Pin

public final class Pin

Class that represents a PIN that protects smart card contents.

  • Returns the index of the PIN inside the card.

    Declaration

    Swift

    public func getIndex() -> Int

    Return Value

    the pin index.

  • Returns the associated token.

    Declaration

    Swift

    public func getToken() -> Token

    Return Value

    the parent token.

  • Returns the PIN label.

    Declaration

    Swift

    public func getLabel() -> String

    Return Value

    The PIN label or an empty string if the information is unavailable.

  • Returns if the PIN is initialized and ready to be used.

    Declaration

    Swift

    public func isInitialized() -> Bool

    Return Value

    true if the PIN has been initialized, false otherwise.

  • Returns if the PIN needs to be changed before use.

    Declaration

    Swift

    public func isToBeChanged() -> Bool

    Return Value

    true if the PIN needs to be changed before use, false otherwise.

  • Returns if the PIN is blocked.

    Declaration

    Swift

    public func isBlocked() -> Bool

    Return Value

    true if the PIN is blocked, false otherwise.

  • Returns if the PIN try counter is lower than the maximum (an unsuccessful verification attempt has been made).

    Declaration

    Swift

    public func isTryCountLow() -> Bool

    Return Value

    true if the PIN try counter is lower than the maximum, false otherwise.

  • Returns if the PIN try counter shows only one remaining attempt.

    Declaration

    Swift

    public func isLastTry() -> Bool

    Return Value

    true if the PIN try counter shows only one remaining attempt, false otherwise.

  • Returns if the PIN has been successfully verified (access to the private objects is granted).

    Declaration

    Swift

    public func isValidated() -> Bool

    Return Value

    true if the PIN has been successfully verified, false otherwise.

  • Returns the number of remaining tries for the PIN verification.

    Declaration

    Swift

    public func getRemainingTries() -> Int

    Return Value

    The number of remaining tries for the PIN verification or -1 if the information is unavailable.

  • Returns the number of maximum tries for the PIN verification.

    Declaration

    Swift

    public func getMaxTries() -> Int

    Return Value

    The number of maximum tries for the PIN verification or -1 if the information is unavailable.

  • Returns a bit field indicating availability of each PUK, with the LSB for 1st PUK. A bit at 1 indicates that the corresponding PUK is still available.

    Declaration

    Swift

    public func getPuksAvailable() -> Int

  • Returns a CredentialState object with the current token infos for the requestCredential(properties:state:environment:completionHandler:) function.

    Declaration

    Swift

    public func initCredentialState() -> CredentialState

  • Returns a Dictionary which contains the credential properties for this PIN slot.

    The returned object is used in the requestCredential(properties:state:environment:completionHandler:) function in order to provide information that will be displayed in the PIN dialog.

    The returned Dictionary has the following structure:

    • pinLabel: a String that represents the PIN label, can be obtained by using getLabel() function.

    • methods: a Dictionary with the following attributes:

      • facialBio: true if the PIN supports the facial biometry process, false otherwise.

    Declaration

    Swift

    public func getCredentialProperties() -> [String : Any]

  • Verifies the PIN.

    Example:

    pin.login(value: "****") { error in
    if let error = error {
        print("login failed: " + error.localizedDescription)
    }
    else {
        // if login is succesfull you can get private key objects for instance
        token.getObjects(){ objects, error in
            if let error = error {
                print("error reason: " + error.localizedDescription)
            }
            else {
                // now `objects` contains also private keys
            }
        }
}

    Declaration

    Swift

    public func login(value: String?, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    value

    The PIN value.
    completionHandler

    The completion handler to call when the login is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Verifies the PIN after getting CredentialValue object by using requestCredential(properties:state:environment:completionHandler:) function.

    Example:

    // getting first the `credential` object by using requestCredential function
pin.login(value: credential, state: state) { error in
    if let error = error {
        print("login failed: " + error.localizedDescription)
    }
    else {
        // if login is succesfull you can get private key objects for instance
        token.getObjects() { objects, error in
            if let error = error {
                print("error reason: " + error.localizedDescription)
            }
            else {
                // now `objects` contains also private keys
            }
        }
}

    Declaration

    Swift

    public func login(value: CredentialValue?, state: CredentialState? = nil, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    value
    state

    The CredentialState object used in requestCredential(properties:state:environment:completionHandler:) function. This object will be updated by this function call. A further call to requestCredential(properties:state:environment:completionHandler:) with this state object will display a PIN dialog with updated information.
    completionHandler

    The completion handler to call when the login is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Reinitializes the PIN value (eventually unblocking it, if required). The operation can only be made against the user PIN, and requires the security officer PIN to be verified with loginSo(value:completionHandler:).

