Fix error flow for cancel/incorrect/locked PIN for online container

Author: Lauris Kaplinski

client/CDocSupport.cpp

@@ -216,7 +216,17 @@ DDConfiguration::getValue(std::string_view domain, std::string_view param) const
 std::string
 DDNetworkBackend::getLastErrorStr(libcdoc::result_t code) const
 {
-	if (code == BACKEND_ERROR) return last_error;
+	switch (code) {
+		case DDCryptoBackend::PIN_CANCELED:
+			return "PIN entry canceled";
+		case DDCryptoBackend::PIN_INCORRECT:
+			return "PIN incorrect";
+		case DDCryptoBackend::PIN_LOCKED:
+			return "PIN locked";
+		case BACKEND_ERROR:
+		case DDCryptoBackend::BACKEND_ERROR:
+			return last_error;
+	}
 	return libcdoc::NetworkBackend::getLastErrorStr(code);
 }
 
@@ -278,7 +288,14 @@ DDNetworkBackend::fetchKey(std::vector<uint8_t> &result,
 		last_error = "No connection";
 		return BACKEND_ERROR;
 	}
-	auto authKey = dispatchToMain(&QSigner::key, qApp->signer());
+	QCryptoBackend::PinStatus pin_status;
+	auto authKey =  dispatchToMain([&] {
+		return qApp->signer()->key(pin_status);
+	});
+	if (!authKey.handle()) {
+		last_error = qApp->signer()->getLastErrorStr().toStdString();
+		return getDecryptStatus(result, pin_status);
+	}
 	QScopedPointer<QNetworkAccessManager,QScopedPointerDeleteLater> nam(
 				CheckConnection::setupNAM(req, qApp->signer()->tokenauth().cert(), authKey, Settings::CDOC2_GET_CERT));
 	QEventLoop e;

client/CryptoDoc.cpp

@@ -393,6 +393,15 @@ bool CryptoDoc::decrypt(const libcdoc::Lock *lock, const QByteArray& secret)
 		case libcdoc::INPUT_STREAM_ERROR:
 			str = tr("Cannot read file.");
 			break;
+		case DDCryptoBackend::PIN_CANCELED:
+			str = tr("PIN entry canceled");
+			break;
+		case DDCryptoBackend::PIN_INCORRECT:
+			str = tr("PIN incorrect");
+			break;
+		case DDCryptoBackend::PIN_LOCKED:
+			str = tr("PIN locked");
+			break;
 		default:
 			str = tr("Please check your internet connection and network settings.");
 			break;

client/QSigner.cpp

@@ -211,15 +211,29 @@ QByteArray QSigner::decrypt(std::function<QByteArray (QCryptoBackend *)> &&func,
 	return result;
 }
 
-QSslKey QSigner::key() const
+QSslKey QSigner::key(QCryptoBackend::PinStatus& pin_status)
 {
 	QSslKey key = d->auth.cert().publicKey();
-	if(!key.handle())
+	if(!key.handle()) {
+		pin_status = QCryptoBackend::GeneralError;
 		return {};
-	if(!d->lock.tryLockForWrite(10 * 1000))
+	}
+	if(!d->lock.tryLockForWrite(10 * 1000)) {
+		Q_EMIT error(tr("Failed to decrypt document"), tr("Signing/decrypting is already in progress another window."));
+		pin_status = QCryptoBackend::GeneralError;
+		return {};
+	}
+	switch(pin_status = QCryptoBackend::PinStatus(login(d->auth)))
+	{
+	case QCryptoBackend::PinOK: break;
+	case QCryptoBackend::PinCanceled: return {};
+	case QCryptoBackend::PinLocked:
+		Q_EMIT error(tr("Failed to decrypt document"), QCryptoBackend::errorString(pin_status));
 		return {};
-	if(login(d->auth) != QCryptoBackend::PinOK)
+	default:
+		Q_EMIT error(tr("Failed to decrypt document"), tr("Failed to login token") + ' ' + QCryptoBackend::errorString(pin_status));
 		return {};
+	}
 	if(key.algorithm() == QSsl::Ec)
 	{
 		auto *ec = (EC_KEY*)key.handle();

client/QSigner.h

@@ -42,7 +42,7 @@ class QSigner final: public QThread, public digidoc::Signer
 	QList<TokenData> cache() const;
 	digidoc::X509Cert cert() const final;
 	QByteArray decrypt(std::function<QByteArray (QCryptoBackend *)> &&func, QCryptoBackend::PinStatus& pin_status);
-	QSslKey key() const;
+	QSslKey key(QCryptoBackend::PinStatus& pin_status);
 	void logout() const;
 	void selectCard(const TokenData &token);
 	std::vector<unsigned char> sign( const std::string &method,