While developing the patchset for tdf#127909, I broke the certificate path dialog, because I wasn't aware, that the NSSInitializer service has to use the same logic to auto-select the users profile, then the dialog. So currently you have to keep the complex service and dialog auto-select logic in sync.
To prevent this error, this moves all the profile auto-selection and enumeration into the NSSInitializer service. What I also stumbled over is the particular lifecycle of the NSS library initialization in the NSS service. This is just done, when the first user calls some crypto function. As a result it's actually possible to change the path setting without restarting LibreOffice. But since the NSS deninitialization is run as an atexit handler, this setting can't be changed after the init.
What is currently missing is any indication inside the dialog of the currently active NSS setting in comparison to any later user selection, if the user doesn't restart LibreOffice as requested.
Change-Id: I886962777958c363abeb0ec91fc8a35cbd39eb98 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97668
b1d0d0cf866a [API CHANGE] Move NSS profile handling into NSS service
cui/source/options/certpath.cxx | 106 +++++++-------
cui/source/options/certpath.hxx | 6 +-
cui/source/options/optinet2.cxx | 6 +-
offapi/UnoApi_offapi.mk | 1 +
offapi/com/sun/star/xml/crypto/NSSInitializer.idl | 8 +
offapi/com/sun/star/xml/crypto/NSSProfile.idl | 54 +++++++
offapi/com/sun/star/xml/crypto/XNSSInitializer.idl | 28 ++++
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 162 +++++++++++++++++----
xmlsecurity/source/xmlsec/nss/nssinitializer.hxx | 13 +-
9 files changed, 295 insertions(+), 89 deletions(-)