bug 401240 - part 1/2 - run ./mach clang-format on nsPKCS12Blob r?fkiefer draft
authorDavid Keeler <dkeeler@mozilla.com>
Fri, 11 May 2018 11:09:00 -0700
changeset 795834 d9e743fd05bc
parent 795657 3c9d69736f4a
child 795835 92ee9bb7c64c
push id110093
push userbmo:dkeeler@mozilla.com
push date2018-05-16 17:15 +0000
reviewersfkiefer
bugs401240
milestone62.0a1
bug 401240 - part 1/2 - run ./mach clang-format on nsPKCS12Blob r?fkiefer MozReview-Commit-ID: 81m6dxhg8Pv
security/manager/ssl/nsPKCS12Blob.cpp
security/manager/ssl/nsPKCS12Blob.h
--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -21,216 +21,222 @@
 #include "nsThreadUtils.h"
 #include "p12plcy.h"
 #include "pkix/pkixtypes.h"
 #include "secerr.h"
 
 using namespace mozilla;
 extern LazyLogModule gPIPNSSLog;
 
-#define PIP_PKCS12_TMPFILENAME   NS_LITERAL_CSTRING(".pip_p12tmp")
-#define PIP_PKCS12_BUFFER_SIZE   2048
-#define PIP_PKCS12_USER_CANCELED       3
-#define PIP_PKCS12_NOSMARTCARD_EXPORT  4
-#define PIP_PKCS12_RESTORE_FAILED      5
-#define PIP_PKCS12_BACKUP_FAILED       6
-#define PIP_PKCS12_NSS_ERROR           7
+#define PIP_PKCS12_TMPFILENAME NS_LITERAL_CSTRING(".pip_p12tmp")
+#define PIP_PKCS12_BUFFER_SIZE 2048
+#define PIP_PKCS12_USER_CANCELED 3
+#define PIP_PKCS12_NOSMARTCARD_EXPORT 4
+#define PIP_PKCS12_RESTORE_FAILED 5
+#define PIP_PKCS12_BACKUP_FAILED 6
+#define PIP_PKCS12_NSS_ERROR 7
 
 // constructor
 nsPKCS12Blob::nsPKCS12Blob()
   : mCertArray(nullptr)
   , mTmpFile(nullptr)
 {
   mUIContext = new PipUIContext();
 }
 
 // nsPKCS12Blob::ImportFromFile
 //
 // Given a file handle, read a PKCS#12 blob from that file, decode it, and
 // import the results into the internal database.
 nsresult
-nsPKCS12Blob::ImportFromFile(nsIFile *file)
+nsPKCS12Blob::ImportFromFile(nsIFile* file)
 {
   nsresult rv = NS_OK;
 
   RetryReason wantRetry;
 
   do {
     rv = ImportFromFileHelper(file, im_standard_prompt, wantRetry);
 
     if (NS_SUCCEEDED(rv) && wantRetry == rr_auto_retry_empty_password_flavors) {
       rv = ImportFromFileHelper(file, im_try_zero_length_secitem, wantRetry);
     }
-  }
-  while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
+  } while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
 
   return rv;
 }
 
 nsresult
-nsPKCS12Blob::ImportFromFileHelper(nsIFile *file,
+nsPKCS12Blob::ImportFromFileHelper(nsIFile* file,
                                    nsPKCS12Blob::ImportMode aImportMode,
-                                   nsPKCS12Blob::RetryReason &aWantRetry)
+                                   nsPKCS12Blob::RetryReason& aWantRetry)
 {
   nsresult rv = NS_OK;
   SECStatus srv = SECSuccess;
-  SEC_PKCS12DecoderContext *dcx = nullptr;
-  SECItem unicodePw = { siBuffer, nullptr, 0  };
+  SEC_PKCS12DecoderContext* dcx = nullptr;
+  SECItem unicodePw = { siBuffer, nullptr, 0 };
 
   aWantRetry = rr_do_not_retry;
 
   UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
   if (!slot) {
     srv = SECFailure;
     goto finish;
   }
 
   if (aImportMode == im_try_zero_length_secitem) {
     unicodePw.len = 0;
   } else {
     // get file password (unicode)
     rv = getPKCS12FilePassword(&unicodePw);
-    if (NS_FAILED(rv)) goto finish;
+    if (NS_FAILED(rv))
+      goto finish;
     if (!unicodePw.data) {
       handleError(PIP_PKCS12_USER_CANCELED);
       return NS_OK;
     }
   }
 
