CWS-TOOLING: integrate CWS jl137

xmlsecurity/source/dialogs/certificateviewer.cxx

@@ -125,16 +125,8 @@ CertificateViewerGeneralTP::CertificateViewerGeneralTP( Window* _pParent, Certif
     //Verify the certificate
     sal_Int32 certStatus = mpDlg->mxSecurityEnvironment->verifyCertificate(mpDlg->mxCert,
          Sequence<Reference<css::security::XCertificate> >());
-    //We currently have two status
-    //These errors are alloweds
-    sal_Int32 validCertErrors = css::security::CertificateValidity::VALID
-        | css::security::CertificateValidity::UNKNOWN_REVOKATION;
 
-    //Build a  mask to filter out the allowed errors
-    sal_Int32 mask = ~validCertErrors;
-    // "subtract" the allowed error flags from the result
-    sal_Int32 certErrors = certStatus & mask;
-    bool bCertValid = certErrors > 0 ? false : true;
+    bool bCertValid = certStatus == css::security::CertificateValidity::VALID ?  true : false;
 
     bool bHC = GetSettings().GetStyleSettings().GetHighContrastMode();
     if ( !bCertValid )
@@ -485,16 +477,7 @@ void CertificateViewerCertPathTP::ActivatePage()
             //Verify the certificate
             sal_Int32 certStatus = mpDlg->mxSecurityEnvironment->verifyCertificate(rCert,
                  Sequence<Reference<css::security::XCertificate> >());
-            //We currently have two status
-            //These errors are alloweds
-            sal_Int32 validCertErrors = css::security::CertificateValidity::VALID
-                | css::security::CertificateValidity::UNKNOWN_REVOKATION;
-
-            //Build a  mask to filter out the allowed errors
-            sal_Int32 mask = ~validCertErrors;
-            // "subtract" the allowed error flags from the result
-            sal_Int32 certErrors = certStatus & mask;
-            bool bCertValid = certErrors > 0 ? false : true;
+            bool bCertValid = certStatus == css::security::CertificateValidity::VALID ? true : false;
             pParent = InsertCert( pParent, sName, rCert, bCertValid);
         }
 

xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx

@@ -640,15 +640,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
                     sal_Int32 certResult = xSecEnv->verifyCertificate(xCert,
                         Sequence<css::uno::Reference<css::security::XCertificate> >());
 
-                    //These errors are alloweds
-                    sal_Int32 validErrors = css::security::CertificateValidity::VALID
-                        | css::security::CertificateValidity::UNKNOWN_REVOKATION;
-
-                    //Build a  mask to filter out the allowed errors
-                    sal_Int32 mask = ~validErrors;
-                    // "subtract" the allowed error flags from the result
-                    sal_Int32 errors = certResult & mask;
-                    bCertValid = errors > 0 ? false : true;
+                    bCertValid = certResult == css::security::CertificateValidity::VALID ? true : false;
                     if ( bCertValid )
                         nValidCerts++;
 

xmlsecurity/source/xmlsec/diagnose.cxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2008 by Sun Microsystems, Inc.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * $RCSfile: xmlstreamio.hxx,v $
+ * $Revision: 1.3 $
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#include "diagnose.hxx"
+#include <stdio.h>
+#include <stdarg.h>
+#include "rtl/instance.hxx"
+#include "rtl/bootstrap.hxx"
+
+namespace xmlsecurity {
+
+struct UseDiagnose : public rtl::StaticWithInit<
+    const bool, UseDiagnose>
+{
+    const bool operator () ()
+    {
+        ::rtl::OUString value;
+        sal_Bool res = rtl::Bootstrap::get(
+            ::rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("XMLSECURITY_TRACE")), value);
+        return res == sal_True ? true : false;
+    }
+};
+
+/* the function will print the string when
+   - build with debug
+   - the bootstrap variable XMLSECURITY_TRACE is set.
+ */
+void xmlsec_trace(const char* pszFormat, ...)
+{
+    bool bDebug = false;
+
+#if OSL_DEBUG_LEVEL > 1
+    bDebug = true;
+#endif
+    if (bDebug || UseDiagnose::get())
+    {
+        va_list args;
+        fprintf(stderr, "[xmlsecurity] ");
+        va_start(args, pszFormat);
+        vfprintf(stderr, pszFormat, args);
+        va_end(args);
+
+        fprintf(stderr,"\n");
+        fflush(stderr);
+    }
+}
+
+
+
+}

