Bug 1519093 - prompt for smartcard PIN when S/MIME signing. r=keeler a=jorgk
authorKai Engert <kaie>
Sat, 01 Jun 2019 01:49:00 +0200
changeset 32214 a819a3a05f2109a7704d76267db248aaa972212f
parent 32213 dd8f19e7ee1d886118377422f3918c14bd495bd2
child 32215 a9f99cffa752340d368ddf90ba813c44c82eafce
push id194
push usermozilla@jorgk.com
push dateTue, 11 Jun 2019 20:56:46 +0000
treeherdercomm-esr60@a9f99cffa752 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, jorgk
bugs1519093
Bug 1519093 - prompt for smartcard PIN when S/MIME signing. r=keeler a=jorgk
comm-extra-nss.symbols
mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
--- a/comm-extra-nss.symbols
+++ b/comm-extra-nss.symbols
@@ -1,2 +1,3 @@
+CERT_GetCertNicknames
 NSS_CMSSignedData_GetDigestAlgs
 NSS_CMSSignedData_HasDigests
--- a/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
+++ b/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
@@ -23,16 +23,17 @@
 #include "nsMemory.h"
 #include "nsMimeTypes.h"
 #include "nsMsgMimeCID.h"
 #include "nsNSSComponent.h"
 #include "nsServiceManagerUtils.h"
 #include "nspr.h"
 #include "pkix/Result.h"
 #include "nsNSSCertificate.h"
+#include "nsNSSHelper.h"
 
 using namespace mozilla::mailnews;
 using namespace mozilla;
 using namespace mozilla::psm;
 
 #define MK_MIME_ERROR_WRITING_FILE -1
 
 #define SMIME_STRBUNDLE_URL "chrome://messenger/locale/am-smime.properties"
@@ -883,16 +884,24 @@ nsresult nsMsgComposeSecure::MimeCryptoH
    - "signing_cert_dbkey"/"encryption_cert_dbkey": a Base64 encoded blob
      specifying an nsIX509Cert dbKey (represents serial number
      and issuer DN, which is considered to be unique for X.509 certificates)
   */
 
   RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
   NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
 
+  // Calling CERT_GetCertNicknames has the desired side effect of
+  // traversing all tokens, and bringing up prompts to unlock them.
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  CERTCertNicknames *result_unused =
+    CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+    SEC_CERT_NICKNAMES_USER, ctx);
+  CERT_FreeNicknames(result_unused);
+
   UniqueCERTCertList builtChain;
   if (!mEncryptionCertDBKey.IsEmpty()) {
     res = certdb->FindCertByDBKey(mEncryptionCertDBKey,
                                   getter_AddRefs(mSelfEncryptionCert));
     if (NS_SUCCEEDED(res) && mSelfEncryptionCert &&
         (certVerifier->VerifyCert(mSelfEncryptionCert->GetCert(),
                                   certificateUsageEmailRecipient,
                                   mozilla::pkix::Now(),