   // initialize the decoder
-  dcx = SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr,
-                               nullptr, nullptr, nullptr, nullptr);
+  dcx = SEC_PKCS12DecoderStart(&unicodePw,
+                               slot.get(),
+                               nullptr,
+                               nullptr,
+                               nullptr,
+                               nullptr,
+                               nullptr,
+                               nullptr);
   if (!dcx) {
     srv = SECFailure;
     goto finish;
   }
   // read input file and feed it to the decoder
   rv = inputToDecoder(dcx, file);
   if (NS_FAILED(rv)) {
     if (NS_ERROR_ABORT == rv) {
       // inputToDecoder indicated a NSS error
       srv = SECFailure;
     }
     goto finish;
   }
   // verify the blob
   srv = SEC_PKCS12DecoderVerify(dcx);
-  if (srv) goto finish;
+  if (srv)
+    goto finish;
   // validate bags
   srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision);
-  if (srv) goto finish;
+  if (srv)
+    goto finish;
   // import cert and key
   srv = SEC_PKCS12DecoderImportBags(dcx);
-  if (srv) goto finish;
+  if (srv)
+    goto finish;
   // Later - check to see if this should become default email cert
 finish:
   // If srv != SECSuccess, NSS probably set a specific error code.
   // We should use that error code instead of inventing a new one
   // for every error possible.
   if (srv != SECSuccess) {
     if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
-      if (unicodePw.len == sizeof(char16_t))
-      {
+      if (unicodePw.len == sizeof(char16_t)) {
         // no password chars available,
         // unicodeToItem allocated space for the trailing zero character only.
         aWantRetry = rr_auto_retry_empty_password_flavors;
-      }
-      else
-      {
+      } else {
         aWantRetry = rr_bad_password;
         handleError(PIP_PKCS12_NSS_ERROR);
       }
-    }
-    else
-    {
+    } else {
       handleError(PIP_PKCS12_NSS_ERROR);
     }
   } else if (NS_FAILED(rv)) {
     handleError(PIP_PKCS12_RESTORE_FAILED);
   }
   // finish the decoder
   if (dcx)
     SEC_PKCS12DecoderFinish(dcx);
   SECITEM_ZfreeItem(&unicodePw, false);
   return NS_OK;
 }
 
 static bool
-isExtractable(SECKEYPrivateKey *privKey)
+isExtractable(SECKEYPrivateKey* privKey)
 {
   ScopedAutoSECItem value;
-  SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
-                                       CKA_EXTRACTABLE, &value);
+  SECStatus rv =
+    PK11_ReadRawAttribute(PK11_TypePrivKey, privKey, CKA_EXTRACTABLE, &value);
   if (rv != SECSuccess) {
     return false;
   }
 
   bool isExtractable = false;
   if ((value.len == 1) && value.data) {
     isExtractable = !!(*(CK_BBOOL*)value.data);
   }
   return isExtractable;
 }
 
 // nsPKCS12Blob::ExportToFile
 //
 // Having already loaded the certs, form them into a blob (loading the keys
 // also), encode the blob, and stuff it into the file.
 nsresult
-nsPKCS12Blob::ExportToFile(nsIFile *file,
-                           nsIX509Cert **certs, int numCerts)
+nsPKCS12Blob::ExportToFile(nsIFile* file, nsIX509Cert** certs, int numCerts)
 {
   nsresult rv;
   SECStatus srv = SECSuccess;
-  SEC_PKCS12ExportContext *ecx = nullptr;
+  SEC_PKCS12ExportContext* ecx = nullptr;
   SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr;
   SECItem unicodePw;
   nsAutoString filePath;
   int i;
   nsCOMPtr<nsIFile> localFileRef;
   // init slot
 
   bool InformedUserNoSmartcardBackup = false;
   int numCertsExported = 0;
 
