Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Wed, 22 Apr 2015 13:44:23 +0200
changeset 240532 4b37a75cb4bfd35caa129266b289c8a3566c688c
parent 240531 a34835bd968250e0920bf6be20b94861e65a80ad
child 240533 8b191f5f96870fb5d6d4d46c3dd62fc2f679c011
push id28636
push userkwierso@gmail.com
push dateThu, 23 Apr 2015 00:16:12 +0000
treeherdermozilla-central@a5af73b32ac8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1124076
milestone40.0a1
backs out7f3cf84c11a9b2ae0743f01fe069d8bc7a2addc9
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
dom/ipc/ContentChild.cpp
dom/ipc/ContentChild.h
dom/ipc/ContentParent.cpp
dom/ipc/ContentParent.h
dom/ipc/PContent.ipdl
security/manager/ssl/src/PPSMContentDownloader.ipdl
security/manager/ssl/src/PSMContentListener.cpp
security/manager/ssl/src/PSMContentListener.h
security/manager/ssl/src/moz.build
security/manager/ssl/src/nsNSSModule.cpp
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -33,17 +33,16 @@
 #include "mozilla/dom/DOMStorageIPC.h"
 #include "mozilla/dom/ExternalHelperAppChild.h"
 #include "mozilla/dom/PCrashReporterChild.h"
 #include "mozilla/dom/ProcessGlobal.h"
 #include "mozilla/dom/Promise.h"
 #include "mozilla/dom/asmjscache/AsmJSCache.h"
 #include "mozilla/dom/asmjscache/PAsmJSCacheEntryChild.h"
 #include "mozilla/dom/nsIContentChild.h"
-#include "mozilla/psm/PSMContentListener.h"
 #include "mozilla/hal_sandbox/PHalChild.h"
 #include "mozilla/ipc/BackgroundChild.h"
 #include "mozilla/ipc/FileDescriptorSetChild.h"
 #include "mozilla/ipc/FileDescriptorUtils.h"
 #include "mozilla/ipc/GeckoChildProcessHost.h"
 #include "mozilla/ipc/TestShellChild.h"
 #include "mozilla/jsipc/CrossProcessObjectWrappers.h"
 #include "mozilla/layers/CompositorChild.h"
@@ -199,17 +198,16 @@ using namespace mozilla::dom::telephony;
 using namespace mozilla::dom::voicemail;
 using namespace mozilla::embedding;
 using namespace mozilla::gmp;
 using namespace mozilla::hal_sandbox;
 using namespace mozilla::ipc;
 using namespace mozilla::layers;
 using namespace mozilla::net;
 using namespace mozilla::jsipc;
-using namespace mozilla::psm;
 using namespace mozilla::widget;
 #if defined(MOZ_WIDGET_GONK)
 using namespace mozilla::system;
 #endif
 using namespace mozilla::widget;
 
 #ifdef MOZ_NUWA_PROCESS
 static bool sNuwaForking = false;
@@ -1620,32 +1618,16 @@ bool
 ContentChild::DeallocPScreenManagerChild(PScreenManagerChild* aService)
 {
     // nsScreenManagerProxy is AddRef'd in its constructor.
     nsScreenManagerProxy *child = static_cast<nsScreenManagerProxy*>(aService);
     child->Release();
     return true;
 }
 
-PPSMContentDownloaderChild*
-ContentChild::AllocPPSMContentDownloaderChild(const uint32_t& aCertType)
-{
-    // NB: We don't need aCertType in the child actor.
-    nsRefPtr<PSMContentDownloaderChild> child = new PSMContentDownloaderChild();
-    return child.forget().take();
-}
-
-bool
-ContentChild::DeallocPPSMContentDownloaderChild(PPSMContentDownloaderChild* aListener)
-{
-    auto* listener = static_cast<PSMContentDownloaderChild*>(aListener);
-    nsRefPtr<PSMContentDownloaderChild> child = dont_AddRef(listener);
-    return true;
-}
-
 PExternalHelperAppChild*
 ContentChild::AllocPExternalHelperAppChild(const OptionalURIParams& uri,
                                            const nsCString& aMimeContentType,
                                            const nsCString& aContentDisposition,
                                            const uint32_t& aContentDispositionHint,
                                            const nsString& aContentDispositionFilename,
                                            const bool& aForceSave,
                                            const int64_t& aContentLength,
--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@@ -227,20 +227,16 @@ public:
     virtual bool DeallocPPrintingChild(PPrintingChild*) override;
 
     virtual PScreenManagerChild*
     AllocPScreenManagerChild(uint32_t* aNumberOfScreens,
                              float* aSystemDefaultScale,
                              bool* aSuccess) override;
     virtual bool DeallocPScreenManagerChild(PScreenManagerChild*) override;
 
