Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files. r=aklotz,keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sun, 26 Feb 2017 20:36:40 +0800
changeset 347231 19ca68cbfe3d81ae6945eb8ff809e64d3c6b627d
parent 347230 f6415ae0ba892b17b807c2dd1e0961140b1b80d0
child 347232 94a483ef784e446c64ce5130c421a4733c62ef3f
push id87995
push usercbook@mozilla.com
push dateMon, 13 Mar 2017 14:25:56 +0000
treeherdermozilla-inbound@6bd59f567843 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz, keeler
bugs1338895
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files. r=aklotz,keeler Smart string classes like nsCString are safer to use than raw |char*| strings, and are typically easier to deal with as well. MozReview-Commit-ID: 18C293zWrJw
modules/libjar/nsJAR.cpp
modules/libjar/nsJAR.h
security/manager/pki/nsNSSDialogs.cpp
security/manager/ssl/CertBlocklist.cpp
security/manager/ssl/CertBlocklist.h
security/manager/ssl/SecretDecoderRing.cpp
security/manager/ssl/nsDataSignatureVerifier.cpp
security/manager/ssl/nsICertBlocklist.idl
security/manager/ssl/nsIDataSignatureVerifier.idl
security/manager/ssl/nsITokenDialogs.idl
security/manager/ssl/nsITokenPasswordDialogs.idl
security/manager/ssl/nsKeygenHandler.cpp
security/manager/ssl/nsNSSComponent.cpp
--- a/modules/libjar/nsJAR.cpp
+++ b/modules/libjar/nsJAR.cpp
@@ -376,20 +376,19 @@ nsJAR::GetSigningCert(const nsACString& 
     //-- Find the item
     nsJARManifestItem* manItem = mManifestData.Get(aFilename);
     if (!manItem)
       return NS_OK;
     //-- Verify the item against the manifest
     if (!manItem->entryVerified)
     {
       nsXPIDLCString entryData;
-      uint32_t entryDataLen;
-      rv = LoadEntry(aFilename, getter_Copies(entryData), &entryDataLen);
+      rv = LoadEntry(aFilename, entryData);
       if (NS_FAILED(rv)) return rv;
-      rv = VerifyEntry(manItem, entryData, entryDataLen);
+      rv = VerifyEntry(manItem, entryData, entryData.Length());
       if (NS_FAILED(rv)) return rv;
     }
     requestedStatus = manItem->status;
   }
   else // User wants identity of signer w/o verifying any entries
     requestedStatus = mGlobalStatus;
 
   if (requestedStatus != JAR_VALID_MANIFEST) {
@@ -435,17 +434,17 @@ nsJAR::GetNSPRFileDesc(PRFileDesc** aNSP
 
   return handle->GetNSPRFileDesc(aNSPRFileDesc);
 }
 
 //----------------------------------------------
 // nsJAR private implementation
 //----------------------------------------------
 nsresult
-nsJAR::LoadEntry(const nsACString &aFilename, char** aBuf, uint32_t* aBufLen)
+nsJAR::LoadEntry(const nsACString& aFilename, nsCString& aBuf)
 {
   //-- Get a stream for reading the file
   nsresult rv;
   nsCOMPtr<nsIInputStream> manifestStream;
   rv = GetInputStream(aFilename, getter_AddRefs(manifestStream));
   if (NS_FAILED(rv)) return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
 
   //-- Read the manifest file into memory
@@ -466,19 +465,17 @@ nsJAR::LoadEntry(const nsACString &aFile
     nsZipArchive::sFileCorruptedReason = "nsJAR: manifest too small";
     rv = NS_ERROR_FILE_CORRUPTED;
   }
   if (NS_FAILED(rv)) {
     free(buf);
     return rv;
   }
   buf[len] = '\0'; //Null-terminate the buffer
-  *aBuf = buf;
-  if (aBufLen)
-    *aBufLen = len;
+  aBuf.Adopt(buf, len);
   return NS_OK;
 }
 
 
 int32_t
 nsJAR::ReadLine(const char** src)
 {
   if (!*src) {
@@ -551,18 +548,17 @@ nsJAR::ParseManifest()
   if (more)
   {
     mParsedManifest = true;
     nsZipArchive::sFileCorruptedReason = "nsJAR: duplicate manifests";
     return NS_ERROR_FILE_CORRUPTED; // More than one MF file
   }
 
   nsXPIDLCString manifestBuffer;
-  uint32_t manifestLen;
-  rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen);
+  rv = LoadEntry(manifestFilename, manifestBuffer);
   if (NS_FAILED(rv)) return rv;
 