   // get file password (unicode)
   unicodePw.data = nullptr;
   rv = newPKCS12FilePassword(&unicodePw);
-  if (NS_FAILED(rv)) goto finish;
+  if (NS_FAILED(rv))
+    goto finish;
   if (!unicodePw.data) {
     handleError(PIP_PKCS12_USER_CANCELED);
     return NS_OK;
   }
   // what about slotToUse in psm 1.x ???
   // create export context
-  ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
+  ecx =
+    SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
   if (!ecx) {
     srv = SECFailure;
     goto finish;
   }
   // add password integrity
   srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
-  if (srv) goto finish;
-  for (i=0; i<numCerts; i++) {
-    nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
+  if (srv)
+    goto finish;
+  for (i = 0; i < numCerts; i++) {
+    nsNSSCertificate* cert = (nsNSSCertificate*)certs[i];
     // get it as a CERTCertificate XXX
     UniqueCERTCertificate nssCert(cert->GetCert());
     if (!nssCert) {
       rv = NS_ERROR_FAILURE;
       goto finish;
     }
     // We can only successfully export certs that are on
     // internal token.  Most, if not all, smart card vendors
     // won't let you extract the private key (in any way
     // shape or form) from the card.  So let's punt if
     // the cert is not in the internal db.
     if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
       // we aren't the internal token, see if the key is extractable.
-      SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot,
-                                                      nssCert.get(), this);
+      SECKEYPrivateKey* privKey =
+        PK11_FindKeyByDERCert(nssCert->slot, nssCert.get(), this);
 
       if (privKey) {
         bool privKeyIsExtractable = isExtractable(privKey);
 
         SECKEY_DestroyPrivateKey(privKey);
 
         if (!privKeyIsExtractable) {
           if (!InformedUserNoSmartcardBackup) {
@@ -244,57 +250,69 @@ nsPKCS12Blob::ExportToFile(nsIFile *file
 
     // XXX this is why, to verify the slot is the same
     // PK11_FindObjectForCert(nssCert, nullptr, slot);
     // create the cert and key safes
     keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
     if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
       certSafe = keySafe;
     } else {
-      certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
-                           SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+      certSafe = SEC_PKCS12CreatePasswordPrivSafe(
+        ecx, &unicodePw, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
     }
     if (!certSafe || !keySafe) {
       rv = NS_ERROR_FAILURE;
       goto finish;
     }
     // add the cert and key to the blob
-    srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert.get(),
-                                  CERT_GetDefaultCertDB(), // XXX
-                                  keySafe, nullptr, true, &unicodePw,
-                      SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
-    if (srv) goto finish;
+    srv = SEC_PKCS12AddCertAndKey(
+      ecx,
+      certSafe,
+      nullptr,
+      nssCert.get(),
+      CERT_GetDefaultCertDB(), // XXX
+      keySafe,
+      nullptr,
+      true,
+      &unicodePw,
+      SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
+    if (srv)
+      goto finish;
     // cert was dup'ed, so release it
     ++numCertsExported;
   }
 
-  if (!numCertsExported) goto finish;
+  if (!numCertsExported)
+    goto finish;
 
   // prepare the instance to write to an export file
   this->mTmpFile = nullptr;
   file->GetPath(filePath);
   // Use the nsCOMPtr var localFileRef so that
   // the reference to the nsIFile we create gets released as soon as
   // we're out of scope, ie when this function exits.
   if (filePath.RFind(".p12", true, -1, 4) < 0) {
     // We're going to add the .p12 extension to the file name just like
     // Communicator used to.  We create a new nsIFile and initialize
     // it with the new patch.
     filePath.AppendLiteral(".p12");
     localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
-    if (NS_FAILED(rv)) goto finish;
+    if (NS_FAILED(rv))
+      goto finish;
     localFileRef->InitWithPath(filePath);
     file = localFileRef;
   }
-  rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664,
-                              &mTmpFile);
-  if (NS_FAILED(rv) || !this->mTmpFile) goto finish;
+  rv = file->OpenNSPRFileDesc(
+    PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 0664, &mTmpFile);
+  if (NS_FAILED(rv) || !this->mTmpFile)
+    goto finish;
   // encode and write
   srv = SEC_PKCS12Encode(ecx, write_export_file, this);
-  if (srv) goto finish;
+  if (srv)
+    goto finish;
 finish:
   if (NS_FAILED(rv) || srv != SECSuccess) {
     handleError(PIP_PKCS12_BACKUP_FAILED);
   }
   if (ecx)
     SEC_PKCS12DestroyExportContext(ecx);
   if (this->mTmpFile) {
     PR_Close(this->mTmpFile);
@@ -320,68 +338,70 @@ nsPKCS12Blob::unicodeToItem(const nsStri
   uint32_t len = uni.Length() + 1; // +1 for the null terminator.
   if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   // We have to use a cast here because on Windows, uni.get() returns
   // char16ptr_t instead of char16_t*.
   mozilla::NativeEndian::copyAndSwapToBigEndian(
-    item->data,
-    static_cast<const char16_t*>(uni.get()),
-    len);
+    item->data, static_cast<const char16_t*>(uni.get()), len);
 
