b=120939 Make clear that both encryption and signing certs are required to configure s/mime.

r=javi sr=mscott

mailnews/extensions/smime/resources/content/am-smime.js

@@ -20,6 +20,13 @@
  *   Scott MacGregor <mscott@netscape.com>
  */
 
+const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
+const nsX509CertDBContractID = "@mozilla.org/security/x509certdb;1";
+const nsIX509Cert = Components.interfaces.nsIX509Cert;
+
+const email_recipient_cert_usage = 5;
+const email_signing_cert_usage = 4;
+
 var gIdentity;
 var gPref = null;
 var gEncryptionCertName = null;
@@ -119,6 +126,86 @@ function disableIfLocked( prefstrArray )
     }
 }
 
+function getPromptService()
+{
+  var ifps = Components.interfaces.nsIPromptService;
+  var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService();
+  if (promptService) {
+    promptService = promptService.QueryInterface(ifps);
+  }
+  return promptService;
+}
+
+function alertUser(message)
+{
+  var ps = getPromptService();
+  if (ps) {
+    ps.alert(
+      window,
+      gBrandBundle.getString("brandShortName"), 
+      message);
+  }
+}
+
+function askUser(message)
+{
+  var ps = getPromptService();
+  if (!ps)
+    return false;
+  
+  return ps.confirm(
+    window,
+    gBrandBundle.getString("brandShortName"), 
+    message);
+}
+
+function checkOtherCert(nickname, pref, usage, msgNeedCertWantSame, msgWantSame, msgNeedCertWantToSelect, enabler)
+{
+  var otherCertInfo = document.getElementById(pref);
+  if (!otherCertInfo)
+    return;
+
+  if (otherCertInfo.value == nickname)
+    // all is fine, same cert is now selected for both purposes
+    return;
+
+  var certdb = Components.classes[nsX509CertDBContractID].getService(nsIX509CertDB);
+  if (!certdb)
+    return null;
+  
+  if (email_recipient_cert_usage == usage) {
+    matchingOtherCert = certdb.getEmailEncryptionCert(nickname);
+  }
+  else if (email_signing_cert_usage == usage) {
+    matchingOtherCert = certdb.getEmailSigningCert(nickname);
+  }
+  else
+    return;
+
+  var userWantsSameCert = false;
+
+  if (!otherCertInfo.value.length) {
+    if (matchingOtherCert) {
+      userWantsSameCert = askUser(gBundle.getString(msgNeedCertWantSame));
+    }
+    else {
+      if (askUser(gBundle.getString(msgNeedCertWantToSelect))) {
+        smimeSelectCert(pref);
+      }
+    }
+  }
+  else {
+    if (matchingOtherCert) {
+      userWantsSameCert = askUser(gBundle.getString(msgWantSame));
+    }
+  }
+
+  if (userWantsSameCert) {
+    otherCertInfo.value = nickname;
+    enabler();
+  }
+}
+
 function smimeSelectCert(smime_cert)
 {
   var certInfo = document.getElementById(smime_cert);
@@ -132,12 +219,15 @@ function smimeSelectCert(smime_cert)
   var certUsage;
   var selectEncryptionCert;
 
-  if (smime_cert == "identity.encryption_cert_name") {
+  var encryptionCertPrefName = "identity.encryption_cert_name";
+  var signingCertPrefName = "identity.signing_cert_name";
+
+  if (smime_cert == encryptionCertPrefName) {
     selectEncryptionCert = true;
-    certUsage = 5;
-  } else if (smime_cert == "identity.signing_cert_name") {
+    certUsage = email_recipient_cert_usage;
+  } else if (smime_cert == signingCertPrefName) {
     selectEncryptionCert = false;
-    certUsage = 4;
+    certUsage = email_signing_cert_usage;
   }
 
   try {
@@ -159,28 +249,42 @@ function smimeSelectCert(smime_cert)
       else {
         errorString = "NoSigningCert";
       }
-      var ifps = Components.interfaces.nsIPromptService;
-      var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService();
-      if (promptService) {
-        promptService = promptService.QueryInterface(ifps);
-      }
-      if (promptService) {
-        promptService.alert(
-          window, 
-          gBrandBundle.getString("brandShortName"), 
-          gBundle.getString(errorString));
-      }
+      alertUser(gBundle.getString(errorString));
     }
     else {
       certInfo.removeAttribute("disabled");
       certInfo.value = x509cert.nickname;
 