   //-- Parse it
   rv = ParseOneFile(manifestBuffer, JAR_MF);
   if (NS_FAILED(rv)) return rv;
 
   //-- (2)Signature (SF) file
   // If there are multiple signatures, we select one.
@@ -576,34 +572,33 @@ nsJAR::ParseManifest()
   {
     mGlobalStatus = JAR_NO_MANIFEST;
     mParsedManifest = true;
     return NS_OK;
   }
   rv = files->GetNext(manifestFilename);
   if (NS_FAILED(rv)) return rv;
 
-  rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen);
+  rv = LoadEntry(manifestFilename, manifestBuffer);
   if (NS_FAILED(rv)) return rv;
 
   //-- Get its corresponding signature file
   nsAutoCString sigFilename(manifestFilename);
   int32_t extension = sigFilename.RFindChar('.') + 1;
   NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension.");
   (void)sigFilename.Cut(extension, 2);
   nsXPIDLCString sigBuffer;
-  uint32_t sigLen;
   {
     nsAutoCString tempFilename(sigFilename); tempFilename.Append("rsa", 3);
-    rv = LoadEntry(tempFilename, getter_Copies(sigBuffer), &sigLen);
+    rv = LoadEntry(tempFilename, sigBuffer);
   }
   if (NS_FAILED(rv))
   {
     nsAutoCString tempFilename(sigFilename); tempFilename.Append("RSA", 3);
-    rv = LoadEntry(tempFilename, getter_Copies(sigBuffer), &sigLen);
+    rv = LoadEntry(tempFilename, sigBuffer);
   }
   if (NS_FAILED(rv))
   {
     mGlobalStatus = JAR_NO_MANIFEST;
     mParsedManifest = true;
     return NS_OK;
   }
 
@@ -614,17 +609,17 @@ nsJAR::ParseManifest()
   {
     mGlobalStatus = JAR_NO_MANIFEST;
     mParsedManifest = true;
     return NS_OK;
   }
 
   //-- Verify that the signature file is a valid signature of the SF file
   int32_t verifyError;
-  rv = verifier->VerifySignature(sigBuffer, sigLen, manifestBuffer, manifestLen,
+  rv = verifier->VerifySignature(sigBuffer, manifestBuffer,
                                  &verifyError, getter_AddRefs(mSigningCert));
   if (NS_FAILED(rv)) return rv;
   if (mSigningCert && verifyError == nsIDataSignatureVerifier::VERIFY_OK) {
     mGlobalStatus = JAR_VALID_MANIFEST;
   } else if (verifyError == nsIDataSignatureVerifier::VERIFY_ERROR_UNKNOWN_ISSUER) {
     mGlobalStatus = JAR_INVALID_UNKNOWN_CA;
   } else {
     mGlobalStatus = JAR_INVALID_SIG;
--- a/modules/libjar/nsJAR.h
+++ b/modules/libjar/nsJAR.h
@@ -112,18 +112,17 @@ class nsJAR final : public nsIZipReader
     mozilla::Mutex           mLock;
     int64_t                  mMtime;
     int32_t                  mTotalItemsInManifest;
     bool                     mOpened;
     bool                     mIsOmnijar;
 
     nsresult ParseManifest();
     void     ReportError(const nsACString &aFilename, int16_t errorCode);
-    nsresult LoadEntry(const nsACString &aFilename, char** aBuf,
-                       uint32_t* aBufLen = nullptr);
+    nsresult LoadEntry(const nsACString& aFilename, nsCString& aBuf);
     int32_t  ReadLine(const char** src);
     nsresult ParseOneFile(const char* filebuf, int16_t aFileType);
     nsresult VerifyEntry(nsJARManifestItem* aEntry, const char* aEntryData,
                          uint32_t aLen);
 
     nsresult CalculateDigest(const char* aInBuf, uint32_t aInBufLen,
                              nsCString& digest);
 };
--- a/security/manager/pki/nsNSSDialogs.cpp
+++ b/security/manager/pki/nsNSSDialogs.cpp
@@ -19,16 +19,17 @@
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIKeygenThread.h"
 #include "nsIPromptService.h"
 #include "nsIProtectedAuthThread.h"
 #include "nsIWindowWatcher.h"
 #include "nsIX509CertDB.h"
 #include "nsIX509Cert.h"
 #include "nsNSSDialogHelper.h"
+#include "nsPromiseFlatString.h"
 #include "nsString.h"
 #include "nsVariant.h"
 
