Added user pin input

msetina · Mar 25, 2024 · 9525f90 · 9525f90
1 parent 572e5dd
commit 9525f90
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 13 deletions.
diff --git a/README.rst b/README.rst
@@ -53,17 +53,18 @@ tell pyHanko where to look for the eOI PKCS#11 library.
 
 On Linux, it is named ``opensc-pkcs11.so`` and can usually be found under
 ``/usr/lib`` or ``/usr/local/lib``.
-On macOS, it is named ``opensc-pkcs11.dylib``, and can similarly be found under
-``/usr/local/lib``.
-The Windows version is typically installed to ``C:\Windows\System32`` and is
+On macOS, it is named ``opensc-pkcs11.so``, and can similarly be found under
+``/Library/OpenSC/lib``.
+The Windows version is typically installed to ``C:\Program Files\OpenSC Project\OpenSC\pkcs11`` and is
 called ``opensc-pkcs11.dll``.
+Official (IDProtect) typical install has its PKCS11 library in ``C:\Windows\System32`` with a name ``asepkcs.dll``
 
 
 On Linux, this boils down to the following:
 
 .. code-block:: bash
 
-    pyhanko sign addsig --field Sig1 eoi --user-pin 12345 \
+    pyhanko sign addsig --field Sig1 eoi \
         --lib /path/to/opensc-pkcs11.so input.pdf output.pdf
 
 

diff --git a/pyhanko_eoi/cli.py b/pyhanko_eoi/cli.py
@@ -71,6 +71,18 @@ def _eoi_signer_context(ctx: CLIContext, lib, token_label, user_pin):
     else:
         module_path = lib
 
+    pksc11_lib_type = "opensc"
+
+    if token_label in eoi.tokens[pksc11_lib_type]:
+        token_tp = eoi.tokens[pksc11_lib_type][token_label]
+        if "needs_pin" in token_tp:
+            if token_tp["needs_pin"] and not user_pin:
+                user_pin = input("PIN:")
+    else:
+        raise click.ClickException(
+            "The --token_label option you provided is not known to this card."
+        )
+
     @contextlib.contextmanager
     def manager():
         try:

diff --git a/pyhanko_eoi/eoi.py b/pyhanko_eoi/eoi.py
@@ -12,6 +12,18 @@
 from pkcs11 import KeyType, ObjectClass, Session
 from pyhanko.sign import pkcs11 as sign_pkcs11
 
+tokens = {
+    "opensc": {
+        "Prijava brez PIN-a (Norm PIN)": {"needs_pin": False},
+        "Podpis in prijava (Norm PIN)": {"needs_pin": True},
+        "Podpis in prijava (Sig PIN)": {"needs_pin": True},
+    },
+    "nxp": {
+        "Prijava brez PIN-a": {"needs_pin": False},
+        "Podpis in prijava": {"needs_pin": True},
+    },
+}
+
 __all__ = ["open_eoi_session", "EOISigner"]
 
 
@@ -38,19 +50,15 @@ def open_eoi_session(
     :return:
         An open PKCS#11 session object.
     """
+    pksc11_lib_type = "opensc"
 
-    opensc_eoi_tokens = [
-        "Prijava brez PIN-a (Norm PIN)",
-        "Podpis in prijava (Norm PIN)",
-        "Podpis in prijava (Sig PIN)",
-    ]
-    if token_label in opensc_eoi_tokens:
+    if token_label in tokens[pksc11_lib_type]:
         if user_pin:
             return sign_pkcs11.open_pkcs11_session(
                 lib_location, user_pin=user_pin, token_label=token_label
             )
         else:
-            if token_label == "Prijava brez PIN-a (Norm PIN)":
+            if not tokens[pksc11_lib_type][token_label]["needs_pin"]:
                 return sign_pkcs11.open_pkcs11_session(
                     lib_location, token_label=token_label
                 )

diff --git a/pyhanko_eoi_tests/test_cli.py b/pyhanko_eoi_tests/test_cli.py
@@ -81,6 +81,7 @@ def test_cli_addsig_eoi(cli_runner, monkeypatch):
             INPUT_PATH,
             "output.pdf",
         ],
+        "12345",
     )
     assert not result.exception, result.output
 
@@ -103,6 +104,7 @@ def test_cli_addsig_eoi_with_setup(cli_runner, monkeypatch):
             INPUT_PATH,
             SIGNED_OUTPUT_PATH,
         ],
+        "12345",
     )
     assert not result.exception, result.output
 
@@ -124,6 +126,7 @@ def test_cli_eoi_lib_mandatory(cli_runner, monkeypatch):
             INPUT_PATH,
             SIGNED_OUTPUT_PATH,
         ],
+        "12345",
     )
     assert result.exit_code == 1
     assert "--lib option is mandatory" in result.output
@@ -152,6 +155,7 @@ def _throw(*_args, **_kwargs):
             INPUT_PATH,
             SIGNED_OUTPUT_PATH,
         ],
+        "12345",
     )
     assert result.exit_code == 1
     assert "PKCS#11 error" in result.output
@@ -182,6 +186,33 @@ def _throw(*_args, **_kwargs):
             INPUT_PATH,
             SIGNED_OUTPUT_PATH,
         ],
+        "12345",
     )
     assert result.exit_code == 1
-    assert "PKCS#11 error" in result.output
+    assert "Error" in result.output
+
+
+def test_cli_addsig_eoi_with_pin(cli_runner, monkeypatch):
+    from pyhanko_eoi import eoi
+
+    monkeypatch.setattr(eoi, "open_eoi_session", value=_const(_DummyManager()))
+    monkeypatch.setattr(eoi, "EOISigner", value=_const(SELF_SIGN))
+    with open("libeoipkcs11-mock", "wb") as mocklib:
+        mocklib.write(b"\x00")
+    result = cli_runner.invoke(
+        cli_root,
+        [
+            "sign",
+            "addsig",
+            "--field",
+            "Sig1",
+            "eoi",
+            "--lib",
+            "libeoipkcs11-mock",
+            "--user_pin",
+            "12345",
+            INPUT_PATH,
+            SIGNED_OUTPUT_PATH,
+        ],
+    )
+    assert not result.exception, result.output
diff --git a/pyproject.toml b/pyproject.toml
@@ -33,7 +33,7 @@ requires-python = ">=3.10"
 dependencies = [
     "pyHanko[pkcs11]>=0.23.0",
 ]
-version = "0.1.1"
+version = "0.1.2"
 
 
 [project.readme]