Bug 1142350 - Remove nsIUserCertPicker, nsICertPickDialogs and associated code from mozilla-central. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 21 Sep 2016 19:34:12 +0800
changeset 316420 75a0213cc96593cc8fb7c4bcb0050b8863c88960
parent 316419 e0ef5898308b07ceb17f5bbf2192a5d496c7b6e7
child 316421 39a5fc72213d842e796d101b5674c04c2d4c2433
push id30770
push userkwierso@gmail.com
push dateWed, 05 Oct 2016 00:00:48 +0000
treeherdermozilla-central@3470e326025c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1142350, 1297368
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1142350 - Remove nsIUserCertPicker, nsICertPickDialogs and associated code from mozilla-central. r=keeler The code is used in comm-central, but is unused in mozilla-central. It will be imported into comm-central in Bug 1297368. MozReview-Commit-ID: BEY9BR0YRiD
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
security/manager/locales/en-US/chrome/pippki/pippki.dtd
security/manager/pki/nsNSSDialogs.cpp
security/manager/pki/nsNSSDialogs.h
security/manager/pki/nsPKIModule.cpp
security/manager/pki/resources/content/certpicker.js
security/manager/pki/resources/content/certpicker.xul
security/manager/pki/resources/jar.mn
security/manager/ssl/ScopedNSSTypes.h
security/manager/ssl/moz.build
security/manager/ssl/nsCertPicker.cpp
security/manager/ssl/nsCertPicker.h
security/manager/ssl/nsICertPickDialogs.idl
security/manager/ssl/nsIUserCertPicker.idl
security/manager/ssl/nsNSSCertHelper.cpp
security/manager/ssl/nsNSSCertHelper.h
security/manager/ssl/nsNSSCertificate.cpp
security/manager/ssl/nsNSSCertificate.h
security/manager/ssl/nsNSSIOLayer.cpp
security/manager/ssl/nsNSSModule.cpp
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -278,30 +278,20 @@ certErrorMismatchMultiple=The certificat
 # LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
 certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
 # LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time)
 certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
 
 # LOCALIZATION NOTE (certErrorCodePrefix2): Do not translate <a id="errorCode" title="%1$S">%1$S</a>
 certErrorCodePrefix2=Error code: <a id="errorCode" title="%1$S">%1$S</a>
 
-CertInfoIssuedFor=Issued to:
-CertInfoIssuedBy=Issued by:
-CertInfoValid=Valid
-CertInfoFrom=from
-CertInfoTo=to
-CertInfoPurposes=Purposes
-CertInfoEmail=Email
-CertInfoStoredIn=Stored in:
 P12DefaultNickname=Imported Certificate
 CertUnknown=Unknown
 CertNoNickname=(no nickname)
 CertNoEmailAddress=(no email address)
-NicknameExpired=(expired)
-NicknameNotYetValid=(not yet valid)
 CaCertExists=This certificate is already installed as a certificate authority.
 NotACACert=This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.
 NotImportingUnverifiedCert=This certificate can’t be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved.
 UserCertIgnoredNoPrivateKey=This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
 UserCertImported=Your personal certificate has been installed. You should keep a backup copy of this certificate.
 CertOrgUnknown=(Unknown)
 CertNotStored=(Not Stored)
 CertExceptionPermanent=Permanent
--- a/security/manager/locales/en-US/chrome/pippki/pippki.dtd
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.dtd
@@ -26,21 +26,16 @@
 <!ENTITY downloadCert.viewCert.text "Examine CA certificate">
 
 <!-- Strings for the SSL client auth ask dialog -->
 <!ENTITY clientAuthAsk.title "User Identification Request">
 <!ENTITY clientAuthAsk.message1 "This site has requested that you identify yourself with a certificate:">
 <!ENTITY clientAuthAsk.message2 "Choose a certificate to present as identification:">
 <!ENTITY clientAuthAsk.message3 "Details of selected certificate:">
 
-<!-- Strings for the cert picker dialog -->
-<!ENTITY certPicker.title "Select Certificate">
-<!ENTITY certPicker.info  "Certificate:">
-<!ENTITY certPicker.detailsLabel "Details of selected certificate:">
-
 <!ENTITY pkcs12.setpassword.title  "Choose a Certificate Backup Password">
 <!ENTITY pkcs12.setpassword.message  "The certificate backup password you set here protects the backup file that you are about to create.  You must set this password to proceed with the backup.">
 <!ENTITY pkcs12.setpassword.label1 "Certificate backup password:">
 <!ENTITY pkcs12.setpassword.label2 "Certificate backup password (again):">
 <!ENTITY pkcs12.setpassword.reminder "Important: If you forget your certificate backup password, you will not be able to restore this backup later.  Please record it in a safe location.">
 