-    virtual PPSMContentDownloaderChild* AllocPPSMContentDownloaderChild(
-            const uint32_t& aCertType) override;
-    virtual bool DeallocPPSMContentDownloaderChild(PPSMContentDownloaderChild* aDownloader) override;
-
     virtual PExternalHelperAppChild *AllocPExternalHelperAppChild(
             const OptionalURIParams& uri,
             const nsCString& aMimeContentType,
             const nsCString& aContentDisposition,
             const uint32_t& aContentDispositionHint,
             const nsString& aContentDispositionFilename,
             const bool& aForceSave,
             const int64_t& aContentLength,
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -151,17 +151,16 @@
 #include "URIUtils.h"
 #include "nsIWebBrowserChrome.h"
 #include "nsIDocShell.h"
 #include "mozilla/net/NeckoMessageUtils.h"
 #include "gfxPrefs.h"
 #include "prio.h"
 #include "private/pprio.h"
 #include "ContentProcessManager.h"
-#include "mozilla/psm/PSMContentListener.h"
 
 #include "nsIBidiKeyboard.h"
 
 #if defined(ANDROID) || defined(LINUX)
 #include "nsSystemInfo.h"
 #endif
 
 #if defined(XP_LINUX)
@@ -245,17 +244,16 @@ using namespace mozilla::dom::telephony;
 using namespace mozilla::dom::voicemail;
 using namespace mozilla::embedding;
 using namespace mozilla::gmp;
 using namespace mozilla::hal;
 using namespace mozilla::ipc;
 using namespace mozilla::layers;
 using namespace mozilla::net;
 using namespace mozilla::jsipc;
-using namespace mozilla::psm;
 using namespace mozilla::widget;
 
 #ifdef ENABLE_TESTS
 
 class BackgroundTester final : public nsIIPCBackgroundChildCreateCallback,
                                public nsIObserver
 {
     static uint32_t sCallbackCount;
@@ -3662,32 +3660,16 @@ ContentParent::AllocPScreenManagerParent
 
 bool
 ContentParent::DeallocPScreenManagerParent(PScreenManagerParent* aActor)
 {
     delete aActor;
     return true;
 }
 
-PPSMContentDownloaderParent*
-ContentParent::AllocPPSMContentDownloaderParent(const uint32_t& aCertType)
-{
-    nsRefPtr<PSMContentDownloaderParent> downloader =
-        new PSMContentDownloaderParent(aCertType);
-    return downloader.forget().take();
-}
-
-bool
-ContentParent::DeallocPPSMContentDownloaderParent(PPSMContentDownloaderParent* aListener)
-{
-    auto* listener = static_cast<PSMContentDownloaderParent*>(aListener);
-    nsRefPtr<PSMContentDownloaderParent> downloader = dont_AddRef(listener);
-    return true;
-}
-
 PExternalHelperAppParent*
 ContentParent::AllocPExternalHelperAppParent(const OptionalURIParams& uri,
                                              const nsCString& aMimeContentType,
                                              const nsCString& aContentDisposition,
                                              const uint32_t& aContentDispositionHint,
                                              const nsString& aContentDispositionFilename,
                                              const bool& aForceSave,
                                              const int64_t& aContentLength,
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -601,20 +601,16 @@ private:
     virtual PTestShellParent* AllocPTestShellParent() override;
     virtual bool DeallocPTestShellParent(PTestShellParent* shell) override;
 
     virtual PMobileConnectionParent* AllocPMobileConnectionParent(const uint32_t& aClientId) override;
     virtual bool DeallocPMobileConnectionParent(PMobileConnectionParent* aActor) override;
 
     virtual bool DeallocPNeckoParent(PNeckoParent* necko) override;
 
