new function, implement the password dialog for PK11 slot authentication.

2004-01-05  Chris Toshok  <toshok@ximian.com>

	* gui/component.c (smime_pk11_passwd): new function, implement the
	password dialog for PK11 slot authentication.
	(smime_component_init): new function, initialize any gui related
	signals that the backend exposes.

	* gui/certificate-manager.c (import_your): use
	e_cert_db_import_pkcs12_file.
	(delete_your): new function, implement.
	(view_your): same.
	(backup_your): new function, stub out.
	(backup_all_your): same.
	(create_yourcerts_treemodel): new function.
	(initialize_yourcerts_ui): do all the sorting foo, and hook up all
	the signals.
	(ainitialize_contactcerts_ui): same.
	(initialize_authoritycerts_ui): same.
	(view_contact): treemodel -> streemodel.
	(view_ca): same.
	(delete_contact): same, and convert from the sort iter to the
	child iter before we remove.
	(delete_ca): same.
	(import_contact): call gtk_tree_view_expand_all.
	(import_ca): same.
	(add_user_cert): append to the child model, not the sort model.
	(add_contact_cert): same.
	(add_ca_cert): same.
	(unload_certs): implement the E_CERT_USER case, and fix the
	USER/CA stuff to use the sorted treemodels.
	(load_certs): remove spew.
	(populate_ui): expand all the tree views.

	* lib/.cvsignore: ignore the generated marshalling files.

	* lib/Makefile.am: add the marshalling foo.

	* lib/smime-marshal.list (BOOL): new file.

	* lib/e-cert-db.c (pk11_password): new function, emit the
	pk11_passwd signal.
	(initialize_nss): new function, split out all the nss init code
	here, and add all the PKCS12 cipers.
	(install_loadable_roots): new function, split this code out from
	the class_init.
	(e_cert_db_class_init): call initialize_nss() and
	install_loadable_roots().  also register our pk11_passwd signal.
	(e_cert_db_import_pkcs12_file): implement.
	(e_cert_db_login_to_slot): new function, implement.

	* lib/e-cert-db.h (struct _ECertDBClass): add pk11_passwd signal,
	and add prototype for e_cert_db_login_to_slot.

	* lib/e-pkcs12.c (input_to_decoder): remove spew.
	(prompt_for_password): fix this.
	(import_from_file_helper): fix fix fix, and remove spew.
	(write_export_file): nuke, we don't need this.

svn path=/trunk/; revision=24058

11 files changed, 581 insertions, 240 deletions

diff --git a/smime/ChangeLog b/smime/ChangeLog
index 9a83b21eab..bd723cd432 100644
--- a/smime/ChangeLog
+++ b/smime/ChangeLog
@@ -1,3 +1,61 @@
+2004-01-05  Chris Toshok  <toshok@ximian.com>
+
+	* gui/component.c (smime_pk11_passwd): new function, implement the
+	password dialog for PK11 slot authentication.
+	(smime_component_init): new function, initialize any gui related
+	signals that the backend exposes.
+
+	* gui/certificate-manager.c (import_your): use
+	e_cert_db_import_pkcs12_file.
+	(delete_your): new function, implement.
+	(view_your): same.
+	(backup_your): new function, stub out.
+	(backup_all_your): same.
+	(create_yourcerts_treemodel): new function.
+	(initialize_yourcerts_ui): do all the sorting foo, and hook up all
+	the signals.
+	(ainitialize_contactcerts_ui): same.
+	(initialize_authoritycerts_ui): same.
+	(view_contact): treemodel -> streemodel.
+	(view_ca): same.
+	(delete_contact): same, and convert from the sort iter to the
+	child iter before we remove.
+	(delete_ca): same.
+	(import_contact): call gtk_tree_view_expand_all.
+	(import_ca): same.
+	(add_user_cert): append to the child model, not the sort model.
+	(add_contact_cert): same.
+	(add_ca_cert): same.
+	(unload_certs): implement the E_CERT_USER case, and fix the
+	USER/CA stuff to use the sorted treemodels.
+	(load_certs): remove spew.
+	(populate_ui): expand all the tree views.
+
+	* lib/.cvsignore: ignore the generated marshalling files.
+	
+	* lib/Makefile.am: add the marshalling foo.
+
+	* lib/smime-marshal.list (BOOL): new file.
+
+	* lib/e-cert-db.c (pk11_password): new function, emit the
+	pk11_passwd signal.
+	(initialize_nss): new function, split out all the nss init code
+	here, and add all the PKCS12 cipers.
+	(install_loadable_roots): new function, split this code out from
+	the class_init.
+	(e_cert_db_class_init): call initialize_nss() and
+	install_loadable_roots().  also register our pk11_passwd signal.
+	(e_cert_db_import_pkcs12_file): implement.
+	(e_cert_db_login_to_slot): new function, implement.
+
+	* lib/e-cert-db.h (struct _ECertDBClass): add pk11_passwd signal,
+	and add prototype for e_cert_db_login_to_slot.
+
+	* lib/e-pkcs12.c (input_to_decoder): remove spew.
+	(prompt_for_password): fix this.
+	(import_from_file_helper): fix fix fix, and remove spew.
+	(write_export_file): nuke, we don't need this.
+	
 2004-01-04  Chris Toshok  <toshok@ximian.com>
 
 	* gui/certificate-viewer.c (fill_in_general): use <tt> markup
diff --git a/smime/gui/Makefile.am b/smime/gui/Makefile.am
index a15fdade86..614c2d5525 100644
--- a/smime/gui/Makefile.am
+++ b/smime/gui/Makefile.am
@@ -22,7 +22,10 @@ libevolution_smime_la_SOURCES = 	\
 	certificate-viewer.c		\
 	certificate-viewer.h		\
 	e-cert-selector.c		\
-	e-cert-selector.h
+	e-cert-selector.h		\
+	component.c			\
+	component.h
+
 
 libevolution_smime_la_LIBADD =			\
 	$(top_builddir)/smime/lib/libessmime.la	\
diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c
index d2ae5e4fea..3d2c1a31bf 100644
--- a/smime/gui/certificate-manager.c
+++ b/smime/gui/certificate-manager.c
@@ -33,7 +33,6 @@
 
 #include "e-cert.h"
 #include "e-cert-db.h"
-#include "e-pkcs12.h"
 