 <!ENTITY chooseToken.title  "Choose Token Dialog">
 <!ENTITY chooseToken.message1 "Please choose a token.">
--- a/security/manager/pki/nsNSSDialogs.cpp
+++ b/security/manager/pki/nsNSSDialogs.cpp
@@ -42,17 +42,16 @@ nsNSSDialogs::nsNSSDialogs()
 
 nsNSSDialogs::~nsNSSDialogs()
 {
 }
 
 NS_IMPL_ISUPPORTS(nsNSSDialogs, nsITokenPasswordDialogs,
                   nsICertificateDialogs,
                   nsIClientAuthDialogs,
-                  nsICertPickDialogs,
                   nsITokenDialogs,
                   nsIGeneratingKeypairInfoDialogs)
 
 nsresult
 nsNSSDialogs::Init()
 {
   nsresult rv;
 
@@ -253,70 +252,16 @@ nsNSSDialogs::ChooseCertificate(nsIInter
     }
 
     *selectedIndex = mozilla::AssertedCast<uint32_t>(index);
   }
 
   return NS_OK;
 }
 
-
-NS_IMETHODIMP
-nsNSSDialogs::PickCertificate(nsIInterfaceRequestor *ctx, 
-                              const char16_t **certNickList, 
-                              const char16_t **certDetailsList, 
-                              uint32_t count, 
-                              int32_t *selectedIndex, 
-                              bool *canceled) 
-{
-  nsresult rv;
-  uint32_t i;
-
-  *canceled = false;
-
-  nsCOMPtr<nsIDialogParamBlock> block =
-           do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
-  if (!block) return NS_ERROR_FAILURE;
-
-  block->SetNumberStrings(1+count*2);
-
-  for (i = 0; i < count; i++) {
-    rv = block->SetString(i, certNickList[i]);
-    if (NS_FAILED(rv)) return rv;
-  }
-
-  for (i = 0; i < count; i++) {
-    rv = block->SetString(i+count, certDetailsList[i]);
-    if (NS_FAILED(rv)) return rv;
-  }
-
-  rv = block->SetInt(0, count);
-  if (NS_FAILED(rv)) return rv;
-
-  rv = block->SetInt(1, *selectedIndex);
-  if (NS_FAILED(rv)) return rv;
-
-  rv = nsNSSDialogHelper::openDialog(nullptr,
-                                "chrome://pippki/content/certpicker.xul",
-                                block);
-  if (NS_FAILED(rv)) return rv;
-
-  int32_t status;
-
-  rv = block->GetInt(0, &status);
-  if (NS_FAILED(rv)) return rv;
-
-  *canceled = (status == 0)?true:false;
-  if (!*canceled) {
-    rv = block->GetInt(1, selectedIndex);
-  }
-  return rv;
-}
-
-
 NS_IMETHODIMP 
 nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx, 
                                     nsAString &_password,
                                     bool *_retval)
 {
   nsresult rv;
   *_retval = true;
   // Get the parent window for the dialog
--- a/security/manager/pki/nsNSSDialogs.h
+++ b/security/manager/pki/nsNSSDialogs.h
@@ -1,49 +1,44 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef __NS_NSSDIALOGS_H__
-#define __NS_NSSDIALOGS_H__
+#ifndef nsNSSDialogs_h
+#define nsNSSDialogs_h
 
-#include "nsITokenPasswordDialogs.h"
+#include "nsCOMPtr.h"
 #include "nsICertificateDialogs.h"
 #include "nsIClientAuthDialogs.h"
-#include "nsICertPickDialogs.h"
+#include "nsIGenKeypairInfoDlg.h"
+#include "nsIStringBundle.h"
 #include "nsITokenDialogs.h"
-#include "nsIGenKeypairInfoDlg.h"
-
-#include "nsCOMPtr.h"
-#include "nsIStringBundle.h"
+#include "nsITokenPasswordDialogs.h"
 
 #define NS_NSSDIALOGS_CID \
   { 0x518e071f, 0x1dd2, 0x11b2, \
     { 0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 }}
 
-class nsNSSDialogs
-: public nsITokenPasswordDialogs,
-  public nsICertificateDialogs,
-  public nsIClientAuthDialogs,
-  public nsICertPickDialogs,
-  public nsITokenDialogs,
-  public nsIGeneratingKeypairInfoDialogs
+class nsNSSDialogs : public nsICertificateDialogs
+                   , public nsIClientAuthDialogs
+                   , public nsIGeneratingKeypairInfoDialogs
+                   , public nsITokenDialogs
+                   , public nsITokenPasswordDialogs
 {
 public:
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSITOKENPASSWORDDIALOGS
   NS_DECL_NSICERTIFICATEDIALOGS
   NS_DECL_NSICLIENTAUTHDIALOGS
-  NS_DECL_NSICERTPICKDIALOGS
   NS_DECL_NSITOKENDIALOGS
   NS_DECL_NSIGENERATINGKEYPAIRINFODIALOGS
   nsNSSDialogs();
 
   nsresult Init();
 
 protected:
   virtual ~nsNSSDialogs();
   nsCOMPtr<nsIStringBundle> mPIPStringBundle;
 };
 
-#endif
+#endif // nsNSSDialogs_h
--- a/security/manager/pki/nsPKIModule.cpp
+++ b/security/manager/pki/nsPKIModule.cpp
@@ -1,18 +1,17 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ModuleUtils.h"
-
+#include "nsASN1Tree.h"
 #include "nsNSSDialogs.h"
-#include "nsASN1Tree.h"
 