-    virtual PPSMContentDownloaderParent* AllocPPSMContentDownloaderParent(
-            const uint32_t& aCertType) override;
-    virtual bool DeallocPPSMContentDownloaderParent(PPSMContentDownloaderParent* aDownloader) override;
-
     virtual PExternalHelperAppParent* AllocPExternalHelperAppParent(
             const OptionalURIParams& aUri,
             const nsCString& aMimeContentType,
             const nsCString& aContentDisposition,
             const uint32_t& aContentDispositionHint,
             const nsString& aContentDispositionFilename,
             const bool& aForceSave,
             const int64_t& aContentLength,
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@@ -11,17 +11,16 @@ include protocol PBluetooth;
 include protocol PBrowser;
 include protocol PCellBroadcast;
 include protocol PCompositor;
 include protocol PContentBridge;
 include protocol PContentPermissionRequest;
 include protocol PCycleCollectWithLogs;
 include protocol PCrashReporter;
 include protocol PDocAccessible;
-include protocol PPSMContentDownloader;
 include protocol PExternalHelperApp;
 include protocol PDeviceStorageRequest;
 include protocol PFileDescriptorSet;
 include protocol PFMRadio;
 include protocol PFileSystemRequest;
 include protocol PHal;
 include protocol PIcc;
 include protocol PProcessHangMonitor;
@@ -384,17 +383,16 @@ prio(normal upto urgent) sync protocol P
     manages PBrowser;
     manages PCellBroadcast;
     manages PContentPermissionRequest;
     manages PCrashReporter;
     manages PCycleCollectWithLogs;
     manages PDocAccessible;
     manages PDeviceStorageRequest;
     manages PFileSystemRequest;
-    manages PPSMContentDownloader;
     manages PExternalHelperApp;
     manages PFileDescriptorSet;
     manages PFMRadio;
     manages PHal;
     manages PIcc;
     manages PMemoryReportRequest;
     manages PMobileConnection;
     manages PNecko;
@@ -753,18 +751,16 @@ parent:
                           nsString bidi,
                           nsString lang,
                           nsString data,
                           Principal principal,
                           bool inPrivateBrowsing);
 
     CloseAlert(nsString name, Principal principal);
 
-    PPSMContentDownloader(uint32_t aCertType);
-
     PExternalHelperApp(OptionalURIParams uri,
                        nsCString aMimeContentType,
                        nsCString aContentDisposition,
                        uint32_t aContentDispositionHint,
                        nsString aContentDispositionFilename,
                        bool aForceSave,
                        int64_t aContentLength,
                        OptionalURIParams aReferrer,
deleted file mode 100644
--- a/security/manager/ssl/src/PPSMContentDownloader.ipdl
+++ /dev/null
@@ -1,28 +0,0 @@
-/* vim: set sw=2 sts=2 ts=2 et tw=80 ft=cpp: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-include protocol PContent;
-include protocol PChannelDiverter;
-
-namespace mozilla {
-namespace psm {
-
-protocol PPSMContentDownloader
-{
-  manager PContent;
-
-parent:
-  OnStartRequest(uint32_t contentLength);
-  OnDataAvailable(nsCString data, uint64_t offset, uint32_t count);
-  OnStopRequest(nsresult code);
-
-  DivertToParentUsing(PChannelDiverter diverter);
-
-child:
-  __delete__();
-};
-
-} // namespace psm
-} // namespace mozilla
--- a/security/manager/ssl/src/PSMContentListener.cpp
+++ b/security/manager/ssl/src/PSMContentListener.cpp
@@ -1,369 +1,219 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * vim: set sw=2 sts=2 ts=2 et tw=80:
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "PSMContentListener.h"
 
-#include "nsIDivertableChannel.h"
 #include "nsIStreamListener.h"
 #include "nsIX509CertDB.h"
-#include "nsIXULAppInfo.h"
 
 #include "mozilla/Casting.h"
 #include "mozilla/Services.h"
-#include "mozilla/unused.h"
-
-#include "mozilla/dom/ContentChild.h"
-#include "mozilla/net/ChannelDiverterParent.h"
-#include "mozilla/net/ChannelDiverterChild.h"
 
 #include "nsCRT.h"
 #include "nsNetUtil.h"
 #include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
 
 #include "prlog.h"
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
 namespace mozilla { namespace psm {
 
 namespace {
 
-const int32_t kDefaultCertAllocLength = 2048;
+class PSMContentDownloader : public nsIStreamListener
+{
+public:
+  PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
+  explicit PSMContentDownloader(uint32_t type);
+  void setSilentDownload(bool flag);
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
 
-enum {
-  UNKNOWN_TYPE = 0,
-  X509_CA_CERT = 1,
-  X509_USER_CERT = 2,
-  X509_EMAIL_CERT = 3,
-  X509_SERVER_CERT = 4
+  enum {UNKNOWN_TYPE = 0};
+  enum {X509_CA_CERT  = 1};
+  enum {X509_USER_CERT  = 2};
+  enum {X509_EMAIL_CERT  = 3};
+  enum {X509_SERVER_CERT  = 4};
+
+protected:
+  virtual ~PSMContentDownloader();
+
+  char* mByteData;
+  int32_t mBufferOffset;
+  int32_t mBufferSize;
+  uint32_t mType;
+  nsCOMPtr<nsIURI> mURI;
 };
 