 #include "nss.h"
 #include <cms.h>
@@ -47,6 +46,7 @@ typedef struct {
 
 	GtkWidget *yourcerts_treeview;
 	GtkTreeStore *yourcerts_treemodel;
+	GtkTreeModel *yourcerts_streemodel;
 	GHashTable *yourcerts_root_hash;
 	GtkWidget *view_your_button;
 	GtkWidget *backup_your_button;
@@ -55,7 +55,7 @@ typedef struct {
 	GtkWidget *delete_your_button;
 
 	GtkWidget *contactcerts_treeview;
-	GtkTreeStore *contactcerts_treemodel;
+	GtkTreeModel *contactcerts_streemodel;
 	GHashTable *contactcerts_root_hash;
 	GtkWidget *view_contact_button;
 	GtkWidget *edit_contact_button;
@@ -63,7 +63,7 @@ typedef struct {
 	GtkWidget *delete_contact_button;
 
 	GtkWidget *authoritycerts_treeview;
-	GtkTreeStore *authoritycerts_treemodel;
+	GtkTreeModel *authoritycerts_streemodel;
 	GHashTable *authoritycerts_root_hash;
 	GtkWidget *view_ca_button;
 	GtkWidget *edit_ca_button;
@@ -123,13 +123,13 @@ import_your (GtkWidget *widget, CertificateManagerData *cfm)
 
 	if (GTK_RESPONSE_OK == gtk_dialog_run (GTK_DIALOG (filesel))) {
 		const char *filename = gtk_file_selection_get_filename (GTK_FILE_SELECTION (filesel));
-		EPKCS12 *pkcs12 = e_pkcs12_new ();
-
-		if (e_pkcs12_import_from_file (pkcs12, filename, NULL /* XXX */)) {
+		if (e_cert_db_import_pkcs12_file (e_cert_db_peek (),
+						  filename, NULL /* XXX */)) {
 			/* there's no telling how many certificates were added during the import,
 			   so we blow away the contact cert display and regenerate it. */
 			unload_certs (cfm, E_CERT_USER);
 			load_certs (cfm, E_CERT_USER, add_user_cert);
+			gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->yourcerts_treeview));
 		}
 	}
 
@@ -137,6 +137,72 @@ import_your (GtkWidget *widget, CertificateManagerData *cfm)
 }
 
 static void
+delete_your (GtkWidget *widget, CertificateManagerData *cfm)
+{
+	GtkTreeIter iter;
+
+	if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->yourcerts_treeview)),
+					     NULL,
+					     &iter)) {
+		ECert *cert;
+
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->yourcerts_streemodel),
+				    &iter,
+				    4, &cert,
+				    -1);
+
+		if (cert) {
+			GtkTreeIter child_iter;
+			printf ("DELETE\n");
+			e_cert_db_delete_cert (e_cert_db_peek (), cert);
+			gtk_tree_model_sort_convert_iter_to_child_iter (GTK_TREE_MODEL_SORT (cfm->yourcerts_streemodel),
+									&child_iter,
+									&iter);
+			gtk_tree_store_remove (GTK_TREE_STORE (gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->yourcerts_streemodel))),
+					       &child_iter);
+
+			/* we need two unrefs here, one to unref the
+			   gtk_tree_model_get above, and one to unref
+			   the initial ref when we created the cert
+			   and added it to the tree */
+			g_object_unref (cert);
+			g_object_unref (cert);
+		}
+	}
+					     
+}
+
+static void
+view_your (GtkWidget *widget, CertificateManagerData *cfm)
+{
+	GtkTreeIter iter;
+
+	if (gtk_tree_selection_get_selected (gtk_tree_view_get_selection (GTK_TREE_VIEW(cfm->yourcerts_treeview)),
+					     NULL,
+					     &iter)) {
+		ECert *cert;
+
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->yourcerts_streemodel),
+				    &iter,
+				    4, &cert,
+				    -1);
+
+		if (cert)
+			certificate_viewer_show (cert);
+	}
+}
+
+static void
+backup_your (GtkWidget *widget, CertificateManagerData *cfm)
+{
+}
+
+static void
+backup_all_your (GtkWidget *widget, CertificateManagerData *cfm)
+{
+}
+
+static void
 yourcerts_selection_changed (GtkTreeSelection *selection, CertificateManagerData *cfm)
 {
 	handle_selection_changed (selection,
@@ -146,70 +212,77 @@ yourcerts_selection_changed (GtkTreeSelection *selection, CertificateManagerData
 				  cfm->delete_your_button);
 }
 
+static GtkTreeModel*
+create_yourcerts_treemodel (void)
+{
+	return GTK_TREE_MODEL (gtk_tree_store_new (5,
+						   G_TYPE_STRING,
+						   G_TYPE_STRING,
+						   G_TYPE_STRING,
+						   G_TYPE_STRING,
+						   G_TYPE_OBJECT));
+}
+
 static void
 initialize_yourcerts_ui (CertificateManagerData *cfm)
 {
 	GtkCellRenderer *cell = gtk_cell_renderer_text_new ();
 	GtkTreeSelection *selection;
+	GtkTreeViewColumn *column;
 
+	column = gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
+							   cell,
+							   "text", 0,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
-									       cell,
-									       "text", 0,
-									       NULL));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 0);
 
+	column = gtk_tree_view_column_new_with_attributes (_("Purposes"),
+							   cell,
+							   "text", 1,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Purposes"),
-									       cell,
-									       "text", 1,
-									       NULL));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 1);
 
+	column = gtk_tree_view_column_new_with_attributes (_("Serial Number"),
+							   cell,
+							   "text", 2,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Serial Number"),
-									       cell,
-									       "text", 2,
-									       NULL));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 2);
 
+	column = gtk_tree_view_column_new_with_attributes (_("Expires"),
+							   cell,
+							   "text", 3,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->yourcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Expires"),
-									       cell,
-									       "text", 3,
-									       NULL));
-
-	cfm->yourcerts_treemodel = gtk_tree_store_new (5,
-						       G_TYPE_STRING,
-						       G_TYPE_STRING,
-						       G_TYPE_STRING,
-						       G_TYPE_STRING,
-						       G_TYPE_OBJECT);
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 3);
 
-	gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->yourcerts_treeview),
-				 GTK_TREE_MODEL (cfm->yourcerts_treemodel));
-
-	cfm->yourcerts_root_hash = g_hash_table_new (g_str_hash, g_str_equal);
+	gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->yourcerts_streemodel),
+					      0,
+					      GTK_SORT_ASCENDING);
 
 	selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cfm->yourcerts_treeview));
 	g_signal_connect (selection, "changed", G_CALLBACK (yourcerts_selection_changed), cfm);
 