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSDialogs, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSASN1Tree)
 
 NS_DEFINE_NAMED_CID(NS_NSSDIALOGS_CID);
 NS_DEFINE_NAMED_CID(NS_NSSASN1OUTINER_CID);
 
 
@@ -21,17 +20,16 @@ static const mozilla::Module::CIDEntry k
   { &kNS_NSSASN1OUTINER_CID, false, nullptr, nsNSSASN1TreeConstructor },
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kPKIContracts[] = {
   { NS_TOKENPASSWORDSDIALOG_CONTRACTID, &kNS_NSSDIALOGS_CID },
   { NS_CERTIFICATEDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
   { NS_CLIENTAUTHDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
-  { NS_CERTPICKDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
   { NS_TOKENDIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
   { NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID, &kNS_NSSDIALOGS_CID },
   { NS_ASN1TREE_CONTRACTID, &kNS_NSSASN1OUTINER_CID },
   { nullptr }
 };
 
 static const mozilla::Module kPKIModule = {
   mozilla::Module::kVersion,
deleted file mode 100644
--- a/security/manager/pki/resources/content/certpicker.js
+++ /dev/null
@@ -1,74 +0,0 @@
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* import-globals-from pippki.js */
-"use strict";
-
-const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
-
-var dialogParams;
-var itemCount = 0;
-
-function onLoad()
-{
-  dialogParams = window.arguments[0].QueryInterface(nsIDialogParamBlock);
-
-  var selectElement = document.getElementById("nicknames");
-  itemCount = dialogParams.GetInt(0);
-
-  var selIndex = dialogParams.GetInt(1);
-  if (selIndex < 0) {
-    selIndex = 0;
-  }
-
-  for (let i = 0; i < itemCount; i++) {
-    let menuItemNode = document.createElement("menuitem");
-    let nick = dialogParams.GetString(i);
-    menuItemNode.setAttribute("value", i);
-    menuItemNode.setAttribute("label", nick); // This is displayed.
-    selectElement.firstChild.appendChild(menuItemNode);
-
-    if (selIndex == i) {
-      selectElement.selectedItem = menuItemNode;
-    }
-  }
-
-  dialogParams.SetInt(0, 0); // Set cancel return value.
-  setDetails();
-}
-
-function setDetails()
-{
-  let selItem = document.getElementById("nicknames").value;
-  if (selItem.length == 0) {
-    return;
-  }
-
-  let index = parseInt(selItem);
-  let details = dialogParams.GetString(index + itemCount);
-  document.getElementById("details").value = details;
-}
-
-function onCertSelected()
-{
-  setDetails();
-}
-
-function doOK()
-{
-  // Signal that the user accepted.
-  dialogParams.SetInt(0, 1);
-
-  // Signal the index of the selected cert in the list of cert nicknames
-  // provided.
-  let index = parseInt(document.getElementById("nicknames").value);
-  dialogParams.SetInt(1, index);
-  return true;
-}
-
-function doCancel()
-{
-  dialogParams.SetInt(0, 0); // Signal that the user cancelled.
-  return true;
-}
deleted file mode 100644
--- a/security/manager/pki/resources/content/certpicker.xul
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0"?>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!DOCTYPE dialog [
-<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
-%pippkiDTD;
-]>
-
-<dialog id="certPicker" title="&certPicker.title;"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
-  style="width: 50em;"
-  buttons="accept,cancel"
-  ondialogaccept="return doOK();"
-  ondialogcancel="return doCancel();"
-  onload="onLoad();">
-
-<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
-<script type="application/javascript" src="chrome://pippki/content/certpicker.js"/>
-
-  <hbox align="center">
-    <broadcaster id="certSelected" oncommand="onCertSelected();"/>
-    <label id="pickerInfo" value="&certPicker.info;"/>
-    <!-- The items in this menulist must never be sorted,
-         but remain in the order filled by the application
-    -->
-    <menulist id="nicknames" observes="certSelected">
-      <menupopup/>
-    </menulist>
-  </hbox>
-  <separator class="thin"/>
-  <label value="&certPicker.detailsLabel;"/>
-  <textbox readonly="true" id="details" multiline="true"
-           style="height: 12em;" flex="1"/>
-</dialog>
--- a/security/manager/pki/resources/jar.mn
+++ b/security/manager/pki/resources/jar.mn
@@ -24,18 +24,16 @@ pippki.jar:
     content/pippki/exceptionDialog.js        (content/exceptionDialog.js)
     content/pippki/deletecert.xul            (content/deletecert.xul)
     content/pippki/deletecert.js             (content/deletecert.js)
     content/pippki/viewCertDetails.js        (content/viewCertDetails.js)
     content/pippki/setp12password.xul        (content/setp12password.xul)
     content/pippki/pippki.js                 (content/pippki.js)
     content/pippki/clientauthask.xul	     (content/clientauthask.xul)
     content/pippki/clientauthask.js          (content/clientauthask.js)
-    content/pippki/certpicker.xul	           (content/certpicker.xul)
-    content/pippki/certpicker.js             (content/certpicker.js)
     content/pippki/certViewer.xul            (content/certViewer.xul)
     content/pippki/certDump.xul              (content/certDump.xul)
     content/pippki/device_manager.xul        (content/device_manager.xul)
     content/pippki/device_manager.js         (content/device_manager.js)
     content/pippki/load_device.xul           (content/load_device.xul)
     content/pippki/choosetoken.xul           (content/choosetoken.xul)
     content/pippki/choosetoken.js            (content/choosetoken.js)
     content/pippki/createCertInfo.xul        (content/createCertInfo.xul)
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -338,19 +338,16 @@ MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(Un
                                       CERTCertificatePolicies,
                                       CERT_DestroyCertificatePoliciesExtension)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateRequest,
                                       CERTCertificateRequest,
                                       CERT_DestroyCertificateRequest)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertList,
                                       CERTCertList,
                                       CERT_DestroyCertList)
-MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertNicknames,
-                                      CERTCertNicknames,
-                                      CERT_FreeNicknames)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTName,
                                       CERTName,
                                       CERT_DestroyName)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence,
                                       CERTOidSequence,
                                       CERT_DestroyOidSequence)
 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTSubjectPublicKeyInfo,
                                       CERTSubjectPublicKeyInfo,
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -10,17 +10,16 @@ XPIDL_SOURCES += [
     'nsIASN1Object.idl',
     'nsIASN1PrintableItem.idl',
     'nsIASN1Sequence.idl',
     'nsIAssociatedContentSecurity.idl',
     'nsIBadCertListener2.idl',
     'nsICertBlocklist.idl',
     'nsICertificateDialogs.idl',
     'nsICertOverrideService.idl',
-    'nsICertPickDialogs.idl',
     'nsIClientAuthDialogs.idl',
     'nsIContentSignatureVerifier.idl',
     'nsIDataSignatureVerifier.idl',
     'nsIGenKeypairInfoDlg.idl',
     'nsIKeygenThread.idl',
     'nsIKeyModule.idl',
     'nsILocalCertService.idl',
     'nsINSSU2FToken.idl',
@@ -35,17 +34,16 @@ XPIDL_SOURCES += [
     'nsISecretDecoderRing.idl',
     'nsISecurityUITelemetry.idl',
     'nsISiteSecurityService.idl',
     'nsISSLStatus.idl',
     'nsISSLStatusProvider.idl',
     'nsITokenDialogs.idl',
     'nsITokenPasswordDialogs.idl',
     'nsIU2FToken.idl',
-    'nsIUserCertPicker.idl',
     'nsIWeakCryptoOverride.idl',
     'nsIX509Cert.idl',
     'nsIX509CertDB.idl',
     'nsIX509CertList.idl',
     'nsIX509CertValidity.idl',
 ]
 