 #define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
 
 nsNSSDialogs::nsNSSDialogs()
 {
 }
@@ -52,46 +53,48 @@ nsNSSDialogs::Init()
            do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv);
   if (NS_FAILED(rv)) return rv;
   
   rv = service->CreateBundle(PIPSTRING_BUNDLE_URL,
                              getter_AddRefs(mPIPStringBundle));
   return rv;
 }
 
-nsresult
-nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
-                          const char16_t *tokenName, bool* _canceled)
+NS_IMETHODIMP
+nsNSSDialogs::SetPassword(nsIInterfaceRequestor* ctx,
+                          const nsAString& tokenName,
+                  /*out*/ bool* canceled)
 {
-  nsresult rv;
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(canceled);
 
-  *_canceled = false;
+  *canceled = false;
 
   // Get the parent window for the dialog
   nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
 
   nsCOMPtr<nsIDialogParamBlock> block =
            do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
   if (!block) return NS_ERROR_FAILURE;
 
-  rv = block->SetString(1, tokenName);
+  nsresult rv = block->SetString(1, PromiseFlatString(tokenName).get());
   if (NS_FAILED(rv)) return rv;
 
   rv = nsNSSDialogHelper::openDialog(parent,
                                 "chrome://pippki/content/changepassword.xul",
                                 block);
 
   if (NS_FAILED(rv)) return rv;
 
   int32_t status;
 
   rv = block->GetInt(1, &status);
   if (NS_FAILED(rv)) return rv;
 
-  *_canceled = (status == 0)?true:false;
+  *canceled = (status == 0);
 
   return rv;
 }
 
 NS_IMETHODIMP
 nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor* ctx,
                                     nsIX509Cert* cert,
                             /*out*/ uint32_t* trust,
@@ -364,29 +367,35 @@ nsNSSDialogs::DisplayGeneratingKeypairIn
 
   rv = nsNSSDialogHelper::openDialog(parent,
                                      "chrome://pippki/content/createCertInfo.xul",
                                      runnable);
   return rv;
 }
 
 NS_IMETHODIMP
-nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const char16_t **aTokenList, uint32_t aCount, char16_t **aTokenChosen, bool *aCanceled) {
-  nsresult rv;
-  uint32_t i;
+nsNSSDialogs::ChooseToken(nsIInterfaceRequestor* /*aCtx*/,
+                          const char16_t** aTokenList,
+                          uint32_t aCount,
+                  /*out*/ nsAString& aTokenChosen,
+                  /*out*/ bool* aCanceled)
+{
+  NS_ENSURE_ARG(aTokenList);
+  NS_ENSURE_ARG(aCanceled);
 
   *aCanceled = false;
 
   nsCOMPtr<nsIDialogParamBlock> block =
            do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
   if (!block) return NS_ERROR_FAILURE;
 
   block->SetNumberStrings(aCount);
 
-  for (i = 0; i < aCount; i++) {
+  nsresult rv;
+  for (uint32_t i = 0; i < aCount; i++) {
     rv = block->SetString(i, aTokenList[i]);
     if (NS_FAILED(rv)) return rv;
   }
 
   rv = block->SetInt(0, aCount);
   if (NS_FAILED(rv)) return rv;
 
   rv = nsNSSDialogHelper::openDialog(nullptr,
@@ -394,20 +403,20 @@ nsNSSDialogs::ChooseToken(nsIInterfaceRe
                                 block);
   if (NS_FAILED(rv)) return rv;
 
   int32_t status;
 
   rv = block->GetInt(0, &status);
   if (NS_FAILED(rv)) return rv;
 