-	if (cfm->import_your_button) {
+	if (cfm->import_your_button)
 		g_signal_connect (cfm->import_your_button, "clicked", G_CALLBACK (import_your), cfm);
-	}
 
-	if (cfm->delete_your_button) {
-		/* g_signal_connect */
-	}
+	if (cfm->delete_your_button)
+		g_signal_connect (cfm->delete_your_button, "clicked", G_CALLBACK (delete_your), cfm);
 
-	if (cfm->view_your_button) {
-		/* g_signal_connect */
-	}
+	if (cfm->view_your_button)
+		g_signal_connect (cfm->view_your_button, "clicked", G_CALLBACK (view_your), cfm);
 
-	if (cfm->backup_your_button) {
-		/* g_signal_connect */
-	}
+	if (cfm->backup_your_button)
+		g_signal_connect (cfm->backup_your_button, "clicked", G_CALLBACK (backup_your), cfm);
 
-	if (cfm->backup_all_your_button) {
-		/* g_signal_connect */
-	}
+	if (cfm->backup_all_your_button)
+		g_signal_connect (cfm->backup_all_your_button, "clicked", G_CALLBACK (backup_all_your), cfm);
 }
 
 static void
@@ -222,7 +295,7 @@ view_contact (GtkWidget *widget, CertificateManagerData *cfm)
 					     &iter)) {
 		ECert *cert;
 
-		gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_treemodel),
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_streemodel),
 				    &iter,
 				    3, &cert,
 				    -1);
@@ -249,6 +322,7 @@ import_contact (GtkWidget *widget, CertificateManagerData *cfm)
 			   so we blow away the contact cert display and regenerate it. */
 			unload_certs (cfm, E_CERT_CONTACT);
 			load_certs (cfm, E_CERT_CONTACT, add_contact_cert);
+			gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->contactcerts_treeview));
 		}
 	}
 
@@ -265,16 +339,20 @@ delete_contact (GtkWidget *widget, CertificateManagerData *cfm)
 					     &iter)) {
 		ECert *cert;
 
-		gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_treemodel),
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->contactcerts_streemodel),
 				    &iter,
 				    3, &cert,
 				    -1);
 
 		if (cert) {
+			GtkTreeIter child_iter;
 			printf ("DELETE\n");
 			e_cert_db_delete_cert (e_cert_db_peek (), cert);
-			gtk_tree_store_remove (cfm->contactcerts_treemodel,
-					       &iter);
+			gtk_tree_model_sort_convert_iter_to_child_iter (GTK_TREE_MODEL_SORT (cfm->contactcerts_streemodel),
+									&child_iter,
+									&iter);
+			gtk_tree_store_remove (GTK_TREE_STORE (gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->contactcerts_streemodel))),
+					       &child_iter);
 
 			/* we need two unrefs here, one to unref the
 			   gtk_tree_model_get above, and one to unref
@@ -297,14 +375,14 @@ contactcerts_selection_changed (GtkTreeSelection *selection, CertificateManagerD
 				  cfm->delete_contact_button);
 }
 
-static GtkTreeStore*
+static GtkTreeModel*
 create_contactcerts_treemodel (void)
 {
-	return gtk_tree_store_new (4,
-				   G_TYPE_STRING,
-				   G_TYPE_STRING,
-				   G_TYPE_STRING,
-				   G_TYPE_OBJECT);
+	return GTK_TREE_MODEL (gtk_tree_store_new (4,
+						   G_TYPE_STRING,
+						   G_TYPE_STRING,
+						   G_TYPE_STRING,
+						   G_TYPE_OBJECT));
 }
 
 static void
@@ -312,27 +390,31 @@ initialize_contactcerts_ui (CertificateManagerData *cfm)
 {
 	GtkCellRenderer *cell = gtk_cell_renderer_text_new ();
 	GtkTreeSelection *selection;
+	GtkTreeViewColumn *column;
 
+	column = gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
+							   cell,
+							   "text", 0,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
-									       cell,
-									       "text", 0,
-									       NULL));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 0);
 
+	column = gtk_tree_view_column_new_with_attributes (_("E-Mail Address"),
+							   cell,
+							   "text", 1,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("E-Mail Address"),
-									       cell,
-									       "text", 1,
-									       NULL));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 1);
 
+	column = gtk_tree_view_column_new_with_attributes (_("Purposes"),
+							   cell,
+							   "text", 2,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->contactcerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Purposes"),
-									       cell,
-									       "text", 2,
-									       NULL));
-
-	gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->contactcerts_treeview),
-				 GTK_TREE_MODEL (cfm->contactcerts_treemodel));
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 2);
 
 	cfm->contactcerts_root_hash = g_hash_table_new (g_str_hash, g_str_equal);
 
@@ -350,25 +432,6 @@ initialize_contactcerts_ui (CertificateManagerData *cfm)
 
 }
 
-static gint
-iter_string_compare (GtkTreeModel *model,
-		     GtkTreeIter  *a,
-		     GtkTreeIter  *b,
-		     gpointer      user_data)
-{
-	char *string1, *string2;
-
-	gtk_tree_model_get (model, a,
-			    0, &string1,
-			    -1);
-
-	gtk_tree_model_get (model, b,
-			    0, &string2,
-			    -1);
-
-	return g_utf8_collate (string1, string2);
-}
-
 static void
 view_ca (GtkWidget *widget, CertificateManagerData *cfm)
 {
@@ -379,7 +442,7 @@ view_ca (GtkWidget *widget, CertificateManagerData *cfm)
 					     &iter)) {
 		ECert *cert;
 
-		gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_treemodel),
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_streemodel),
 				    &iter,
 				    1, &cert,
 				    -1);
@@ -406,6 +469,7 @@ import_ca (GtkWidget *widget, CertificateManagerData *cfm)
 			   so we blow away the CA cert display and regenerate it. */
 			unload_certs (cfm, E_CERT_CA);
 			load_certs (cfm, E_CERT_CA, add_ca_cert);
+			gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->authoritycerts_treeview));
 		}
 	}
 
@@ -422,16 +486,20 @@ delete_ca (GtkWidget *widget, CertificateManagerData *cfm)
 					     &iter)) {
 		ECert *cert;
 