 if CONFIG['MOZ_XUL']:
@@ -92,17 +90,16 @@ EXPORTS.ipc += [
 UNIFIED_SOURCES += [
     'CertBlocklist.cpp',
     'ContentSignatureVerifier.cpp',
     'CryptoTask.cpp',
     'CSTrustDomain.cpp',
     'DataStorage.cpp',
     'LocalCertService.cpp',
     'nsCertOverrideService.cpp',
-    'nsCertPicker.cpp',
     'nsClientAuthRemember.cpp',
     'nsCrypto.cpp',
     'nsCryptoHash.cpp',
     'nsDataSignatureVerifier.cpp',
     'nsKeygenHandler.cpp',
     'nsKeygenHandlerContent.cpp',
     'nsKeygenThread.cpp',
     'nsKeyModule.cpp',
deleted file mode 100644
--- a/security/manager/ssl/nsCertPicker.cpp
+++ /dev/null
@@ -1,210 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsCertPicker.h"
-
-#include "ScopedNSSTypes.h"
-#include "cert.h"
-#include "mozilla/RefPtr.h"
-#include "nsCOMPtr.h"
-#include "nsICertPickDialogs.h"
-#include "nsIInterfaceRequestor.h"
-#include "nsIServiceManager.h"
-#include "nsMemory.h"
-#include "nsNSSCertHelper.h"
-#include "nsNSSCertificate.h"
-#include "nsNSSComponent.h"
-#include "nsNSSHelper.h"
-#include "nsNSSShutDown.h"
-#include "nsReadableUtils.h"
-#include "nsString.h"
-#include "pkix/pkixtypes.h"
-
-using namespace mozilla;
-
-NS_IMPL_ISUPPORTS(nsCertPicker, nsIUserCertPicker)
-
-nsCertPicker::nsCertPicker()
-{
-}
-
-nsCertPicker::~nsCertPicker()
-{
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return;
-  }
-
-  shutdown(ShutdownCalledFrom::Object);
-}
-
-NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx, 
-                                        const char16_t *selectedNickname, 
-                                        int32_t certUsage, 
-                                        bool allowInvalid, 
-                                        bool allowDuplicateNicknames, 
-                                        const nsAString &emailAddress,
-                                        bool *canceled, 
-                                        nsIX509Cert **_retval)
-{
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  int32_t selectedIndex = -1;
-  bool selectionFound = false;
-  char16_t **certNicknameList = nullptr;
-  char16_t **certDetailsList = nullptr;
-  CERTCertListNode* node = nullptr;
-  nsresult rv = NS_OK;
-
-  {
-    // Iterate over all certs. This assures that user is logged in to all hardware tokens.
-    nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
-    UniqueCERTCertList allcerts(PK11_ListCerts(PK11CertListUnique, ctx));
-  }
-
-  /* find all user certs that are valid for the specified usage */
-  /* note that we are allowing expired certs in this list */
-  UniqueCERTCertList certList(
-    CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
-                              (SECCertUsage)certUsage,
-                              !allowDuplicateNicknames,
-                              !allowInvalid,
-                              ctx));
-  if (!certList) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  /* if a (non-empty) emailAddress argument is supplied to PickByUsage, */
-  /* remove non-matching certificates from the candidate list */
-
-  if (!emailAddress.IsEmpty()) {
-    node = CERT_LIST_HEAD(certList);
-    while (!CERT_LIST_END(node, certList)) {
-      /* if the cert has at least one e-mail address, check if suitable */
-      if (CERT_GetFirstEmailAddress(node->cert)) {
-        RefPtr<nsNSSCertificate> tempCert(nsNSSCertificate::Create(node->cert));
-        bool match = false;
-        rv = tempCert->ContainsEmailAddress(emailAddress, &match);
-        if (NS_FAILED(rv)) {
-          return rv;
-        }
-        if (!match) {
-          /* doesn't contain the specified address, so remove from the list */
-          CERTCertListNode* freenode = node;
-          node = CERT_LIST_NEXT(node);
-          CERT_RemoveCertListNode(freenode);
-          continue;
-        }
-      }
-      node = CERT_LIST_NEXT(node);
-    }
-  }
-
-  UniqueCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList));
-  if (!nicknames) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  certNicknameList = (char16_t **)moz_xmalloc(sizeof(char16_t *) * nicknames->numnicknames);
-  certDetailsList = (char16_t **)moz_xmalloc(sizeof(char16_t *) * nicknames->numnicknames);
-
-  if (!certNicknameList || !certDetailsList) {
-    free(certNicknameList);
-    free(certDetailsList);
-    return NS_ERROR_OUT_OF_MEMORY;
-  }
-
-  int32_t CertsToUse;
-
-  for (CertsToUse = 0, node = CERT_LIST_HEAD(certList.get());
-       !CERT_LIST_END(node, certList.get()) &&
-         CertsToUse < nicknames->numnicknames;
-       node = CERT_LIST_NEXT(node)
-      )
-  {
-    RefPtr<nsNSSCertificate> tempCert(nsNSSCertificate::Create(node->cert));
-
-    if (tempCert) {
-
-      nsAutoString i_nickname(NS_ConvertUTF8toUTF16(nicknames->nicknames[CertsToUse]));
-      nsAutoString nickWithSerial;
-      nsAutoString details;
-
-      if (!selectionFound) {
-        /* for the case when selectedNickname refers to a bare nickname */
