b=115294 Support S/Mime signing only configuration / relax certificate configuration requirements

r=javi sr=sspitzer

mailnews/extensions/smime/resources/content/am-smime.js

@@ -41,14 +41,16 @@ var gBrandBundle;
 var gSmimePrefbranch;
 var gEncryptionChoicesLocked;
 var gSigningChoicesLocked;
+const kEncryptionCertPref = "identity.encryption_cert_name";
+const kSigningCertPref = "identity.signing_cert_name";
 
 function onInit() 
 {
   // initialize all of our elements based on the current identity values....
-  gEncryptionCertName = document.getElementById("identity.encryption_cert_name");
+  gEncryptionCertName = document.getElementById(kEncryptionCertPref);
   gHiddenEncryptionPolicy = document.getElementById("identity.encryptionpolicy");
   gEncryptionChoices = document.getElementById("encryptionChoices");
-  gSignCertName       = document.getElementById("identity.signing_cert_name");
+  gSignCertName       = document.getElementById(kSigningCertPref);
   gSignMessages       = document.getElementById("identity.sign_mail");
   gEncryptAlways      = document.getElementById("encrypt_mail_always");
   gNeverEncrypt       = document.getElementById("encrypt_mail_never");
@@ -80,7 +82,7 @@ function onInit()
     gNeverEncrypt.setAttribute("disabled", true);
   }
   else {
-    enableEncryptionControls();
+    enableEncryptionControls(true);
   }
 
   gSignCertName.value = gIdentity.getUnicharAttribute("signing_cert_name");
@@ -90,7 +92,7 @@ function onInit()
     gSignMessages.setAttribute("disabled", true);
   }
   else {
-    enableSigningControls();
+    enableSigningControls(true);
   }
 
   // Always start with enabling signing and encryption cert select buttons.
@@ -167,6 +169,12 @@ function disableIfLocked( prefstrArray )
       }
       else {
         element.setAttribute("disabled", "true");
+        if (id == "signingCertSelectButton") {
+          document.getElementById("signingCertClearButton").setAttribute("disabled", "true");
+        }
+        else if (id == "encryptionCertSelectButton") {
+          document.getElementById("encryptionCertClearButton").setAttribute("disabled", "true");
+        }
       }
     }
   }
@@ -248,7 +256,7 @@ function checkOtherCert(nickname, pref, usage, msgNeedCertWantSame, msgWantSame,
 
   if (userWantsSameCert) {
     otherCertInfo.value = nickname;
-    enabler();
+    enabler(true);
   }
 }
 
@@ -265,13 +273,10 @@ function smimeSelectCert(smime_cert)
   var certUsage;
   var selectEncryptionCert;
 
-  var encryptionCertPrefName = "identity.encryption_cert_name";
-  var signingCertPrefName = "identity.signing_cert_name";
-
-  if (smime_cert == encryptionCertPrefName) {
+  if (smime_cert == kEncryptionCertPref) {
     selectEncryptionCert = true;
     certUsage = email_recipient_cert_usage;
-  } else if (smime_cert == signingCertPrefName) {
+  } else if (smime_cert == kSigningCertPref) {
     selectEncryptionCert = false;
     certUsage = email_signing_cert_usage;
   }
@@ -302,19 +307,19 @@ function smimeSelectCert(smime_cert)
       certInfo.value = x509cert.nickname;
 
       if (selectEncryptionCert) {
-        enableEncryptionControls();
+        enableEncryptionControls(true);
 
         checkOtherCert(certInfo.value,
-          signingCertPrefName, email_signing_cert_usage, 
+          kSigningCertPref, email_signing_cert_usage, 
           "signing_needCertWantSame", 
           "signing_wantSame", 
           "signing_needCertWantToSelect",
           enableSigningControls);
       } else {
-        enableSigningControls();
+        enableSigningControls(true);
 
         checkOtherCert(certInfo.value,
-          encryptionCertPrefName, email_recipient_cert_usage, 
+          kEncryptionCertPref, email_recipient_cert_usage, 
           "encryption_needCertWantSame", 
           "encryption_wantSame", 
           "encryption_needCertWantToSelect",
@@ -322,25 +327,72 @@ function smimeSelectCert(smime_cert)
       }
     }
   }
+
+  enableCertSelectButtons();
 }
 
-function enableEncryptionControls()
+function enableEncryptionControls(do_enable)
 {
-  if (!gEncryptionChoicesLocked) {
-  gEncryptAlways.removeAttribute("disabled");
-  gNeverEncrypt.removeAttribute("disabled");
-}
+  if (gEncryptionChoicesLocked)
+    return;
+
+  if (do_enable) {
+    gEncryptAlways.removeAttribute("disabled");
+    gNeverEncrypt.removeAttribute("disabled");
+  }
+  else {
+    gEncryptAlways.setAttribute("disabled", "true");
+    gNeverEncrypt.setAttribute("disabled", "true");
+    gEncryptionChoices.selectedItem = document.getElementById('encrypt_mail_never');
+  }
 }
 
-function enableSigningControls()
+function enableSigningControls(do_enable)
 {
-  if (!gSigningChoicesLocked) {
-  gSignMessages.removeAttribute("disabled");
+  if (gSigningChoicesLocked)
+    return;
+
+  if (do_enable) {
+    gSignMessages.removeAttribute("disabled");
+  }
+  else {
+    gSignMessages.setAttribute("disabled", "true");
+    gSignMessages.checked = false;
   }
 }
 
 function enableCertSelectButtons()
 {
   document.getElementById("signingCertSelectButton").removeAttribute("disabled");
+
+  if (document.getElementById('identity.signing_cert_name').value.length)
+    document.getElementById("signingCertClearButton").removeAttribute("disabled");
+  else
+    document.getElementById("signingCertClearButton").setAttribute("disabled", "true");
+
   document.getElementById("encryptionCertSelectButton").removeAttribute("disabled");
+
+  if (document.getElementById('identity.encryption_cert_name').value.length)
+    document.getElementById("encryptionCertClearButton").removeAttribute("disabled");
+  else
+    document.getElementById("encryptionCertClearButton").setAttribute("disabled", "true");
 }
+
+function smimeClearCert(smime_cert)
+{
+  var certInfo = document.getElementById(smime_cert);
+  if (!certInfo)
+    return;
+
+  certInfo.setAttribute("disabled", "true");
+  certInfo.value = "";
+
+  if (smime_cert == kEncryptionCertPref) {
+    enableEncryptionControls(false);
+  } else if (smime_cert == kSigningCertPref) {
+    enableSigningControls(false);
+  }
+  
+  enableCertSelectButtons();
+}
+

mailnews/extensions/smime/resources/content/am-smime.xul

@@ -60,10 +60,14 @@ Contributors:
       <textbox id="identity.signing_cert_name" iscontrolcontainer="true" wsm_persist="true" genericattr="true" flex="1" 
              pref="true" preftype="wstring" prefattribute="value" 
              prefstring="mail.identity.%identitykey%.signing_cert_name" readonly="true" disabled="true"/>
- 
+
       <button id="signingCertSelectButton"
               label="&certificate.button;"
               oncommand="smimeSelectCert('identity.signing_cert_name')"/>
+ 
+      <button id="signingCertClearButton"
+              label="&certificate_clear.button;"
+              oncommand="smimeClearCert('identity.signing_cert_name')"/>
     </hbox>
   </groupbox>
 
@@ -87,10 +91,14 @@ Contributors:
       <textbox id="identity.encryption_cert_name" iscontrolcontainer="true" wsm_persist="true" genericattr="true" flex="1" 
                pref="true" preftype="wstring" prefattribute="value" 
                prefstring="mail.identity.%identitykey%.encryption_cert_name" readonly="true" disabled="true"/>
-      
+
       <button id="encryptionCertSelectButton"
               label="&certificate.button;"
               oncommand="smimeSelectCert('identity.encryption_cert_name')"/>
+      
+      <button id="encryptionCertClearButton"
+              label="&certificate_clear.button;"
+              oncommand="smimeClearCert('identity.encryption_cert_name')"/>
     </hbox>
   </groupbox>    
 </page>

mailnews/extensions/smime/resources/locale/en-US/am-smime.dtd

@@ -1,5 +1,5 @@
 <!ENTITY securityTitle.label "Security">
-<!ENTITY securityHeading.label "To send and receive signed or encrypted messages, you must specify both a digital signing certificate and an encryption certificate.">
+<!ENTITY securityHeading.label "To send and receive signed or encrypted messages, you should specify both a digital signing certificate and an encryption certificate.">
 <!ENTITY encryptionGroupTitle.label "Encryption">
 <!ENTITY encryptionChoiceLabel.label "Default encryption setting when sending messages:">
 <!ENTITY neverEncrypt.label "Never (do not use encryption)">
@@ -7,6 +7,7 @@
 <!ENTITY encryptionCert.message "Use this certificate to encrypt &amp; decrypt messages sent to you:">
 <!ENTITY encryptionCert.notselected "No certificate set">
 <!ENTITY certificate.button "Select...">
+<!ENTITY certificate_clear.button "Clear">
 <!ENTITY signingGroupTitle.label "Digital Signing">
 <!ENTITY signMessage.label "Digitally sign messages (by default)">
 <!ENTITY signingCert.message "Use this certificate to digitally sign messages you send:">