-		gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_treemodel),
+		gtk_tree_model_get (GTK_TREE_MODEL (cfm->authoritycerts_streemodel),
 				    &iter,
 				    1, &cert,
 				    -1);
 
 		if (cert) {
+			GtkTreeIter child_iter;
 			printf ("DELETE\n");
 			e_cert_db_delete_cert (e_cert_db_peek (), cert);
-			gtk_tree_store_remove (cfm->authoritycerts_treemodel,
-					       &iter);
+			gtk_tree_model_sort_convert_iter_to_child_iter (GTK_TREE_MODEL_SORT (cfm->authoritycerts_streemodel),
+									&child_iter,
+									&iter);
+			gtk_tree_store_remove (GTK_TREE_STORE (gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->authoritycerts_streemodel))),
+					       &child_iter);
 
 			/* we need two unrefs here, one to unref the
 			   gtk_tree_model_get above, and one to unref
@@ -454,12 +522,12 @@ authoritycerts_selection_changed (GtkTreeSelection *selection, CertificateManage
 				  cfm->delete_ca_button);
 }
 
-static GtkTreeStore*
+static GtkTreeModel*
 create_authoritycerts_treemodel (void)
 {
-	return gtk_tree_store_new (2,
-				   G_TYPE_STRING,
-				   G_TYPE_OBJECT);
+	return GTK_TREE_MODEL (gtk_tree_store_new (2,
+						   G_TYPE_STRING,
+						   G_TYPE_OBJECT));
 
 }
 
@@ -468,20 +536,15 @@ initialize_authoritycerts_ui (CertificateManagerData *cfm)
 {
 	GtkCellRenderer *cell = gtk_cell_renderer_text_new ();
 	GtkTreeSelection *selection;
+	GtkTreeViewColumn *column;
 
+	column = gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
+							   cell,
+							   "text", 0,
+							   NULL);
 	gtk_tree_view_append_column (GTK_TREE_VIEW (cfm->authoritycerts_treeview),
-				     gtk_tree_view_column_new_with_attributes (_("Certificate Name"),
-									       cell,
-									       "text", 0,
-									       NULL));
-
-	gtk_tree_sortable_set_sort_func (GTK_TREE_SORTABLE (cfm->authoritycerts_treemodel),
-					 0,
-					 iter_string_compare, NULL, NULL);
-
-	gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->authoritycerts_treemodel),
-					      0,
-					      GTK_SORT_ASCENDING);
+				     column);
+	gtk_tree_view_column_set_sort_column_id (column, 0);
 
 	selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (cfm->authoritycerts_treeview));
 	g_signal_connect (selection, "changed", G_CALLBACK (authoritycerts_selection_changed), cfm);
@@ -502,14 +565,15 @@ add_user_cert (CertificateManagerData *cfm, ECert *cert)
 	GtkTreeIter iter;
 	GtkTreeIter *parent_iter = NULL;
 	const char *organization = e_cert_get_org (cert);
+	GtkTreeModel *model = gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->yourcerts_streemodel));
 
 	if (organization) {
 		parent_iter = g_hash_table_lookup (cfm->yourcerts_root_hash, organization);
 		if (!parent_iter) {
 			/* create a new toplevel node */
-			gtk_tree_store_append (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, NULL);
+			gtk_tree_store_append (GTK_TREE_STORE (model), &iter, NULL);
 		
-			gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter,
+			gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 					    0, organization, -1);
 
 			/* now copy it off into parent_iter and insert it into
@@ -519,15 +583,15 @@ add_user_cert (CertificateManagerData *cfm, ECert *cert)
 		}
 	}
 
-	gtk_tree_store_append (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter, parent_iter);
+	gtk_tree_store_append (GTK_TREE_STORE (model), &iter, parent_iter);
 
 	if (e_cert_get_cn (cert))
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_cn (cert),
 				    4, cert,
 				    -1);
 	else
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->yourcerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_nickname (cert),
 				    4, cert,
 				    -1);
@@ -539,14 +603,15 @@ add_contact_cert (CertificateManagerData *cfm, ECert *cert)
 	GtkTreeIter iter;
 	GtkTreeIter *parent_iter = NULL;
 	const char *organization = e_cert_get_org (cert);
+	GtkTreeModel *model = gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->contactcerts_streemodel));
 
 	if (organization) {
 		parent_iter = g_hash_table_lookup (cfm->contactcerts_root_hash, organization);
 		if (!parent_iter) {
 			/* create a new toplevel node */
-			gtk_tree_store_append (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, NULL);
+			gtk_tree_store_append (GTK_TREE_STORE (model), &iter, NULL);
 		
-			gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter,
+			gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 					    0, organization, -1);
 
 			/* now copy it off into parent_iter and insert it into
@@ -556,16 +621,16 @@ add_contact_cert (CertificateManagerData *cfm, ECert *cert)
 		}
 	}
 
-	gtk_tree_store_append (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter, parent_iter);
+	gtk_tree_store_append (GTK_TREE_STORE (model), &iter, parent_iter);
 
 	if (e_cert_get_cn (cert))
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_cn (cert),
 				    1, e_cert_get_email (cert),
 				    3, cert,
 				    -1);
 	else
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->contactcerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_nickname (cert),
 				    1, e_cert_get_email (cert),
 				    3, cert,
@@ -578,14 +643,16 @@ add_ca_cert (CertificateManagerData *cfm, ECert *cert)
 	GtkTreeIter iter;
 	GtkTreeIter *parent_iter = NULL;
 	const char *organization = e_cert_get_org (cert);
+	GtkTreeModel *model = gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (cfm->authoritycerts_streemodel));
 
 	if (organization) {
 		parent_iter = g_hash_table_lookup (cfm->authoritycerts_root_hash, organization);
 		if (!parent_iter) {
 			/* create a new toplevel node */
-			gtk_tree_store_append (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, NULL);
+			gtk_tree_store_append (GTK_TREE_STORE (model),
+					       &iter, NULL);
 		
-			gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter,
+			gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 					    0, organization, -1);
 
 			/* now copy it off into parent_iter and insert it into
@@ -596,15 +663,15 @@ add_ca_cert (CertificateManagerData *cfm, ECert *cert)
 	}
 