-/* other mime types that we should handle sometime:
-
-   application/x-pkcs7-mime
-   application/pkcs7-signature
-   application/pre-encrypted
-
-*/
-
-uint32_t
-getPSMContentType(const char* aContentType)
-{
-  // Don't forget to update the registration of content listeners in nsNSSModule.cpp
-  // for every supported content type.
-
-  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
-    return X509_CA_CERT;
-  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
-    return X509_SERVER_CERT;
-  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
-    return X509_USER_CERT;
-  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
-    return X509_EMAIL_CERT;
-
-  return UNKNOWN_TYPE;
-}
-
-int64_t
-ComputeContentLength(nsIRequest* request)
-{
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
-  if (!channel) {
-    return -1;
-  }
-
-  int64_t contentLength;
-  nsresult rv = channel->GetContentLength(&contentLength);
-  if (NS_FAILED(rv) || contentLength <= 0) {
-    return kDefaultCertAllocLength;
-  }
-
-  if (contentLength > INT32_MAX) {
-    return -1;
-  }
-
-  return contentLength;
-}
-
-class ImportCertRunnable : public nsRunnable
-{
-public:
-  ImportCertRunnable(PSMContentStreamListener* streamer)
-    : mStreamer(streamer)
-  {
-  }
-
-  NS_IMETHOD Run()
-  {
-    mStreamer->ImportCertificate();
-    return NS_OK;
-  }
-
-private:
-  nsRefPtr<PSMContentStreamListener> mStreamer;
-};
-
-
-} // unnamed namespace
-
-/* ------------------------
- * PSMContentStreamListener
- * ------------------------ */
-
-PSMContentStreamListener::PSMContentStreamListener(uint32_t type)
-  : mType(type)
+PSMContentDownloader::PSMContentDownloader(uint32_t type)
+  : mByteData(nullptr),
+    mType(type)
 {
 }
 
-PSMContentStreamListener::~PSMContentStreamListener()
+PSMContentDownloader::~PSMContentDownloader()
 {
+  if (mByteData)
+    free(mByteData);
 }
 
-NS_IMPL_ISUPPORTS(PSMContentStreamListener, nsIStreamListener, nsIRequestObserver)
+NS_IMPL_ISUPPORTS(PSMContentDownloader, nsIStreamListener, nsIRequestObserver)
+
+const int32_t kDefaultCertAllocLength = 2048;
 
 NS_IMETHODIMP
-PSMContentStreamListener::OnStartRequest(nsIRequest* request, nsISupports* context)
+PSMContentDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
 {
+  nsresult rv;
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStartRequest\n"));
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+  if (!channel) return NS_ERROR_FAILURE;
+
+  // Get the URI //
+  channel->GetURI(getter_AddRefs(mURI));
 
-  int64_t contentLength = ComputeContentLength(request);
-  if (contentLength < 0) {
-    return NS_ERROR_FAILURE;
-  }
-
-  mByteData.SetCapacity(contentLength);
+  int64_t contentLength;
+  rv = channel->GetContentLength(&contentLength);
+  if (NS_FAILED(rv) || contentLength <= 0)
+    contentLength = kDefaultCertAllocLength;
+  if (contentLength > INT32_MAX)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  mBufferOffset = 0;
+  mBufferSize = 0;
+  mByteData = (char*)moz_xmalloc(AssertedCast<size_t>(contentLength));
+  if (!mByteData)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  mBufferSize = int32_t(contentLength);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentStreamListener::OnDataAvailable(nsIRequest* request,
-                                          nsISupports* context,
-                                          nsIInputStream* aIStream,
-                                          uint64_t aSourceOffset,
-                                          uint32_t aLength)
+PSMContentDownloader::OnDataAvailable(nsIRequest* request,
+                                nsISupports* context,
+                                nsIInputStream *aIStream,
+                                uint64_t aSourceOffset,
+                                uint32_t aLength)
 {
+  if (!mByteData)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  uint32_t amt;
+  nsresult err;
+  //Do a check to see if we need to allocate more memory.
+  if ((mBufferOffset + (int32_t)aLength) > mBufferSize) {
+      size_t newSize = (mBufferOffset + aLength) *2; // grow some more than needed
+      char *newBuffer;
+      newBuffer = (char*)moz_xrealloc(mByteData, newSize);
+      if (!newBuffer) {
+        return NS_ERROR_OUT_OF_MEMORY;
+      }
+      mByteData = newBuffer;
+      mBufferSize = newSize;
+  }
+  
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnDataAvailable\n"));
-
-  nsCString chunk;
-  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  mByteData.Append(chunk);
+  do {
+    err = aIStream->Read(mByteData+mBufferOffset,
+                         aLength, &amt);
+    if (NS_FAILED(err)) return err;
+    if (amt == 0) break;
+    
+    aLength -= amt;
+    mBufferOffset += amt;
+    
+  } while (aLength > 0);
+  
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentStreamListener::OnStopRequest(nsIRequest* request,
-                                        nsISupports* context,
-                                        nsresult aStatus)
+PSMContentDownloader::OnStopRequest(nsIRequest* request,
+                              nsISupports* context,
+                              nsresult aStatus)
 {
+  nsNSSShutDownPreventionLock locker;
+  //Check if the download succeeded - it might have failed due to
+  //network issues, etc.
+  if (NS_FAILED(aStatus)){
+    return aStatus;
+  }
+
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
 
