Bug 1319252 - Remove nsIX509Cert.getAllTokenNames(). r=keeler,mossop

nsIX509Cert.getAllTokenNames() is only used (improperly) to determine if a
certificate is a built-in. nsIX509Cert.isBuiltInRoot should be used instead.

MozReview-Commit-ID: LBwI8nTc05C

--HG--
extra : rebase_source : 9494cd1243395b0d293022e981f64be560a54dec

security/manager/ssl/nsIX509Cert.idl

@@ -235,19 +235,6 @@ interface nsIX509Cert : nsISupports {
    */
    [notxpcom, noscript] CERTCertificatePtr getCert();
 
-  /**
-   * Human readable names identifying all hardware or
-   * software tokens the certificate is stored on.
-   *
-   * @param length On success, the number of entries in the returned array.
-   * @return On success, an array containing the names of all tokens
-   *         the certificate is stored on (may be empty).
-   *         On failure the function throws/returns an error.
-   */
-  void getAllTokenNames(out unsigned long length,
-                       [retval, array, size_is(length)] out wstring
-                       tokenNames);
-
   /**
    * Either delete the certificate from all cert databases,
    * or mark it as untrusted.

security/manager/ssl/nsNSSCertificate.cpp

@@ -724,55 +724,6 @@ nsNSSCertificate::GetChain(nsIArray** _rvChain)
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames)
-{
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown())
-    return NS_ERROR_NOT_AVAILABLE;
-
-  NS_ENSURE_ARG(aLength);
-  NS_ENSURE_ARG(aTokenNames);
-  *aLength = 0;
-  *aTokenNames = nullptr;
-
-  // Get the slots from NSS
-  UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr));
-  if (!slots) {
-    if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
-      return NS_OK; // List of slots is empty, return empty array
-    }
-    return NS_ERROR_FAILURE;
-  }
-
-  // read the token names from slots
-  PK11SlotListElement* le;
-
-  for (le = slots->head; le; le = le->next) {
-    ++(*aLength);
-  }
-
-  *aTokenNames = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength));
-  if (!*aTokenNames) {
-    *aLength = 0;
-    return NS_ERROR_OUT_OF_MEMORY;
-  }
-
-  uint32_t iToken;
-  for (le = slots->head, iToken = 0; le; le = le->next, ++iToken) {
-    char* token = PK11_GetTokenName(le->slot);
-    (*aTokenNames)[iToken] = ToNewUnicode(NS_ConvertUTF8toUTF16(token));
-    if (!(*aTokenNames)[iToken]) {
-      NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames);
-      *aLength = 0;
-      *aTokenNames = nullptr;
-      return NS_ERROR_OUT_OF_MEMORY;
-    }
-  }
-
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsNSSCertificate::GetSubjectName(nsAString& _subjectName)
 {

security/manager/tools/genHPKPStaticPins.js

@@ -100,21 +100,6 @@ function stripComments(buf) {
   return data;
 }
 
-function isBuiltinToken(tokenName) {
-  return tokenName == "Builtin Object Token";
-}
-
-function isCertBuiltIn(cert) {
-  let tokenNames = cert.getAllTokenNames({});
-  if (!tokenNames) {
-    return false;
-  }
-  if (tokenNames.some(isBuiltinToken)) {
-    return true;
-  }
-  return false;
-}
-
 function download(filename) {
   let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
               .createInstance(Ci.nsIXMLHttpRequest);
@@ -395,7 +380,7 @@ function loadNSSCertinfo(extraCertificates) {
   let certSKDToName = {};
   while (enumerator.hasMoreElements()) {
     let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
-    if (!isCertBuiltIn(cert)) {
+    if (!cert.isBuiltInRoot) {
       continue;
     }
     let name = cert.displayName;

toolkit/modules/CertUtils.jsm

@@ -165,16 +165,10 @@ this.checkCert =
   if (!issuerCert)
     throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
 
-  var tokenNames = issuerCert.getAllTokenNames({});
-
-  if (!tokenNames || !tokenNames.some(isBuiltinToken))
+  if (!issuerCert.isBuiltInRoot)
     throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
 }
 
-function isBuiltinToken(tokenName) {
-  return tokenName == "Builtin Object Token";
-}
-
 /**
  * This class implements nsIBadCertListener.  Its job is to prevent "bad cert"
  * security dialogs from being shown to the user.  It is better to simply fail