mailnews/extensions/smime/resources/locale/en-US/am-smime.properties

@@ -12,9 +12,9 @@ prefPanel-smime=Security
 NoSigningCert=Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages.
 NoEncryptionCert=Certificate Manager can't locate a valid certificate that other people can use to send you encrypted email messages.
 
-encryption_needCertWantSame=Before you can digitally sign messages, you must also specify a certificate for other people to use when they send you encrypted messages. Do you want to use the same certificate to encrypt & decrypt messages sent to you?
+encryption_needCertWantSame=You should also specify a certificate for other people to use when they send you encrypted messages. Do you want to use the same certificate to encrypt & decrypt messages sent to you?
 encryption_wantSame=Do you want to use the same certificate to encrypt & decrypt messages sent to you?
-encryption_needCertWantToSelect=Before you can digitally sign messages, you must also specify a certificate for other people to use when they send you encrypted messages. Do you want to configure an encryption certificate now?
+encryption_needCertWantToSelect=You should also specify a certificate for other people to use when they send you encrypted messages. Do you want to configure an encryption certificate now?
 signing_needCertWantSame=You should also specify a certificate to use for digitally signing your messages. Do you want to use the same certificate to digitally sign your messages?
 signing_wantSame=Do you want to use the same certificate to digitally sign your messages?
 signing_needCertWantToSelect=You should also specify a certificate to use for digitally signing your messages. Do you want to configure a certificate for digitally signing messages now?

mailnews/extensions/smime/src/nsMsgComposeSecure.cpp

@@ -879,12 +879,6 @@ nsresult nsMsgComposeSecure::MimeCryptoHackCerts(const char *aRecipients,
 		goto FAIL;
 	}
 
-	if ((mSelfEncryptionCert == nsnull) && aSign) {
-    SetError(sendReport, NS_LITERAL_STRING("SignNoSenderEncryptionCert").get());
-    res = NS_ERROR_FAILURE;
-    goto FAIL;
-  }
-
 	if ((mSelfEncryptionCert == nsnull) && aEncrypt) {
     SetError(sendReport, NS_LITERAL_STRING("NoSenderEncryptionCert").get());
     res = NS_ERROR_FAILURE;

security/manager/ssl/src/nsCMS.cpp

@@ -443,12 +443,18 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
   NSSCMSContentInfo *cinfo;
   NSSCMSSignedData *sigd;
   NSSCMSSignerInfo *signerinfo;
-  CERTCertificate *scert, *ecert;
+  CERTCertificate *scert = nsnull, *ecert = nsnull;
   nsresult rv = NS_ERROR_FAILURE;
 
   /* Get the certs */
   scert = NS_STATIC_CAST(nsNSSCertificate*, aSigningCert)->GetCert();
-  ecert = NS_STATIC_CAST(nsNSSCertificate*, aEncryptCert)->GetCert();
+  if (!scert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (aEncryptCert) {
+    ecert = NS_STATIC_CAST(nsNSSCertificate*, aEncryptCert)->GetCert();
+  }
 
   /*
    * create the message object
@@ -511,23 +517,25 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
     goto loser;
   }
 
-  if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert, 
-	                                  CERT_GetDefaultCertDB())
-	!= SECSuccess) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime enc key prefs\n"));
-    goto loser;
-  }
+  if (ecert) {
+    if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ecert, 
+	                                    CERT_GetDefaultCertDB())
+	  != SECSuccess) {
+      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add smime enc key prefs\n"));
+      goto loser;
+    }
 
-  if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ecert, 
-	                                  CERT_GetDefaultCertDB())
-	!= SECSuccess) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add MS smime enc key prefs\n"));
-    goto loser;
-  }
+    if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ecert, 
+	                                    CERT_GetDefaultCertDB())
+	  != SECSuccess) {
+      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add MS smime enc key prefs\n"));
+      goto loser;
+    }
 
-  if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add own encryption certificate\n"));
-    goto loser;
+    if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess) {
+      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateSigned - can't add own encryption certificate\n"));
+      goto loser;
+    }
   }
 
   if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {