Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler

2024-09-13 09:24:08 -07:00 · 2016-01-30 13:50:58 +05:30 · 2016-01-30 13:50:58 +05:30 · 964cc276c9
commit 964cc276c9
parent a36aa95b54
13 changed files with 55 additions and 79 deletions
--- a/devtools/shared/security/LocalCertService.cpp
+++ b/devtools/shared/security/LocalCertService.cpp
@ -258,7 +258,7 @@ private:
    nsCOMPtr<nsIX509Cert> certFromDB;
    nsresult rv;
-    rv = certDB->FindCertByNickname(nullptr, NS_ConvertASCIItoUTF16(mNickname),
+    rv = certDB->FindCertByNickname(NS_ConvertASCIItoUTF16(mNickname),
                                    getter_AddRefs(certFromDB));
    if (NS_FAILED(rv)) {
      return rv;
--- a/security/manager/pki/resources/content/certManager.js
+++ b/security/manager/pki/resources/content/certManager.js
@ -506,7 +506,7 @@ function addCACerts()
                  gCertFileTypes);
  fp.appendFilters(nsIFilePicker.filterAll);
  if (fp.show() == nsIFilePicker.returnOK) {
-    certdb.importCertsFromFile(null, fp.file, nsIX509Cert.CA_CERT);
+    certdb.importCertsFromFile(fp.file, nsIX509Cert.CA_CERT);
    caTreeView.loadCerts(nsIX509Cert.CA_CERT);
    caTreeView.selection.clearSelection();
  }
@ -540,7 +540,7 @@ function addEmailCert()
                  gCertFileTypes);
  fp.appendFilters(nsIFilePicker.filterAll);
  if (fp.show() == nsIFilePicker.returnOK) {
-    certdb.importCertsFromFile(null, fp.file, nsIX509Cert.EMAIL_CERT);
+    certdb.importCertsFromFile(fp.file, nsIX509Cert.EMAIL_CERT);
    var certcache = certdb.getCerts();
    emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
    emailTreeView.selection.clearSelection();
@ -560,7 +560,7 @@ function addWebSiteCert()
                  gCertFileTypes);
  fp.appendFilters(nsIFilePicker.filterAll);
  if (fp.show() == nsIFilePicker.returnOK) {
-    certdb.importCertsFromFile(null, fp.file, nsIX509Cert.SERVER_CERT);
+    certdb.importCertsFromFile(fp.file, nsIX509Cert.SERVER_CERT);
    var certcache = certdb.getCerts();
    serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
--- a/security/manager/pki/resources/content/editcerts.js
+++ b/security/manager/pki/resources/content/editcerts.js
@ -22,7 +22,7 @@ function setWindowName()
  //  Get the cert from the cert database
  certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
-  cert = certdb.findCertByDBKey(dbkey, null);
+  cert = certdb.findCertByDBKey(dbkey);
  var bundle = document.getElementById("pippki_bundle");
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@ -76,7 +76,7 @@ function setWindowName()
    //var token = pk11db.findTokenByName(tokenName);
    //var cert = certdb.findCertByNickname(token, myName);
-    cert = certdb.findCertByNickname(null, myName);
+    cert = certdb.findCertByNickname(myName);
  } else {
    var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
    var cert = params.objects.queryElementAt(0, nsIX509Cert);
@ -265,7 +265,7 @@ function updateCertDump()
    var dbKey = item.firstChild.firstChild.getAttribute('display');
    //  Get the cert from the cert database
    var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
-    var cert = certdb.findCertByDBKey(dbKey,null);
+    var cert = certdb.findCertByDBKey(dbKey);
    asn1Tree.loadASN1Structure(cert.ASN1Structure);
  }
  displaySelected();
@ -290,7 +290,7 @@ function getCurrentCert()
    var item = tree.contentView.getItemAtIndex(realIndex);
    var dbKey = item.firstChild.firstChild.getAttribute('display');
    var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
-    var cert = certdb.findCertByDBKey(dbKey,null);
+    var cert = certdb.findCertByDBKey(dbKey);
    return cert;
  }
  /* shouldn't really happen */
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@ -46,7 +46,7 @@ interface nsIVerifySignedManifestCallback : nsISupports
 * This represents a service to access and manipulate
 * X.509 certificates stored in a database.
 */
-[scriptable, uuid(a36c45fb-f7b5-423e-a0f7-ea1eb4fd60b5)]
+[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)]
 interface nsIX509CertDB : nsISupports {
  /**
@ -59,19 +59,15 @@ interface nsIX509CertDB : nsISupports {
  const unsigned long TRUSTED_OBJSIGN = 1 << 2;
  /**
-   *  Given a nickname and optionally a token,
+   *  Given a nickname,
   *  locate the matching certificate.
   *
   *  @param aToken Optionally limits the scope of
   *                this function to a token device.
   *                Can be null to mean any token.
   *  @param aNickname The nickname to be used as the key
   *                   to find a certificate.
   *
   *  @return The matching certificate if found.
   */
-  nsIX509Cert findCertByNickname(in nsISupports aToken,
+  nsIX509Cert findCertByNickname(in AString aNickname);
                                 in AString aNickname);
  /**
   *  Will find a certificate based on its dbkey
@ -80,11 +76,8 @@ interface nsIX509CertDB : nsISupports {
   *
   *  @param aDBkey Database internal key, as obtained using
   *                attribute dbkey in nsIX509Cert.
   *  @param aToken Optionally limits the scope of
   *                this function to a token device.
   *                Can be null to mean any token.
   */
-  nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
+  nsIX509Cert findCertByDBKey(in string aDBkey);
  /**
   *  Obtain a list of certificate nicknames from the database.
@ -92,16 +85,12 @@ interface nsIX509CertDB : nsISupports {
   *    user, ca, or server cert - the nickname
   *    email cert - the email address
   *
   *  @param aToken Optionally limits the scope of
   *                this function to a token device.
   *                Can be null to mean any token.
   *  @param aType Type of certificate to obtain
   *               See certificate type constants in nsIX509Cert.
   *  @param count The number of nicknames in the returned array
   *  @param certNameList The returned array of certificate nicknames.
   */
-  void findCertNicknames(in nsISupports aToken,
+  void findCertNicknames(in unsigned long aType,
                         in unsigned long aType,
                         out unsigned long count,
                         [array, size_is(count)] out wstring certNameList);
@ -128,16 +117,12 @@ interface nsIX509CertDB : nsISupports {
  /**
   *  Find a certificate by email address.
   *
   *  @param aToken Optionally limits the scope of
   *                this function to a token device.
   *                Can be null to mean any token.
   *  @param aEmailAddress The email address to be used as the key
   *                       to find the certificate.
   *
   *  @return The matching certificate if found.
   */
-  nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
+  nsIX509Cert findCertByEmailAddress(in string aEmailAddress);
                                     in string aEmailAddress);
  /**
   *  Use this to import a stream sent down as a mime type into
@ -229,23 +214,19 @@ interface nsIX509CertDB : nsISupports {
   *  @return Returns true if the certificate is trusted for the given use.
   */
  boolean isCertTrusted(in nsIX509Cert cert,
-                       in unsigned long certType,
+                        in unsigned long certType,
-                       in unsigned long trustType);
+                        in unsigned long trustType);
  /**
   *  Import certificate(s) from file
   *
   *  @param aToken Optionally limits the scope of
   *                this function to a token device.
   *                Can be null to mean any token.
   *  @param aFile Identifies a file that contains the certificate
   *               to be imported.
   *  @param aType Describes the type of certificate that is going to
   *               be imported. See type constants in nsIX509Cert.
   */
-  void importCertsFromFile(in nsISupports aToken,
+  void importCertsFromFile(in nsIFile aFile,
-                         in nsIFile aFile,
+                           in unsigned long aType);
                         in unsigned long aType);
  /**
   *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@ -96,9 +96,8 @@ nsNSSCertificateDB::~nsNSSCertificateDB()
 }
 NS_IMETHODIMP
-nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
+nsNSSCertificateDB::FindCertByNickname(const nsAString& nickname,
-                                      const nsAString &nickname,
+                                       nsIX509Cert** _rvCert)
                                      nsIX509Cert **_rvCert)
 {
  NS_ENSURE_ARG_POINTER(_rvCert);
  *_rvCert = nullptr;
@ -127,9 +126,8 @@ nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
  return NS_ERROR_FAILURE;
 }
-NS_IMETHODIMP 
+NS_IMETHODIMP
-nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
+nsNSSCertificateDB::FindCertByDBKey(const char* aDBkey,nsIX509Cert** _cert)
                                   nsIX509Cert **_cert)
 {
  NS_ENSURE_ARG_POINTER(aDBkey);
  NS_ENSURE_ARG(aDBkey[0]);
@ -199,10 +197,9 @@ nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
 }
 NS_IMETHODIMP 
-nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken, 
+nsNSSCertificateDB::FindCertNicknames(uint32_t aType,