xmlsecurity/source/xmlsec/diagnose.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2008 by Sun Microsystems, Inc.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * $RCSfile: xmlstreamio.hxx,v $
+ * $Revision: 1.3 $
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef XMLSECURITY_DIAGNOSE_HXX
+#define XMLSECURITY_DIAGNOSE_HXX
+
+
+namespace xmlsecurity
+{
+
+    void xmlsec_trace(const char* pszFormat, ...);
+}
+
+
+
+#endif //XMLSECURITY_DIAGNOSE_HXX

xmlsecurity/source/xmlsec/makefile.mk

@@ -41,10 +41,12 @@ ENABLE_EXCEPTIONS = TRUE
 CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS)
 .ENDIF
 
-.IF "$(WITH_MOZILLA)" == "NO"
+.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES"
+.IF "$(SYSTEM_MOZILLA)" != "YES"
 @all:
     @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity.."
 .ENDIF
+.ENDIF
 
 .IF "$(CRYPTO_ENGINE)" == "mscrypto"
 CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT
@@ -62,7 +64,8 @@ SLOFILES = \
     $(SLO)$/certificateextension_xmlsecimpl.obj \
     $(SLO)$/xmlstreamio.obj \
     $(SLO)$/errorcallback.obj \
-    $(SLO)$/xsec_xmlsec.obj 
+    $(SLO)$/xsec_xmlsec.obj \
+        $(SLO)$/diagnose.obj
     
 # --- Targets ------------------------------------------------------
 

xmlsecurity/source/xmlsec/mscrypt/makefile.mk

@@ -43,10 +43,12 @@ LIBTARGET=NO
 
 .IF "$(CRYPTO_ENGINE)" == "mscrypto"
 
-.IF "$(WITH_MOZILLA)" == "NO"
+.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES"
+.IF "$(SYSTEM_MOZILLA)" != "YES"
 @all:
     @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss"
 .ENDIF
+.ENDIF
 
 CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT
 

xmlsecurity/source/xmlsec/nss/makefile.mk

@@ -47,10 +47,12 @@ LIBTARGET=NO
 
 .IF "$(CRYPTO_ENGINE)" == "nss"
 
-.IF "$(WITH_MOZILLA)" == "NO"
+.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES"
+.IF "$(SYSTEM_MOZILLA)" != "YES"
 @all:
     @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss"
 .ENDIF
+.ENDIF
 
 .IF "$(SYSTEM_MOZILLA)" != "YES"
 MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla
@@ -128,7 +130,9 @@ SLOFILES = \
     $(SLO)$/xmlsignature_nssimpl.obj \
     $(SLO)$/x509certificate_nssimpl.obj \
     $(SLO)$/seinitializer_nssimpl.obj \
-    $(SLO)$/xsec_nss.obj
+    $(SLO)$/xsec_nss.obj \
+        $(SLO)$/secerror.obj
+
 