-  *aCanceled = (status == 0)?true:false;
+  *aCanceled = (status == 0);
   if (!*aCanceled) {
     // retrieve the nickname
-    rv = block->GetString(0, aTokenChosen);
+    rv = block->GetString(0, getter_Copies(aTokenChosen));
   }
   return rv;
 }
 
 NS_IMETHODIMP
 nsNSSDialogs::DisplayProtectedAuth(nsIInterfaceRequestor *aCtx, nsIProtectedAuthThread *runnable)
 {
     // We cannot use nsNSSDialogHelper here. We cannot allow close widget
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -10,24 +10,26 @@
 #include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/IntegerPrintfMacros.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Unused.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsCRTGlue.h"
+#include "nsDependentString.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsICryptoHash.h"
 #include "nsIFileStreams.h"
 #include "nsILineInputStream.h"
 #include "nsISafeOutputStream.h"
 #include "nsIX509Cert.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
 #include "nsTHashtable.h"
 #include "nsThreadUtils.h"
 #include "pkix/Input.h"
 #include "prtime.h"
 
 NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
 
 using namespace mozilla;
@@ -307,41 +309,41 @@ CertBlocklist::EnsureBackingFileInitiali
               "failed"));
     }
   } while (more);
   mBackingFileIsInitialized = true;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-CertBlocklist::RevokeCertBySubjectAndPubKey(const char* aSubject,
-                                            const char* aPubKeyHash)
+CertBlocklist::RevokeCertBySubjectAndPubKey(const nsACString& aSubject,
+                                            const nsACString& aPubKeyHash)
 {
   MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
          ("CertBlocklist::RevokeCertBySubjectAndPubKey - subject is: %s and pubKeyHash: %s",
-          aSubject, aPubKeyHash));
+          PromiseFlatCString(aSubject).get(),
+          PromiseFlatCString(aPubKeyHash).get()));
   MutexAutoLock lock(mMutex);
 
-  return AddRevokedCertInternal(nsDependentCString(aSubject),
-                                nsDependentCString(aPubKeyHash),
+  return AddRevokedCertInternal(aSubject, aPubKeyHash,
                                 BlockBySubjectAndPubKey,
                                 CertNewFromBlocklist, lock);
 }
 
 NS_IMETHODIMP
-CertBlocklist::RevokeCertByIssuerAndSerial(const char* aIssuer,
-                                           const char* aSerialNumber)
+CertBlocklist::RevokeCertByIssuerAndSerial(const nsACString& aIssuer,
+                                           const nsACString& aSerialNumber)
 {
   MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
          ("CertBlocklist::RevokeCertByIssuerAndSerial - issuer is: %s and serial: %s",
-          aIssuer, aSerialNumber));
+          PromiseFlatCString(aIssuer).get(),
+          PromiseFlatCString(aSerialNumber).get()));
   MutexAutoLock lock(mMutex);
 
-  return AddRevokedCertInternal(nsDependentCString(aIssuer),
-                                nsDependentCString(aSerialNumber),
+  return AddRevokedCertInternal(aIssuer, aSerialNumber,
                                 BlockByIssuerAndSerial,
                                 CertNewFromBlocklist, lock);
 }
 
 nsresult
 CertBlocklist::AddRevokedCertInternal(const nsACString& aEncodedDN,
                                       const nsACString& aEncodedOther,
                                       CertBlocklistItemMechanism aMechanism,
--- a/security/manager/ssl/CertBlocklist.h
+++ b/security/manager/ssl/CertBlocklist.h
@@ -2,22 +2,23 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef CertBlocklist_h
 #define CertBlocklist_h
 
 #include "mozilla/Mutex.h"
+#include "nsCOMPtr.h"
 #include "nsClassHashtable.h"
-#include "nsCOMPtr.h"
 #include "nsICertBlocklist.h"
 #include "nsIOutputStream.h"
+#include "nsIX509CertDB.h"
+#include "nsString.h"
 #include "nsTHashtable.h"
-#include "nsIX509CertDB.h"
 #include "pkix/Input.h"
 