 
-	gtk_tree_store_append (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter, parent_iter);
+	gtk_tree_store_append (GTK_TREE_STORE (model), &iter, parent_iter);
 
 	if (e_cert_get_cn (cert))
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_cn (cert),
 				    1, cert,
 				    -1);
 	else
-		gtk_tree_store_set (GTK_TREE_STORE (cfm->authoritycerts_treemodel), &iter,
+		gtk_tree_store_set (GTK_TREE_STORE (model), &iter,
 				    0, e_cert_get_nickname (cert),
 				    1, cert,
 				    -1);
@@ -626,13 +693,42 @@ static void
 unload_certs (CertificateManagerData *cfm,
 	      ECertType type)
 {
+	GtkTreeModel *treemodel;
+
 	switch (type) {
 	case E_CERT_USER:
+		treemodel = create_yourcerts_treemodel ();
+
+		cfm->yourcerts_streemodel = gtk_tree_model_sort_new_with_model (GTK_TREE_MODEL (treemodel));
+
+		g_object_unref (treemodel);
+
+		gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->yourcerts_treeview),
+					 cfm->yourcerts_streemodel);
+
+		gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->yourcerts_streemodel),
+						      0,
+						      GTK_SORT_ASCENDING);
+
+		if (cfm->yourcerts_root_hash)
+			g_hash_table_destroy (cfm->yourcerts_root_hash);
+
+		cfm->yourcerts_root_hash = g_hash_table_new_full (g_str_hash, g_str_equal,
+								  destroy_key, destroy_value);
 		break;
 	case E_CERT_CONTACT:
-		cfm->contactcerts_treemodel = create_contactcerts_treemodel ();
+		treemodel = create_contactcerts_treemodel ();
+
+		cfm->contactcerts_streemodel = gtk_tree_model_sort_new_with_model (GTK_TREE_MODEL (treemodel));
+
+		g_object_unref (treemodel);
+
 		gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->contactcerts_treeview),
-					 GTK_TREE_MODEL (cfm->contactcerts_treemodel));
+					 cfm->contactcerts_streemodel);
+
+		gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->contactcerts_streemodel),
+						      0,
+						      GTK_SORT_ASCENDING);
 
 		if (cfm->contactcerts_root_hash)
 			g_hash_table_destroy (cfm->contactcerts_root_hash);
@@ -643,9 +739,18 @@ unload_certs (CertificateManagerData *cfm,
 	case E_CERT_SITE:
 		break;
 	case E_CERT_CA:
-		cfm->authoritycerts_treemodel = create_authoritycerts_treemodel ();
+		treemodel = create_authoritycerts_treemodel ();
+
+		cfm->authoritycerts_streemodel = gtk_tree_model_sort_new_with_model (GTK_TREE_MODEL (treemodel));
+
+		g_object_unref (treemodel);
+
 		gtk_tree_view_set_model (GTK_TREE_VIEW (cfm->authoritycerts_treeview),
-					 GTK_TREE_MODEL (cfm->authoritycerts_treemodel));
+					 cfm->authoritycerts_streemodel);
+
+		gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (cfm->authoritycerts_streemodel),
+						      0,
+						      GTK_SORT_ASCENDING);
 
 		if (cfm->authoritycerts_root_hash)
 			g_hash_table_destroy (cfm->authoritycerts_root_hash);
@@ -671,18 +776,14 @@ load_certs (CertificateManagerData *cfm,
 
 	certList = PK11_ListCerts (PK11CertListUnique, NULL);
 
-	printf ("certList = %p\n", certList);
-
 	for (node = CERT_LIST_HEAD(certList);
 	     !CERT_LIST_END(node, certList);
 	     node = CERT_LIST_NEXT(node)) {
 		ECert *cert = e_cert_new ((CERTCertificate*)node->cert);
 		if (e_cert_get_cert_type(cert) == type) {
-			printf ("cert (nickname = '%s') matches\n", e_cert_get_nickname (cert));
 			add_cert (cfm, cert);
 		}
 	}
-
 }
 
 static void
@@ -696,6 +797,11 @@ populate_ui (CertificateManagerData *cfm)
 
 	unload_certs (cfm, E_CERT_CA);
 	load_certs (cfm, E_CERT_CA, add_ca_cert);
+
+	/* expand all three trees */
+	gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->yourcerts_treeview));
+	gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->contactcerts_treeview));
+	gtk_tree_view_expand_all (GTK_TREE_VIEW (cfm->authoritycerts_treeview));
 }
 
 EvolutionConfigControl*
diff --git a/smime/gui/component.c b/smime/gui/component.c
new file mode 100644
index 0000000000..7c9658b9d1
--- /dev/null
+++ b/smime/gui/component.c
@@ -0,0 +1,61 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ *  Authors: Chris Toshok <toshok@ximian.com>
+ *
+ *  Copyright (C) 2004 Novell, Inc. (www.novell.com)
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#include <libgnome/gnome-i18n.h>
+#include "e-cert-db.h"
+#include "e-util/e-passwords.h"
+#include "pk11func.h"
+
+static gboolean
+smime_pk11_passwd (ECertDB *db, PK11SlotInfo* slot, gboolean retry, char **passwd, gpointer arg)
+{
+	char *prompt;
+	char *slot_name = g_strdup (PK11_GetSlotName (slot));
+
+	g_strchomp (slot_name);
+
+	prompt = g_strdup_printf (_("Enter the password for `%s'"), slot_name);
+	g_free (slot_name);
+
+	*passwd = e_passwords_ask_password (_("Enter password"), NULL, NULL,
+					    prompt, TRUE,
+					    E_PASSWORDS_DO_NOT_REMEMBER, NULL,
+					    NULL);
+
+	g_free (prompt);
+
+	/* this should return FALSE if they canceled. */
+	return TRUE;
+}
+
+void
+smime_component_init (void)
+{
+	static gboolean init_done = FALSE;
+	if (init_done)
+		return;
+
+	init_done = TRUE;
+	g_signal_connect (e_cert_db_peek (),
+			  "pk11_passwd",
+			  G_CALLBACK (smime_pk11_passwd), NULL);
+}
diff --git a/smime/gui/component.h b/smime/gui/component.h
new file mode 100644
index 0000000000..dbcd97bd2a
--- /dev/null
+++ b/smime/gui/component.h
@@ -0,0 +1,28 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ *  Authors: Chris Toshok <toshok@ximian.com>
+ *
+ *  Copyright (C) 2004 Novell, Inc. (www.novell.com)
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#ifndef _SMIME_COMPONENT_H_
+#define _SMIME_COMPONENT_H_
+
+void smime_component_init (void);
+
+#endif /* _SMIME_COMPONENT_H_ */
diff --git a/smime/lib/.cvsignore b/smime/lib/.cvsignore
index 74b73492ca..7798e01d25 100644
--- a/smime/lib/.cvsignore
+++ b/smime/lib/.cvsignore
@@ -1,3 +1,4 @@
 Makefile
 Makefile.in
 *.la
+smime-marshal.[ch]
diff --git a/smime/lib/Makefile.am b/smime/lib/Makefile.am
index f534fd01f3..a9068e3b18 100644
--- a/smime/lib/Makefile.am
+++ b/smime/lib/Makefile.am
@@ -16,6 +16,7 @@ INCLUDES =						\
 noinst_LTLIBRARIES = libessmime.la
 