     
 .ENDIF

xmlsecurity/source/xmlsec/nss/secerror.cxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2008 by Sun Microsystems, Inc.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * $RCSfile: securityenvironment_nssimpl.cxx,v $
+ * $Revision: 1.23 $
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+
+#include "secerr.h"
+#include "sslerr.h"
+#include "nspr.h"
+#include "certt.h"
+
+#include "../diagnose.hxx"
+
+using namespace xmlsecurity;
+
+struct ErrDesc {
+    PRErrorCode  errNum;
+    const char * errString;
+};
+
+
+
+const ErrDesc allDesc[] = {
+
+#include "certerrors.h"
+
+};
+
+
+
+/* Returns a UTF-8 encoded constant error string for "errNum".
+ * Returns NULL of errNum is unknown.
+ */
+const char *
+getCertError(PRErrorCode errNum)
+{
+    static char sEmpty[] = "";
+    const int numDesc = sizeof(allDesc) / sizeof(ErrDesc);
+    for (int i = 0; i < numDesc; i++)
+    {
+        if (allDesc[i].errNum == errNum)
+            return  allDesc[i].errString;
+    }
+
+    return sEmpty;
+}
+
+void
+printChainFailure(CERTVerifyLog *log)
+{
+    unsigned long errorFlags  = 0;
+    unsigned int       depth  = (unsigned int)-1;
+    const char * specificError = NULL;
+    const char * issuer = NULL;
+    CERTVerifyLogNode *node   = NULL;
+
+    if (log->count > 0)
+    {
+        xmlsec_trace("Bad certifcation path:");
+        for (node = log->head; node; node = node->next)
+        {
+            if (depth != node->depth)
+            {
+                depth = node->depth;
+                xmlsec_trace("Certificate:  %d. %s %s:", depth,
+                        node->cert->subjectName,
+                        depth ? "[Certificate Authority]": "");
+            }
+            xmlsec_trace("  ERROR %ld: %s", node->error,
+                    getCertError(node->error));
+            specificError = NULL;
+            issuer = NULL;
+            switch (node->error)
+            {
+            case SEC_ERROR_INADEQUATE_KEY_USAGE:
+                errorFlags = (unsigned long)node->arg;
+                switch (errorFlags)
+                {
+                case KU_DIGITAL_SIGNATURE:
+                    specificError = "Certificate cannot sign.";
+                    break;
+                case KU_KEY_ENCIPHERMENT:
+                    specificError = "Certificate cannot encrypt.";
+                    break;
+                case KU_KEY_CERT_SIGN:
+                    specificError = "Certificate cannot sign other certs.";
+                    break;
+                default:
+                    specificError = "[unknown usage].";
+                    break;
+                }
+            case SEC_ERROR_INADEQUATE_CERT_TYPE:
+                errorFlags = (unsigned long)node->arg;
+                switch (errorFlags)
+                {
+                case NS_CERT_TYPE_SSL_CLIENT:
+                case NS_CERT_TYPE_SSL_SERVER:
+                    specificError = "Certificate cannot be used for SSL.";
+                    break;
+                case NS_CERT_TYPE_SSL_CA:
+                    specificError = "Certificate cannot be used as an SSL CA.";
+                    break;
+                case NS_CERT_TYPE_EMAIL:
+                    specificError = "Certificate cannot be used for SMIME.";
+                    break;
+                case NS_CERT_TYPE_EMAIL_CA:
+                    specificError = "Certificate cannot be used as an SMIME CA.";
+                    break;
+                case NS_CERT_TYPE_OBJECT_SIGNING:
+                    specificError = "Certificate cannot be used for object signing.";
+                    break;
+                case NS_CERT_TYPE_OBJECT_SIGNING_CA:
+                    specificError = "Certificate cannot be used as an object signing CA.";
+                    break;
+                default:
+                    specificError = "[unknown usage].";
+                    break;
+                }
+            case SEC_ERROR_UNKNOWN_ISSUER:
+                specificError = "Unknown issuer:";
+                issuer = node->cert->issuerName;
+                break;
+            case SEC_ERROR_UNTRUSTED_ISSUER:
+                specificError = "Untrusted issuer:";
+                issuer = node->cert->issuerName;
+                break;
+            case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+                specificError = "Expired issuer certificate:";
+                issuer = node->cert->issuerName;
+                break;
+            default:
+                break;
+            }
+            if (specificError)
+                xmlsec_trace("%s", specificError);
+            if (issuer)
+                xmlsec_trace("%s", issuer);
+        }
+    }
+}

xmlsecurity/source/xmlsec/nss/secerror.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2008 by Sun Microsystems, Inc.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * $RCSfile: securityenvironment_nssimpl.hxx,v $
+ * $Revision: 1.9 $
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _XSECERROR_HXX_
+#define _XSECERROR_HXX_
+
+const char *
+getCertError(PRErrorCode errNum);
+
+void
+printChainFailure(CERTVerifyLog *log);
+#endif  // _XSECERROR_HXX_
+

xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx

@@ -61,6 +61,7 @@
 #include <rtl/logfile.hxx>
 
 #include "seinitializer_nssimpl.hxx"
+#include "../diagnose.hxx"
 