 #define NS_CERT_BLOCKLIST_CID \
 {0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
 
 enum CertBlocklistItemMechanism {
   BlockByIssuerAndSerial,
   BlockBySubjectAndPubKey
--- a/security/manager/ssl/SecretDecoderRing.cpp
+++ b/security/manager/ssl/SecretDecoderRing.cpp
@@ -170,17 +170,17 @@ SecretDecoderRing::ChangePassword()
                               NS_GET_IID(nsITokenPasswordDialogs),
                               NS_TOKENPASSWORDSDIALOG_CONTRACTID);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
   bool canceled; // Ignored
-  return dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+  return dialogs->SetPassword(ctx, tokenName, &canceled);
 }
 
 NS_IMETHODIMP
 SecretDecoderRing::Logout()
 {
   static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 
   nsresult rv;
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -1,27 +1,28 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsDataSignatureVerifier.h"
 
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
 #include "cms.h"
 #include "cryptohi.h"
 #include "keyhi.h"
 #include "mozilla/Casting.h"
 #include "mozilla/Unused.h"
 #include "nsCOMPtr.h"
 #include "nsNSSComponent.h"
+#include "nsString.h"
 #include "nssb64.h"
 #include "pkix/pkixnss.h"
 #include "pkix/pkixtypes.h"
-#include "ScopedNSSTypes.h"
 #include "secerr.h"
-#include "SharedCertVerifier.h"
 
 using namespace mozilla;
 using namespace mozilla::pkix;
 using namespace mozilla::psm;
 
 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
 
 NS_IMPL_ISUPPORTS(nsDataSignatureVerifier, nsIDataSignatureVerifier)
@@ -268,48 +269,46 @@ VerifyCertificate(CERTCertificate* cert,
   }
 
   return NS_OK;
 }
 
 } // namespace
 
 NS_IMETHODIMP
-nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
-                                         uint32_t aRSABufLen,
-                                         const char* aPlaintext,
-                                         uint32_t aPlaintextLen,
+nsDataSignatureVerifier::VerifySignature(const nsACString& aRSABuf,
+                                         const nsACString& aPlaintext,
                                          int32_t* aErrorCode,
                                          nsIX509Cert** aSigningCert)
 {
-  if (!aRSABuf || !aPlaintext || !aErrorCode || !aSigningCert) {
+  if (!aErrorCode || !aSigningCert) {
     return NS_ERROR_INVALID_ARG;
   }
 
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   *aErrorCode = VERIFY_ERROR_OTHER;
   *aSigningCert = nullptr;
 
   Digest digest;
   nsresult rv = digest.DigestBuf(
     SEC_OID_SHA1,
-    BitwiseCast<const uint8_t*, const char*>(aPlaintext),
-    aPlaintextLen);
+    BitwiseCast<const uint8_t*, const char*>(aPlaintext.BeginReading()),
+    aPlaintext.Length());
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   SECItem buffer = {
     siBuffer,
-    BitwiseCast<unsigned char*, const char*>(aRSABuf),
-    aRSABufLen
+    BitwiseCast<unsigned char*, const char*>(aRSABuf.BeginReading()),
+    aRSABuf.Length(),
   };
 
   VerifyCertificateContext context;
   // XXX: pinArg is missing
   rv = VerifyCMSDetachedSignatureIncludingCertificate(buffer, digest.get(),
                                                       VerifyCertificate,
                                                       &context, nullptr, locker);
   if (NS_SUCCEEDED(rv)) {
--- a/security/manager/ssl/nsICertBlocklist.idl
+++ b/security/manager/ssl/nsICertBlocklist.idl
@@ -15,24 +15,26 @@ interface nsIX509Cert;
  * Represents a service to add certificates as explicitly blocked/distrusted.
  */
 [scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
 interface nsICertBlocklist : nsISupports {
   /**
    * Add details of a revoked certificate :
    * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
    */
-   void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);
+   void revokeCertByIssuerAndSerial(in ACString issuer,
+                                    in ACString serialNumber);
 
   /**
    * Add details of a revoked certificate :
    * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
    * sha-256 hash of the public key).
    */
-   void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);
+   void revokeCertBySubjectAndPubKey(in ACString subject,
+                                     in ACString pubKeyHash);
 
   /**
    * Persist (fresh) blocklist entries to the profile (if a profile directory is
    * available). Note: calling this will result in synchronous I/O.
    */
    void saveEntries();
 
