[API CHANGE] Move NSS profile handling into NSS service

While developing the patchset for tdf#127909, I broke the
certificate path dialog, because I wasn't aware, that the
NSSInitializer service has to use the same logic to auto-
select the users profile, then the dialog. So currently you
have to keep the complex service and dialog auto-select
logic in sync.

To prevent this error, this moves all the profile auto-selection
and enumeration into the NSSInitializer service. What I also
stumbled over is the particular lifecycle of the NSS library
initialization in the NSS service. This is just done, when the
first user calls some crypto function. As a result it's actually
possible to change the path setting without restarting
LibreOffice. But since the NSS deninitialization is run as an
atexit handler, this setting can't be changed after the init.

What is currently missing is any indication inside the dialog of
the currently active NSS setting in comparison to any later user
selection, if the user doesn't restart LibreOffice as requested.

Change-Id: I886962777958c363abeb0ec91fc8a35cbd39eb98
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97668
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>

3 files changed, 63 insertions, 55 deletions

diff --git a/cui/source/options/certpath.cxx b/cui/source/options/certpath.cxx
index 630f5e0710fe..ae7a75859c79 100644
--- a/cui/source/options/certpath.cxx
+++ b/cui/source/options/certpath.cxx
@@ -14,6 +14,7 @@
 #include <tools/diagnose_ex.h>
 #include "certpath.hxx"
 
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
 #include <com/sun/star/mozilla/MozillaBootstrap.hpp>
 #include <com/sun/star/ui/dialogs/ExecutableDialogResults.hpp>
 #include <com/sun/star/ui/dialogs/FolderPicker.hpp>
@@ -37,64 +38,56 @@ CertPathDialog::CertPathDialog(weld::Window* pParent)
 
     m_xManualButton->connect_clicked( LINK( this, CertPathDialog, ManualHdl_Impl ) );
     m_xOKButton->connect_clicked( LINK( this, CertPathDialog, OKHdl_Impl ) );
+}
+
+void CertPathDialog::Init()
+{
+    m_xCertPathList->clear();
+    m_xCertPathList->set_sensitive(true);
 
     try
     {
-        // In the reverse order of preference for the default selected profile
-        mozilla::MozillaProductType const productTypes[3] = {
-            mozilla::MozillaProductType_Thunderbird,
-            mozilla::MozillaProductType_Firefox,
-            mozilla::MozillaProductType_Mozilla };
-        const char* const productNames[3] = {
-            "thunderbird",
-            "firefox",
-            "mozilla" };
-        bool bSelected = false;
+        uno::Reference<uno::XComponentContext> xContext = comphelper::getProcessComponentContext();
+        uno::Reference<xml::crypto::XNSSInitializer> xCipherContextSupplier = xml::crypto::NSSInitializer::create(xContext);
 
-        uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap = mozilla::MozillaBootstrap::create( comphelper::getProcessComponentContext() );
+        OUString sActivePath = xCipherContextSupplier->getNSSPath();
+        auto aProductList = xCipherContextSupplier->getNSSProfiles();
 
-        for (sal_Int32 i = 0; i < sal_Int32(SAL_N_ELEMENTS(productTypes)); ++i)
+        // these map to the integer values of mozilla::MozillaProductType
+        const char* const productNames[4] = {
+            "",
+            "mozilla",
+            "firefox",
+            "thunderbird"
+        };
+
+        for (const auto& rNSSProfile : std::as_const(aProductList))
         {
-            sal_Int32 nProfileCount = xMozillaBootstrap->getProfileCount(productTypes[i]);
-            if (nProfileCount <= 0)
-                continue;
-            OUString sDefaultProfile = xMozillaBootstrap->getDefaultProfile(productTypes[i]);
-            uno::Sequence<OUString> aProfileList(nProfileCount);
-#ifndef NDEBUG
-            sal_Int32 nListLen =
-#endif
-                 xMozillaBootstrap->getProfileList(productTypes[i], aProfileList);
-            assert((nProfileCount == nListLen) && (nListLen == aProfileList.getLength()));
-
-            for (const auto& sProfileName : std::as_const(aProfileList))
+            if (rNSSProfile.Type == mozilla::MozillaProductType_Default)
             {
-                OUString sEntry = OUString::createFromAscii(productNames[i]) + ":" + sProfileName;
-                OUString sProfilePath = xMozillaBootstrap->getProfilePath(productTypes[i], sProfileName);
-                const bool bSelectDefaultProfile = !bSelected && sProfileName == sDefaultProfile;
-                AddCertPath(sEntry, sProfilePath, bSelectDefaultProfile);
-                if (bSelectDefaultProfile)
-                    bSelected = true;
+                if (rNSSProfile.Name == "MOZILLA_CERTIFICATE_FOLDER" && !rNSSProfile.Path.isEmpty())
+                {
+                    AddCertPath("$MOZILLA_CERTIFICATE_FOLDER", rNSSProfile.Path);
+                    m_xCertPathList->set_sensitive(false);
+                }
+                else if (rNSSProfile.Name == "MANUAL")
+                    AddManualCertPath(rNSSProfile.Path);
+            }
+            else
+            {
+                OUString sEntry = OUString::createFromAscii(
+                    productNames[static_cast<int>(rNSSProfile.Type)]) + ":" + rNSSProfile.Name;
+                AddCertPath(sEntry, rNSSProfile.Path, rNSSProfile.Path == sActivePath);
             }
         }
-    }
-    catch (const uno::Exception&)
-    {
-    }
 
