Bug 1519093 - prompt for smartcard PIN when S/MIME signing. r=keeler
authorKai Engert <kaie@kuix.de>
Fri, 24 May 2019 16:53:48 +0200
changeset 35709 f965e7f4a1aa035b32a85674464fc4a6b2763e8b
parent 35708 3b6283fe607f0f31a7b36e7690a0cc75f25dcf61
child 35710 df4dd9bfa02d68e4c4a9e7a933d46a88bacf899e
push id392
push userclokep@gmail.com
push dateMon, 02 Sep 2019 20:17:19 +0000
reviewerskeeler
bugs1519093
Bug 1519093 - prompt for smartcard PIN when S/MIME signing. r=keeler With advice from Daiki Ueno and testing by Jan Horak.
mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
--- a/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
+++ b/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
@@ -23,16 +23,17 @@
 #include "nsMemory.h"
 #include "nsMimeTypes.h"
 #include "nsMsgMimeCID.h"
 #include "nsNSSComponent.h"
 #include "nsServiceManagerUtils.h"
 #include "nspr.h"
 #include "mozpkix/Result.h"
 #include "nsNSSCertificate.h"
+#include "nsNSSHelper.h"
 
 using namespace mozilla::mailnews;
 using namespace mozilla;
 using namespace mozilla::psm;
 
 #define MK_MIME_ERROR_WRITING_FILE -1
 
 #define SMIME_STRBUNDLE_URL "chrome://messenger/locale/am-smime.properties"
@@ -799,16 +800,24 @@ nsresult nsMsgComposeSecure::MimeCryptoH
    - "signing_cert_dbkey"/"encryption_cert_dbkey": a Base64 encoded blob
      specifying an nsIX509Cert dbKey (represents serial number
      and issuer DN, which is considered to be unique for X.509 certificates)
   */
 
   RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
   NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
 
+  // Calling CERT_GetCertNicknames has the desired side effect of
+  // traversing all tokens, and bringing up prompts to unlock them.
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  CERTCertNicknames *result_unused =
+    CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+    SEC_CERT_NICKNAMES_USER, ctx);
+  CERT_FreeNicknames(result_unused);
+
   UniqueCERTCertList builtChain;
   if (!mEncryptionCertDBKey.IsEmpty()) {
     res = certdb->FindCertByDBKey(mEncryptionCertDBKey,
                                   getter_AddRefs(mSelfEncryptionCert));
     if (NS_SUCCEEDED(res) && mSelfEncryptionCert &&
         (certVerifier->VerifyCert(
              mSelfEncryptionCert->GetCert(), certificateUsageEmailRecipient,
              mozilla::pkix::Now(), nullptr, nullptr, builtChain,