-  // Because importing the cert can spin the event loop (via alerts), we can't
-  // do it here. Do it off the event loop instead.
-  nsCOMPtr<nsIRunnable> r = new ImportCertRunnable(this);
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(NS_DispatchToMainThread(r)));
-
-  return NS_OK;
-}
-
-void
-PSMContentStreamListener::ImportCertificate()
-{
   nsCOMPtr<nsIX509CertDB> certdb;
 
+  nsresult rv;
   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
 
   switch (mType) {
-  case X509_CA_CERT:
-  case X509_USER_CERT:
-  case X509_EMAIL_CERT:
+  case PSMContentDownloader::X509_CA_CERT:
+  case PSMContentDownloader::X509_USER_CERT:
+  case PSMContentDownloader::X509_EMAIL_CERT:
     certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
     break;
 
   default:
     break;
   }
 
-  if (!certdb) {
-    return;
-  }
-
   switch (mType) {
-  case X509_CA_CERT:
-    certdb->ImportCertificates(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
-                               mByteData.Length(), mType, ctx);
-    break;
-
-  case X509_USER_CERT:
-    certdb->ImportUserCertificate(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
-                                  mByteData.Length(), ctx);
-    break;
-
-  case X509_EMAIL_CERT:
-    certdb->ImportEmailCertificate(reinterpret_cast<uint8_t*>(mByteData.BeginWriting()),
-                                   mByteData.Length(), ctx);
-    break;
-
+  case PSMContentDownloader::X509_CA_CERT:
+    return certdb->ImportCertificates((uint8_t*)mByteData, mBufferOffset, mType, ctx); 
+  case PSMContentDownloader::X509_USER_CERT:
+    return certdb->ImportUserCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
+  case PSMContentDownloader::X509_EMAIL_CERT:
+    return certdb->ImportEmailCertificate((uint8_t*)mByteData, mBufferOffset, ctx); 
   default:
+    rv = NS_ERROR_FAILURE;
     break;
   }
-}
-
-/* ------------------------
- * PSMContentDownloaderParent
- * ------------------------ */
-
-PSMContentDownloaderParent::PSMContentDownloaderParent(uint32_t type)
-  : PSMContentStreamListener(type)
-  , mIPCOpen(true)
-{
-}
-
-PSMContentDownloaderParent::~PSMContentDownloaderParent()
-{
-}
-
-bool
-PSMContentDownloaderParent::RecvOnStartRequest(const uint32_t& contentLength)
-{
-  mByteData.SetCapacity(contentLength);
-  return true;
-}
-
-bool
-PSMContentDownloaderParent::RecvOnDataAvailable(const nsCString& data,
-                                                const uint64_t& offset,
-                                                const uint32_t& count)
-{
-  mByteData.Append(data);
-  return true;
-}
-
-bool
-PSMContentDownloaderParent::RecvOnStopRequest(const nsresult& code)
-{
-  if (NS_SUCCEEDED(code)) {
-    // See also PSMContentStreamListener::OnStopRequest. In this case, we don't
-    // have to dispatch ImportCertificate off of an event because we don't have
-    // to worry about Necko sending "clean up" events and destroying us if
-    // ImportCertificate spins the event loop.
-    ImportCertificate();
-  }
-
-  if (mIPCOpen) {
-    mozilla::unused << Send__delete__(this);
-  }
-  return true;
-}
-
-NS_IMETHODIMP
-PSMContentDownloaderParent::OnStopRequest(nsIRequest* request, nsISupports* context, nsresult code)
-{
-  nsresult rv = PSMContentStreamListener::OnStopRequest(request, context, code);
-
-  if (mIPCOpen) {
-    mozilla::unused << Send__delete__(this);
-  }
+  
   return rv;
 }
 
-bool
-PSMContentDownloaderParent::RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent* diverter)
-{
-  MOZ_ASSERT(diverter);
-  auto p = static_cast<mozilla::net::ChannelDiverterParent*>(diverter);
-  p->DivertTo(this);
-  mozilla::unused << p->Send__delete__(p);
-  return true;
-}
+/* other mime types that we should handle sometime:
+   
+   application/x-pkcs7-mime
+   application/pkcs7-signature
+   application/pre-encrypted
+   
+*/
 
-void
-PSMContentDownloaderParent::ActorDestroy(ActorDestroyReason why)
-{
-  mIPCOpen = false;
-}
+uint32_t
+getPSMContentType(const char * aContentType)
+{ 
+  // Don't forget to update the registration of content listeners in nsNSSModule.cpp 
+  // for every supported content type.
+  
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
+    return PSMContentDownloader::X509_CA_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
+    return PSMContentDownloader::X509_SERVER_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
+    return PSMContentDownloader::X509_USER_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
+    return PSMContentDownloader::X509_EMAIL_CERT;
 
-/* ------------------------
- * PSMContentDownloaderChild
- * ------------------------ */
-
-NS_IMPL_ISUPPORTS(PSMContentDownloaderChild, nsIStreamListener)
-
-PSMContentDownloaderChild::PSMContentDownloaderChild()
-{
-}
-
-PSMContentDownloaderChild::~PSMContentDownloaderChild()
-{
+  return PSMContentDownloader::UNKNOWN_TYPE;
 }
 
-NS_IMETHODIMP
-PSMContentDownloaderChild::OnStartRequest(nsIRequest* request, nsISupports* context)
-{
-  nsCOMPtr<nsIDivertableChannel> divertable = do_QueryInterface(request);
-  if (divertable) {
-    mozilla::net::ChannelDiverterChild* diverter = nullptr;
-    nsresult rv = divertable->DivertToParent(&diverter);
-    if (NS_FAILED(rv)) {
-      return rv;
-    }
-    MOZ_ASSERT(diverter);
-
-    return SendDivertToParentUsing(diverter) ? NS_OK : NS_ERROR_FAILURE;
-  }
-
-  int64_t contentLength = ComputeContentLength(request);
-  if (contentLength < 0) {
-    return NS_ERROR_FAILURE;
-  }
-
-  mozilla::unused << SendOnStartRequest(contentLength);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentDownloaderChild::OnDataAvailable(nsIRequest* request,
-                                           nsISupports* context,
-                                           nsIInputStream* aIStream,
-                                           uint64_t aSourceOffset,
-                                           uint32_t aLength)
-{
-  nsCString chunk;
-  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  mozilla::unused << SendOnDataAvailable(chunk, aSourceOffset, aLength);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentDownloaderChild::OnStopRequest(nsIRequest* request,
-                                         nsISupports* context,
-                                         nsresult aStatus)
-{
-  mozilla::unused << SendOnStopRequest(aStatus);
-  return NS_OK;
-}
-
-/* ------------------------
- * PSMContentListener
- * ------------------------ */
+} // unnamed namespace
 
 NS_IMPL_ISUPPORTS(PSMContentListener,
                   nsIURIContentListener,
                   nsISupportsWeakReference) 
 
 PSMContentListener::PSMContentListener()
 {
   mLoadCookie = nullptr;
@@ -376,93 +226,89 @@ PSMContentListener::~PSMContentListener(
 
 nsresult
 PSMContentListener::init()
 {
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::OnStartURIOpen(nsIURI* aURI, bool* aAbortOpen)
+PSMContentListener::OnStartURIOpen(nsIURI *aURI, bool *aAbortOpen)
 {
   //if we don't want to handle the URI, return true in
   //*aAbortOpen
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::IsPreferred(const char* aContentType,
-                                 char** aDesiredContentType,
-                                 bool* aCanHandleContent)
+PSMContentListener::IsPreferred(const char * aContentType,
+                                 char ** aDesiredContentType,
+                                 bool * aCanHandleContent)
 {
   return CanHandleContent(aContentType, true,
                           aDesiredContentType, aCanHandleContent);
 }
 
 NS_IMETHODIMP
-PSMContentListener::CanHandleContent(const char* aContentType,
+PSMContentListener::CanHandleContent(const char * aContentType,
                                       bool aIsContentPreferred,
-                                      char** aDesiredContentType,
-                                      bool* aCanHandleContent)
+                                      char ** aDesiredContentType,
+                                      bool * aCanHandleContent)
 {
-  uint32_t type = getPSMContentType(aContentType);
-  *aCanHandleContent = (type != UNKNOWN_TYPE);
+  uint32_t type;
+  type = getPSMContentType(aContentType);
+  if (type == PSMContentDownloader::UNKNOWN_TYPE) {
+    *aCanHandleContent = false;
+  } else {
+    *aCanHandleContent = true;
+  }
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::DoContent(const nsACString& aContentType,
+PSMContentListener::DoContent(const nsACString & aContentType,
                                bool aIsContentPreferred,
-                               nsIRequest* aRequest,
-                               nsIStreamListener** aContentHandler,
-                               bool* aAbortProcess)
+                               nsIRequest * aRequest,
+                               nsIStreamListener ** aContentHandler,
+                               bool * aAbortProcess)
 {
   uint32_t type;
   type = getPSMContentType(PromiseFlatCString(aContentType).get());
-  if (gPIPNSSLog) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PSMContentListener::DoContent\n"));
-  }
-  if (type != UNKNOWN_TYPE) {
-    nsCOMPtr<nsIStreamListener> downloader;
-    if (XRE_GetProcessType() == GeckoProcessType_Default) {
-      downloader = new PSMContentStreamListener(type);
-    } else {
-      downloader = static_cast<PSMContentDownloaderChild*>(
-          dom::ContentChild::GetSingleton()->SendPPSMContentDownloaderConstructor(type));
-    }
-
-    downloader.forget(aContentHandler);
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PSMContentListener::DoContent\n"));
+  if (type != PSMContentDownloader::UNKNOWN_TYPE) {
+    nsRefPtr<PSMContentDownloader> downLoader = new PSMContentDownloader(type);
+    downLoader.forget(aContentHandler);
     return NS_OK;
   }
   return NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
-PSMContentListener::GetLoadCookie(nsISupports** aLoadCookie)
+PSMContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
 {
-  nsCOMPtr<nsISupports> loadCookie(mLoadCookie);
-  loadCookie.forget(aLoadCookie);
+  *aLoadCookie = mLoadCookie;
+  NS_IF_ADDREF(*aLoadCookie);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::SetLoadCookie(nsISupports* aLoadCookie)
+PSMContentListener::SetLoadCookie(nsISupports * aLoadCookie)
 {
   mLoadCookie = aLoadCookie;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::GetParentContentListener(nsIURIContentListener** aContentListener)
+PSMContentListener::GetParentContentListener(nsIURIContentListener ** aContentListener)
 {
-  nsCOMPtr<nsIURIContentListener> listener(mParentContentListener);
-  listener.forget(aContentListener);
+  *aContentListener = mParentContentListener;
+  NS_IF_ADDREF(*aContentListener);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-PSMContentListener::SetParentContentListener(nsIURIContentListener* aContentListener)
+PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentListener)
 {
   mParentContentListener = aContentListener;
   return NS_OK;
 }
 
 } } // namespace mozilla::psm
--- a/security/manager/ssl/src/PSMContentListener.h
+++ b/security/manager/ssl/src/PSMContentListener.h
@@ -5,94 +5,22 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_psm_PSMCOntentListener_h_
 #define mozilla_psm_PSMCOntentListener_h_
 
 #include "nsCOMPtr.h"
 #include "nsIURIContentListener.h"
 #include "nsWeakReference.h"
-#include "mozilla/psm/PPSMContentDownloaderChild.h"
-#include "mozilla/psm/PPSMContentDownloaderParent.h"
 
 #define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
 #define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
 
-namespace mozilla {
-namespace net {
-
-class PChannelDiverterParent;
-
-}
-}
-
 namespace mozilla { namespace psm {
 
-// PSMContentStreamListener for parent-process downloading.
-class PSMContentStreamListener : public nsIStreamListener
-{
-public:
-  explicit PSMContentStreamListener(uint32_t type);
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIREQUESTOBSERVER
-  NS_DECL_NSISTREAMLISTENER
-
-  void ImportCertificate();
-
-protected:
-  virtual ~PSMContentStreamListener();
-
-  nsCString mByteData;
-  uint32_t mType;
-};
-
-// Parent actor for importing a remote cert when the load was started by the
-// child.
-class PSMContentDownloaderParent : public PPSMContentDownloaderParent
-                                 , public PSMContentStreamListener
-{
-public:
-  explicit PSMContentDownloaderParent(uint32_t type);
-
-  virtual bool RecvOnStartRequest(const uint32_t &contentLength) override;
-  virtual bool RecvOnDataAvailable(const nsCString &data,
-                                   const uint64_t &offset,
-                                   const uint32_t &count) override;
-  virtual bool RecvOnStopRequest(const nsresult &code) override;
-
-  // We inherit most of nsIStreamListener from PSMContentStreamListener, but
-  // we have to override OnStopRequest to know when we're done with our IPC
-  // ref.
-  NS_IMETHOD OnStopRequest(nsIRequest *request, nsISupports *aContext, nsresult code) override;
-
-  virtual bool RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent *diverter) override;
-
-protected:
-  virtual ~PSMContentDownloaderParent();
-
-  virtual void ActorDestroy(ActorDestroyReason why) override;
-  bool mIPCOpen;
-};
-
-// Child actor for importing a cert.
-class PSMContentDownloaderChild : public nsIStreamListener
-                                , public PPSMContentDownloaderChild
-{
-public:
-  PSMContentDownloaderChild();
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIREQUESTOBSERVER
-  NS_DECL_NSISTREAMLISTENER
-
-private:
-  ~PSMContentDownloaderChild();
-};
-
-
 class PSMContentListener : public nsIURIContentListener,
                            public nsSupportsWeakReference
 {
 public:
   PSMContentListener();
   nsresult init();
 
   NS_DECL_ISUPPORTS
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -18,20 +18,16 @@ EXPORTS += [
     'ScopedNSSTypes.h',
     'SharedCertVerifier.h',
 ]
 
 EXPORTS.mozilla += [
     'PublicSSL.h',
 ]
 
-EXPORTS.mozilla.psm += [
-    'PSMContentListener.h',
-]
-
 UNIFIED_SOURCES += [
     'CryptoTask.cpp',
     'nsCertOverrideService.cpp',
     'nsCertPicker.cpp',
     'nsCertVerificationThread.cpp',
     'nsClientAuthRemember.cpp',
     'nsCrypto.cpp',
     'nsCryptoHash.cpp',
@@ -73,20 +69,16 @@ UNIFIED_SOURCES += [
     'TransportSecurityInfo.cpp',
 ]
 
 # nsNSSCertificateDB.cpp needs to include nscert.h before everything else.
 SOURCES += [
     'nsNSSCertificateDB.cpp',
 ]
 
-IPDL_SOURCES += [
-    'PPSMContentDownloader.ipdl',
-]
-
 LOCAL_INCLUDES += [
     '/security/manager/boot/src',
 ]
 
 if not CONFIG['MOZ_NO_SMART_CARDS']:
     UNIFIED_SOURCES += [
         'nsSmartCardMonitor.cpp',
     ]
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -130,30 +130,24 @@ static nsresult                         
                                                 _InstanceClassContent,        \
                                                 _InitMethod)                  \
 static nsresult                                                               \
 _InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
                                   void **aResult)                             \
 {                                                                             \
     nsresult rv;                                                              \
                                                                               \
-    *aResult = nullptr;                                                       \
-    if (nullptr != aOuter) {                                                  \
+    *aResult = nullptr;                                                          \
+    if (nullptr != aOuter) {                                                     \
         rv = NS_ERROR_NO_AGGREGATION;                                         \
         return rv;                                                            \
     }                                                                         \
                                                                               \
-    if (!NS_IS_PROCESS_DEFAULT &&                                             \
-        ensureOperator == nssEnsureChromeOrContent) {                         \
-        if (!EnsureNSSInitializedChromeOrContent()) {                         \
-            return NS_ERROR_FAILURE;                                          \
-        }                                                                     \
-    } else if (!EnsureNSSInitialized(ensureOperator)) {                       \
+    if (!EnsureNSSInitialized(ensureOperator))                                \
         return NS_ERROR_FAILURE;                                              \
-    }                                                                         \
                                                                               \
     if (NS_IS_PROCESS_DEFAULT)                                                \
         NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
                                 _InstanceClassChrome,                         \
                                 _InitMethod);                                 \
     else                                                                      \
         NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
                                 _InstanceClassContent,                        \
@@ -183,17 +177,17 @@ namespace {
 // Only for the nsNSSComponent, set this to true.
 // All other classes must have this set to false.
 
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSSLSocketProvider)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsTLSSocketProvider)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSecretDecoderRing)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPK11TokenDB)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPKCS11ModuleDB)
-NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, PSMContentListener, init)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
                                              nsNSSCertificate,
                                              nsNSSCertificateFakeTransport)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
                                              nsNSSCertList,
                                              nsNSSCertListFakeTransport)
 #ifdef MOZ_XUL