-                                     uint32_t      aType,
+                                      uint32_t* _count,
-                                     uint32_t     *_count,
+                                      char16_t*** _certNames)
                                     char16_t  ***_certNames)
 {
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
@ -1084,10 +1081,8 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
 }
-NS_IMETHODIMP 
+NS_IMETHODIMP
-nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken, 
+nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType)
                                        nsIFile *aFile,
                                        uint32_t aType)
 {
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
@ -1101,7 +1096,7 @@ nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
    case nsIX509Cert::SERVER_CERT:
      // good
      break;
-    
+
    default:
      // not supported (yet)
      return NS_ERROR_FAILURE;
@ -1155,8 +1150,7 @@ nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
 }
 NS_IMETHODIMP 
-nsNSSCertificateDB::ImportPKCS12File(nsISupports *aToken, 
+nsNSSCertificateDB::ImportPKCS12File(nsISupports* aToken, nsIFile* aFile)
                                     nsIFile *aFile)
 {
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
@ -1173,10 +1167,10 @@ nsNSSCertificateDB::ImportPKCS12File(nsISupports *aToken,
 }
 NS_IMETHODIMP 
-nsNSSCertificateDB::ExportPKCS12File(nsISupports     *aToken, 
+nsNSSCertificateDB::ExportPKCS12File(nsISupports* aToken,
-                                     nsIFile          *aFile,
+                                     nsIFile* aFile,
-                                     uint32_t          count,
+                                     uint32_t count,
-                                     nsIX509Cert     **certs)
+                                     nsIX509Cert** certs)
                                     //const char16_t **aCertNames)
 {
  nsNSSShutDownPreventionLock locker;
@ -1343,20 +1337,21 @@ nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname,
 }
 NS_IMETHODIMP
-nsNSSCertificateDB::FindCertByEmailAddress(nsISupports *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
+nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress,
                                           nsIX509Cert** _retval)
 {
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
    return NS_ERROR_NOT_AVAILABLE;
  }
-  
+
  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
  ScopedCERTCertList certlist(
      PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr));
  if (!certlist)
-    return NS_ERROR_FAILURE;  
+    return NS_ERROR_FAILURE;
  // certlist now contains certificates with the right email address,
  // but they might not have the correct usage or might even be invalid
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@ -2237,7 +2237,7 @@ ClientAuthDataRunnable::RunOnTargetThread()
        if (certdb) {
          nsCOMPtr<nsIX509Cert> found_cert;
          nsresult find_rv =
-            certdb->FindCertByDBKey(rememberedDBKey.get(), nullptr,
+            certdb->FindCertByDBKey(rememberedDBKey.get(),
            getter_AddRefs(found_cert));
          if (NS_SUCCEEDED(find_rv) && found_cert) {
            nsNSSCertificate* obj_cert =
--- a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@ -39,7 +39,7 @@ function run_test() {
  // Change the already existing intermediate certificate's trust using
  // addCertFromBase64(). We use findCertByNickname first to ensure that the
  // certificate already exists.
-  let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
+  let int_cert = certDB.findCertByNickname("int-limited-depth");
  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
  let base64_cert = btoa(getDERString(int_cert));
  certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
--- a/security/manager/ssl/tests/unit/test_cert_dbKey.js
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@ -55,7 +55,7 @@ function encodeCommonNameAsBytes(commonName) {
 function testInvalidDBKey(certDB, dbKey) {
  let exceptionCaught = false;
  try {
-    let cert = certDB.findCertByDBKey(dbKey, null);
+    let cert = certDB.findCertByDBKey(dbKey);
  } catch(e) {
    do_print(e);
    exceptionCaught = true;
@ -64,7 +64,7 @@ function testInvalidDBKey(certDB, dbKey) {
 }
 function testDBKeyForNonexistentCert(certDB, dbKey) {
-  let cert = certDB.findCertByDBKey(dbKey, null);
+  let cert = certDB.findCertByDBKey(dbKey);
  ok(!cert, "shouldn't find cert for given dbKey");
 }
@ -98,7 +98,7 @@ function run_test() {
  equal(cert.dbKey, expectedDbKey,
        "actual and expected dbKey values should match");
-  let certFromDbKey = certDB.findCertByDBKey(expectedDbKey, null);
+  let certFromDbKey = certDB.findCertByDBKey(expectedDbKey);
  ok(certFromDbKey.equals(cert),