 #include "securityenvironment_nssimpl.hxx"
 #include <com/sun/star/mozilla/XMozillaBootstrap.hpp>
@@ -76,6 +77,7 @@ namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;
 namespace cssxc = com::sun::star::xml::crypto;
 
+using namespace xmlsecurity;
 using namespace com::sun::star;
 using ::rtl::OUString;
 using ::rtl::OString;
@@ -109,7 +111,7 @@ struct InitNSSInitialize
             bInitialized = nsscrypto_initialize(m_sProfile.getStr(), bNSSInit);
             if (bNSSInit)
                 atexit(nsscrypto_finalize );
-            return & bInitialized;
+             return & bInitialized;
 
         }
 };
@@ -139,7 +141,7 @@ void deleteRootsModule()
             {
                 if (PK11_HasRootCerts(slot))
                 {
-                    OSL_TRACE("[xmlsecurity] The root certifificates module \"%s"
+                    xmlsec_trace("The root certifificates module \"%s"
                               "\" is already loaded: \n%s",
                               module->commonName,  module->dllName);
 
@@ -157,11 +159,11 @@ void deleteRootsModule()
         PRInt32 modType;
         if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType))
         {
-            OSL_TRACE("[xmlsecurity] Deleted module \"%s\".", RootsModule->commonName);
+            xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName);
         }
         else
         {
-            OSL_TRACE("[xmlsecurity] Failed to delete \"%s\" : \n%s",
+            xmlsec_trace("Failed to delete \"%s\" : \n%s",
                       RootsModule->commonName, RootsModule->dllName);
         }
         SECMOD_DestroyModule(RootsModule);
@@ -194,18 +196,36 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
 {
     bool return_value = true;
 
-    OSL_TRACE("[xmlsecurity] Using profile: %s", token);
+    xmlsec_trace("Using profile: %s", token);
 
     PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ;
 
-    if( NSS_InitReadWrite( token ) != SECSuccess )
+    //token may be an empty string
+    if (token != NULL && strlen(token) > 0)
     {
-        char * error = NULL;
+        if( NSS_InitReadWrite( token ) != SECSuccess )
+        {
+            xmlsec_trace("Initializing NSS with profile failed.");
+            char * error = NULL;
 
-        PR_GetErrorText(error);
-        if (error)
-            printf("%s",error);
-        return false ;
+            PR_GetErrorText(error);
+            if (error)
+                xmlsec_trace("%s",error);
+            return false ;
+        }
+    }
+    else
+    {
+        xmlsec_trace("Initializing NSS without profile.");
+        if ( NSS_NoDB_Init(NULL) != SECSuccess )
+        {
+            xmlsec_trace("Initializing NSS without profile failed.");
+            char * error = NULL;
+            PR_GetErrorText(error);
+            if (error)
+                xmlsec_trace("%s",error);
+            return false ;
+        }
     }
     out_nss_init = true;
 
@@ -247,18 +267,18 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
                 SECMOD_DestroyModule(RootsModule);
                 RootsModule = 0;
                 if (found)
-                    OSL_TRACE("[xmlsecurity] Added new root certificate module "
+                    xmlsec_trace("Added new root certificate module "
                               "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr());
                 else
                 {
-                    OSL_TRACE("[xmlsecurity] FAILED to load the new root certificate module "
+                    xmlsec_trace("FAILED to load the new root certificate module "
                               "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr());
                     return_value = false;
                 }
             }
             else
             {
-                OSL_TRACE("[xmlsecurity] FAILED to add new root certifice module: "
+                xmlsec_trace("FAILED to add new root certifice module: "
                           "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr());
                 return_value = false;
 