 libessmime_la_SOURCES = 	\
+	$(MARSHAL_GENERATED)	\
 	e-asn1-object.c		\
 	e-asn1-object.h		\
 	e-cert.c		\
@@ -26,3 +27,9 @@ libessmime_la_SOURCES = 	\
 	e-cert-db.h		\
 	e-pkcs12.c		\
 	e-pkcs12.h
+
+MARSHAL_GENERATED = smime-marshal.c smime-marshal.h
+@EVO_MARSHAL_RULE@
+
+BUILT_SOURCES = $(MARSHAL_GENERATED)
+CLEANFILES = $(BUILT_SOURCES)
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
index 5acdf4e847..d37805d7c4 100644
--- a/smime/lib/e-cert-db.c
+++ b/smime/lib/e-cert-db.c
@@ -62,18 +62,23 @@
 #define CERT_NewTempCertificate __CERT_NewTempCertificate
 #define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
 
+#include "smime-marshal.h"
 #include "e-cert-db.h"
 #include "e-cert-trust.h"
+#include "e-pkcs12.h"
 
 #include "gmodule.h"
 
 #include "nss.h"
+#include "ssl.h"
+#include "p12plcy.h"
 #include "pk11func.h"
 #include "secmod.h"
 #include "certdb.h"
 #include "plstr.h"
 #include "prprf.h"
 #include "prmem.h"
+#include "e-util/e-passwords.h"
 #include "e-util/e-dialog-utils.h"
 #include <gtk/gtkmessagedialog.h>
 #include <libgnome/gnome-i18n.h>
@@ -82,6 +87,13 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+enum {
+	PK11_PASSWD,
+	LAST_SIGNAL
+};
+
+static guint e_cert_db_signals[LAST_SIGNAL];
+
 struct _ECertDBPrivate {
 };
 
@@ -109,21 +121,45 @@ e_cert_db_dispose (GObject *object)
 		G_OBJECT_CLASS (parent_class)->dispose (object);
 }
 
+PRBool
+ucs2_ascii_conversion_fn (PRBool toUnicode,
+			  unsigned char *inBuf,
+			  unsigned int inBufLen,
+			  unsigned char *outBuf,
+			  unsigned int maxOutBufLen,
+			  unsigned int *outBufLen,
+			  PRBool swapBytes)
+{
+	printf ("in ucs2_ascii_conversion_fn\n");
+}
+
+static char* PR_CALLBACK
+pk11_password (PK11SlotInfo* slot, PRBool retry, void* arg)
+{
+	char *pwd;
+	char *nsspwd;
+
+	gboolean rv = FALSE;
+
+	g_signal_emit (e_cert_db_peek (),
+		       e_cert_db_signals[PK11_PASSWD], 0,
+		       slot,
+		       retry,
+		       &pwd,
+		       &rv);
+
+	nsspwd = PORT_Strdup (pwd);
+	memset (pwd, 0, strlen (pwd));
+	g_free (pwd);
+	return nsspwd;
+}
+
 static void
-e_cert_db_class_init (ECertDBClass *klass)
+initialize_nss (void)
 {
-	GObjectClass *object_class;
 	char *evolution_dir_path;
 	gboolean success;
-	gboolean has_roots;
-	PK11SlotList *list;
 
-	object_class = G_OBJECT_CLASS(klass);
-
-	parent_class = g_type_class_ref (PARENT_TYPE);
-
-	object_class->dispose = e_cert_db_dispose;
-	
 	evolution_dir_path = g_build_path ("/", g_get_home_dir (), ".evolution", NULL);
 
 	/* we initialize NSS here to make sure it only happens once */
@@ -142,11 +178,29 @@ e_cert_db_class_init (ECertDBClass *klass)
 
 	if (!success) {
 		g_warning ("Failed all methods for initializing NSS");
+		return;
 	}
 
-	/*
-	 * check to see if you have a rootcert module installed
-	 */
+	NSS_SetDomesticPolicy();
+
+	PK11_SetPasswordFunc(pk11_password);
+
+	/* Enable ciphers for PKCS#12 */
+	SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+	SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+	SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+	SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+	SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+	SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+	SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+	PORT_SetUCS2_ASCIIConversionFunction(ucs2_ascii_conversion_fn);
+}
+
+static void
+install_loadable_roots (void)
+{
+	gboolean has_roots;
+	PK11SlotList *list;
 
 	has_roots = FALSE;
 	list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
@@ -189,6 +243,32 @@ e_cert_db_class_init (ECertDBClass *klass)
 }
 
 static void
+e_cert_db_class_init (ECertDBClass *klass)
+{
+	GObjectClass *object_class;
+
+	object_class = G_OBJECT_CLASS(klass);
+
+	parent_class = g_type_class_ref (PARENT_TYPE);
+
+	object_class->dispose = e_cert_db_dispose;
+
+	initialize_nss();
+	/* check to see if you have a rootcert module installed */
+	install_loadable_roots();
+
+	e_cert_db_signals[PK11_PASSWD] =
+		g_signal_new ("pk11_passwd",
+			      G_OBJECT_CLASS_TYPE (object_class),
+			      G_SIGNAL_RUN_LAST,
+			      G_STRUCT_OFFSET (ECertDBClass, pk11_passwd),
+			      NULL, NULL,
+			      smime_marshal_BOOLEAN__POINTER_BOOLEAN_POINTER,
+			      G_TYPE_BOOLEAN, 3,
+			      G_TYPE_POINTER, G_TYPE_BOOLEAN, G_TYPE_POINTER);
+}
+
+static void
 e_cert_db_init (ECertDB *ec)
 {
 	ec->priv = g_new0 (ECertDBPrivate, 1);
@@ -250,14 +330,6 @@ e_cert_db_find_cert_by_nickname (ECertDB *certdb,
 	CERTCertificate *cert = NULL;
 
