diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl index 99e50ac1731b..130b981a2102 100644 --- a/security/manager/ssl/nsIX509Cert.idl +++ b/security/manager/ssl/nsIX509Cert.idl @@ -235,19 +235,6 @@ interface nsIX509Cert : nsISupports { */ [notxpcom, noscript] CERTCertificatePtr getCert(); - /** - * Human readable names identifying all hardware or - * software tokens the certificate is stored on. - * - * @param length On success, the number of entries in the returned array. - * @return On success, an array containing the names of all tokens - * the certificate is stored on (may be empty). - * On failure the function throws/returns an error. - */ - void getAllTokenNames(out unsigned long length, - [retval, array, size_is(length)] out wstring - tokenNames); - /** * Either delete the certificate from all cert databases, * or mark it as untrusted. diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp index 22a1e40bcabc..09453dc8ff33 100644 --- a/security/manager/ssl/nsNSSCertificate.cpp +++ b/security/manager/ssl/nsNSSCertificate.cpp @@ -724,55 +724,6 @@ nsNSSCertificate::GetChain(nsIArray** _rvChain) return NS_OK; } -NS_IMETHODIMP -nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames) -{ - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - - NS_ENSURE_ARG(aLength); - NS_ENSURE_ARG(aTokenNames); - *aLength = 0; - *aTokenNames = nullptr; - - // Get the slots from NSS - UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr)); - if (!slots) { - if (PORT_GetError() == SEC_ERROR_NO_TOKEN) { - return NS_OK; // List of slots is empty, return empty array - } - return NS_ERROR_FAILURE; - } - - // read the token names from slots - PK11SlotListElement* le; - - for (le = slots->head; le; le = le->next) { - ++(*aLength); - } - - *aTokenNames = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength)); - if (!*aTokenNames) { - *aLength = 0; - return NS_ERROR_OUT_OF_MEMORY; - } - - uint32_t iToken; - for (le = slots->head, iToken = 0; le; le = le->next, ++iToken) { - char* token = PK11_GetTokenName(le->slot); - (*aTokenNames)[iToken] = ToNewUnicode(NS_ConvertUTF8toUTF16(token)); - if (!(*aTokenNames)[iToken]) { - NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames); - *aLength = 0; - *aTokenNames = nullptr; - return NS_ERROR_OUT_OF_MEMORY; - } - } - - return NS_OK; -} - NS_IMETHODIMP nsNSSCertificate::GetSubjectName(nsAString& _subjectName) { diff --git a/security/manager/tools/genHPKPStaticPins.js b/security/manager/tools/genHPKPStaticPins.js index e52b32daf4a5..136f33c997d2 100644 --- a/security/manager/tools/genHPKPStaticPins.js +++ b/security/manager/tools/genHPKPStaticPins.js @@ -100,21 +100,6 @@ function stripComments(buf) { return data; } -function isBuiltinToken(tokenName) { - return tokenName == "Builtin Object Token"; -} - -function isCertBuiltIn(cert) { - let tokenNames = cert.getAllTokenNames({}); - if (!tokenNames) { - return false; - } - if (tokenNames.some(isBuiltinToken)) { - return true; - } - return false; -} - function download(filename) { let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"] .createInstance(Ci.nsIXMLHttpRequest); @@ -395,7 +380,7 @@ function loadNSSCertinfo(extraCertificates) { let certSKDToName = {}; while (enumerator.hasMoreElements()) { let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert); - if (!isCertBuiltIn(cert)) { + if (!cert.isBuiltInRoot) { continue; } let name = cert.displayName; diff --git a/toolkit/modules/CertUtils.jsm b/toolkit/modules/CertUtils.jsm index 27ef57ccef61..23f7ac81d657 100644 --- a/toolkit/modules/CertUtils.jsm +++ b/toolkit/modules/CertUtils.jsm @@ -165,16 +165,10 @@ this.checkCert = if (!issuerCert) throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT); - var tokenNames = issuerCert.getAllTokenNames({}); - - if (!tokenNames || !tokenNames.some(isBuiltinToken)) + if (!issuerCert.isBuiltInRoot) throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT); } -function isBuiltinToken(tokenName) { - return tokenName == "Builtin Object Token"; -} - /** * This class implements nsIBadCertListener. Its job is to prevent "bad cert" * security dialogs from being shown to the user. It is better to simply fail