-        if (i_nickname == nsDependentString(selectedNickname)) {
-          selectedIndex = CertsToUse;
-          selectionFound = true;
-        }
-      }
-
-      if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
-        certNicknameList[CertsToUse] = ToNewUnicode(nickWithSerial);
-        certDetailsList[CertsToUse] = ToNewUnicode(details);
-        if (!selectionFound) {
-          /* for the case when selectedNickname refers to nickname + serial */
-          if (nickWithSerial == nsDependentString(selectedNickname)) {
-            selectedIndex = CertsToUse;
-            selectionFound = true;
-          }
-        }
-      }
-      else {
-        certNicknameList[CertsToUse] = nullptr;
-        certDetailsList[CertsToUse] = nullptr;
-      }
-
-      ++CertsToUse;
-    }
-  }
-
-  if (CertsToUse) {
-    nsCOMPtr<nsICertPickDialogs> dialogs;
-    rv = getNSSDialogs(getter_AddRefs(dialogs), NS_GET_IID(nsICertPickDialogs),
-                       NS_CERTPICKDIALOGS_CONTRACTID);
-
-    if (NS_SUCCEEDED(rv)) {
-      // Show the cert picker dialog and get the index of the selected cert.
-      rv = dialogs->PickCertificate(ctx, (const char16_t**)certNicknameList,
-                                    (const char16_t**)certDetailsList,
-                                    CertsToUse, &selectedIndex, canceled);
-    }
-  }
-
-  int32_t i;
-  for (i = 0; i < CertsToUse; ++i) {
-    free(certNicknameList[i]);
-    free(certDetailsList[i]);
-  }
-  free(certNicknameList);
-  free(certDetailsList);
-  
-  if (!CertsToUse) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  if (NS_SUCCEEDED(rv) && !*canceled) {
-    for (i = 0, node = CERT_LIST_HEAD(certList);
-         !CERT_LIST_END(node, certList);
-         ++i, node = CERT_LIST_NEXT(node)) {
-
-      if (i == selectedIndex) {
-        RefPtr<nsNSSCertificate> cert = nsNSSCertificate::Create(node->cert);
-        if (!cert) {
-          rv = NS_ERROR_OUT_OF_MEMORY;
-          break;
-        }
-
-        cert.forget(_retval);
-        break;
-      }
-    }
-  }
-
-  return rv;
-}
deleted file mode 100644
--- a/security/manager/ssl/nsCertPicker.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NSCERTPICKER_H_
-#define _NSCERTPICKER_H_
-
-#include "nsIUserCertPicker.h"
-#include "nsNSSShutDown.h"
-
-#define NS_CERT_PICKER_CID \
-  { 0x735959a1, 0xaf01, 0x447e, { 0xb0, 0x2d, 0x56, 0xe9, 0x68, 0xfa, 0x52, 0xb4 } }
-
-class nsCertPicker : public nsIUserCertPicker
-                   , public nsNSSShutDownObject
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIUSERCERTPICKER
-
-  nsCertPicker();
-
-  // Nothing to actually release.
-  virtual void virtualDestroyNSSReference() override {}
-
-protected:
-  virtual ~nsCertPicker();
-};
-
-#endif //_NSCERTPICKER_H_
deleted file mode 100644
--- a/security/manager/ssl/nsICertPickDialogs.idl
+++ /dev/null
@@ -1,30 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-interface nsIInterfaceRequestor;
-
-/**
- * nsICertPickDialogs
- * Provides generic UI for choosing a certificate
- */
-[scriptable, uuid(51d59b08-1dd2-11b2-ad4a-a51b92f8a184)]
-interface nsICertPickDialogs : nsISupports
-{
-  /**
-   * PickCertificate
-   *   General purpose certificate prompter
-   */
-  void PickCertificate(in nsIInterfaceRequestor ctx, 
-                       [array, size_is(count)] in wstring certNickList,
-                       [array, size_is(count)] in wstring certDetailsList,
-                       in unsigned long count,
-                       inout long selectedIndex,
-                       out boolean canceled);
-};
-
-%{C++
-#define NS_CERTPICKDIALOGS_CONTRACTID "@mozilla.org/nsCertPickDialogs;1"
-%}
deleted file mode 100644
--- a/security/manager/ssl/nsIUserCertPicker.idl
+++ /dev/null
@@ -1,28 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-interface nsIX509Cert;
-interface nsIInterfaceRequestor;
-
-[scriptable, uuid(92396323-23f2-49e0-bf98-a25a725231ab)]
-interface nsIUserCertPicker : nsISupports {
-  nsIX509Cert pickByUsage(in nsIInterfaceRequestor ctx, 
-                          in wstring selectedNickname,
-                          in long certUsage, // as defined by NSS enum SECCertUsage
-                          in boolean allowInvalid,
-                          in boolean allowDuplicateNicknames,
-                          in AString emailAddress, // optional - if non-empty,
-                                                   // skip certificates which
-                                                   // have at least one e-mail
-                                                   // address but do not
-                                                   // include this specific one
-                          out boolean canceled);
-};
-
-%{C++
-#define NS_CERT_PICKER_CONTRACTID "@mozilla.org/user_cert_picker;1"
-%}
--- a/security/manager/ssl/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -1,16 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsNSSCertHelper.h"
 
