cdoc2-cli decrypt command add Smart Card / PKCS11 pin input parameter for non-interactive scenario

[snoopypup]

Hello,

Would it be possible to add a Smart Card / PKCS11 pin input parameter for the decryption command?

Example input parameter directly in CDocDecryptCmd.java
(I guess the proper spot would be in DecryptionKeyExclusiveArgument.java, but just as an example):

    @Option(names = {"-p", "--pin"},
        description = "Smart-card pin")
    private char[] pin;
    ...
    DecryptionKeyMaterial decryptionKeyMaterial = resolveKeyMaterial();
    ...

    private DecryptionKeyMaterial resolveKeyMaterial() throws Exception {
        if (this.exclusive != null) {
            return getDecryptionKeyMaterial(this.cdocFile, this.exclusive);
        }

        if (this.pin == null) {
            return getSmartCardDecryptionKeyMaterial(this.slot, this.keyAlias, this.cryptoStickConf);
        }

        return getSmartCardDecryptionKeyMaterialWithPin(
            this.slot,
            new KeyStore.PasswordProtection(this.pin),
            this.keyAlias
        );
    }

Example code using Pkcs11Tools.loadFromPKCS11WithPin in CDocDecryptionHelper.java:

    public static DecryptionKeyMaterial getSmartCardDecryptionKeyMaterialWithPin(
        Integer slot,
        KeyStore.PasswordProtection pin,
        @Nullable String keyAlias
        ) throws GeneralSecurityException, IOException {
        log.info("Decryption key not provided as CLI parameter, trying to read it from smart-card");

        String pkcs11LibPath = System.getProperty(PKCS11_LIBRARY_PROPERTY, null);
        KeyPair keyPair =  Pkcs11Tools.loadFromPKCS11WithPin(pkcs11LibPath, slot, pin, keyAlias);

        return DecryptionKeyMaterial.fromKeyPair(keyPair, slot, keyAlias);
    }

Just as a proof of concept.

For the previous cdoc I've used the cdoc4j library to decrypt files which supported providing the PKCS11 pin for the SafeNet eToken crypto stick. Would appreciate it if there was a similar parameter here in cdoc2-cli as well.