   return NS_OK;
 }
 
 // newPKCS12FilePassword
 //
 // Launch a dialog requesting the user for a new PKCS#12 file passowrd.
 // Handle user canceled by returning null password (caller must catch).
 nsresult
-nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw)
+nsPKCS12Blob::newPKCS12FilePassword(SECItem* unicodePw)
 {
   nsresult rv = NS_OK;
   nsAutoString password;
   nsCOMPtr<nsICertificateDialogs> certDialogs;
   rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
                        NS_GET_IID(nsICertificateDialogs),
                        NS_CERTIFICATEDIALOGS_CONTRACTID);
-  if (NS_FAILED(rv)) return rv;
+  if (NS_FAILED(rv))
+    return rv;
   bool pressedOK;
   rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
-  if (NS_FAILED(rv) || !pressedOK) return rv;
+  if (NS_FAILED(rv) || !pressedOK)
+    return rv;
   return unicodeToItem(password, unicodePw);
 }
 
 // getPKCS12FilePassword
 //
 // Launch a dialog requesting the user for the password to a PKCS#12 file.
 // Handle user canceled by returning null password (caller must catch).
 nsresult
-nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
+nsPKCS12Blob::getPKCS12FilePassword(SECItem* unicodePw)
 {
   nsresult rv = NS_OK;
   nsAutoString password;
   nsCOMPtr<nsICertificateDialogs> certDialogs;
   rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
                        NS_GET_IID(nsICertificateDialogs),
                        NS_CERTIFICATEDIALOGS_CONTRACTID);
-  if (NS_FAILED(rv)) return rv;
+  if (NS_FAILED(rv))
+    return rv;
   bool pressedOK;
   rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
-  if (NS_FAILED(rv) || !pressedOK) return rv;
+  if (NS_FAILED(rv) || !pressedOK)
+    return rv;
   return unicodeToItem(password, unicodePw);
 }
 
 // inputToDecoder
 //
 // Given a decoder, read bytes from file and input them to the decoder.
 nsresult
-nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file)
+nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext* dcx, nsIFile* file)
 {
   nsresult rv;
   SECStatus srv;
   uint32_t amount;
   char buf[PIP_PKCS12_BUFFER_SIZE];
 
   nsCOMPtr<nsIInputStream> fileStream;
   rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
@@ -391,36 +411,34 @@ nsPKCS12Blob::inputToDecoder(SEC_PKCS12D
   }
 
   while (true) {
     rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
     if (NS_FAILED(rv)) {
       return rv;
     }
     // feed the file data into the decoder
-    srv = SEC_PKCS12DecoderUpdate(dcx,
-				  (unsigned char*) buf,
-				  amount);
+    srv = SEC_PKCS12DecoderUpdate(dcx, (unsigned char*)buf, amount);
     if (srv) {
       // don't allow the close call to overwrite our precious error code
       int pr_err = PORT_GetError();
       PORT_SetError(pr_err);
       return NS_ERROR_ABORT;
     }
     if (amount < PIP_PKCS12_BUFFER_SIZE)
       break;
   }
   return NS_OK;
 }
 