   /**
--- a/security/manager/ssl/nsIDataSignatureVerifier.idl
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@@ -26,15 +26,12 @@ interface nsIDataSignatureVerifier : nsI
    */
   boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);
 
    /* Sig Verification Error Codes */
   const long VERIFY_OK = 0;
   const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
   const long VERIFY_ERROR_OTHER = 2;
 
-  nsIX509Cert verifySignature(in string aSignature,
-                              in unsigned long aSignatureLen,
-                              in string plaintext,
-                              in unsigned long plaintextLen,
+  nsIX509Cert verifySignature(in ACString signature, in ACString plaintext,
                               out long errorCode);
 
 };
--- a/security/manager/ssl/nsITokenDialogs.idl
+++ b/security/manager/ssl/nsITokenDialogs.idl
@@ -8,17 +8,17 @@ interface nsIInterfaceRequestor;
 interface nsIProtectedAuthThread;
 
 [scriptable, uuid(a1cbc159-468c-495d-8068-61dd538cbcca)]
 interface nsITokenDialogs : nsISupports
 {
   void ChooseToken(in nsIInterfaceRequestor ctx,
                    [array, size_is(count)] in wstring tokenNameList,
                    in unsigned long count,
-                   out wstring tokenName,
+                   out AString tokenName,
                    out boolean canceled);
 
     /**
     * displayProtectedAuth - displays notification dialog to the user 
     * that he is expected to authenticate to the token using its
     * "protected authentication path" feature
     */
   void displayProtectedAuth(in nsIInterfaceRequestor ctx,
--- a/security/manager/ssl/nsITokenPasswordDialogs.idl
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@@ -15,14 +15,14 @@ interface nsITokenPasswordDialogs : nsIS
 {
   /**
    * Brings up a dialog to set the password on a token.
    *
    * @param ctx A user interface context.
    * @param tokenName Name of the token.
    * @return true if the user canceled the dialog, false otherwise.
    */
-  boolean setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName);
+  boolean setPassword(in nsIInterfaceRequestor ctx, in AString tokenName);
 };
 
 %{C++
 #define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
 %}
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -293,17 +293,17 @@ uint32_t MapGenMechToAlgoMech(uint32_t m
 
 nsresult
 GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
                      PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/)
 {
     PK11SlotList * slotList = nullptr;
     char16_t** tokenNameList = nullptr;
     nsCOMPtr<nsITokenDialogs> dialogs;
-    char16_t *unicodeTokenChosen;
+    nsAutoString tokenStr;
     PK11SlotListElement *slotElement, *tmpSlot;
     uint32_t numSlots = 0, i = 0;
     bool canceled;
     nsresult rv = NS_OK;
 
     *aSlot = nullptr;
 
     // Get the slot
@@ -355,25 +355,24 @@ GetSlotWithMechanism(uint32_t aMechanism
         if (NS_FAILED(rv)) {
             goto loser;
         }
 
     if (!tokenNameList || !*tokenNameList) {
         rv = NS_ERROR_OUT_OF_MEMORY;
     } else {
         rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList,
-                                  numSlots, &unicodeTokenChosen, &canceled);
+                                  numSlots, tokenStr, &canceled);
     }
 		if (NS_FAILED(rv)) goto loser;
 
 		if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
 
         // Get the slot //
         slotElement = PK11_GetFirstSafe(slotList);
-        nsAutoString tokenStr(unicodeTokenChosen);
         while (slotElement) {
             if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) {
                 *aSlot = slotElement->slot;
                 PK11_FreeSlotListElement(slotList, slotElement);
                 break;
             }
             slotElement = PK11_GetNextSafe(slotList, slotElement, false);
         }
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -2180,17 +2180,17 @@ setPassword(PK11SlotInfo* slot, nsIInter
                                 NS_GET_IID(nsITokenPasswordDialogs),
                                 NS_TOKENPASSWORDSDIALOG_CONTRACTID);
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     bool canceled;
     NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot));
-    rv = dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+    rv = dialogs->SetPassword(ctx, tokenName, &canceled);
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     if (canceled) {
       return NS_ERROR_NOT_AVAILABLE;
     }
   }