       if (selectEncryptionCert) {
-        gEncryptAlways.removeAttribute("disabled");
-        gNeverEncrypt.removeAttribute("disabled");
+        enableEncryptionControls();
+
+        checkOtherCert(certInfo.value,
+          signingCertPrefName, email_signing_cert_usage, 
+          "signing_needCertWantSame", 
+          "signing_wantSame", 
+          "signing_needCertWantToSelect",
+          enableSigningControls);
       } else {
-        gSignMessages.removeAttribute("disabled");
+        enableSigningControls();
+
+        checkOtherCert(certInfo.value,
+          encryptionCertPrefName, email_recipient_cert_usage, 
+          "encryption_needCertWantSame", 
+          "encryption_wantSame", 
+          "encryption_needCertWantToSelect",
+          enableEncryptionControls);
       }
     }
   }
 }
+
+function enableEncryptionControls()
+{
+  gEncryptAlways.removeAttribute("disabled");
+  gNeverEncrypt.removeAttribute("disabled");
+}
+
+function enableSigningControls()
+{
+  gSignMessages.removeAttribute("disabled");
+}

mailnews/extensions/smime/resources/content/am-smime.xul

@@ -43,6 +43,8 @@ Contributors:
                 pref="true" preftype="int" prefattribute="value"
                 prefstring="mail.identity.%identitykey%.encryptionpolicy"/>
 
+  <description>&securityHeading.label;</description>
+
   <groupbox orient="vertical" id="signing.titlebox">
     <caption label="&signingGroupTitle.label;"/>
     

mailnews/extensions/smime/resources/locale/en-US/am-smime.dtd

@@ -1,12 +1,13 @@
 <!ENTITY securityTitle.label "Security">
+<!ENTITY securityHeading.label "To send and receive signed or encrypted messages, you must specify both a digital signing certificate and an encryption certificate.">
 <!ENTITY encryptionGroupTitle.label "Encryption">
 <!ENTITY encryptionChoiceLabel.label "Default encryption setting when sending messages:">
 <!ENTITY neverEncrypt.label "Never (do not use encryption)">
 <!ENTITY alwaysEncryptMessage.label "Required (can't send message unless all recipients have certificates)">
-<!ENTITY encryptionCert.message "Use the following personal certificate:">
+<!ENTITY encryptionCert.message "Use this certificate to encrypt &amp; decrypt messages sent to you:">
 <!ENTITY encryptionCert.notselected "No certificate set">
 <!ENTITY certificate.button "Select...">
 <!ENTITY signingGroupTitle.label "Digital Signing">
 <!ENTITY signMessage.label "Digitally sign messages (by default)">
-<!ENTITY signingCert.message "Use the following personal certificate:">
+<!ENTITY signingCert.message "Use this certificate to digitally sign messages you send:">
 <!ENTITY signingCert.notselected "No certificate set">

mailnews/extensions/smime/resources/locale/en-US/am-smime.properties

@@ -12,3 +12,9 @@ prefPanel-smime=Security
 NoSigningCert=Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages.
 NoEncryptionCert=Certificate Manager can't locate a valid certificate that other people can use to send you encrypted email messages.
 
+encryption_needCertWantSame=Before you can digitally sign messages, you must also specify a certificate for other people to use when they send you encrypted messages. Do you want to use the same certificate to encrypt & decrypt messages sent to you?
+encryption_wantSame=Do you want to use the same certificate to encrypt & decrypt messages sent to you?
+encryption_needCertWantToSelect=Before you can digitally sign messages, you must also specify a certificate for other people to use when they send you encrypted messages. Do you want to configure an encryption certificate now?
+signing_needCertWantSame=You should also specify a certificate to use for digitally signing your messages. Do you want to use the same certificate to digitally sign your messages?
+signing_wantSame=Do you want to use the same certificate to digitally sign your messages?
+signing_needCertWantToSelect=You should also specify a certificate to use for digitally signing your messages. Do you want to configure a certificate for digitally signing messages now?