 // nickname_collision
 // what to do when the nickname collides with one already in the db.
 // TODO: not handled, throw a dialog allowing the nick to be changed?
-SECItem *
-nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
+SECItem*
+nsPKCS12Blob::nickname_collision(SECItem* oldNick, PRBool* cancel, void* wincx)
 {
   *cancel = false;
   int count = 1;
   nsCString nickname;
   nsAutoString nickFromProp;
   nsresult rv = GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
   if (NS_FAILED(rv)) {
     return nullptr;
@@ -449,52 +467,52 @@ nsPKCS12Blob::nickname_collision(SECItem
     // that nickname.  Keep updating the count until we find a nickname
     // without a corresponding cert.
     //  XXX If a user imports *many* certs without the 'friendly name'
     //      attribute, then this may take a long time.  :(
     nickname = nickFromPropC;
     if (count > 1) {
       nickname.AppendPrintf(" #%d", count);
     }
-    UniqueCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
-                                                       nickname.get()));
+    UniqueCERTCertificate cert(
+      CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname.get()));
     if (!cert) {
       break;
     }
     count++;
   }
-  SECItem *newNick = new SECItem;
+  SECItem* newNick = new SECItem;
   if (!newNick)
     return nullptr;
 
   newNick->type = siAsciiString;
-  newNick->data = (unsigned char*) strdup(nickname.get());
-  newNick->len  = strlen((char*)newNick->data);
+  newNick->data = (unsigned char*)strdup(nickname.get());
+  newNick->len = strlen((char*)newNick->data);
   return newNick;
 }
 
 // write_export_file
 // write bytes to the exported PKCS#12 file
 void
-nsPKCS12Blob::write_export_file(void *arg, const char *buf, unsigned long len)
+nsPKCS12Blob::write_export_file(void* arg, const char* buf, unsigned long len)
 {
-  nsPKCS12Blob *cx = (nsPKCS12Blob *)arg;
+  nsPKCS12Blob* cx = (nsPKCS12Blob*)arg;
   PR_Write(cx->mTmpFile, buf, len);
 }
 
 // pip_ucs2_ascii_conversion_fn
 // required to be set by NSS (to do PKCS#12), but since we've already got
 // unicode make this a no-op.
 PRBool
 pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
-                             unsigned char *inBuf,
+                             unsigned char* inBuf,
                              unsigned int inBufLen,
-                             unsigned char *outBuf,
+                             unsigned char* outBuf,
                              unsigned int maxOutBufLen,
-                             unsigned int *outBufLen,
+                             unsigned int* outBufLen,
                              PRBool swapBytes)
 {
   // do a no-op, since I've already got unicode.  Hah!
   *outBufLen = inBufLen;
   memcpy(outBuf, inBuf, inBufLen);
   return true;
 }
 
@@ -505,45 +523,56 @@ nsPKCS12Blob::handleError(int myerr)
   if (!NS_IsMainThread()) {
     return;
   }
 
   int prerr = PORT_GetError();
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: NSS/NSPR error(%d)", prerr));
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: I called(%d)", myerr));
 
-  const char * msgID = nullptr;
+  const char* msgID = nullptr;
 
   switch (myerr) {
-  case PIP_PKCS12_USER_CANCELED:
-    return;  /* Just ignore it for now */
-  case PIP_PKCS12_NOSMARTCARD_EXPORT: msgID = "PKCS12InfoNoSmartcardBackup"; break;
-  case PIP_PKCS12_RESTORE_FAILED:   msgID = "PKCS12UnknownErrRestore"; break;
-  case PIP_PKCS12_BACKUP_FAILED:    msgID = "PKCS12UnknownErrBackup"; break;
-  case PIP_PKCS12_NSS_ERROR:
-    switch (prerr) {
-    // The following errors have the potential to be "handled", by asking
-    // the user (via a dialog) whether s/he wishes to continue
-    case 0: break;
-    case SEC_ERROR_PKCS12_CERT_COLLISION:
-      /* pop a dialog saying the cert is already in the database */
-      /* ask to keep going?  what happens if one collision but others ok? */
-      // The following errors cannot be "handled", notify the user (via an alert)
-      // that the operation failed.
-    case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break;
+    case PIP_PKCS12_USER_CANCELED:
+      return; /* Just ignore it for now */
+    case PIP_PKCS12_NOSMARTCARD_EXPORT:
+      msgID = "PKCS12InfoNoSmartcardBackup";
+      break;
+    case PIP_PKCS12_RESTORE_FAILED:
+      msgID = "PKCS12UnknownErrRestore";
+      break;
+    case PIP_PKCS12_BACKUP_FAILED:
+      msgID = "PKCS12UnknownErrBackup";
+      break;
+    case PIP_PKCS12_NSS_ERROR:
+      switch (prerr) {
+        // The following errors have the potential to be "handled", by asking
+        // the user (via a dialog) whether s/he wishes to continue
+        case 0:
+          break;
+        case SEC_ERROR_PKCS12_CERT_COLLISION:
+          /* pop a dialog saying the cert is already in the database */
+          /* ask to keep going?  what happens if one collision but others ok? */
+          // The following errors cannot be "handled", notify the user (via an
+          // alert) that the operation failed.
+        case SEC_ERROR_BAD_PASSWORD:
+          msgID = "PK11BadPassword";
+          break;
 