 	/*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));*/
-#if 0
-	/* what it should be, but for now...*/
-	if (aToken) {
-		cert = PK11_FindCertFromNickname(asciiname, NULL);
-	} else {
-		cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
-	}
-#endif
 	cert = PK11_FindCertFromNickname((char*)nickname, NULL);
 	if (!cert) {
 		cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char*)nickname);
@@ -1013,6 +1085,15 @@ e_cert_db_import_pkcs12_file (ECertDB *cert_db,
 			      const char *file_path,
 			      GError **error)
 {
+	EPKCS12 *pkcs12 = e_pkcs12_new ();
+	GError *e = NULL;
+
+	if (!e_pkcs12_import_from_file (pkcs12, file_path, &e)) {
+		g_propagate_error (error, e);
+		return FALSE;
+	}
+
+	return TRUE;
 }
 
 gboolean
@@ -1023,6 +1104,28 @@ e_cert_db_export_pkcs12_file (ECertDB *cert_db,
 {
 }
 
+gboolean
+e_cert_db_login_to_slot (ECertDB *cert_db,
+			 PK11SlotInfo *slot)
+{
+	if (PK11_NeedLogin (slot)) {
+		PK11_Logout (slot);
+
+		if (PK11_NeedUserInit (slot)) {
+			printf ("initializing slot password\n");
+			/* the user needs to specify the initial password */
+			PK11_InitPin (slot, "", "farcl.");
+		}
+
+		if (PK11_Authenticate (slot, PR_TRUE, NULL) != SECSuccess) {
+			printf ("PK11_Authenticate failed (err = %d/%d)\n", PORT_GetError(), PORT_GetError() + 0x2000);
+			return FALSE;
+		}
+	}
+
+	return TRUE;
+}
+
 
 
 static SECStatus PR_CALLBACK
diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
index ffc381587a..d31fc02186 100644
--- a/smime/lib/e-cert-db.h
+++ b/smime/lib/e-cert-db.h
@@ -47,6 +47,9 @@ struct _ECertDB {
 struct _ECertDBClass {
 	GObjectClass parent_class;
 
+	/* signals */
+	gboolean (*pk11_passwd) (ECertDB *db, PK11SlotInfo *slot, gboolean retry, char **passwd);
+
 	/* Padding for future expansion */
 	void (*_ecert_reserved0) (void);
 	void (*_ecert_reserved1) (void);
@@ -124,5 +127,7 @@ gboolean             e_cert_db_export_pkcs12_file (ECertDB *cert_db,
 						   GList *certs,
 						   GError **error);
 
+gboolean             e_cert_db_login_to_slot      (ECertDB *cert_db,
+						   PK11SlotInfo *slot);
 
 #endif /* _E_CERT_DB_H_ */
diff --git a/smime/lib/e-pkcs12.c b/smime/lib/e-pkcs12.c
index 3092944196..0a9bb3bc74 100644
--- a/smime/lib/e-pkcs12.c
+++ b/smime/lib/e-pkcs12.c
@@ -63,30 +63,29 @@
 #include <unistd.h>
 
 #include "e-util/e-passwords.h"
+#include "e-cert-db.h"
 #include "e-pkcs12.h"
 
 #include "prmem.h"
 #include "nss.h"
+#include "ssl.h"
 #include "pkcs12.h"
 #include "p12plcy.h"
 #include "pk11func.h"
 #include "secerr.h"
 
 struct _EPKCS12Private {
-	int tmp_fd;
-	char *tmp_path;
+	int mumble;
 };
 
 #define PARENT_TYPE G_TYPE_OBJECT
 static GObjectClass *parent_class;
 
-// static callback functions for the NSS PKCS#12 library
+/* static callback functions for the NSS PKCS#12 library */
 static SECItem * PR_CALLBACK nickname_collision(SECItem *, PRBool *, void *);
-static void      PR_CALLBACK write_export_file(void *arg, const char *buf, unsigned long len);
 
 static gboolean handle_error(int myerr);
 
-#define PKCS12_TMPFILENAME         ".p12tmp"
 #define PKCS12_BUFFER_SIZE         2048
 #define PKCS12_RESTORE_OK          1
 #define PKCS12_BACKUP_OK           2
@@ -185,20 +184,16 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro
 	while (TRUE) {
 		amount = fread (buf, 1, sizeof (buf), fp);
 		if (amount < 0) {
-			printf ("got -1 fread\n");
 			fclose (fp);
 			return FALSE;
 		}
+
 		/* feed the file data into the decoder */
 		srv = SEC_PKCS12DecoderUpdate(dcx, 
 					      (unsigned char*) buf, 
 					      amount);
 		if (srv) {
-			/* don't allow the close call to overwrite our precious error code */
 			/* XXX g_error */
-			int pr_err = PORT_GetError();
-			PORT_SetError(pr_err);
-			printf ("SEC_PKCS12DecoderUpdate returned %d\n", srv);
 			fclose (fp);
 			return FALSE;
 		}
@@ -209,6 +204,9 @@ input_to_decoder (SEC_PKCS12DecoderContext *dcx, const char *path, GError **erro
 	return TRUE;
 }
 
+/* XXX toshok - this needs to be done using a signal as in the
+   e_cert_db_login_to_slot stuff, instead of a direct gui dep here..
+   for now, though, it stays. */
 static gboolean
 prompt_for_password (char *title, char *prompt, SECItem *pwd)
 {
@@ -219,8 +217,27 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd)
 					   NULL);
 
 	if (passwd) {
-		SECITEM_AllocItem(NULL, pwd, PL_strlen (passwd));
-		memcpy (pwd->data, passwd, strlen (passwd));
+		int len = g_utf8_strlen (passwd, -1);
+		gunichar2 uni;
+		int i;
+		char *p;
+
+		SECITEM_AllocItem(NULL, pwd, sizeof (gunichar2) * (len + 1));
+		memset (pwd->data, 0, sizeof (gunichar2) * (len + 1));
+
+#ifdef IS_LITTLE_ENDIAN
+		p = passwd;
+		for (i=0; i < len; i++) {
+			uni = (gunichar2)(g_utf8_get_char (p) & 0xFFFF);
+			p = g_utf8_next_char (p);
+
+			pwd->data[2*i] = (unsigned char)(uni >> 8);
+			pwd->data[2*i+1] = (unsigned char)(uni & 0xFF);
+		}
+#else
+		memcpy (pwd->data, uni, pwd->len-2);
+#endif
+		memset (passwd, 0, strlen (passwd));
 		g_free (passwd);
 	}
 
