From af2addbb2cc510161378c813e0bc9051a14d148c Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Wed, 11 Feb 2026 15:54:44 +0200
Subject: [PATCH] Detect courier delivered cards

WE2-1182

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 src/electronic-ids/pcsc/EIDThales.cpp    |  4 ++++
 src/electronic-ids/pcsc/EstEIDThales.hpp |  5 +++++
 tests/integration/test-signing.cpp       | 20 +++++++++++---------
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/src/electronic-ids/pcsc/EIDThales.cpp b/src/electronic-ids/pcsc/EIDThales.cpp
index d2f66fc..b484431 100644
--- a/src/electronic-ids/pcsc/EIDThales.cpp
+++ b/src/electronic-ids/pcsc/EIDThales.cpp
@@ -78,6 +78,10 @@ ElectronicID::PinInfo EIDThales::pinRetriesLeft(const SmartCard::Session& sessio
     }
     if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
         TLV pinChanged = info[0xdf2f];
+        // FIXME: Remove before release
+        if (getenv("PIN1_LOCKED")) {
+            return {*count.begin, maximumPinRetries(), false};
+        }
         return {*count.begin, maximumPinRetries(), pinActive || !pinChanged || *pinChanged.begin};
     }
     THROW(SmartCardError,
diff --git a/src/electronic-ids/pcsc/EstEIDThales.hpp b/src/electronic-ids/pcsc/EstEIDThales.hpp
index 21f64d9..fa5c641 100644
--- a/src/electronic-ids/pcsc/EstEIDThales.hpp
+++ b/src/electronic-ids/pcsc/EstEIDThales.hpp
@@ -40,6 +40,11 @@ class EstEIDThales : public EIDThales
         return CommandApdu::selectEF(0x08, {0xAD, 0xF1, 0x34, 0x11});
     }
     constexpr byte_type authPinReference() const override { return 0x81; }
+    PinInfo authPinInfoImpl(const SmartCard::Session& session) const override
+    {
+        // Some EstEID cards must set PIN-s first to use card
+        return pinRetriesLeft(session, authPinReference(), false);
+    }
     constexpr int8_t maximumPinRetries() const override { return 3; }
     PCSC_CPP_CONSTEXPR_VECTOR CommandApdu signCertFile() const override
     {
diff --git a/tests/integration/test-signing.cpp b/tests/integration/test-signing.cpp
index eac4e5c..f673773 100644
--- a/tests/integration/test-signing.cpp
+++ b/tests/integration/test-signing.cpp
@@ -25,8 +25,6 @@
 
 #include "gtest/gtest.h"
 
-#include <algorithm>
-
 using namespace electronic_id;
 using namespace pcsc_cpp;
 
@@ -49,14 +47,18 @@ static void signing(HashAlgorithm hashAlgo)
     GTEST_ASSERT_GE(cardInfo->signingPinInfo().retryCount, 0U);
 
     byte_vector pin;
-    if (cardInfo->name() == "EstEID IDEMIA v1" || cardInfo->name() == "EstEIDThales")
-        pin = {'1', '2', '3', '4', '5'}; // EstIDEMIA test card default PIN2
-    else if (cardInfo->name() == "LatEID IDEMIA v1" || cardInfo->name() == "LatEID IDEMIA v2")
-        pin = {'1', '2', '3', '4', '5', '6'}; // LatIDEMIA test card default PIN2
-    else if (cardInfo->name() == "FinEID v3" || cardInfo->name() == "FinEID v4")
-        pin = {'1', '2', '3', '4', '5', '6'}; // FinEID custom PIN
-    else
+    switch (cardInfo->type()) {
+        using enum ElectronicID::Type;
+    case ElectronicID::EstEID:
+        pin = {'1', '2', '3', '4', '5'}; // EstEID test card default PIN2
+        break;
+    case ElectronicID::LatEID: // LatIDEMIA test card default PIN2
+    case ElectronicID::FinEID: // FinEID custom PIN
+        pin = {'1', '2', '3', '4', '5', '6'};
+        break;
+    default:
         throw std::runtime_error("TEST signing: Unknown card");
+    }
     pin.reserve(64);
 
     std::cout << "WARNING! Using hard-coded PIN " << std::string(pin.cbegin(), pin.cend()) << '\n';