@@ -266,7 +286,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
         }
         else
         {
-            OSL_TRACE("[xmlsecurity] Adding new root certificate module failed.");
+            xmlsec_trace("Adding new root certificate module failed.");
             return_value = false;
         }
 #if SYSTEM_MOZILLA
@@ -287,17 +307,17 @@ extern "C" void nsscrypto_finalize()
 
         if (SECSuccess == SECMOD_UnloadUserModule(RootsModule))
         {
-            OSL_TRACE("[xmlsecurity] Unloaded module \""ROOT_CERTS"\".");
+            xmlsec_trace("Unloaded module \""ROOT_CERTS"\".");
         }
         else
         {
-            OSL_TRACE("[xmlsecurity] Failed unloadeding module \""ROOT_CERTS"\".");
+            xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\".");
         }
         SECMOD_DestroyModule(RootsModule);
     }
     else
     {
-        OSL_TRACE("[xmlsecurity] Unloading module \""ROOT_CERTS
+        xmlsec_trace("Unloading module \""ROOT_CERTS
                   "\" failed because it was not found.");
     }
     PK11_LogoutAll();
@@ -312,17 +332,16 @@ bool getMozillaCurrentProfile(
     /*
      * first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER"
      */
-        char * env = getenv("MOZILLA_CERTIFICATE_FOLDER");
-        if (env)
-        {
-            profilePath = rtl::OUString::createFromAscii( env );
-            RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() );
-            return true;
-        }
-        else
-        {
-            RTL_LOGFILE_TRACE( "getMozillaCurrentProfile: Using MozillaBootstrap..." );
-            mozilla::MozillaProductType productTypes[4] = {
+    char * env = getenv("MOZILLA_CERTIFICATE_FOLDER");
+    if (env)
+    {
+        profilePath = rtl::OUString::createFromAscii( env );
+        RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() );
+        return true;
+    }
+    else
+    {
+        mozilla::MozillaProductType productTypes[4] = {
             mozilla::MozillaProductType_Thunderbird,
             mozilla::MozillaProductType_Mozilla,
             mozilla::MozillaProductType_Firefox,
@@ -343,8 +362,6 @@ bool getMozillaCurrentProfile(
             {
                 ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]);
 
-                RTL_LOGFILE_TRACE2( "getMozillaCurrentProfile: getDefaultProfile [%i] returns %s", i, rtl::OUStringToOString( profile, RTL_TEXTENCODING_ASCII_US ).getStr() );
-
                 if (profile != NULL && profile.getLength()>0)
                 {
                     profilePath = xMozillaBootstrap->getProfilePath(productTypes[i],profile);
@@ -401,36 +418,9 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
 
     }
 
-    if( !sCertDir.getLength() )
-    {
-        RTL_LOGFILE_TRACE( "XMLSEC: Error - No certificate directory!" );
-        // return NULL;
-    }
-
-
-    /* Initialize NSPR and NSS */
-    /* Replaced with new methods by AF. ----
-    //PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1 ) ;
-    PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ;
-
-    if (NSS_Init(sCertDir.getStr()) != SECSuccess )
-    {
-        PK11_LogoutAll();
-        return NULL;
-    }
-    ----*/
     if( ! *initNSS( sCertDir.getStr() ) )
     {
-        RTL_LOGFILE_TRACE( "XMLSEC: Error - nsscrypto_initialize() failed." );
-        if ( NSS_NoDB_Init(NULL) != SECSuccess )
-        {
-            RTL_LOGFILE_TRACE( "XMLSEC: NSS_NoDB_Init also failed, NSS Security not available!" );
-            return NULL;
-        }
-        else
-        {
-            RTL_LOGFILE_TRACE( "XMLSEC: NSS_NoDB_Init works, enough for verifying signatures..." );
-        }
+        return NULL;
     }
 
     pCertHandle = CERT_GetDefaultCertDB() ;

xmlsecurity/util/makefile.mk

@@ -70,8 +70,13 @@ DEF1EXPORTFILE = xsec_fw.dxp
 #
 # The 2nd shared library
 #
+
 SHL2NAME=xsec_xmlsec
 SHL2TARGET= $(SHL2NAME)
+
+
+.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES"
+
 SHL2LIBS= \
     $(SLB)$/xs_comm.lib
 
@@ -83,6 +88,9 @@ SHL2LIBS += \
     $(SLB)$/xs_nss.lib
 .ENDIF
 
+.ENDIF
+
+
 SHL2STDLIBS +=			\
     $(SALLIB)			\
     $(CPPULIB)			\