 #include <algorithm>
 
+#include "ScopedNSSTypes.h"
 #include "mozilla/Casting.h"
 #include "mozilla/NotNull.h"
 #include "mozilla/Sprintf.h"
 #include "mozilla/UniquePtr.h"
 #include "nsCOMPtr.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDateTimeFormatCID.h"
 #include "nsIDateTimeFormat.h"
@@ -2061,47 +2062,16 @@ getCertType(CERTCertificate *cert)
     return nsIX509Cert::EMAIL_CERT;
   if (CERT_IsCACert(cert, nullptr))
     return nsIX509Cert::CA_CERT;
   if (cert->emailAddr)
     return nsIX509Cert::EMAIL_CERT;
   return nsIX509Cert::UNKNOWN_CERT;
 }
 
-CERTCertNicknames*
-getNSSCertNicknamesFromCertList(const UniqueCERTCertList& certList)
-{
-  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-  nsresult rv;
-
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if (NS_FAILED(rv))
-    return nullptr;
-
-  nsAutoString expiredString, notYetValidString;
-  nsAutoString expiredStringLeadingSpace, notYetValidStringLeadingSpace;
-
-  nssComponent->GetPIPNSSBundleString("NicknameExpired", expiredString);
-  nssComponent->GetPIPNSSBundleString("NicknameNotYetValid", notYetValidString);
-
-  expiredStringLeadingSpace.Append(' ');
-  expiredStringLeadingSpace.Append(expiredString);
-
-  notYetValidStringLeadingSpace.Append(' ');
-  notYetValidStringLeadingSpace.Append(notYetValidString);
-
-  NS_ConvertUTF16toUTF8 aUtf8ExpiredString(expiredStringLeadingSpace);
-  NS_ConvertUTF16toUTF8 aUtf8NotYetValidString(notYetValidStringLeadingSpace);
-
-  return CERT_NicknameStringsFromCertList(certList.get(),
-                                          const_cast<char*>(aUtf8ExpiredString.get()),
-                                          const_cast<char*>(aUtf8NotYetValidString.get()));
-}
-
 nsresult
 GetCertFingerprintByOidTag(CERTCertificate* nsscert,
                            SECOidTag aOidTag, 
                            nsCString &fp)
 {
   Digest digest;
   nsresult rv = digest.DigestBuf(aOidTag, nsscert->derCert.data,
                                  nsscert->derCert.len);
--- a/security/manager/ssl/nsNSSCertHelper.h
+++ b/security/manager/ssl/nsNSSCertHelper.h
@@ -4,24 +4,20 @@
 