-    case SEC_ERROR_BAD_DER:
-    case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
-    case SEC_ERROR_PKCS12_INVALID_MAC:
-      msgID = "PKCS12DecodeErr";
+        case SEC_ERROR_BAD_DER:
+        case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
+        case SEC_ERROR_PKCS12_INVALID_MAC:
+          msgID = "PKCS12DecodeErr";
+          break;
+
+        case SEC_ERROR_PKCS12_DUPLICATE_DATA:
+          msgID = "PKCS12DupData";
+          break;
+      }
       break;
-
-    case SEC_ERROR_PKCS12_DUPLICATE_DATA: msgID = "PKCS12DupData"; break;
-    }
-    break;
   }
 
   if (!msgID)
     msgID = "PKCS12UnknownErr";
 
   nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
   if (!wwatch) {
     return;
--- a/security/manager/ssl/nsPKCS12Blob.h
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -21,50 +21,61 @@ class nsIX509Cert;
 //
 class nsPKCS12Blob
 {
 public:
   nsPKCS12Blob();
   virtual ~nsPKCS12Blob() {}
 
   // PKCS#12 Import
-  nsresult ImportFromFile(nsIFile *file);
+  nsresult ImportFromFile(nsIFile* file);
 
   // PKCS#12 Export
-  nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
+  nsresult ExportToFile(nsIFile* file, nsIX509Cert** certs, int numCerts);
 
 private:
-
-  nsCOMPtr<nsIMutableArray>       mCertArray;
+  nsCOMPtr<nsIMutableArray> mCertArray;
   nsCOMPtr<nsIInterfaceRequestor> mUIContext;
 
   // local helper functions
-  nsresult getPKCS12FilePassword(SECItem *);
-  nsresult newPKCS12FilePassword(SECItem *);
-  nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
+  nsresult getPKCS12FilePassword(SECItem*);
+  nsresult newPKCS12FilePassword(SECItem*);
+  nsresult inputToDecoder(SEC_PKCS12DecoderContext*, nsIFile*);
   nsresult unicodeToItem(const nsString& uni, SECItem* item);
   void handleError(int myerr = 0);
 
   // RetryReason and ImportMode are used when importing a PKCS12 file.
   // There are two reasons that cause us to retry:
   // - When the password entered by the user is incorrect.
   //   The user will be prompted to try again.
   // - When the user entered a zero length password.
   //   An empty password should be represented as an empty
   //   string (a SECItem that contains a single terminating
   //   null UTF16 character), but some applications use a
   //   zero length SECItem.
   //   We try both variations, zero length item and empty string,
-  //   without giving a user prompt when trying the different empty password flavors.
+  //   without giving a user prompt when trying the different empty password
+  //   flavors.
 
-  enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors };
-  enum ImportMode { im_standard_prompt, im_try_zero_length_secitem };
+  enum RetryReason
+  {
+    rr_do_not_retry,
+    rr_bad_password,
+    rr_auto_retry_empty_password_flavors
+  };
+  enum ImportMode
+  {
+    im_standard_prompt,
+    im_try_zero_length_secitem
+  };
 
-  nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry);
+  nsresult ImportFromFileHelper(nsIFile* file,
+                                ImportMode aImportMode,
+                                RetryReason& aWantRetry);
 
   // NSPR file I/O for export file
-  PRFileDesc *mTmpFile;
+  PRFileDesc* mTmpFile;
 
-  static SECItem * nickname_collision(SECItem *, PRBool *, void *);
-  static void write_export_file(void *arg, const char *buf, unsigned long len);
+  static SECItem* nickname_collision(SECItem*, PRBool*, void*);
+  static void write_export_file(void* arg, const char* buf, unsigned long len);
 };
 
 #endif // nsPKCS12Blob_h