-    try
-    {
-        AddManualCertPath(officecfg::Office::Common::Security::Scripting::CertDir::get().value_or(OUString()));
-        if (m_sManualPath.isEmpty())
-            AddManualCertPath(officecfg::Office::Common::Security::Scripting::ManualCertDir::get(), false);
+        OUString sManualCertPath = officecfg::Office::Common::Security::Scripting::ManualCertDir::get();
+        if (!sManualCertPath.isEmpty())
+            AddManualCertPath(sManualCertPath, false);
     }
-    catch (const uno::Exception &)
+    catch (const uno::Exception&)
     {
-        TOOLS_WARN_EXCEPTION("cui.options", "CertPathDialog::CertPathDialog()");
     }
-
-    const char* pEnv = getenv("MOZILLA_CERTIFICATE_FOLDER");
-    if (pEnv)
-        AddCertPath("$MOZILLA_CERTIFICATE_FOLDER", OUString(pEnv, strlen(pEnv), osl_getThreadTextEncoding()));
 }
 
 void CertPathDialog::AddManualCertPath(const OUString& sUserSetCertPath, bool bSelect)
@@ -102,7 +95,6 @@ void CertPathDialog::AddManualCertPath(const OUString& sUserSetCertPath, bool bS
     if (sUserSetCertPath.isEmpty())
         return;
 
-    // check existence
     ::osl::DirectoryItem aUserPathItem;
     OUString sUserSetCertURLPath;
     osl::FileBase::getFileURLFromSystemPath(sUserSetCertPath, sUserSetCertURLPath);
@@ -121,8 +113,9 @@ IMPL_LINK_NOARG(CertPathDialog, OKHdl_Impl, weld::Button&, void)
     {
         std::shared_ptr< comphelper::ConfigurationChanges > batch(
             comphelper::ConfigurationChanges::create());
+        const int nEntry = m_xCertPathList->get_selected_index();
         officecfg::Office::Common::Security::Scripting::CertDir::set(
-            getDirectory(), batch);
+            nEntry == -1 ? OUString() : m_xCertPathList->get_id(nEntry), batch);
         officecfg::Office::Common::Security::Scripting::ManualCertDir::set(m_sManualPath, batch);
         batch->commit();
     }
@@ -134,12 +127,25 @@ IMPL_LINK_NOARG(CertPathDialog, OKHdl_Impl, weld::Button&, void)
     m_xDialog->response(RET_OK);
 }
 
-OUString CertPathDialog::getDirectory() const
+bool CertPathDialog::isActiveServicePath() const
 {
     int nEntry = m_xCertPathList->get_selected_index();
     if (nEntry == -1)
-        return OUString();
-    return m_xCertPathList->get_id(nEntry);
+        return true;
+
+    try
+    {
+        uno::Reference<uno::XComponentContext> xContext = comphelper::getProcessComponentContext();
+        uno::Reference<xml::crypto::XNSSInitializer> xCipherContextSupplier = xml::crypto::NSSInitializer::create(xContext);
+
+        if (!xCipherContextSupplier->getIsNSSinitialized())
+            return true;
+        return (xCipherContextSupplier->getNSSPath() == m_xCertPathList->get_id(nEntry));
+    }
+    catch (const uno::Exception&)
+    {
+         return false;
+    }
 }
 
 CertPathDialog::~CertPathDialog()
diff --git a/cui/source/options/certpath.hxx b/cui/source/options/certpath.hxx
index 75d53ae10100..50addc1e8357 100644
--- a/cui/source/options/certpath.hxx
+++ b/cui/source/options/certpath.hxx
@@ -32,7 +32,11 @@ public:
     explicit CertPathDialog(weld::Window* pParent);
     virtual ~CertPathDialog() override;
 
-    OUString getDirectory() const;
+    void Init();
+
+    // returns true, if the service currently uses the selected path or is not initialized
+    // yet and therefore has no active NSS path.
+    bool isActiveServicePath() const;
 };
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/cui/source/options/optinet2.cxx b/cui/source/options/optinet2.cxx
index c78b94f6e543..35d9b1a2299d 100644
--- a/cui/source/options/optinet2.cxx
+++ b/cui/source/options/optinet2.cxx
@@ -675,11 +675,9 @@ IMPL_LINK_NOARG(SvxSecurityTabPage, CertPathPBHdl, weld::Button&, void)
 {
     if (!mpCertPathDlg)
         mpCertPathDlg.reset(new CertPathDialog(GetFrameWeld()));
+    mpCertPathDlg->Init();
 
-    OUString sOrig = mpCertPathDlg->getDirectory();
-    short nRet = mpCertPathDlg->run();
-
-    if (nRet == RET_OK && sOrig != mpCertPathDlg->getDirectory())
+    if (mpCertPathDlg->run() == RET_OK && !mpCertPathDlg->isActiveServicePath())
     {
         SolarMutexGuard aGuard;
         if (svtools::executeRestartDialog(comphelper::getProcessComponentContext(), nullptr, svtools::RESTART_REASON_ADDING_PATH))