 #ifndef nsNSSCertHelper_h
 #define nsNSSCertHelper_h
 
 #ifndef INET6_ADDRSTRLEN
 #define INET6_ADDRSTRLEN 46
 #endif
 
-#include "ScopedNSSTypes.h"
 #include "certt.h"
 #include "nsString.h"
 
 uint32_t
 getCertType(CERTCertificate *cert);
 
-CERTCertNicknames*
-getNSSCertNicknamesFromCertList(const mozilla::UniqueCERTCertList& certList);
-
 nsresult
 GetCertFingerprintByOidTag(CERTCertificate* nsscert,
                            SECOidTag aOidTag, 
                            nsCString &fp);
 
 #endif // nsNSSCertHelper_h
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -331,175 +331,16 @@ nsNSSCertificate::GetKeyUsages(nsAString
   }
   if (keyUsage & KU_CRL_SIGN) {
     AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSign", text);
   }
 
   return NS_OK;
 }
 
-nsresult
-nsNSSCertificate::FormatUIStrings(const nsAutoString& nickname,
-                                  nsAutoString& nickWithSerial,
-                                  nsAutoString& details)
-{
-  if (!NS_IsMainThread()) {
-    NS_ERROR("nsNSSCertificate::FormatUIStrings called off the main thread");
-    return NS_ERROR_NOT_SAME_THREAD;
-  }
-
-  nsresult rv = NS_OK;
-
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-
-  if (NS_FAILED(rv) || !nssComponent) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsAutoString info;
-  nsAutoString temp1;
-
-  nickWithSerial.Append(nickname);
-
-  if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoIssuedFor", info))) {
-    details.Append(info);
-    details.Append(char16_t(' '));
-    if (NS_SUCCEEDED(GetSubjectName(temp1)) && !temp1.IsEmpty()) {
-      details.Append(temp1);
-    }
-    details.Append(char16_t('\n'));
-  }
-
-  if (NS_SUCCEEDED(GetSerialNumber(temp1)) && !temp1.IsEmpty()) {
-    details.AppendLiteral("  ");
-    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", info))) {
-      details.Append(info);
-      details.AppendLiteral(": ");
-    }
-    details.Append(temp1);
-
-    nickWithSerial.AppendLiteral(" [");
-    nickWithSerial.Append(temp1);
-    nickWithSerial.Append(char16_t(']'));
-
-    details.Append(char16_t('\n'));
-  }
-
-  nsCOMPtr<nsIX509CertValidity> validity;
-  rv = GetValidity(getter_AddRefs(validity));
-  if (NS_SUCCEEDED(rv) && validity) {
-    details.AppendLiteral("  ");
-    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoValid", info))) {
-      details.Append(info);
-    }
-
-    if (NS_SUCCEEDED(validity->GetNotBeforeLocalTime(temp1)) && !temp1.IsEmpty()) {
-      details.Append(char16_t(' '));
-      if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoFrom", info))) {
-        details.Append(info);
-        details.Append(char16_t(' '));
-      }
-      details.Append(temp1);
-    }
-
-    if (NS_SUCCEEDED(validity->GetNotAfterLocalTime(temp1)) && !temp1.IsEmpty()) {
-      details.Append(char16_t(' '));
-      if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoTo", info))) {
-        details.Append(info);
-        details.Append(char16_t(' '));
-      }
-      details.Append(temp1);
-    }
-
-    details.Append(char16_t('\n'));
-  }
-
-  if (NS_SUCCEEDED(GetKeyUsages(temp1)) && !temp1.IsEmpty()) {
-    details.AppendLiteral("  ");
-    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertDumpKeyUsage", info))) {
-      details.Append(info);
-      details.AppendLiteral(": ");
-    }
-    details.Append(temp1);
-    details.Append(char16_t('\n'));
-  }
-
-  nsAutoString firstEmail;
-  const char* aWalkAddr;
-  for (aWalkAddr = CERT_GetFirstEmailAddress(mCert.get())
-        ;
-        aWalkAddr
-        ;
-        aWalkAddr = CERT_GetNextEmailAddress(mCert.get(), aWalkAddr))
-  {
-    NS_ConvertUTF8toUTF16 email(aWalkAddr);
-    if (email.IsEmpty())
-      continue;
-
-    if (firstEmail.IsEmpty()) {
-      // If the first email address from the subject DN is also present
-      // in the subjectAltName extension, GetEmailAddresses() will return
-      // it twice (as received from NSS). Remember the first address so that
-      // we can filter out duplicates later on.
-      firstEmail = email;
-
-      details.AppendLiteral("  ");
-      if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoEmail", info))) {
-        details.Append(info);
-        details.AppendLiteral(": ");
-      }
-      details.Append(email);
-    }
-    else {
-      // Append current address if it's different from the first one.
-      if (!firstEmail.Equals(email)) {
-        details.AppendLiteral(", ");
-        details.Append(email);
-      }
-    }
-  }
-
-  if (!firstEmail.IsEmpty()) {
-    // We got at least one email address, so we want a newline
-    details.Append(char16_t('\n'));
-  }
-
-  if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoIssuedBy", info))) {
-    details.Append(info);
-    details.Append(char16_t(' '));
-
-    if (NS_SUCCEEDED(GetIssuerName(temp1)) && !temp1.IsEmpty()) {
-      details.Append(temp1);
-    }
-
-    details.Append(char16_t('\n'));
-  }
-
-  if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoStoredIn", info))) {
-    details.Append(info);
-    details.Append(char16_t(' '));
-
-    if (NS_SUCCEEDED(GetTokenName(temp1)) && !temp1.IsEmpty()) {
-      details.Append(temp1);
-    }
-  }
-
-  // the above produces the following output:
-  //
-  //   Issued to: $subjectName
-  //   Serial number: $serialNumber
-  //   Valid from: $starting_date to $expiration_date
-  //   Certificate Key usage: $usages
-  //   Email: $address(es)
-  //   Issued by: $issuerName
-  //   Stored in: $token
-
-  return rv;
-}
-
 NS_IMETHODIMP
 nsNSSCertificate::GetDbKey(nsACString& aDbKey)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   return GetDbKey(mCert, aDbKey);
--- a/security/manager/ssl/nsNSSCertificate.h
+++ b/security/manager/ssl/nsNSSCertificate.h
@@ -34,19 +34,16 @@ public:
   NS_DECL_NSIX509CERT
   NS_DECL_NSISERIALIZABLE
   NS_DECL_NSICLASSINFO
 
