::PukType && (isBlockedPuk || !isPUKReplacable)); // Keep visible in PUK to align fields equaly
+	ui->links->setHidden(pinType == QSmartCardData::PukType && ui->changePIN->isHidden());
 	ui->details->setHidden(pinType == QSmartCardData::PukType);
-	ui->forgotPinLink->setHidden(pinType == QSmartCardData::PukType || isBlockedPin || isBlockedPuk || isTempelType);
+	ui->forgotPinLink->setHidden(pinType == QSmartCardData::PukType || isLockedCard || isBlockedPin || isBlockedPuk || isTempelType);
 	ui->checkCert->setHidden(pinType == QSmartCardData::PukType || isInvalidCert);
 }
 

client/widgets/VerifyCert.h

@@ -36,7 +36,7 @@ class VerifyCert final : public StyledWidget
 
 	void clear();
 	void update(QSmartCardData::PinType type, const QSmartCardData &data);
-	void update(QSmartCardData::PinType type, const SslCertificate &cert);
+	void update(QSmartCardData::PinType type, SslCertificate cert);
 
 signals:
 	void changePinClicked(QSmartCard::PinAction);