     "nsIX509CertDB.findCertByDBKey should find the right certificate");
@ -107,14 +107,14 @@ function run_test() {
  let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
  ok(expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
     "test self-check: adding CRLF to dbKey should succeed");
-  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF, null);
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
  ok(certFromDbKey.equals(cert),
     "nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF");
  let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1  ");
  ok(expectedDbKeyWithSpaces.indexOf("  ") == 64,
     "test self-check: adding spaces to dbKey should succeed");
-  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces, null);
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
  ok(certFromDbKey.equals(cert),
     "nsIX509CertDB.findCertByDBKey should work with dbKey with spaces");
--- a/security/manager/ssl/tests/unit/test_cert_keyUsage.js
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
@ -44,7 +44,7 @@ function run_test() {
  caList.forEach(function(ca) {
    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem",
                    "CTu,CTu,CTu");
-    let caCert = certdb.findCertByNickname(null, ca);
+    let caCert = certdb.findCertByNickname(ca);
    let usages = {};
    caCert.getUsagesString(true, {}, usages); // true indicates local-only
    equal(usages.value, expectedUsagesMap[ca],
--- a/security/manager/ssl/tests/unit/test_cert_trust.js
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@ -191,11 +191,11 @@ function run_test() {
    load_cert(certList[i], ',,');
  }
-  let ca_cert = certdb.findCertByNickname(null, 'ca');
+  let ca_cert = certdb.findCertByNickname('ca');
  notEqual(ca_cert, null, "CA cert should be in the cert DB");
-  let int_cert = certdb.findCertByNickname(null, 'int');
+  let int_cert = certdb.findCertByNickname('int');
  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
-  let ee_cert = certdb.findCertByNickname(null, 'ee');
+  let ee_cert = certdb.findCertByNickname('ee');
  notEqual(ee_cert, null, "EE cert should be in the cert DB");
  setup_basic_trusts(ca_cert, int_cert);
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@ -46,13 +46,13 @@ function start_ocsp_responder(expectedCertNames) {
 }
 function check_cert_err(cert_name, expected_error) {
-  let cert = certdb.findCertByNickname(null, cert_name);
+  let cert = certdb.findCertByNickname(cert_name);
  checkCertErrorGeneric(certdb, cert, expected_error, certificateUsageSSLServer);
 }
 function check_ee_for_ev(cert_name, expected_ev) {
-  let cert = certdb.findCertByNickname(null, cert_name);
+  let cert = certdb.findCertByNickname(cert_name);
  checkEVStatus(certdb, cert, certificateUsageSSLServer, expected_ev);
 }
@ -107,7 +107,7 @@ function run_test() {
  // causes the root to be untrusted.
  const nsIX509Cert = Ci.nsIX509Cert;
  add_test(function() {
-    let evRootCA = certdb.findCertByNickname(null, evrootnick);
+    let evRootCA = certdb.findCertByNickname(evrootnick);
    certdb.setCertTrust(evRootCA, nsIX509Cert.CA_CERT, 0);
    clearOCSPCache();
@ -119,7 +119,7 @@ function run_test() {
  // bug 917380: Check that a trusted EV root is trusted after disabling and
  // re-enabling trust.
  add_test(function() {
-    let evRootCA = certdb.findCertByNickname(null, evrootnick);
+    let evRootCA = certdb.findCertByNickname(evrootnick);
    certdb.setCertTrust(evRootCA, nsIX509Cert.CA_CERT,
                        Ci.nsIX509CertDB.TRUSTED_SSL |
                        Ci.nsIX509CertDB.TRUSTED_EMAIL |
@ -240,7 +240,7 @@ function run_test() {
    ocspResponder.stop(function () {
      // without net it must be able to EV verify
      let failingOcspResponder = failingOCSPResponder();
-      let cert = certdb.findCertByNickname(null, "ev-valid");
+      let cert = certdb.findCertByNickname("ev-valid");
      let hasEVPolicy = {};
      let verifiedChain = {};
      let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
@ -321,7 +321,7 @@ function run_test() {
 function check_no_ocsp_requests(cert_name, expected_error) {
  clearOCSPCache();
  let ocspResponder = failingOCSPResponder();
-  let cert = certdb.findCertByNickname(null, cert_name);
+  let cert = certdb.findCertByNickname(cert_name);
  let hasEVPolicy = {};
  let verifiedChain = {};
  let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
--- a/security/manager/ssl/tests/unit/test_getchain.js
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@ -71,7 +71,7 @@ function run_test() {
    addCertFromFile(certdb, `test_getchain/${cert}.pem`, ",,");
  }
-  let ee_cert = certdb.findCertByNickname(null, 'ee');
+  let ee_cert = certdb.findCertByNickname('ee');
  notEqual(ee_cert, null, "EE cert should be in the cert DB");
  let ca = get_ca_array();