@@ -228,19 +245,17 @@ prompt_for_password (char *title, char *prompt, SECItem *pwd)
 }
 
 static gboolean
-import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry, GError **error)
+import_from_file_helper (EPKCS12 *pkcs12, PK11SlotInfo *slot,
+			 const char *path, gboolean *aWantRetry, GError **error)
 {
 	/*nsNSSShutDownPreventionLock locker; */
-	gboolean rv = TRUE;
+	gboolean rv;
 	SECStatus srv = SECSuccess;
 	SEC_PKCS12DecoderContext *dcx = NULL;
 	SECItem passwd;
 	GError *err = NULL;
-	PK11SlotInfo *slot = PK11_GetInternalKeySlot (); /* XXX toshok - we
-							    hardcode this
-							    here */
-	*aWantRetry = FALSE;
 
+	*aWantRetry = FALSE;
 
 	passwd.data = NULL;
 	rv = prompt_for_password (_("PKCS12 File Password"), _("Enter password for PKCS12 file:"), &passwd);
@@ -250,32 +265,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
 		return TRUE;
 	}
 
-#if notyet
-	/* XXX we don't need this block as long as we hardcode the
-	   slot above */
-	nsXPIDLString tokenName;
-	nsXPIDLCString tokenNameCString;
-	const char *tokNameRef;
-  
-
-	mToken->GetTokenName (getter_Copies(tokenName));
-	tokenNameCString.Adopt (ToNewUTF8String(tokenName));
-	tokNameRef = tokenNameCString; /* I do this here so that the
-					  NS_CONST_CAST below doesn't
-					  break the build on Win32 */
-
-	slot = PK11_FindSlotByName (NS_CONST_CAST(char*,tokNameRef));
-	if (!slot) {
-		srv = SECFailure;
-		goto finish;
-	}
-#endif
-
 	/* initialize the decoder */
-	dcx = SEC_PKCS12DecoderStart (&passwd, slot, NULL,
-				      NULL, NULL,
-				      NULL, NULL,
-				      pkcs12);
+	dcx = SEC_PKCS12DecoderStart (&passwd,
+				      slot,
+				      /* we specify NULL for all the
+					 funcs + data so it'll use the
+					 default pk11wrap functions */
+				      NULL, NULL, NULL,
+				      NULL, NULL, NULL);
 	if (!dcx) {
 		srv = SECFailure;
 		goto finish;
@@ -289,19 +286,21 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
 			// inputToDecoder indicated a NSS error
 			srv = SECFailure;
 		}
+#else
+		srv = SECFailure;
 #endif
 		goto finish;
 	}
 
 	/* verify the blob */
 	srv = SEC_PKCS12DecoderVerify (dcx);
-	if (srv) { printf ("decoderverify failed\n"); goto finish; }
+	if (srv) goto finish;
 	/* validate bags */
 	srv = SEC_PKCS12DecoderValidateBags (dcx, nickname_collision);
-	if (srv) { printf ("decodervalidatebags failed\n"); goto finish; }
+	if (srv) goto finish;
 	/* import cert and key */
 	srv = SEC_PKCS12DecoderImportBags (dcx);
-	if (srv) { printf ("decoderimportbags failed\n"); goto finish; }
+	if (srv) goto finish;
 	/* Later - check to see if this should become default email cert */
 	handle_error (PKCS12_RESTORE_OK);
  finish:
@@ -309,18 +308,14 @@ import_from_file_helper (EPKCS12 *pkcs12, const char *path, gboolean *aWantRetry
 	   We should use that error code instead of inventing a new one
 	   for every error possible. */
 	if (srv != SECSuccess) {
-		printf ("srv != SECSuccess\n");
 		if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
-			printf ("BAD PASSWORD\n");
 			*aWantRetry = TRUE;
 		}
 		handle_error(PKCS12_NSS_ERROR);
 	} else if (!rv) {
 		handle_error(PKCS12_RESTORE_FAILED);
 	}
-	if (slot)
-		PK11_FreeSlot(slot);
-	// finish the decoder
+	/* finish the decoder */
 	if (dcx)
 		SEC_PKCS12DecoderFinish(dcx);
 	return TRUE;
@@ -332,32 +327,17 @@ e_pkcs12_import_from_file (EPKCS12 *pkcs12, const char *path, GError **error)
 	/*nsNSSShutDownPreventionLock locker;*/
 	gboolean rv = TRUE;
 	gboolean wantRetry;
+	PK11SlotInfo *slot;
   
+	printf ("importing pkcs12 from `%s'\n", path);
 
-#if 0
-	/* XXX we don't use tokens yet */
-	if (!mToken) {
-		if (!mTokenSet) {
-			rv = SetToken(NULL); // Ask the user to pick a slot
-			if (NS_FAILED(rv)) {
-				handle_error(PKCS12_USER_CANCELED);
-				return rv;
-			}
-		}
-	}
+	slot = PK11_GetInternalKeySlot();
 
-	if (!mToken) {
-		handle_error(PKCS12_RESTORE_FAILED);
-		return NS_ERROR_NOT_AVAILABLE;
-	}
+	if (!e_cert_db_login_to_slot (e_cert_db_peek (), slot))
+		return FALSE;
 
-	/* init slot */
-	rv = mToken->Login(PR_TRUE);
-	if (NS_FAILED(rv)) return rv;
-#endif
-  
 	do {
-		rv = import_from_file_helper (pkcs12, path, &wantRetry, error);
+		rv = import_from_file_helper (pkcs12, slot, path, &wantRetry, error);
 	} while (rv && wantRetry);
 
 	return rv;
@@ -433,18 +413,6 @@ nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
 	return new_nick;
 }
 
-/* write bytes to the exported PKCS#12 file */
-static void PR_CALLBACK
-write_export_file(void *arg, const char *buf, unsigned long len)
-{
-	EPKCS12 *pkcs12 = E_PKCS12 (arg);
-	EPKCS12Private *priv = pkcs12->priv;
-
-	printf ("write_export_file\n");
-
-	write (priv->tmp_fd, buf, len);
-}
-
 static gboolean
 handle_error(int myerr)
 {
diff --git a/smime/lib/smime-marshal.list b/smime/lib/smime-marshal.list
new file mode 100644
index 0000000000..97c7a93233
--- /dev/null
+++ b/smime/lib/smime-marshal.list
@@ -0,0 +1 @@
+BOOL:POINTER,BOOL,POINTER