    Example:

    pinSO.loginSo(value: "********") { error in
    if let error = error {
        print("fail to login: " + error.localizedDescription)
    }
    else {
        pinUser.initPin("****") { error in
            if let error = error {
                print("fail to init pin : " + error.localizedDescription)
            }
            else {
                print("sucessfully init pin")
            }
        }
    }
}

    Declaration

    Swift

    public func initPin(newValue: String?, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    newValue

    The new PIN value.
    completionHandler

    The completion handler to call when the init PIN is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Verifies the security officer (administrator or unblocking) PIN.

    Example:

    pinSO.loginSo(value: "********") { error in
    if let error = error {
        print("fail to login on SO user" + error.localizedDescription)
    }
    else {
        pinUser.initPin("****"){ error in
            if let error = error {
                print("fai to init pin : " + error.localizedDescription)
            }
            else {
                print("sucessfully init pin")
            }
        }
    }
}

    Declaration

    Swift

    public func loginSo(value: String?, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    value

    The PIN value.
    completionHandler

    The completion handler to call when the login is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Changes the PIN value. The operation can only be made against the user PIN.

    Declaration

    Swift

    public func change(oldValue: String?, newValue: String?, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    oldValue

    The old PIN value.
    newValue

    The new PIN value.
    completionHandler

    The completion handler to call when changing the PIN value is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Resets the verified status of the PIN.

    Declaration

    Swift

    public func logout(completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    completionHandler

    The completion handler to call when logout is complete. It takes the following parameter:

    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Gets the format constraints of the PIN as an Array of PinConstraint.

    See also

    PinConstraint

    Example :

    func checkPinMinLength(pin:Pin, pinValue: String) -> Bool {
    var isPinOk = false
    // make the call synchronous
    let group = DispatchGroup()
    group.enter()
    DispatchQueue.global(qos: .background).async {
        pin.getConstraints { constraints, error in
            if let constraints = constraints {
                for constraint in constraints {
                    // check if `pinValue` verifies this `constraint`
                }
            }
            else {
                print("fail to get constraints: " + error!.localizedDescription)
            }
        }
    }
    group.wait()
    return isPinOk
}

    Declaration

    Swift

    public func getConstraints(completionHandler: @escaping (_ constraints: Array<PinConstraint>?, _ error: NSError?) -> Void)

    Parameters

    completionHandler

    called as soon as we get the pin constraints. It takes the following parameters:

    • constraints Array<PinConstraint>?: An array of PinConstraint.
    • error NSError?: nil if the operation is completed successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Displays a standalone PIN dialog that allows the user to enter the PIN value or use biometry process, in order to get the necessary credential for a login(value:state:completionHandler:) process.

    Example:

    
let NO_CRITICAL_ERRORS: [SCMError] = [
    .CKR_PIN_INVALID,
    .CKR_PIN_INCORRECT,
    .CKR_PIN_LEN_RANGE
]

var properties: [String: Any]
var state     = CredentialState()

func loginLoop() {
    // assuming `environment` object is correctly defined
    Pin.requestCredential(properties: properties, state: state, environment: environment) { credential, error in
        if let credential = credential {
            // assuming a `pin` object has been retrieved from a token
            pin.login(value: credential, state: state) { loginError in
                if loginError != nil {
                    print("failed to login")
                    // on no fatal errors, retry requesting credential/login process
                    if let scmError = loginError?.scmError {
                        if NO_CRITICAL_ERRORS.contains(scmError) {
                            loginLoop()
                            return
                        }
                    }
                }
                else {
                    print("login is successful")
                }
            }
        }
        else {
            print("failed to request credential")
        }
    })
}

// Use case 1: no token has been previously read
properties = [
    "pinLabel": "My PIN label",
    "methods": [
        "facialBio": false
    ]
]
state      = CredentialState()

loginLoop()



// Use case 2: a token has been previously read and a `pin` object is defined
properties = pin.getCredentialProperties()
state      = pin.initCredentialState()

loginLoop()

    Declaration

    Swift

    public static func requestCredential(
	properties: [String: Any],
	state: CredentialState,
	environment: SCMEnvironment,
	completionHandler: @escaping (_ returnedData: CredentialValue?, _ error: NSError?) -> Void) -> Void

    Parameters

    properties

    [String: Any] representing the credential properties. If a token has been read previously, getCredentialProperties() can be used. Otherwise, this parameter can be build respecting format described in getCredentialProperties().
    state

    a CredentialState object which is used to display the current credential state (remaining tries, a potential error…) in the PIN dialog. At the beginning of a requestCredential(properties:state:environment:completionHandler:) / login(value:state:completionHandler:) sequence, state can be created through initCredentialState() or CredentialState.init() if no token was read before.
    environment

    the current SCMEnvironment to use.
    completionHandler

    The completion handler block to be called as soon as the credential has been set (PIN or Biometric). It takes the following parameters:

    • returnedData CredentialValue? credential value to pass in login(value:state:completionHandler:) method.
    • error NSError?: nil if the operation is completed successfully; otherwise an error that indicates why the PIN dialog display failed/has been dismissed.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.