   friend class nsNSSCertificateFakeTransport;
 
   explicit nsNSSCertificate(CERTCertificate* cert, SECOidTag* evOidPolicy = nullptr);
   nsNSSCertificate();
-  nsresult FormatUIStrings(const nsAutoString& nickname,
-                           nsAutoString& nickWithSerial,
-                           nsAutoString& details);
   static nsNSSCertificate* Create(CERTCertificate*cert = nullptr,
                                   SECOidTag* evOidPolicy = nullptr);
   static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen);
   nsresult GetIsExtendedValidation(bool* aIsEV);
 
   enum EVStatus {
     ev_status_invalid = 0,
     ev_status_valid = 1,
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -16,16 +16,17 @@
 #include "SharedSSLState.h"
 #include "keyhi.h"
 #include "mozilla/Casting.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Move.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
+#include "nsArray.h"
 #include "nsArrayUtils.h"
 #include "nsCharSeparatedTokenizer.h"
 #include "nsClientAuthRemember.h"
 #include "nsContentUtils.h"
 #include "nsIClientAuthDialogs.h"
 #include "nsIConsoleService.h"
 #include "nsIPrefService.h"
 #include "nsISocketProvider.h"
--- a/security/manager/ssl/nsNSSModule.cpp
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -9,17 +9,16 @@
 #include "NSSErrorsService.h"
 #include "PSMContentListener.h"
 #include "SecretDecoderRing.h"
 #include "TransportSecurityInfo.h"
 #include "WeakCryptoOverride.h"
 #include "mozilla/ModuleUtils.h"
 #include "nsCURILoader.h"
 #include "nsCertOverrideService.h"
-#include "nsCertPicker.h"
 #include "nsCrypto.h"
 #include "nsCryptoHash.h"
 #include "nsDOMCID.h" // For the NS_CRYPTO_CONTRACTID define
 #include "nsDataSignatureVerifier.h"
 #include "nsICategoryManager.h"
 #include "nsKeyModule.h"
 #include "nsKeygenHandler.h"
 #include "nsNSSCertificate.h"
@@ -196,17 +195,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPRO
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
                                              nsNSSCertList,
                                              nsNSSCertListFakeTransport)
 #ifdef MOZ_XUL
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
 #endif
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHMAC)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObject)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, ContentSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsRandomGenerator)
@@ -235,17 +233,16 @@ NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
 NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
-NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
 NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID);
@@ -271,17 +268,16 @@ static const mozilla::Module::CIDEntry k
   { &kNS_X509CERTLIST_CID, false, nullptr, nsNSSCertListConstructor },
   { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
 #endif
   { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
   { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
-  { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
   { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
   { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
   { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor },
   { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
   { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
   { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor },
@@ -310,17 +306,16 @@ static const mozilla::Module::ContractID
   { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
   { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
 #ifdef MOZ_XUL
   { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
 #endif
   { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
-  { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
   { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
   { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
   { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },