fixup commit for tag 'NSS_3_14_2_RTM' NSS_3_14_2_RTM
authorcvs2hg
Thu, 10 Jan 2013 15:05:40 +0000
changeset 2076 bc7d6346bb5d68dabad94ccee0c52a308a56dc92
parent 2073 a224961802ae6de6e8d4fcb5035a3dd360716741 (current diff)
parent 2075 b0a64357a9f1b821c6cbdb3b10aa8b7d1fec7833 (diff)
child 2077 6d06b68af3216bcf5cd0d04141a7f52bf40e91d4
push idunknown
push userunknown
push dateunknown
fixup commit for tag 'NSS_3_14_2_RTM'
security/jss/Makefile
security/jss/build_java.pl
security/jss/config/config.mk
security/jss/config/dynamic.mk
security/jss/config/linkage.mk
security/jss/config/rules.mk
security/jss/config/static.mk
security/jss/jss.html
security/jss/lib/Makefile
security/jss/lib/config.mk
security/jss/lib/jss.def
security/jss/lib/jss.rc
security/jss/lib/manifest.mn
security/jss/lib/rules.mk
security/jss/manifest.mn
security/jss/org/Makefile
security/jss/org/manifest.mn
security/jss/org/mozilla/Makefile
security/jss/org/mozilla/jss/CRLImportException.java
security/jss/org/mozilla/jss/CertDatabaseException.java
security/jss/org/mozilla/jss/CryptoManager.c
security/jss/org/mozilla/jss/CryptoManager.java
security/jss/org/mozilla/jss/DatabaseCloser.java
security/jss/org/mozilla/jss/JSSProvider.java
security/jss/org/mozilla/jss/KeyDatabaseException.java
security/jss/org/mozilla/jss/Makefile
security/jss/org/mozilla/jss/NoSuchTokenException.java
security/jss/org/mozilla/jss/PK11Finder.c
security/jss/org/mozilla/jss/SecretDecoderRing/Decryptor.java
security/jss/org/mozilla/jss/SecretDecoderRing/Encoding.java
security/jss/org/mozilla/jss/SecretDecoderRing/Encryptor.java
security/jss/org/mozilla/jss/SecretDecoderRing/KeyManager.c
security/jss/org/mozilla/jss/SecretDecoderRing/KeyManager.java
security/jss/org/mozilla/jss/SecretDecoderRing/Makefile
security/jss/org/mozilla/jss/SecretDecoderRing/config.mk
security/jss/org/mozilla/jss/SecretDecoderRing/manifest.mn
security/jss/org/mozilla/jss/SecretDecoderRing/package.html
security/jss/org/mozilla/jss/asn1/ANY.java
security/jss/org/mozilla/jss/asn1/ASN1Header.java
security/jss/org/mozilla/jss/asn1/ASN1Template.java
security/jss/org/mozilla/jss/asn1/ASN1Util.java
security/jss/org/mozilla/jss/asn1/ASN1Value.java
security/jss/org/mozilla/jss/asn1/BIT_STRING.java
security/jss/org/mozilla/jss/asn1/BMPString.java
security/jss/org/mozilla/jss/asn1/BOOLEAN.java
security/jss/org/mozilla/jss/asn1/CHOICE.java
security/jss/org/mozilla/jss/asn1/CharConverter.java
security/jss/org/mozilla/jss/asn1/CharacterString.java
security/jss/org/mozilla/jss/asn1/CountingStream.java
security/jss/org/mozilla/jss/asn1/ENUMERATED.java
security/jss/org/mozilla/jss/asn1/EXPLICIT.java
security/jss/org/mozilla/jss/asn1/FieldNotPresentException.java
security/jss/org/mozilla/jss/asn1/Form.java
security/jss/org/mozilla/jss/asn1/GeneralizedTime.java
security/jss/org/mozilla/jss/asn1/IA5String.java
security/jss/org/mozilla/jss/asn1/INTEGER.java
security/jss/org/mozilla/jss/asn1/InvalidBERException.java
security/jss/org/mozilla/jss/asn1/Makefile
security/jss/org/mozilla/jss/asn1/NULL.java
security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java
security/jss/org/mozilla/jss/asn1/OCTET_STRING.java
security/jss/org/mozilla/jss/asn1/PrintableString.java
security/jss/org/mozilla/jss/asn1/SEQUENCE.java
security/jss/org/mozilla/jss/asn1/SET.java
security/jss/org/mozilla/jss/asn1/Tag.java
security/jss/org/mozilla/jss/asn1/TeletexString.java
security/jss/org/mozilla/jss/asn1/TimeBase.java
security/jss/org/mozilla/jss/asn1/UTCTime.java
security/jss/org/mozilla/jss/asn1/UTF8String.java
security/jss/org/mozilla/jss/asn1/UniversalString.java
security/jss/org/mozilla/jss/asn1/manifest.mn
security/jss/org/mozilla/jss/asn1/package.html
security/jss/org/mozilla/jss/config.mk
security/jss/org/mozilla/jss/crypto/Algorithm.c
security/jss/org/mozilla/jss/crypto/Algorithm.h
security/jss/org/mozilla/jss/crypto/Algorithm.java
security/jss/org/mozilla/jss/crypto/AlreadyInitializedException.java
security/jss/org/mozilla/jss/crypto/BadPaddingException.java
security/jss/org/mozilla/jss/crypto/Cipher.java
security/jss/org/mozilla/jss/crypto/CryptoStore.java
security/jss/org/mozilla/jss/crypto/CryptoToken.java
security/jss/org/mozilla/jss/crypto/DigestAlgorithm.java
security/jss/org/mozilla/jss/crypto/EncryptionAlgorithm.java
security/jss/org/mozilla/jss/crypto/HMACAlgorithm.java
security/jss/org/mozilla/jss/crypto/IVParameterSpec.java
security/jss/org/mozilla/jss/crypto/IllegalBlockSizeException.java
security/jss/org/mozilla/jss/crypto/InternalCertificate.java
security/jss/org/mozilla/jss/crypto/InvalidDERException.java
security/jss/org/mozilla/jss/crypto/InvalidKeyFormatException.java
security/jss/org/mozilla/jss/crypto/JSSMessageDigest.java
security/jss/org/mozilla/jss/crypto/JSSSecureRandom.java
security/jss/org/mozilla/jss/crypto/KeyAlreadyImportedException.java
security/jss/org/mozilla/jss/crypto/KeyGenAlgorithm.java
security/jss/org/mozilla/jss/crypto/KeyGenerator.java
security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
security/jss/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
security/jss/org/mozilla/jss/crypto/KeyWrapper.java
security/jss/org/mozilla/jss/crypto/Makefile
security/jss/org/mozilla/jss/crypto/NoSuchItemOnTokenException.java
security/jss/org/mozilla/jss/crypto/NoSuchPaddingException.java
security/jss/org/mozilla/jss/crypto/ObjectNotFoundException.java
security/jss/org/mozilla/jss/crypto/PBEAlgorithm.java
security/jss/org/mozilla/jss/crypto/PBEKeyGenParams.java
security/jss/org/mozilla/jss/crypto/PQGParamGenException.java
security/jss/org/mozilla/jss/crypto/PQGParams.c
security/jss/org/mozilla/jss/crypto/PQGParams.java
security/jss/org/mozilla/jss/crypto/PrivateKey.java
security/jss/org/mozilla/jss/crypto/RSAParameterSpec.java
security/jss/org/mozilla/jss/crypto/SecretDecoderRing.c
security/jss/org/mozilla/jss/crypto/SecretDecoderRing.java
security/jss/org/mozilla/jss/crypto/SecretKeyFacade.java
security/jss/org/mozilla/jss/crypto/ShortBufferException.java
security/jss/org/mozilla/jss/crypto/Signature.java
security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
security/jss/org/mozilla/jss/crypto/SignatureSpi.java
security/jss/org/mozilla/jss/crypto/SymmetricKey.java
security/jss/org/mozilla/jss/crypto/TokenCertificate.java
security/jss/org/mozilla/jss/crypto/TokenException.java
security/jss/org/mozilla/jss/crypto/TokenRuntimeException.java
security/jss/org/mozilla/jss/crypto/TokenSupplier.java
security/jss/org/mozilla/jss/crypto/TokenSupplierManager.java
security/jss/org/mozilla/jss/crypto/Tunnel.java
security/jss/org/mozilla/jss/crypto/X509Certificate.java
security/jss/org/mozilla/jss/crypto/config.mk
security/jss/org/mozilla/jss/crypto/manifest.mn
security/jss/org/mozilla/jss/crypto/package.html
security/jss/org/mozilla/jss/manifest.mn
security/jss/org/mozilla/jss/package.html
security/jss/org/mozilla/jss/pkcs10/CertificationRequest.java
security/jss/org/mozilla/jss/pkcs10/CertificationRequestInfo.java
security/jss/org/mozilla/jss/pkcs10/Makefile
security/jss/org/mozilla/jss/pkcs10/manifest.mn
security/jss/org/mozilla/jss/pkcs10/package.html
security/jss/org/mozilla/jss/pkcs11/CipherContextProxy.java
security/jss/org/mozilla/jss/pkcs11/KeyProxy.java
security/jss/org/mozilla/jss/pkcs11/KeyType.java
security/jss/org/mozilla/jss/pkcs11/Makefile
security/jss/org/mozilla/jss/pkcs11/ModuleProxy.java
security/jss/org/mozilla/jss/pkcs11/PK11Cert.c
security/jss/org/mozilla/jss/pkcs11/PK11Cert.java
security/jss/org/mozilla/jss/pkcs11/PK11Cipher.c
security/jss/org/mozilla/jss/pkcs11/PK11Cipher.java
security/jss/org/mozilla/jss/pkcs11/PK11DSAPrivateKey.java
security/jss/org/mozilla/jss/pkcs11/PK11DSAPublicKey.java
security/jss/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java
security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java
security/jss/org/mozilla/jss/pkcs11/PK11InternalCert.java
security/jss/org/mozilla/jss/pkcs11/PK11InternalTokenCert.java
security/jss/org/mozilla/jss/pkcs11/PK11Key.java
security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.java
security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.java
security/jss/org/mozilla/jss/pkcs11/PK11Module.c
security/jss/org/mozilla/jss/pkcs11/PK11Module.java
security/jss/org/mozilla/jss/pkcs11/PK11ParameterSpec.java
security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c
security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java
security/jss/org/mozilla/jss/pkcs11/PK11RSAPrivateKey.java
security/jss/org/mozilla/jss/pkcs11/PK11RSAPublicKey.java
security/jss/org/mozilla/jss/pkcs11/PK11SecureRandom.c
security/jss/org/mozilla/jss/pkcs11/PK11SecureRandom.java
security/jss/org/mozilla/jss/pkcs11/PK11Signature.c
security/jss/org/mozilla/jss/pkcs11/PK11Signature.java
security/jss/org/mozilla/jss/pkcs11/PK11Store.c
security/jss/org/mozilla/jss/pkcs11/PK11Store.java
security/jss/org/mozilla/jss/pkcs11/PK11SymKey.c
security/jss/org/mozilla/jss/pkcs11/PK11SymKey.java
security/jss/org/mozilla/jss/pkcs11/PK11Token.c
security/jss/org/mozilla/jss/pkcs11/PK11Token.java
security/jss/org/mozilla/jss/pkcs11/PK11TokenCert.java
security/jss/org/mozilla/jss/pkcs11/TokenProxy.java
security/jss/org/mozilla/jss/pkcs11/Tunnel.java
security/jss/org/mozilla/jss/pkcs11/config.mk
security/jss/org/mozilla/jss/pkcs11/manifest.mn
security/jss/org/mozilla/jss/pkcs11/pk11util.h
security/jss/org/mozilla/jss/pkcs12/AuthenticatedSafes.java
security/jss/org/mozilla/jss/pkcs12/CertBag.java
security/jss/org/mozilla/jss/pkcs12/MacData.java
security/jss/org/mozilla/jss/pkcs12/Makefile
security/jss/org/mozilla/jss/pkcs12/PFX.java
security/jss/org/mozilla/jss/pkcs12/PasswordConverter.java
security/jss/org/mozilla/jss/pkcs12/SafeBag.java
security/jss/org/mozilla/jss/pkcs12/SecretBag.java
security/jss/org/mozilla/jss/pkcs12/config.mk
security/jss/org/mozilla/jss/pkcs12/manifest.mn
security/jss/org/mozilla/jss/pkcs12/package.html
security/jss/org/mozilla/jss/pkcs7/Attribute.java
security/jss/org/mozilla/jss/pkcs7/ContentInfo.java
security/jss/org/mozilla/jss/pkcs7/DigestInfo.java
security/jss/org/mozilla/jss/pkcs7/DigestedData.java
security/jss/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
security/jss/org/mozilla/jss/pkcs7/EncryptedData.java
security/jss/org/mozilla/jss/pkcs7/EnvelopedData.java
security/jss/org/mozilla/jss/pkcs7/IssuerAndSerialNumber.java
security/jss/org/mozilla/jss/pkcs7/Makefile
security/jss/org/mozilla/jss/pkcs7/RecipientInfo.java
security/jss/org/mozilla/jss/pkcs7/SignedAndEnvelopedData.java
security/jss/org/mozilla/jss/pkcs7/SignedData.java
security/jss/org/mozilla/jss/pkcs7/SignerInfo.java
security/jss/org/mozilla/jss/pkcs7/manifest.mn
security/jss/org/mozilla/jss/pkcs7/package.html
security/jss/org/mozilla/jss/pkix/cert/Certificate.java
security/jss/org/mozilla/jss/pkix/cert/CertificateInfo.java
security/jss/org/mozilla/jss/pkix/cert/Extension.java
security/jss/org/mozilla/jss/pkix/cert/SubjectKeyIdentifier.java
security/jss/org/mozilla/jss/pkix/cert/package.html
security/jss/org/mozilla/jss/pkix/cmc/CMCCertId.java
security/jss/org/mozilla/jss/pkix/cmc/CMCStatusInfo.java
security/jss/org/mozilla/jss/pkix/cmc/GetCert.java
security/jss/org/mozilla/jss/pkix/cmc/LraPopWitness.java
security/jss/org/mozilla/jss/pkix/cmc/OtherInfo.java
security/jss/org/mozilla/jss/pkix/cmc/OtherMsg.java
security/jss/org/mozilla/jss/pkix/cmc/PKIData.java
security/jss/org/mozilla/jss/pkix/cmc/PendInfo.java
security/jss/org/mozilla/jss/pkix/cmc/ResponseBody.java
security/jss/org/mozilla/jss/pkix/cmc/TaggedAttribute.java
security/jss/org/mozilla/jss/pkix/cmc/TaggedCertificationRequest.java
security/jss/org/mozilla/jss/pkix/cmc/TaggedContentInfo.java
security/jss/org/mozilla/jss/pkix/cmc/TaggedRequest.java
security/jss/org/mozilla/jss/pkix/cmc/package.html
security/jss/org/mozilla/jss/pkix/cmmf/CertOrEncCert.java
security/jss/org/mozilla/jss/pkix/cmmf/CertRepContent.java
security/jss/org/mozilla/jss/pkix/cmmf/CertResponse.java
security/jss/org/mozilla/jss/pkix/cmmf/CertifiedKeyPair.java
security/jss/org/mozilla/jss/pkix/cmmf/GetCRL.java
security/jss/org/mozilla/jss/pkix/cmmf/IssuerAndSubject.java
security/jss/org/mozilla/jss/pkix/cmmf/PKIStatusInfo.java
security/jss/org/mozilla/jss/pkix/cmmf/RevRepContent.java
security/jss/org/mozilla/jss/pkix/cmmf/RevRequest.java
security/jss/org/mozilla/jss/pkix/cmmf/package.html
security/jss/org/mozilla/jss/pkix/cms/ContentInfo.java
security/jss/org/mozilla/jss/pkix/cms/DigestInfo.java
security/jss/org/mozilla/jss/pkix/cms/DigestedData.java
security/jss/org/mozilla/jss/pkix/cms/EncapsulatedContentInfo.java
security/jss/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
security/jss/org/mozilla/jss/pkix/cms/EncryptedData.java
security/jss/org/mozilla/jss/pkix/cms/EnvelopedData.java
security/jss/org/mozilla/jss/pkix/cms/IssuerAndSerialNumber.java
security/jss/org/mozilla/jss/pkix/cms/RecipientInfo.java
security/jss/org/mozilla/jss/pkix/cms/SignedAndEnvelopedData.java
security/jss/org/mozilla/jss/pkix/cms/SignedData.java
security/jss/org/mozilla/jss/pkix/cms/SignerIdentifier.java
security/jss/org/mozilla/jss/pkix/cms/SignerInfo.java
security/jss/org/mozilla/jss/pkix/cms/package.html
security/jss/org/mozilla/jss/pkix/crmf/CertId.java
security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
security/jss/org/mozilla/jss/pkix/crmf/CertRequest.java
security/jss/org/mozilla/jss/pkix/crmf/CertTemplate.java
security/jss/org/mozilla/jss/pkix/crmf/ChallengeResponseException.java
security/jss/org/mozilla/jss/pkix/crmf/Control.java
security/jss/org/mozilla/jss/pkix/crmf/EncryptedKey.java
security/jss/org/mozilla/jss/pkix/crmf/EncryptedValue.java
security/jss/org/mozilla/jss/pkix/crmf/PKIArchiveOptions.java
security/jss/org/mozilla/jss/pkix/crmf/PKIPublicationInfo.java
security/jss/org/mozilla/jss/pkix/crmf/POPOPrivKey.java
security/jss/org/mozilla/jss/pkix/crmf/POPOSigningKey.java
security/jss/org/mozilla/jss/pkix/crmf/ProofOfPossession.java
security/jss/org/mozilla/jss/pkix/crmf/package.html
security/jss/org/mozilla/jss/pkix/primitive/AVA.java
security/jss/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java
security/jss/org/mozilla/jss/pkix/primitive/Attribute.java
security/jss/org/mozilla/jss/pkix/primitive/DirectoryString.java
security/jss/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
security/jss/org/mozilla/jss/pkix/primitive/Name.java
security/jss/org/mozilla/jss/pkix/primitive/PBEParameter.java
security/jss/org/mozilla/jss/pkix/primitive/PrivateKeyInfo.java
security/jss/org/mozilla/jss/pkix/primitive/RDN.java
security/jss/org/mozilla/jss/pkix/primitive/SubjectPublicKeyInfo.java
security/jss/org/mozilla/jss/pkix/primitive/TooFewElementsException.java
security/jss/org/mozilla/jss/pkix/primitive/package.html
security/jss/org/mozilla/jss/provider/Makefile
security/jss/org/mozilla/jss/provider/java/Makefile
security/jss/org/mozilla/jss/provider/java/config.mk
security/jss/org/mozilla/jss/provider/java/manifest.mn
security/jss/org/mozilla/jss/provider/java/security/IvAlgorithmParameters.java
security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java
security/jss/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
security/jss/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java
security/jss/org/mozilla/jss/provider/java/security/JSSMessageDigestSpi.java
security/jss/org/mozilla/jss/provider/java/security/JSSSecureRandomSpi.java
security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java
security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java
security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_4.java
security/jss/org/mozilla/jss/provider/java/security/Makefile
security/jss/org/mozilla/jss/provider/java/security/RC2AlgorithmParameters.java
security/jss/org/mozilla/jss/provider/java/security/config.mk
security/jss/org/mozilla/jss/provider/java/security/manifest.mn
security/jss/org/mozilla/jss/provider/javax/crypto/JSSCipherSpi.java
security/jss/org/mozilla/jss/provider/javax/crypto/JSSKeyGeneratorSpi.java
security/jss/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java
security/jss/org/mozilla/jss/provider/javax/crypto/JSSSecretKeyFactorySpi.java
security/jss/org/mozilla/jss/provider/manifest.mn
security/jss/org/mozilla/jss/rules.mk
security/jss/org/mozilla/jss/ssl/Makefile
security/jss/org/mozilla/jss/ssl/PrintOutputStreamWriter.java
security/jss/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java
security/jss/org/mozilla/jss/ssl/SSLClient.java
security/jss/org/mozilla/jss/ssl/SSLClientCertificateSelectionCallback.java
security/jss/org/mozilla/jss/ssl/SSLHandshakeCompletedEvent.java
security/jss/org/mozilla/jss/ssl/SSLHandshakeCompletedListener.java
security/jss/org/mozilla/jss/ssl/SSLInputStream.java
security/jss/org/mozilla/jss/ssl/SSLOutputStream.java
security/jss/org/mozilla/jss/ssl/SSLSecurityStatus.java
security/jss/org/mozilla/jss/ssl/SSLServer.java
security/jss/org/mozilla/jss/ssl/SSLServerSocket.c
security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
security/jss/org/mozilla/jss/ssl/SSLSocket.c
security/jss/org/mozilla/jss/ssl/SSLSocket.java
security/jss/org/mozilla/jss/ssl/SSLSocketException.java
security/jss/org/mozilla/jss/ssl/SSLTest.java
security/jss/org/mozilla/jss/ssl/SocketBase.java
security/jss/org/mozilla/jss/ssl/SocketProxy.java
security/jss/org/mozilla/jss/ssl/TestCertApprovalCallback.java
security/jss/org/mozilla/jss/ssl/TestClientCertificateSelectionCallback.java
security/jss/org/mozilla/jss/ssl/callbacks.c
security/jss/org/mozilla/jss/ssl/common.c
security/jss/org/mozilla/jss/ssl/config.mk
security/jss/org/mozilla/jss/ssl/javasock.c
security/jss/org/mozilla/jss/ssl/jssl.h
security/jss/org/mozilla/jss/ssl/manifest.mn
security/jss/org/mozilla/jss/ssl/package.html
security/jss/org/mozilla/jss/ssl/rules.mk
security/jss/org/mozilla/jss/tests/ClassServer.java
security/jss/org/mozilla/jss/tests/CloseDBs.java
security/jss/org/mozilla/jss/tests/Constants.java
security/jss/org/mozilla/jss/tests/DigestTest.java
security/jss/org/mozilla/jss/tests/FilePasswordCallback.java
security/jss/org/mozilla/jss/tests/FipsTest.java
security/jss/org/mozilla/jss/tests/GenerateTestCert.java
security/jss/org/mozilla/jss/tests/HMACTest.java
security/jss/org/mozilla/jss/tests/JCAKeyWrap.java
security/jss/org/mozilla/jss/tests/JCASigTest.java
security/jss/org/mozilla/jss/tests/JCASymKeyGen.java
security/jss/org/mozilla/jss/tests/JSSE_SSLClient.java
security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java
security/jss/org/mozilla/jss/tests/JSSPackageTest.java
security/jss/org/mozilla/jss/tests/JSS_FileUploadClient.java
security/jss/org/mozilla/jss/tests/JSS_FileUploadServer.java
security/jss/org/mozilla/jss/tests/JSS_SelfServClient.java
security/jss/org/mozilla/jss/tests/JSS_SelfServServer.java
security/jss/org/mozilla/jss/tests/KeyFactoryTest.java
security/jss/org/mozilla/jss/tests/KeyStoreTest.java
security/jss/org/mozilla/jss/tests/KeyWrapping.java
security/jss/org/mozilla/jss/tests/ListCACerts.java
security/jss/org/mozilla/jss/tests/ListCerts.java
security/jss/org/mozilla/jss/tests/PK10Gen.java
security/jss/org/mozilla/jss/tests/SDR.java
security/jss/org/mozilla/jss/tests/SSLClientAuth.java
security/jss/org/mozilla/jss/tests/SelfTest.java
security/jss/org/mozilla/jss/tests/SetupDBs.java
security/jss/org/mozilla/jss/tests/SigTest.java
security/jss/org/mozilla/jss/tests/SymKeyGen.java
security/jss/org/mozilla/jss/tests/TestCertificateApprovalCallback.java
security/jss/org/mozilla/jss/tests/TestKeyGen.java
security/jss/org/mozilla/jss/tests/TestSDR.java
security/jss/org/mozilla/jss/tests/VerifyCert.java
security/jss/org/mozilla/jss/tests/all.pl
security/jss/org/mozilla/jss/tests/passwords
security/jss/org/mozilla/jss/tests/startJssSelfServ.sh
security/jss/org/mozilla/jss/tests/startJssServ.sh
security/jss/org/mozilla/jss/tests/startJsseServ.sh
security/jss/org/mozilla/jss/tests/unix.sh
security/jss/org/mozilla/jss/util/Assert.java
security/jss/org/mozilla/jss/util/AssertionException.java
security/jss/org/mozilla/jss/util/Base64InputStream.java
security/jss/org/mozilla/jss/util/Base64OutputStream.java
security/jss/org/mozilla/jss/util/ConsolePasswordCallback.java
security/jss/org/mozilla/jss/util/Debug_debug.jnot
security/jss/org/mozilla/jss/util/Debug_ship.jnot
security/jss/org/mozilla/jss/util/IncorrectPasswordException.java
security/jss/org/mozilla/jss/util/InvalidNicknameException.java
security/jss/org/mozilla/jss/util/Makefile
security/jss/org/mozilla/jss/util/NSPRerrs.h
security/jss/org/mozilla/jss/util/NativeErrcodes.c
security/jss/org/mozilla/jss/util/NativeErrcodes.java
security/jss/org/mozilla/jss/util/NativeProxy.c
security/jss/org/mozilla/jss/util/NativeProxy.h
security/jss/org/mozilla/jss/util/NativeProxy.java
security/jss/org/mozilla/jss/util/NotImplementedException.java
security/jss/org/mozilla/jss/util/NullPasswordCallback.java
security/jss/org/mozilla/jss/util/Password.java
security/jss/org/mozilla/jss/util/PasswordCallback.java
security/jss/org/mozilla/jss/util/PasswordCallbackInfo.java
security/jss/org/mozilla/jss/util/SECerrs.h
security/jss/org/mozilla/jss/util/SSLerrs.h
security/jss/org/mozilla/jss/util/Tunnel.java
security/jss/org/mozilla/jss/util/UTF8Converter.java
security/jss/org/mozilla/jss/util/config.mk
security/jss/org/mozilla/jss/util/errstrings.c
security/jss/org/mozilla/jss/util/java_ids.h
security/jss/org/mozilla/jss/util/jss_bigint.h
security/jss/org/mozilla/jss/util/jss_exceptions.h
security/jss/org/mozilla/jss/util/jssutil.c
security/jss/org/mozilla/jss/util/jssutil.h
security/jss/org/mozilla/jss/util/jssver.c
security/jss/org/mozilla/jss/util/jssver.h
security/jss/org/mozilla/jss/util/manifest.mn
security/jss/org/mozilla/manifest.mn
security/jss/pkg/Makefile
security/jss/pkg/linux/Makefile
security/jss/pkg/linux/sun-jss.spec
security/jss/pkg/solaris/Makefile
security/jss/pkg/solaris/Makefile.com
security/jss/pkg/solaris/Makefile.targ
security/jss/pkg/solaris/SUNWjss/Makefile
security/jss/pkg/solaris/SUNWjss/pkgdepend
security/jss/pkg/solaris/SUNWjss/pkginfo.tmpl
security/jss/pkg/solaris/SUNWjss/prototype3_com
security/jss/pkg/solaris/SUNWjss/prototype3_i386
security/jss/pkg/solaris/SUNWjss/prototype3_sparc
security/jss/pkg/solaris/SUNWjss/prototype_com
security/jss/pkg/solaris/SUNWjss/prototype_i386
security/jss/pkg/solaris/SUNWjss/prototype_sparc
security/jss/pkg/solaris/bld_awk_pkginfo.ksh
security/jss/pkg/solaris/common_files/copyright
security/jss/pkg/solaris/proto64.mk
security/jss/rules.mk
security/jss/samples/PQGGen.java
security/jss/samples/README.txt
security/jss/samples/inputfile.pfx
security/jss/samples/pkcs12.java
deleted file mode 100644
--- a/security/jss/Makefile
+++ /dev/null
@@ -1,56 +0,0 @@
-#! gmake
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-# have to put this here, instead of in rules.mk, so that Java gets
-# built first
-all:: buildJava
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include rules.mk
-
-build_coreconf:
-	cd $(CORE_DEPTH)/coreconf ;  $(MAKE)
-
-package:
-		$(MAKE) -C pkg publish
-
deleted file mode 100644
--- a/security/jss/build_java.pl
+++ /dev/null
@@ -1,329 +0,0 @@
-#use strict;
-use File::Find;
-use File::Compare;
-use File::Basename;
-use File::stat;
-use File::Copy;
-
-@excluded_sources = qw(
-provider\.new/
-org/mozilla/jss/provider/java/security/KeyFactorySpi1_4\.java
-org/mozilla/jss/pkix/cert/X509Certificate\.java
-samples/
-);
-
-@javah_classes = qw(
-org.mozilla.jss.DatabaseCloser        
-org.mozilla.jss.CryptoManager          
-org.mozilla.jss.crypto.Algorithm        
-org.mozilla.jss.crypto.EncryptionAlgorithm      
-org.mozilla.jss.crypto.PQGParams     
-org.mozilla.jss.crypto.SecretDecoderRing
-org.mozilla.jss.pkcs11.CertProxy        
-org.mozilla.jss.pkcs11.CipherContextProxy 
-org.mozilla.jss.pkcs11.PK11Module 
-org.mozilla.jss.pkcs11.ModuleProxy 
-org.mozilla.jss.pkcs11.PK11Cert     
-org.mozilla.jss.pkcs11.PK11Cipher     
-org.mozilla.jss.pkcs11.PK11KeyWrapper  
-org.mozilla.jss.pkcs11.PK11MessageDigest 
-org.mozilla.jss.pkcs11.PK11PrivKey   
-org.mozilla.jss.pkcs11.PK11PubKey     
-org.mozilla.jss.pkcs11.PK11SymKey      
-org.mozilla.jss.pkcs11.PK11KeyPairGenerator 
-org.mozilla.jss.pkcs11.PK11KeyGenerator
-org.mozilla.jss.pkcs11.PK11Token
-org.mozilla.jss.pkcs11.PrivateKeyProxy  
-org.mozilla.jss.pkcs11.PublicKeyProxy    
-org.mozilla.jss.pkcs11.SymKeyProxy
-org.mozilla.jss.pkcs11.KeyProxy    
-org.mozilla.jss.pkcs11.PK11Token    
-org.mozilla.jss.pkcs11.TokenProxy    
-org.mozilla.jss.pkcs11.PK11Signature  
-org.mozilla.jss.pkcs11.PK11Store       
-org.mozilla.jss.pkcs11.PK11KeyPairGenerator 
-org.mozilla.jss.pkcs11.SigContextProxy
-org.mozilla.jss.pkcs11.PK11RSAPublicKey
-org.mozilla.jss.pkcs11.PK11DSAPublicKey
-org.mozilla.jss.pkcs11.PK11ECPublicKey
-org.mozilla.jss.pkcs11.PK11SecureRandom 
-org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
-org.mozilla.jss.SecretDecoderRing.KeyManager
-org.mozilla.jss.ssl.SSLSocket 
-org.mozilla.jss.ssl.SSLServerSocket 
-org.mozilla.jss.ssl.SocketBase 
-org.mozilla.jss.util.Debug
-org.mozilla.jss.util.Password       
-);
-
-@packages = qw(
-org.mozilla.jss
-org.mozilla.jss.asn1
-org.mozilla.jss.crypto
-org.mozilla.jss.pkcs7
-org.mozilla.jss.pkcs10
-org.mozilla.jss.pkcs11
-org.mozilla.jss.pkcs12
-org.mozilla.jss.pkix.primitive
-org.mozilla.jss.pkix.cert
-org.mozilla.jss.pkix.cmc
-org.mozilla.jss.pkix.cmmf
-org.mozilla.jss.pkix.cms
-org.mozilla.jss.pkix.crmf
-org.mozilla.jss.provider.java.security
-org.mozilla.jss.provider.javax.crypto
-org.mozilla.jss.SecretDecoderRing
-org.mozilla.jss.ssl
-org.mozilla.jss.tests
-org.mozilla.jss.util
-);
-
-
-# setup variables
-setup_vars(\@ARGV);
-
-# run the command with its arguments
-my $cmd = (shift || "build");   # first argument is command
-grep { s/(.*)/"$1"/ } @ARGV;    # enclose remaining arguments in quotes
-my $args = join(",",@ARGV);     # and comma-separate them
-eval "$cmd($args)";             # now run the command
-if( $@ ) {
-    die $@;                     # errors in eval will be put in $@
-}
-
-# END
-
-sub grab_cmdline_vars {
-    my $argv = shift;
-
-    while( $$argv[0] =~ /(.+)=(.*)/ ) {
-        $cmdline_vars{$1} = $2;
-        shift @$argv;
-    }
-}
-
-sub dump_cmdline_vars {
-    print "Command variables:\n";
-    for(keys %cmdline_vars) {
-        print "$_=" . $cmdline_vars{$_} . "\n";
-    }
-}
-
-sub setup_vars {
-    my $argv = shift;
-
-    grab_cmdline_vars($argv);
-    dump_cmdline_vars();
-
-    $ENV{JAVA_HOME} or die "Must specify JAVA_HOME environment variable";
-    $jar = "$ENV{JAVA_HOME}/bin/jar";
-    $javac = "$ENV{JAVA_HOME}/bin/javac";
-    $javah = "$ENV{JAVA_HOME}/bin/javah";
-    $javadoc = "$ENV{JAVA_HOME}/bin/javadoc";
-
-    $dist_dir = $cmdline_vars{SOURCE_PREFIX};
-    $jce_jar = $ENV{JCE_JAR};
-
-    $class_release_dir = $cmdline_vars{SOURCE_RELEASE_PREFIX};
-    if( $ENV{BUILD_OPT} ) {
-        $class_dir = "$dist_dir/classes";
-        $class_jar = "$dist_dir/$cmdline_vars{XPCLASS_JAR}";
-        $class_release_dir .= "/$cmdline_vars{SOURCE_RELEASE_CLASSES_DIR}";
-        $javac_opt_flag = "-O";
-        $debug_source_file = "org/mozilla/jss/util/Debug_ship.jnot";
-    } else {
-        $class_dir = "$dist_dir/classes_DBG";
-        $class_jar = "$dist_dir/$cmdline_vars{XPCLASS_DBG_JAR}";
-        $class_release_dir .= "/$cmdline_vars{SOURCE_RELEASE_CLASSES_DBG_DIR}";
-        $javac_opt_flag = "-g";
-        $debug_source_file = "org/mozilla/jss/util/Debug_debug.jnot";
-    }
-    $jni_header_dir = "$dist_dir/private/jss/_jni";
-
-    if( $jce_jar ) {
-        $classpath = "-classpath $jce_jar";
-    }
-}
-
-sub clean {
-    print_do("rm -rf $class_dir");
-    print_do("rm -f $class_jar");
-    print_do("rm -rf $jni_header_dir");
-}
-
-sub build {
-
-    #
-    # copy the appropriate debug file
-    #
-    my $debug_target_file = "org/mozilla/jss/util/Debug.java";
-    if( compare($debug_source_file, $debug_target_file) ) {
-        copy($debug_source_file, $debug_target_file) or die "Copying file: $!";
-    }
-
-    #
-    # generate manifest.mf file in lib dir
-    #
-    my $manifest_file   = "MANIFEST.MF";
-    my $jss_revision   = `grep JSS_VERSION org/mozilla/jss/util/jssver.h`;
-    chop($jss_revision);
-    $jss_revision      = substr($jss_revision, 22, 3);
-    my $build_revision = $jss_revision;
-    $append = 0;
-
-    if ($append) {
-        open(MYOUTFILE, ">MANIFEST.MF");  #open for write, overwrite
-    } else {
-        open(MYOUTFILE, ">>MANIFEST.MF"); #open for write, append
-    }
-
-    #*** Print freeform text, semicolon required ***
-print MYOUTFILE <<"MyLabel";
-Manifest-Version: 1.0
-    
-Name: org/mozilla/jss/
-Specification-Title: Network Security Services for Java (JSS)
-Specification-Version: $jss_revision
-Specification-Vendor: Mozilla Foundation
-Implementation-Title: org.mozilla.jss
-Implementation-Version: $build_revision
-Implementation-Vendor: Mozilla Foundation
-MyLabel
-
-    #*** Close the file ***
-    close(MYOUTFILE);
-
-    #
-    # recursively find *.java
-    #
-    my %source_list;
-    find sub {
-        my $name = $File::Find::name;
-        if( $name =~ /\.java$/) { 
-            $source_list{$File::Find::name} = 1;
-        }
-    }, ".";
-
-    #
-    # weed out files that are excluded or don't need to be updated
-    #
-    my $file;
-    foreach $file (keys %source_list) {
-        my $pattern;
-        foreach $pattern (@excluded_sources) {
-            if( $file =~ /$pattern/ ) {
-                delete $source_list{$file};
-            }
-        }
-        unless( java_source_needs_update( $file, $class_dir ) ){
-            delete $source_list{$file};
-        }
-    }
-    my @source_list = keys(%source_list);
-
-    #
-    # build the java sources
-    #
-    if( scalar(@source_list) > 0 ) {
-        ensure_dir_exists($class_dir);
-        print_do("$javac $javac_opt_flag -sourcepath . -d $class_dir " .
-            "$classpath " . join(" ",@source_list));
-        print_do("sh -c 'pwd && cd $class_dir && pwd && rm -f $class_jar && pwd && ls -al && ls -al ../../dist && $jar -cvmf ../../security/jss/$manifest_file $class_jar *'");
-        print_do("rm -f $manifest_file");
-        print "Exit status was " . ($?>>8) . "\n";
-    }
-
-    #
-    # create the JNI header files
-    #
-    ensure_dir_exists($jni_header_dir);
-    print_do("$javah -classpath $class_dir -d $jni_header_dir " .
-        (join " ", @javah_classes) );
-}
-
-sub print_do {
-    my $cmd = shift;
-    print "$cmd\n";
-    system($cmd);
-    my $exit_status = $?>>8;
-    $exit_status and die "Command failed ($exit_status)\n";
-}
-
-sub needs_update {
-    my $target = shift;
-    my @dependencies = @_;
-
-    my $target_mtime = (stat($target))[9];
-    my $dep;
-    foreach $dep( @dependencies ) {
-        my $dep_mtime = (stat($dep))[9];
-        if( $dep_mtime > $target_mtime ) {
-            return 1;
-        }
-    }
-    return 0;
-}
-
-# A quick-and-dirty way to guess whether a .java file needs to be rebuilt.
-# We merely look for a .class file of the same name. This won't work if
-# the source file's directory is different from its package, and it
-# doesn't know about nested or inner classes.
-# source_file: the relative path to the source file ("org/mozilla/jss/...")
-# dest_dir: the directory where classes are output ("../../dist/classes_DBG")
-# Returns 1 if the source file is newer than the class file, or the class file
-#   doesn't exist. Returns 0 if the class file is newer than the source file.
-sub java_source_needs_update {
-    my $source_file = shift;
-    my $dest_dir = shift;
-
-    my $class_dir = "$dest_dir/" . dirname($source_file);
-    my $class_file = basename($source_file);
-    $class_file =~ s/\.java/.class/;
-    $class_file = $class_dir . "/" . $class_file;
-    if( -f $class_file ) {
-        my $class_stat = stat($class_file);
-        my $source_stat = stat($source_file);
-
-        if( $source_stat->mtime > $class_stat->mtime) {
-            # class file exists and is out of date
-            return 1;
-        } else {
-            #class file exists and is up to date
-            return 0;
-        }
-    } else {
-        # class file hasn't been generated yet.
-        return 1;
-    }
-}
-
-# Recursively makes the given directory. Dies at the first sign of trouble
-sub ensure_dir_exists {
-    my $dir = shift;
-    my $parent = dirname($dir);
-    if( $parent ne $dir ) {
-        ensure_dir_exists($parent);
-    }
-    if( ! -d $dir ) {
-        mkdir($dir, 0777) or die "Failed to mkdir $dir: $!";
-    }
-}
-
-sub release {
-    # copy all class files into release directory
-    ensure_dir_exists("$class_release_dir");
-    print_do("cp -r $class_dir/* $class_release_dir");
-}
-
-sub javadoc {
-    my $html_header_opt;
-    if( $ENV{HTML_HEADER} ) {
-        $html_header_opt = "-header '$ENV{HTML_HEADER}'";
-    }
-    ensure_dir_exists("$dist_dir/jssdoc");
-    my $targets = join(" ", @packages);
-    print "$targets\n";
-    print_do("$javadoc -breakiterator -sourcepath . -d $dist_dir/jssdoc $html_header_opt $targets");
-    print_do("cp $dist_dir/jssdoc/index.html $dist_dir/jssdoc/index.html.bak");
-    print_do("cp $dist_dir/jssdoc/overview-summary.html $dist_dir/jssdoc/index.html");
-}
deleted file mode 100644
--- a/security/jss/config/config.mk
+++ /dev/null
@@ -1,41 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#
-# Configuration information unique to the "sectools" component
-#
-
-
-#######################################################################
-#  Local "sectools" component library link options                    #
-#######################################################################
-
-include $(CORE_DEPTH)/$(MODULE)/config/linkage.mk
-
-#######################################################################
-#  Local "sectools" component STATIC system library names             #
-#######################################################################
-
-include $(CORE_DEPTH)/$(MODULE)/config/static.mk
-
-#######################################################################
-#  Local "sectools" component DYNAMIC system library names            #
-#######################################################################
-
-include $(CORE_DEPTH)/$(MODULE)/config/dynamic.mk
-
-# Stricter semantic checking for SunOS compiler. This catches calling
-# undeclared functions, a major headache during debugging.
-ifeq ($(OS_ARCH), SunOS)
-    OS_CFLAGS += -v
-endif
-
-ifeq ($(OS_ARCH), WINNT)
-LINK_DLL += -LIBPATH:$(SOURCE_LIB_DIR)
-LINK_DLL += -LIBPATH:$(JAVA_HOME)/$(JAVA_LIBDIR)
-LINK_DLL += $(foreach file,$(LD_LIBS),-DEFAULTLIB:"$(notdir $(file))")
-endif
-
-CFLAGS += -I$(JAVA_HOME)/include
deleted file mode 100644
--- a/security/jss/config/dynamic.mk
+++ /dev/null
@@ -1,118 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# Initialize DYNAMIC system library names on some platforms           #
-#######################################################################
-
-#
-# AIX platforms
-#
-
-
-ifeq ($(OS_ARCH),AIX)
-ifeq ($(OS_RELEASE),4.1)
-	DLLSYSTEM += -lsvld -lC_r -lC -lpthreads -lc_r -lm /usr/lib/libc.a
-else
-	DLLSYSTEM += -ldl -lC_r -lC -lpthreads -lc_r -lm /usr/lib/libc.a
-endif
-endif
-
-#
-# HP/UX platforms
-#
-
-ifeq ($(OS_ARCH),HP-UX)
-	ifeq ($(USE_PTHREADS), 1)
-		DLLSYSTEM += -lpthread
-	endif
-	ifeq ($(PTHREADS_USER), 1)
-		DLLSYSTEM += -lpthread
-	endif
-	ifeq ($(OS_RELEASE),A.09.03)
-		DLLSYSTEM += -ldld -L/lib/pa1.1 -lm
-	else
-		DLLSYSTEM += -ldld -lm -lc 
-	endif
-endif
-
-#
-# IRIX platforms
-#
-
-ifeq ($(OS_ARCH), IRIX)
-	ifeq ($(USE_PTHREADS), 1)
-		DLLSYSTEM += -lpthread
-	endif
-endif
-
-#
-# Linux platforms
-#
-
-ifeq ($(OS_ARCH), Linux)
-	DLLSYSTEM += -ldl -lpthread -lm
-endif
-
-#
-# NCR platforms
-#
-
-ifeq ($(OS_ARCH), NCR)
-	DLLSYSTEM += -lsocket -ldl -lnsl -lc
-endif
-
-#
-# OSF 1 platforms
-#
-
-ifeq ($(OS_ARCH),OSF1)
-	ifneq ($(OS_RELEASE),V2.0)
-		DLLSYSTEM += -lc_r
-	endif
-	ifeq ($(USE_PTHREADS), 1)
-		DLLSYSTEM += -lpthread -lrt
-	endif
-	ifeq ($(USE_IPV6), 1)
-		DLLSYSTEM += -lip6
-	endif
-endif
-
-#
-# SCO platforms
-#
-
-ifeq ($(OS_ARCH), SCO_SV)
-	DLLSYSTEM += -lsocket -ldl -lnsl -lc
-endif
-
-#
-# Solaris platforms
-#
-
-ifeq ($(OS_ARCH), SunOS)
-	ifneq ($(OS_RELEASE), 4.1.3_U1)
-		DLLSYSTEM += -lthread -lposix4 -lsocket -lnsl -lintl -ldl
-	endif
-endif
-
-#
-# UNIXWARE platforms
-#
-
-ifeq ($(OS_ARCH), UNIXWARE)
-	DLLSYSTEM += -lsocket
-endif
-
-#
-# Windows platforms
-#
-
-ifeq ($(OS_ARCH),WINNT)
-	ifneq ($(OS_TARGET),WIN16)
-		DLLSYSTEM += wsock32.lib winmm.lib
-	endif
-endif
-
deleted file mode 100644
--- a/security/jss/config/linkage.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# Adjust variables for component library linkage on some platforms    #
-#######################################################################
-
-#
-# AIX platforms
-#
-
-ifeq ($(OS_ARCH),AIX)
-	LDOPTS += -blibpath:.:$(PWD)/$(SOURCE_LIB_DIR):/usr/lib/threads:/usr/lpp/xlC/lib:/usr/lib:/lib 
-endif
-
-#
-# HP/UX platforms
-#
-
-ifeq ($(OS_ARCH), HP-UX)
-	LDOPTS += -Wl,+s,+b,$(PWD)/$(SOURCE_LIB_DIR)
-endif
-
-#
-# IRIX platforms
-#
-
-ifeq ($(OS_ARCH), IRIX)
-	LDOPTS += -rpath $(PWD)/$(SOURCE_LIB_DIR)
-endif
-
-#
-# OSF 1 platforms
-#
-
-ifeq ($(OS_ARCH), OSF1)
-	LDOPTS += -rpath $(PWD)/$(SOURCE_LIB_DIR) -lpthread
-endif
-
-#
-# Solaris platforms
-#     NOTE:  Disable optimization on SunOS4.1.3
-#
-
-ifeq ($(OS_ARCH), SunOS)
-	ifneq ($(OS_RELEASE), 4.1.3_U1)
-		ifdef NS_USE_GCC
-			LDOPTS += -Xlinker -R -Xlinker $(PWD)/$(SOURCE_LIB_DIR)
-		else
-			LDOPTS += -R $(PWD)/$(SOURCE_LIB_DIR)
-		endif
-	else
-		OPTIMIZER =
-	endif
-endif
-
-#
-# Windows platforms
-#
-
-ifeq ($(OS_ARCH), WINNT)
-	LDOPTS    += -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
-endif
-
deleted file mode 100644
--- a/security/jss/config/rules.mk
+++ /dev/null
@@ -1,11 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-###                                                                 ###
-###              R U L E S   O F   E N G A G E M E N T              ###
-###                                                                 ###
-#######################################################################
-
deleted file mode 100644
--- a/security/jss/config/static.mk
+++ /dev/null
@@ -1,110 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# Initialize STATIC system library names on some platforms            #
-#######################################################################
-
-#
-# AIX platforms
-#
-
-ifeq ($(OS_ARCH),AIX)
-ifeq ($(OS_RELEASE),4.1)	
-	LIBSYSTEM += /lib/libsvld.a /lib/libC_r.a /lib/libC.a /lib/libpthreads.a /lib/libc_r.a /lib/libm.a /lib/libc.a
-else 
-	LIBSYSTEM += -ldl /lib/libC_r.a /lib/libC.a /lib/libpthreads.a /lib/libc_r.a /lib/libm.a /lib/libc.a
-	endif
-endif
-
-
-#
-# HP/UX platforms
-#
-
-ifeq ($(OS_ARCH),HP-UX)
-	ifeq ($(USE_PTHREADS), 1)
-		LIBSYSTEM += -lpthread
-	endif
-	ifeq ($(PTHREADS_USER), 1)
-		LIBSYSTEM += -lpthread
-	endif
-	ifeq ($(OS_RELEASE),A.09.03)
-		LIBSYSTEM += -ldld -L/lib/pa1.1 -lm
-	else
-		LIBSYSTEM += -ldld -lm -lc 
-	endif
-endif
-
-#
-# Linux platforms
-#
-
-ifeq ($(OS_ARCH), Linux)
-	LIBSYSTEM += -ldl
-endif
-
-#
-# IRIX platforms
-#
-
-ifeq ($(OS_ARCH), IRIX)
-	ifeq ($(USE_PTHREADS), 1)
-		LIBSYSTEM += -lpthread
-	endif
-endif
-
-#
-# OSF 1 platforms
-#
-
-ifeq ($(OS_ARCH),OSF1)
-	ifneq ($(OS_RELEASE),V2.0)
-		LIBSYSTEM += -lc_r
-	endif
-	ifeq ($(USE_PTHREADS), 1)
-		LIBSYSTEM += -lpthread -lrt
-	endif
-	ifeq ($(USE_IPV6), 1)
-		LIBSYSTEM += -lip6
-	endif
-endif
-
-#
-# Solaris platforms
-#
-
-ifeq ($(OS_ARCH), SunOS)
-	ifneq ($(OS_RELEASE), 4.1.3_U1)
-		ifeq ($(OS_RELEASE), 5.5.1_i86pc)
-			LIBSYSTEM += -lsocket -lnsl -lintl -ldl
-		else
-			ifeq ($(OS_RELEASE), 5.6_i86pc)
-				LIBSYSTEM += -lsocket -lnsl -lintl -ldl
-			else
-				LIBSYSTEM += -lthread -lposix4 /lib/libsocket.a /lib/libnsl.a /lib/libintl.a -ldl
-			endif
-		endif
-	endif
-endif
-
-#
-# UNIXWARE platforms
-#
-
-ifeq ($(OS_ARCH), UNIXWARE)
-	LIBSYSTEM += -lsocket
-endif
-
-#
-# Windows platforms
-#
-
-ifeq ($(OS_ARCH),WINNT)
-	ifneq ($(OS_TARGET),WIN16)
-		LIBSYSTEM += wsock32.lib winmm.lib
-	endif
-endif
-
deleted file mode 100644
--- a/security/jss/jss.html
+++ /dev/null
@@ -1,68 +0,0 @@
-<html>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-<head>
-<title>Netscape Security Services for Java</title>
-</head>
-
-<body bgcolor="white" text="black">
-<!--font face="sans-serif"-->
-<center><h1>Netscape Security Services for Java</h1></center>
-
-Netscape Security Services for Java (JSS) is an interface allowing Java applications
-to use the Secure Sockets Layer protocol.  The interface is implemented with the
-FIPS-validated Netscape Security Services library.
-It consists of a system-dependent dynamic library (<code>libjss.so</code>
-on UNIX, <code>jss.dll</code> on Windows) and a ZIP file
-(<code>jss.zip</code>) containing system-independent Java classes.
-These classes are compatible with JDK 1.1 or later <b>using the native
-thread implementation (not green threads)</b>.
-
-<h2>Building Applications with JSS</h2>
-To construct Java applications that use JSS, you must:
-<ul>
-<li>Call the JSS classes from your application.
-<li>When compiling your application, put <code>jss.zip</code> in your
-<code>CLASSPATH</code>.
-<li>When running your application, put <code>libjss.so</code> in your
-<code>LD_LIBRARY_PATH</code> (on UNIX) or <code>jss.dll</code>
-in your <code>PATH</code> (on Windows), and put
-<code>jss.zip</code> in your <code>CLASSPATH</code>.
-</ul>
-
-<h2>Programming with JSS</h2>
-Before the SSL classes can be used,
-<a href="javadoc/org/mozilla/jss/NSSInit.html#initialize(java.lang.String, java.lang.String, java.lang.String)">
-<code>NSSInit.initialize</code></a> must be called to open the security
-databases and initialize the random number generator.
-<a href="javadoc/org/mozilla/jss/NSSInit.html#setPasswordCallback(org.mozilla.jss.util.PasswordCallback)"><code>
-NSSInit.setPasswordCallback</code></a> may be called to change the password
-callback; the default is to prompt for passwords on the command line.
-
-<p>The files in the <code>examples</code> directory illustrate the use of JSS
-in an application:
-<dl>
-<dt><a href="examples/SSLClient.java">SSLClient.java</a>
-<dd>An example of an SSL client application.
-<dt><a href="examples/SSLServer.java">SSLServer.java</a>
-<dd>An example of an SSL server application.
-To run, it requires certificate
-and key databases that contain a certificate called "SSLServer".  The sample
-<code>cert7.db</code> and <code>key3.db</code> files, also in the
-<code>examples</code> directory,
-can be used for this purpose. When <code>SSLServer</code> is run,
-it will ask for a password
-for the "Internal Key Storage Token", which is the key database.
-The password for the example <code>key3.db</code> file is "netscape".
-</dl>
-These classes are in the <code>org.mozilla.jss.ssl</code> package.
-The <code>.class</code> files must be put in the subdirectory
-<code>org/mozilla/jss/ssl</code> of a <code>CLASSPATH</code> entry
-in order to be located by the Java virtual machine.
-
-<a href="javadoc/index.html"><h2>Javadoc for the JSS Classes</h2></a>
-
-<!--/font-->
-</body>
-</html>
deleted file mode 100644
--- a/security/jss/lib/Makefile
+++ /dev/null
@@ -1,47 +0,0 @@
-#! gmake
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-include $(CORE_DEPTH)/$(MODULE)/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-include $(CORE_DEPTH)/$(MODULE)/config/rules.mk
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-include rules.mk
deleted file mode 100644
--- a/security/jss/lib/config.mk
+++ /dev/null
@@ -1,99 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-LIBRARY =
-
-SHARED_LIBRARY_LIBS=yes
-
-SHARED_LIBRARY_DIRS = \
-    ../org/mozilla/jss/crypto \
-    ../org/mozilla/jss/SecretDecoderRing \
-    ../org/mozilla/jss \
-    ../org/mozilla/jss/pkcs11 \
-    ../org/mozilla/jss/ssl \
-    ../org/mozilla/jss/util \
-    ../org/mozilla/jss/provider/java/security \
-    $(NULL)
-    
-NSPR_LIB_NAMES = plc4 plds4 nspr4
-
-NSS_LIB_NAMES = smime3 ssl3 nss3
-ifdef USE_UTIL_DIRECTLY
-NSS_LIB_NAMES += nssutil3
-endif
-
-ifeq ($(OS_ARCH),WINNT)
-
-SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).dll
-IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).lib
-
-DLLFLAGS += -DEF:jss.def
-RES = $(OBJDIR)/jss.res
-RESNAME = jss.rc
-
-EXTRA_SHARED_LIBS += \
-    $(addprefix $(NSS_LIB_DIR)/, $(addsuffix .$(LIB_SUFFIX), $(NSS_LIB_NAMES))) \
-    $(addprefix $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX), $(addsuffix .$(LIB_SUFFIX), $(NSPR_LIB_NAMES))) \
-    $(JAVA_LIBS) \
-    $(DLLSYSTEM) \
-    $(NULL)
-
-else
-
-ifeq ($(OS_ARCH),Darwin)
-    DLL_SUFFIX = jnilib
-endif
-
-EXTRA_SHARED_LIBS += \
-    -L$(NSS_LIB_DIR) \
-    $(addprefix -l, $(NSS_LIB_NAMES)) \
-    -L$(NSPR_LIB_DIR) \
-    $(addprefix -l, $(NSPR_LIB_NAMES)) \
-    $(JAVA_LIBS) \
-    $(NULL)
-
-endif
-
-# Include "funky" link path to pick up ALL native libraries for OSF/1.
-ifeq ($(OS_ARCH), OSF1)
-	JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR).no
-endif
-
-ifeq ($(OS_ARCH),Linux)
-MAPFILE = $(OBJDIR)/jssmap.linux
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -Wl,--version-script,$(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),SunOS)
-MAPFILE = $(OBJDIR)/jssmap.sun
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -M $(MAPFILE)
-#ifndef USE_64
-#ifeq ($(CPU_ARCH),sparc)
-# The -R '$ORIGIN' linker option instructs libnss3.so to search for its
-# dependencies (libfreebl_*.so) in the same directory where it resides.
-#MKSHLIB += -R '$$ORIGIN'
-#endif
-#endif
-endif
-
-ifeq ($(OS_ARCH),AIX)
-MAPFILE = $(OBJDIR)/jssmap.aix
-ALL_TRASH += $(MAPFILE)
-EXPORT_RULES = -bexport:$(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH),HP-UX)
-MAPFILE = $(OBJDIR)/jssmap.hp
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -c $(MAPFILE)
-endif
-
-ifeq ($(OS_ARCH), OSF1)
-MAPFILE = $(OBJDIR)/jssmap.osf
-ALL_TRASH += $(MAPFILE)
-MKSHLIB += -hidden -input $(MAPFILE)
-endif
deleted file mode 100644
--- a/security/jss/lib/jss.def
+++ /dev/null
@@ -1,299 +0,0 @@
-LIBRARY jss4	;-
-;+#
-;+# This Source Code Form is subject to the terms of the Mozilla Public
-;+# License, v. 2.0. If a copy of the MPL was not distributed with this
-;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
-;+#   1. For all unix platforms, the string ";-"  means "remove this line"
-;+#   2. For all unix platforms, the string " DATA " will be removed from any 
-;+#  line on which it occurs.
-;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
-;+#      On AIX, lines containing ";+" will be removed.  
-;+#   4. For all unix platforms, the string ";;" will have the ";;" removed.
-;+#   5. For all unix platforms, after the above processing has taken place,
-;+#    all characters after the first ";" on the line will be removed.  
-;+#    And for AIX, the first ";" will also be removed.
-;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
-;+#   directives are hidden behind ";", ";+", and ";-"
-
-;+JSS_3.0 {       # JSS 3.0 release
-;+    global:
-LIBRARY jss4	;-
-EXPORTS		;-
-Java_org_mozilla_jss_crypto_EncryptionAlgorithm_getIVLength;
-Java_org_mozilla_jss_crypto_PQGParams_generateNative__I;
-Java_org_mozilla_jss_crypto_PQGParams_generateNative__II;
-Java_org_mozilla_jss_crypto_PQGParams_paramsAreValidNative;
-Java_org_mozilla_jss_DatabaseCloser_closeDatabases;
-Java_org_mozilla_jss_CryptoManager_FIPSEnabled;
-Java_org_mozilla_jss_CryptoManager_buildCertificateChainNative;
-Java_org_mozilla_jss_CryptoManager_enableFIPS;
-Java_org_mozilla_jss_CryptoManager_exportCertsToPKCS7;
-Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative;
-Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative;
-Java_org_mozilla_jss_CryptoManager_findCertsByNicknameNative;
-Java_org_mozilla_jss_CryptoManager_findPrivKeyByCertNative;
-Java_org_mozilla_jss_CryptoManager_getCACerts;
-Java_org_mozilla_jss_CryptoManager_getPermCerts;
-Java_org_mozilla_jss_CryptoManager_importCRLNative;
-Java_org_mozilla_jss_CryptoManager_importCertPackageNative;
-Java_org_mozilla_jss_CryptoManager_importCertToPermNative;
-Java_org_mozilla_jss_CryptoManager_initializeAllNative;
-Java_org_mozilla_jss_CryptoManager_putModulesInVector;
-Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback;
-Java_org_mozilla_jss_pkcs11_CertProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_CipherContextProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PK11Module_getLibraryName;
-Java_org_mozilla_jss_pkcs11_PK11Module_getName;
-Java_org_mozilla_jss_pkcs11_PK11Module_putTokensInVector;
-Java_org_mozilla_jss_pkcs11_ModuleProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getEncoded;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getIssuerDNString;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getNickname;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getOwningToken;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getPublicKey;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getSerialNumberByteArray;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getSubjectDNString;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getTrust;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getUniqueID;
-Java_org_mozilla_jss_pkcs11_PK11Cert_getVersion;
-Java_org_mozilla_jss_pkcs11_PK11Cert_setTrust;
-Java_org_mozilla_jss_pkcs11_PK11Cipher_finalizeContext;
-Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext;
-Java_org_mozilla_jss_pkcs11_PK11Cipher_updateContext;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapPrivWithSym;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymWithPriv;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymWithSym;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeWrapPrivWithSym;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeWrapSymWithPub;
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeWrapSymWithSym;
-Java_org_mozilla_jss_pkcs11_PK11MessageDigest_digest;
-Java_org_mozilla_jss_pkcs11_PK11MessageDigest_initDigest;
-Java_org_mozilla_jss_pkcs11_PK11MessageDigest_initHMAC;
-Java_org_mozilla_jss_pkcs11_PK11MessageDigest_update;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_getKeyType;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_getOwningToken;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_getStrength;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_getUniqueID;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_DSAFromRaw;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_RSAFromRaw;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_getEncoded;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_getKeyType;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_verifyKeyIsOnToken;
-Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyData;
-Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyType;
-Java_org_mozilla_jss_pkcs11_PK11SymKey_getOwningToken;
-Java_org_mozilla_jss_pkcs11_PK11SymKey_getStrength;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair;
-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal;
-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE;
-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE_1IV;
-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_nativeClone;
-Java_org_mozilla_jss_pkcs11_PrivateKeyProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PublicKeyProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_SymKeyProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PK11Token_PWInitable;
-Java_org_mozilla_jss_pkcs11_PK11Token_SSOPasswordIsCorrect;
-Java_org_mozilla_jss_pkcs11_PK11Token_changePassword;
-Java_org_mozilla_jss_pkcs11_PK11Token_doesAlgorithm;
-Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10;
-Java_org_mozilla_jss_pkcs11_PK11Token_getLoginMode;
-Java_org_mozilla_jss_pkcs11_PK11Token_getLoginTimeoutMinutes;
-Java_org_mozilla_jss_pkcs11_PK11Token_getName;
-Java_org_mozilla_jss_pkcs11_PK11Token_initPassword;
-Java_org_mozilla_jss_pkcs11_PK11Token_isLoggedIn;
-Java_org_mozilla_jss_pkcs11_PK11Token_isPresent;
-Java_org_mozilla_jss_pkcs11_PK11Token_isWritable;
-Java_org_mozilla_jss_pkcs11_PK11Token_logout;
-Java_org_mozilla_jss_pkcs11_PK11Token_nativeLogin;
-Java_org_mozilla_jss_pkcs11_PK11Token_passwordIsInitialized;
-Java_org_mozilla_jss_pkcs11_PK11Token_setLoginMode;
-Java_org_mozilla_jss_pkcs11_PK11Token_setLoginTimeoutMinutes;
-Java_org_mozilla_jss_pkcs11_PK11Token_userPasswordIsCorrect;
-Java_org_mozilla_jss_pkcs11_TokenProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PK11Signature_engineRawSignNative;
-Java_org_mozilla_jss_pkcs11_PK11Signature_engineRawVerifyNative;
-Java_org_mozilla_jss_pkcs11_PK11Signature_engineSignNative;
-Java_org_mozilla_jss_pkcs11_PK11Signature_engineUpdateNative;
-Java_org_mozilla_jss_pkcs11_PK11Signature_engineVerifyNative;
-Java_org_mozilla_jss_pkcs11_PK11Signature_initSigContext;
-Java_org_mozilla_jss_pkcs11_PK11Signature_initVfyContext;
-Java_org_mozilla_jss_pkcs11_PK11Store_deleteCert;
-Java_org_mozilla_jss_pkcs11_PK11Store_deletePrivateKey;
-Java_org_mozilla_jss_pkcs11_PK11Store_importPrivateKey;
-Java_org_mozilla_jss_pkcs11_PK11Store_putCertsInVector;
-Java_org_mozilla_jss_pkcs11_PK11Store_putKeysInVector;
-Java_org_mozilla_jss_pkcs11_SigContextProxy_releaseNativeResources;
-Java_org_mozilla_jss_pkcs11_PK11RSAPublicKey_getModulusByteArray;
-Java_org_mozilla_jss_pkcs11_PK11RSAPublicKey_getPublicExponentByteArray;
-Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getGByteArray;
-Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getPByteArray;
-Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getQByteArray;
-Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray;
-Java_org_mozilla_jss_pkcs11_PK11SecureRandom_nextBytes;
-Java_org_mozilla_jss_pkcs11_PK11SecureRandom_setSeed;
-Java_org_mozilla_jss_ssl_SSLServerSocket_clearSessionCache;
-Java_org_mozilla_jss_ssl_SSLServerSocket_configServerSessionIDCache;
-Java_org_mozilla_jss_ssl_SSLServerSocket_setServerCertNickname;
-Java_org_mozilla_jss_ssl_SSLServerSocket_socketAccept;
-Java_org_mozilla_jss_ssl_SSLServerSocket_socketListen;
-Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
-Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
-Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
-Java_org_mozilla_jss_ssl_SSLSocket_getPort;
-Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
-Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
-Java_org_mozilla_jss_ssl_SSLSocket_getSoLinger;
-Java_org_mozilla_jss_ssl_SSLSocket_getStatus;
-Java_org_mozilla_jss_ssl_SSLSocket_getTcpNoDelay;
-Java_org_mozilla_jss_ssl_SSLSocket_invalidateSession;
-Java_org_mozilla_jss_ssl_SSLSocket_redoHandshake;
-Java_org_mozilla_jss_ssl_SSLSocket_resetHandshakeNative;
-Java_org_mozilla_jss_ssl_SSLSocket_setCipherPolicyNative;
-Java_org_mozilla_jss_ssl_SSLSocket_setCipherPreference;
-Java_org_mozilla_jss_ssl_SSLSocket_setKeepAlive;
-Java_org_mozilla_jss_ssl_SSLSocket_setReceiveBufferSize;
-Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOption;
-Java_org_mozilla_jss_ssl_SSLSocket_setSendBufferSize;
-Java_org_mozilla_jss_ssl_SSLSocket_setSoLinger;
-Java_org_mozilla_jss_ssl_SSLSocket_setTcpNoDelay;
-Java_org_mozilla_jss_ssl_SSLSocket_shutdownNative;
-Java_org_mozilla_jss_ssl_SSLSocket_socketAvailable;
-Java_org_mozilla_jss_ssl_SSLSocket_socketConnect;
-Java_org_mozilla_jss_ssl_SSLSocket_socketRead;
-Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
-Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
-Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
-Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
-Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
-Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
-Java_org_mozilla_jss_ssl_SocketBase_socketBind;
-Java_org_mozilla_jss_ssl_SocketBase_socketClose;
-Java_org_mozilla_jss_ssl_SocketBase_socketCreate;
-Java_org_mozilla_jss_util_Debug_setNativeLevel;
-Java_org_mozilla_jss_util_Password_readPasswordFromConsole;
-;+#
-;+# Data objects (NONE)
-;+#
-;+#
-;+# commands (NONE)
-;+#
-;+#
-;+    local:
-;+       *;
-;+};
-;+JSS_3.1 {       # JSS 3.1 release
-;+    global:
-Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymPlaintext;
-Java_org_mozilla_jss_pkcs11_PK11Store_getEncryptedPrivateKeyInfo;
-;+    local:
-;+       *;
-;+};
-;+JSS_3.1.1 {       # JSS 3.1.1 release
-;+    global:
-Java_org_mozilla_jss_ssl_SSLServerSocket_setReuseAddress;
-Java_org_mozilla_jss_ssl_SSLServerSocket_getReuseAddress;
-;+    local:
-;+       *;
-;+};
-;+JSS_3.2 {       # JSS 3.2 release
-;+    global:
-Java_org_mozilla_jss_crypto_SecretDecoderRing_encrypt;
-Java_org_mozilla_jss_crypto_SecretDecoderRing_decrypt;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_fromPrivateKeyInfo;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_fromRawNative;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_getRawAliases;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineDeleteEntry;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_getDERCert;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_getCertNickname;
-Java_org_mozilla_jss_pkcs11_PK11PubKey_fromSPKI;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineGetKey;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineIsCertificateEntry;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineSetKeyEntryNative;
-Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressNative;
-Java_org_mozilla_jss_pkcs11_PK11PrivKey_getDSAParamsNative;
-Java_org_mozilla_jss_CryptoManager_verifyCertNowNative;
-Java_org_mozilla_jss_ssl_SSLServerSocket_setServerCert;
-Java_org_mozilla_jss_ssl_SocketBase_setClientCert;
-Java_org_mozilla_jss_CryptoManager_verifyCertTempNative;
-Java_org_mozilla_jss_ssl_SocketProxy_releaseNativeResources;
-;+    local:
-;+       *;
-;+};
-;+JSS_3.3 {       # JSS 3.3 release
-;+    global:
-Java_org_mozilla_jss_ssl_SSLSocket_getImplementedCipherSuites;
-Java_org_mozilla_jss_ssl_SSLSocket_getCipherPreferenceDefault;
-Java_org_mozilla_jss_ssl_SSLSocket_setCipherPreferenceDefault;
-Java_org_mozilla_jss_ssl_SSLSocket_getCipherPreference;
-Java_org_mozilla_jss_CryptoManager_configureOCSPNative;
-Java_org_mozilla_jss_pkcs11_PK11SymKey_getLength;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_getCertObject;
-Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineGetKeyNative;
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_generateKeyNative;
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_lookupKeyNative;
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_deleteKeyNative;
-;+    local:
-;+       *;
-;+};
-;+JSS_3.4 {       # JSS 3.4 release
-;+    global:
-Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits;
-;+    local:
-;+       *;
-;+};
-;+JSS_3.5 {       # JSS 3.5 release
-;+    global:
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_generateUniqueNamedKeyNative;
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_lookupUniqueNamedKeyNative;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.1 {       # JSS 4.1 release
-;+    global:
-Java_org_mozilla_jss_ssl_SSLSocket_abortReadWrite;
-Java_org_mozilla_jss_ssl_SSLServerSocket_abortAccept;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.2 {       # JSS 4.2 release
-;+    global:
-Java_org_mozilla_jss_ssl_SocketBase_getSSLOption;
-Java_org_mozilla_jss_ssl_SSLSocket_getSSLDefaultOption;
-Java_org_mozilla_jss_pkcs11_PK11Store_deleteCertOnly;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.2.3 {     # JSS 4.2.3 release
-;+    global:
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray;
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.2.5 {     # JSS 4.2.5 release
-;+    global:
-Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOptionMode;
-Java_org_mozilla_jss_ssl_SocketBase_setSSLOptionMode;
-Java_org_mozilla_jss_ssl_SSLSocket_isFipsCipherSuiteNative;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.3 {     # JSS 4.3 release
-;+    global:
-Java_org_mozilla_jss_pkcs11_PK11Token_needsLogin;
-;+    local:
-;+       *;
-;+};
-;+JSS_4.3.1 {     # JSS 4.3.1 release
-;+    global:
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
-;+    local:
-;+       *;
-;+};
deleted file mode 100644
--- a/security/jss/lib/jss.rc
+++ /dev/null
@@ -1,68 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "jssver.h"
-#include <winver.h>
-
-#define MY_LIBNAME "jss"
-#define MY_FILEDESCRIPTION "JSS Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define JSS_VMAJOR_STR STRINGIZE2(JSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if JSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME JSS_VMAJOR_STR
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION JSS_VMAJOR,JSS_VMINOR,JSS_VPATCH,0
- PRODUCTVERSION JSS_VMAJOR,JSS_VMINOR,JSS_VPATCH,0
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Mozilla Foundation\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", JSS_VERSION "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "Network Security Services for Java\0"
-            VALUE "ProductVersion", JSS_VERSION "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
deleted file mode 100644
--- a/security/jss/lib/manifest.mn
+++ /dev/null
@@ -1,27 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#/********************************************************************/
-#/* The VERSION Strings should be updated in the following           */
-#/* files everytime a new release of JSS is generated:               */
-#/*                                                                  */
-#/* org/mozilla/jss/CryptoManager.java                               */
-#/* org/mozilla/jss/JSSProvider.java                                 */
-#/* org/mozilla/jss/util/jssver.h                                    */
-#/* lib/manifest.mn                                                  */
-#/* mozilla/security/jss/manifest.mn                                 */
-#/*                                                                  */
-#/********************************************************************/
-
-CORE_DEPTH = ../..
-
-MODULE = jss
-
-NS_USE_JDK = 1
-
-LIBRARY_NAME = jss
-#/* LIBRARY_VERSION=JSS_VMAJOR so you only update when */
-#/* you update the JSS_VMAJOR                          */ 
-LIBRARY_VERSION = 4
deleted file mode 100644
--- a/security/jss/lib/rules.mk
+++ /dev/null
@@ -1,22 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-release_md::  release_sanitize
-
-release_sanitize::
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsscrypto$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssmanage$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspkcs11$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspolicy$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssssl$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssutil$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
-ifeq ($(OS_ARCH),WINNT)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsscrypto$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssmanage$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspkcs11$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspolicy$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssssl$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssutil$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
-endif
deleted file mode 100644
--- a/security/jss/manifest.mn
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-CORE_DEPTH = ..
- 
-MODULE = jss
-
-#/********************************************************************/
-#/* The VERSION Strings should be updated in the following           */
-#/* files everytime a new release of JSS is generated:               */
-#/*                                                                  */
-#/* org/mozilla/jss/CryptoManager.java                               */
-#/* org/mozilla/jss/JSSProvider.java                                 */
-#/* org/mozilla/jss/util/jssver.h                                    */
-#/* lib/manifest.mn                                                  */
-#/* mozilla/security/jss/manifest.mn                                 */
-#/*                                                                  */
-#/********************************************************************/
-
-IMPORTS =	nss/NSS_3_12_RTM \
-			nspr20/v4.7 \
-			$(NULL)
-
-DIRS =  org     \
-        lib     \
-        $(NULL)
-
-RELEASE = jss
deleted file mode 100644
--- a/security/jss/org/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#! gmake
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/jss/org/manifest.mn
+++ /dev/null
@@ -1,11 +0,0 @@
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-CORE_DEPTH = ../..
- 
-MODULE = jss
- 
-DIRS =  mozilla \
-        $(NULL)
deleted file mode 100644
--- a/security/jss/org/mozilla/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#! gmake
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/CRLImportException.java
+++ /dev/null
@@ -1,14 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-/**
- * Thrown if a CRL cannot be imported
- */
-public class CRLImportException extends java.lang.Exception {
-    public CRLImportException() {}
-    public CRLImportException(String mesg) {
-        super(mesg);
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/CertDatabaseException.java
+++ /dev/null
@@ -1,15 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-/**
- * This exception is thrown if the certificate database does not exist,
- * or if an error occurs while opening it.
- */
-public class CertDatabaseException extends java.lang.Exception {
-    public CertDatabaseException() {}
-    public CertDatabaseException(String mesg) {
-        super(mesg);
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/CryptoManager.c
+++ /dev/null
@@ -1,955 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "_jni/org_mozilla_jss_CryptoManager.h"
-
-#include <secitem.h>
-#include <secmod.h>
-#include <cert.h>
-#include <certt.h>
-#include <key.h>
-#include <ocsp.h>
-#include <pk11func.h>
-#include <nspr.h>
-#include <plstr.h>
-#include <pkcs11.h>
-#include <nss.h>
-#include <ssl.h>
-
-#include <jssutil.h>
-#include <java_ids.h>
-#include <jss_exceptions.h>
-#include <jssver.h>
-
-#include "pk11util.h"
-
-#if defined(AIX) || defined(HPUX) || defined(LINUX)
-#include <signal.h>
-#endif
-
-
-/** These externs are only here to
- ** keep certain compilers from optimizing the
- ** version info away.
- */
-
-#include "util/jssver.h"
-extern const char __jss_base_rcsid[];
-extern const char __jss_base_sccsid[];
-
-const char * jss_rcsid() {
-    return __jss_base_rcsid;
-}
-
-const char * jss_sccsid() {
-    return __jss_base_sccsid;
-}
-
-/********************************************************************/
-/* The VERSION Strings should be updated in the following           */
-/* files everytime a new release of JSS is generated:               */
-/*                                                                  */
-/* org/mozilla/jss/CryptoManager.java                               */
-/* org/mozilla/jss/JSSProvider.java                                 */
-/* org/mozilla/jss/util/jssver.h                                    */
-/* lib/manifest.mn                                                  */
-/* mozilla/security/jss/manifest.mn                                 */
-/*                                                                  */
-/********************************************************************/
-
-/* JSS_VERSION from  mozilla/security/jss/org/mozilla/jss/util/jssver.h */
-static const char* DLL_JSS_VERSION     = "JSS_VERSION = " JSS_VERSION;
-/* NSS_VERSION from mozilla/security/nss/lib/nss/nss.h */
-static const char* DLL_NSS_VERSION     = "NSS_VERSION = " NSS_VERSION;
-/* NSPR_version from mozilla/nsprpub/pr/include/prinit.h */
-static const char* DLL_NSPR_VERSION    = "NSPR_VERSION = " PR_VERSION;
-
-
-
-
-static jobject
-makePWCBInfo(JNIEnv *env, PK11SlotInfo *slot);
-
-static char*
-getPWFromCallback(PK11SlotInfo *slot, PRBool retry, void *arg);
-
-/*************************************************************
- * AIX, HP, and Linux signal handling madness
- *
- * In order for the JVM, kernel, and NSPR to work together, we setup
- * a signal handler for SIGCHLD that does nothing.  This is only done
- * on AIX, HP, and Linux.
- *************************************************************/
-#if defined(AIX) || defined(HPUX) || defined(LINUX)
-
-static PRStatus
-handleSigChild(JNIEnv *env) {
-
-    struct sigaction action;
-    sigset_t signalset;
-    int result;
-
-    sigemptyset(&signalset);
-
-    action.sa_handler = SIG_DFL;
-    action.sa_mask = signalset;
-    action.sa_flags = 0;
-
-    result = sigaction( SIGCHLD, &action, NULL );
-
-    if( result != 0 ) {
-        JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-            "Failed to set SIGCHLD handler");
-        return PR_FAILURE;
-    }
-
-    return PR_SUCCESS;
-}
-
-#endif
-
-
-int ConfigureOCSP(
-        JNIEnv *env,
-        jboolean ocspCheckingEnabled,
-        jstring ocspResponderURL,
-        jstring ocspResponderCertNickname )
-{
-    char *ocspResponderURL_string=NULL;
-    char *ocspResponderCertNickname_string=NULL;
-    SECStatus status;
-    int result = SECSuccess;
-    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
-
-
-    /* if caller specified default responder, get the
-     * strings associated with these args
-     */
-
-    if (ocspResponderURL) {
-        ocspResponderURL_string =
-            (char*) (*env)->GetStringUTFChars(env, ocspResponderURL, NULL);
-        if (ocspResponderURL_string == NULL) {
-            JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-                    "OCSP invalid URL");
-            result = SECFailure;
-            goto loser;
-        }
-    }
-
-    if (ocspResponderCertNickname) {
-        ocspResponderCertNickname_string =
-            (char*) (*env)->GetStringUTFChars(env, ocspResponderCertNickname, NULL);
-        if (ocspResponderCertNickname_string == NULL) {
-            JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-                    "OCSP invalid nickname");
-            result = SECFailure;
-            goto loser;
-        }
-    }
-
-    /* first disable OCSP - we'll enable it later */
-
-    CERT_DisableOCSPChecking(certdb);
-
-    /* if they set the default responder, then set it up
-     * and enable it
-     */
-    if (ocspResponderURL) {
-        /* if ocspResponderURL is set they must specify the
-           ocspResponderCertNickname */
-                if (ocspResponderCertNickname == NULL ) {
-                JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-                "if OCSP responderURL is set, the Responder Cert nickname must be set");
-                        result = SECFailure;
-                        goto loser;
-                } else {
-                        CERTCertificate *cert;
-                        /* if the nickname is set */
-       cert = CERT_FindCertByNickname(certdb, ocspResponderCertNickname_string);
-                        if (cert == NULL) {
-                          /*
-                           * look for the cert on an external token.
-                        */
-       cert = PK11_FindCertFromNickname(ocspResponderCertNickname_string, NULL);
-                       }
-                        if (cert == NULL) {
-                                JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-                    "Unable to find the OCSP Responder Certificate nickname.");
-                        result = SECFailure;
-                        goto loser;
-	               }
-                        CERT_DestroyCertificate(cert);
-	}
-        status =
-            CERT_SetOCSPDefaultResponder(   certdb,
-                                            ocspResponderURL_string,
-                                            ocspResponderCertNickname_string
-                                        );
-        if (status == SECFailure) {
-            /* deal with error */
-            JSS_throwMsg(env, GENERAL_SECURITY_EXCEPTION,
-                    "OCSP Could not set responder");
-            result = SECFailure;
-            goto loser;
-        }
-        CERT_EnableOCSPDefaultResponder(certdb);
-    }
-    else {
-        /* if no defaultresponder is set, disable it */
-        CERT_DisableOCSPDefaultResponder(certdb);
-    }
-        
-
-    /* enable OCSP checking if requested */
-
-    if (ocspCheckingEnabled) {
-        CERT_EnableOCSPChecking(certdb);
-    }
-    
-loser:
-        
-    if (ocspResponderURL_string)  {
-        (*env)->ReleaseStringUTFChars(env,
-            ocspResponderURL, ocspResponderURL_string);
-    }
-
-    if (ocspResponderCertNickname_string)  {
-        (*env)->ReleaseStringUTFChars(env,
-            ocspResponderCertNickname, ocspResponderCertNickname_string);
-    }
-
-    return result;
-
-}
-
-
-/**********************************************************************
- * This is the PasswordCallback object that will be used to login
- * to tokens implicitly.
- */
-static jobject globalPasswordCallback = NULL;
-
-/**********************************************************************
- * The Java virtual machine can be used to retrieve the JNI environment
- * pointer from callback functions.
- */
-JavaVM * JSS_javaVM;
-
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_initializeAllNative
-    (JNIEnv *env, jclass clazz,
-        jstring configDir,
-        jstring certPrefix,
-        jstring keyPrefix,
-        jstring secmodName,
-        jboolean readOnly,
-        jstring manuString,
-        jstring libraryString,
-        jstring tokString,
-        jstring keyTokString,
-        jstring slotString,
-        jstring keySlotString,
-        jstring fipsString,
-        jstring fipsKeyString,
-        jboolean ocspCheckingEnabled,
-        jstring ocspResponderURL,
-        jstring ocspResponderCertNickname,
-        jboolean initializeJavaOnly, 
-        jboolean PKIXVerify,
-        jboolean noCertDB,
-        jboolean noModDB, 
-        jboolean forceOpen,
-        jboolean noRootInit,
-        jboolean optimizeSpace,
-        jboolean PK11ThreadSafe,
-        jboolean PK11Reload,
-        jboolean noPK11Finalize,
-        jboolean cooperate)
-{
-    SECStatus rv = SECFailure;
-    JavaVM *VMs[5];
-    jint numVMs;
-    char *szConfigDir = NULL;
-    char *szCertPrefix = NULL;
-    char *szKeyPrefix = NULL;
-    char *szSecmodName = NULL;
-    char *manuChars=NULL;
-    char *libraryChars=NULL;
-    char *tokChars=NULL;
-    char *keyTokChars=NULL;
-    char *slotChars=NULL;
-    char *keySlotChars=NULL;
-    char *fipsChars=NULL;
-    char *fipsKeyChars=NULL;
-    PRUint32 initFlags;
-
-    /* This is thread-safe because initialize is synchronized */
-    static PRBool initialized=PR_FALSE;
-
-    if( configDir == NULL ||
-        manuString == NULL ||
-        libraryString == NULL ||
-        tokString == NULL ||
-        keyTokString == NULL ||
-        slotString == NULL ||
-        keySlotString == NULL ||
-        fipsString == NULL ||
-        fipsKeyString == NULL )
-    {
-        JSS_throw(env, NULL_POINTER_EXCEPTION);
-        goto finish;
-    }
-
-    /* Make sure initialize() completes only once */
-    if(initialized) {
-        JSS_throw(env, ALREADY_INITIALIZED_EXCEPTION);
-        goto finish;
-    }
-
-    /*
-     * Save the JavaVM pointer so we can retrieve the JNI environment
-     * later. This only works if there is only one Java VM.
-     */
-    if( (*env)->GetJavaVM(env, &JSS_javaVM) != 0 ) {
-        JSS_trace(env, JSS_TRACE_ERROR,
-                    "Unable to to access Java virtual machine");
-        PR_ASSERT(PR_FALSE);
-        goto finish;
-    }
-
-    /*
-     * Initialize the errcode translation table.
-     */
-    JSS_initErrcodeTranslationTable();
-
-    /*
-     * The rest of the initialization (the NSS stuff) is skipped if
-     * the initializeJavaOnly flag is set.
-     */
-    if( initializeJavaOnly) {
-        initialized = PR_TRUE;
-        goto finish;
-    }
-
-
-    /*
-     * Set the PKCS #11 strings
-     */
-    manuChars = (char*) (*env)->GetStringUTFChars(env, manuString, NULL);
-    libraryChars = (char*) (*env)->GetStringUTFChars(env, libraryString, NULL);
-    tokChars = (char*) (*env)->GetStringUTFChars(env, tokString, NULL);
-    keyTokChars = (char*) (*env)->GetStringUTFChars(env, keyTokString, NULL);
-    slotChars = (char*) (*env)->GetStringUTFChars(env, slotString, NULL);
-    keySlotChars = (char*) (*env)->GetStringUTFChars(env, keySlotString, NULL);
-    fipsChars = (char*) (*env)->GetStringUTFChars(env, fipsString, NULL);
-    fipsKeyChars = (char*) (*env)->GetStringUTFChars(env, fipsKeyString, NULL);
-    if( (*env)->ExceptionOccurred(env) ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    PR_ASSERT( strlen(manuChars) == 33 );
-    PR_ASSERT( strlen(libraryChars) == 33 );
-    PR_ASSERT( strlen(tokChars) == 33 );
-    PR_ASSERT( strlen(keyTokChars) == 33 );
-    PR_ASSERT( strlen(slotChars) == 65 );
-    PR_ASSERT( strlen(keySlotChars) == 65 );
-    PR_ASSERT( strlen(fipsChars) == 65 );
-    PR_ASSERT( strlen(fipsKeyChars) == 65 );
-    PK11_ConfigurePKCS11(   manuChars,
-                            libraryChars,
-                            tokChars,
-                            keyTokChars,
-                            slotChars,
-                            keySlotChars,
-                            fipsChars,
-                            fipsKeyChars,
-                            0, /* minimum pin length */
-                            PR_FALSE /* password required */
-                        );
-
-
-    szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
-    if( certPrefix != NULL || keyPrefix != NULL || secmodName != NULL ||
-        noCertDB || noModDB || forceOpen || noRootInit ||
-        optimizeSpace || PK11ThreadSafe || PK11Reload || 
-        noPK11Finalize || cooperate) {
-        /*
-        * Set up arguments to NSS_Initialize
-        */
-        if( certPrefix != NULL ) {
-            szCertPrefix = 
-                    (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
-        }
-        if ( keyPrefix != NULL ) { 
-            szKeyPrefix = 
-                    (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
-        }
-        if ( secmodName != NULL ) {
-            szSecmodName = 
-                    (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
-        }
-        initFlags = 0;
-        if( readOnly ) {
-            initFlags |= NSS_INIT_READONLY;
-        }
-        if( noCertDB ) {
-            initFlags |= NSS_INIT_NOCERTDB;
-        }
-        if( noModDB ) {
-            initFlags |= NSS_INIT_NOMODDB;
-        } 
-        if( forceOpen ) {
-            initFlags |= NSS_INIT_FORCEOPEN;
-        }
-        if( noRootInit ) {
-            initFlags |= NSS_INIT_NOROOTINIT;
-        }
-        if( optimizeSpace ) {
-            initFlags |= NSS_INIT_OPTIMIZESPACE;
-        }
-        if( PK11ThreadSafe ) {
-            initFlags |= NSS_INIT_PK11THREADSAFE;
-        }
-        if( PK11Reload ) {
-            initFlags |= NSS_INIT_PK11RELOAD;
-        }
-        if( noPK11Finalize ) {
-            initFlags |= NSS_INIT_NOPK11FINALIZE;
-        }
-        if( cooperate ) {
-            initFlags |= NSS_INIT_COOPERATE;
-        }
-
-        /*
-        * Initialize NSS.
-        */
-        rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix,
-                szSecmodName, initFlags);
-    } else {
-        if( readOnly ) {
-            rv = NSS_Init(szConfigDir);
-        } else {
-            rv = NSS_InitReadWrite(szConfigDir);
-        }
-    }
-
-    if( rv != SECSuccess ) {
-        JSS_throwMsg(env, SECURITY_EXCEPTION,
-            "Unable to initialize security library");
-        goto finish;
-    }
-
-    /*
-     * Set default password callback.  This is the only place this
-     * should ever be called if you are using Ninja.
-     */
-    PK11_SetPasswordFunc(getPWFromCallback);
-
-    /*
-     * Setup NSS to call the specified OCSP responder
-     */
-    rv = ConfigureOCSP(
-        env,
-        ocspCheckingEnabled,
-        ocspResponderURL,
-        ocspResponderCertNickname );
-
-    if (rv != SECSuccess) {
-        goto finish;
-    }
-
-    /*
-     * Set up policy. We're always domestic now. Thanks to the US Government!
-     */
-    if( NSS_SetDomesticPolicy() != SECSuccess ) {
-        JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set security policy");
-        goto finish;
-    }
-
-    if ( PKIXVerify ) {
-        CERT_SetUsePKIXForValidation(PR_TRUE);
-    }
-    initialized = PR_TRUE;
-
-finish:
-    /* LET'S BE CAREFUL.  Unbraced if statements ahead. */
-    if(szConfigDir)
-        (*env)->ReleaseStringUTFChars(env, configDir, szConfigDir);
-    if(szCertPrefix)
-        (*env)->ReleaseStringUTFChars(env, certPrefix, szCertPrefix);
-    if(szKeyPrefix)
-        (*env)->ReleaseStringUTFChars(env, keyPrefix, szKeyPrefix);
-    if(szSecmodName)
-        (*env)->ReleaseStringUTFChars(env, secmodName, szSecmodName);
-    if(manuChars)
-        (*env)->ReleaseStringUTFChars(env, manuString, manuChars);
-    if(libraryChars)
-        (*env)->ReleaseStringUTFChars(env, libraryString, libraryChars);
-    if(tokChars)
-        (*env)->ReleaseStringUTFChars(env, tokString, tokChars);
-    if(keyTokChars)
-        (*env)->ReleaseStringUTFChars(env, keyTokString, keyTokChars);
-    if(slotChars)
-        (*env)->ReleaseStringUTFChars(env, slotString, slotChars);
-    if(keySlotChars)
-        (*env)->ReleaseStringUTFChars(env, keySlotString, keySlotChars);
-    if(fipsChars)
-        (*env)->ReleaseStringUTFChars(env, fipsString, fipsChars);
-    if(fipsKeyChars)
-        (*env)->ReleaseStringUTFChars(env, fipsKeyString, fipsKeyChars);
-
-    return;
-}
-
-/**********************************************************************
- *
- * JSS_setPasswordCallback
- *
- * Sets the global PasswordCallback object, which will be used to
- * login to tokens implicitly if necessary.
- *
- */
-void
-JSS_setPasswordCallback(JNIEnv *env, jobject callback)
-{
-    PR_ASSERT(env!=NULL && callback!=NULL);
-
-    /* Free the previously-registered password callback */
-    if( globalPasswordCallback != NULL ) {
-        (*env)->DeleteGlobalRef(env, globalPasswordCallback);
-        globalPasswordCallback = NULL;
-    }
-
-    /* Store the new password callback */
-    globalPasswordCallback = (*env)->NewGlobalRef(env, callback);
-    if(globalPasswordCallback == NULL) {
-        JSS_throw(env, OUT_OF_MEMORY_ERROR);
-    }
-}
-
-/**********************************************************************
- *
- * CryptoManager.setNativePasswordCallback
- *
- * Sets the global PasswordCallback object, which will be used to
- * login to tokens implicitly if necessary.
- *
- */
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_setNativePasswordCallback
-    (JNIEnv *env, jclass clazz, jobject callback)
-{
-    JSS_setPasswordCallback(env, callback);
-}
-
-/********************************************************************
- *
- * g e t P W F r o m C a l l b a c k
- *
- * Extracts a password from a password callback and returns
- * it to PKCS #11.
- *
- * INPUTS
- *      slot
- *          The PK11SlotInfo* for the slot we are logging into.
- *      retry
- *          PR_TRUE if this is the first time we are trying to login,
- *          PR_FALSE if we tried before and our password was wrong.
- *      arg
- *          This can contain a Java PasswordCallback object reference,
- *          or NULL to use the default password callback.
- * RETURNS
- *      The password as extracted from the callback, or NULL if the
- *      callback gives up.
- */
-static char*
-getPWFromCallback(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
-    jobject pwcbInfo;
-    jobject pwObject;
-    jbyteArray pwArray=NULL;
-    char* pwchars;
-    char* returnchars=NULL;
-    jclass callbackClass;
-    jclass passwordClass;
-    jmethodID getPWMethod;
-    jmethodID getByteCopyMethod;
-    jmethodID clearMethod;
-    jthrowable exception;
-    jobject callback;
-    JNIEnv *env;
-
-    PR_ASSERT(slot!=NULL);
-    if(slot==NULL) {
-        return NULL;
-    }
-
-    /* Get the callback from the arg, or use the default */
-    PR_ASSERT(sizeof(void*) == sizeof(jobject));
-    callback = (jobject)arg;
-    if(callback == NULL) {
-        callback = globalPasswordCallback;
-        if(callback == NULL) {
-            /* No global password callback set, no way to get a password */
-            return NULL;
-        }
-    }
-
-    /* Get the JNI environment */
-    if((*JSS_javaVM)->AttachCurrentThread(JSS_javaVM, (void**)&env, NULL) != 0){
-        PR_ASSERT(PR_FALSE);
-        goto finish;
-    }
-    PR_ASSERT(env != NULL);
-
-    /*****************************************
-     * Construct the JSS_PasswordCallbackInfo
-     *****************************************/
-    pwcbInfo = makePWCBInfo(env, slot);
-    if(pwcbInfo==NULL) {
-        goto finish;
-    }
-
-    /*****************************************
-     * Get the callback class and methods
-     *****************************************/
-    callbackClass = (*env)->GetObjectClass(env, callback);
-    if(callbackClass == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR, "Failed to find password "
-            "callback class");
-        PR_ASSERT(PR_FALSE);
-    }
-    if(retry) {
-        getPWMethod = (*env)->GetMethodID(
-                        env,
-                        callbackClass,
-                        PW_CALLBACK_GET_PW_AGAIN_NAME,
-                        PW_CALLBACK_GET_PW_AGAIN_SIG);
-    } else {
-        getPWMethod = (*env)->GetMethodID(
-                        env,
-                        callbackClass,
-                        PW_CALLBACK_GET_PW_FIRST_NAME,
-                        PW_CALLBACK_GET_PW_FIRST_SIG);
-    }
-    if(getPWMethod == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR,
-            "Failed to find password callback accessor method");
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /*****************************************
-     * Get the password from the callback
-     *****************************************/
-    pwObject = (*env)->CallObjectMethod(
-                                        env,
-                                        callback,
-                                        getPWMethod,
-                                        pwcbInfo);
-    if( (*env)->ExceptionOccurred(env) != NULL) {
-        goto finish;
-    }
-    if( pwObject == NULL ) {
-        JSS_throw(env, GIVE_UP_EXCEPTION);
-        goto finish;
-    }
-
-    /*****************************************
-     * Get Password class and methods
-     *****************************************/
-    passwordClass = (*env)->GetObjectClass(env, pwObject);
-    if(passwordClass == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR, "Failed to find Password class");
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    getByteCopyMethod = (*env)->GetMethodID(
-                                            env,
-                                            passwordClass,
-                                            PW_GET_BYTE_COPY_NAME,
-                                            PW_GET_BYTE_COPY_SIG);
-    clearMethod = (*env)->GetMethodID(  env,
-                                        passwordClass,
-                                        PW_CLEAR_NAME,
-                                        PW_CLEAR_SIG);
-    if(getByteCopyMethod==NULL || clearMethod==NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR,
-            "Failed to find Password manipulation methods from native "
-            "implementation");
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /************************************************
-     * Get the bytes from the password, then clear it
-     ***********************************************/
-    pwArray = (*env)->CallObjectMethod( env, pwObject, getByteCopyMethod);
-    (*env)->CallVoidMethod(env, pwObject, clearMethod);
-
-    exception = (*env)->ExceptionOccurred(env);
-    if(exception == NULL) {
-        PR_ASSERT(pwArray != NULL);
-
-        /*************************************************************
-         * Copy the characters out of the byte array,
-         * then erase it
-        *************************************************************/
-        pwchars = (char*) (*env)->GetByteArrayElements(env, pwArray, NULL);
-        PR_ASSERT(pwchars!=NULL);
-
-        returnchars = PL_strdup(pwchars);
-        JSS_wipeCharArray(pwchars);
-        (*env)->ReleaseByteArrayElements(env, pwArray, (jbyte*)pwchars, 0);
-    } else {
-        returnchars = NULL;
-    }
-
-finish:
-    if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
-#ifdef DEBUG
-        jclass giveupClass;
-        jmethodID printStackTrace;
-        jclass excepClass;
-#endif
-        (*env)->ExceptionClear(env);
-#ifdef DEBUG
-        giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION);
-        PR_ASSERT(giveupClass != NULL);
-        if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) {
-            excepClass = (*env)->GetObjectClass(env, exception);
-            printStackTrace = (*env)->GetMethodID(env, excepClass,
-                "printStackTrace", "()V");
-            (*env)->CallVoidMethod(env, exception, printStackTrace);
-            PR_ASSERT( PR_FALSE );
-        }
-        PR_ASSERT(returnchars==NULL);
-#endif
-    }
-    return returnchars;
-}
-
-/**********************************************************************
- *
- * m a k e P W C B I n f o
- *
- * Creates a Java PasswordCallbackInfo structure from a PKCS #11 token.
- * Returns this object, or NULL if an exception was thrown.
- */
-static jobject
-makePWCBInfo(JNIEnv *env, PK11SlotInfo *slot)
-{
-    jclass infoClass;
-    jmethodID constructor;
-    jstring name;
-    jobject pwcbInfo=NULL;
-
-    PR_ASSERT(env!=NULL && slot!=NULL);
-
-    /*****************************************
-     * Turn the token name into a Java String
-     *****************************************/
-    name = (*env)->NewStringUTF(env, PK11_GetTokenName(slot));
-    if(name == NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /*****************************************
-     * Look up the class and constructor
-     *****************************************/
-    infoClass = (*env)->FindClass(env, TOKEN_CBINFO_CLASS_NAME);
-    if(infoClass == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR, "Unable to find TokenCallbackInfo "
-            "class");
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    constructor = (*env)->GetMethodID(  env,
-                                        infoClass,
-                                        TOKEN_CBINFO_CONSTRUCTOR_NAME,
-                                        TOKEN_CBINFO_CONSTRUCTOR_SIG);
-    if(constructor == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR, "Unable to find "
-            "TokenCallbackInfo constructor");
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /*****************************************
-     * Create the CallbackInfo object
-     *****************************************/
-    pwcbInfo = (*env)->NewObject(env, infoClass, constructor, name);
-    if(pwcbInfo == NULL) {
-        JSS_trace(env, JSS_TRACE_ERROR, "Unable to create TokenCallbackInfo");
-        ASSERT_OUTOFMEM(env);
-    }
-
-finish:
-    return pwcbInfo;
-}
-
-/**********************************************************************
- * CryptoManager.putModulesInVector
- *
- * Wraps all PKCS #11 modules in PK11Module Java objects, then puts
- * these into a Vector.
- */
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_putModulesInVector
-    (JNIEnv *env, jobject this, jobject vector)
-{
-    SECMODListLock *listLock=NULL;
-    SECMODModuleList *list;
-    SECMODModule *modp=NULL;
-    jclass vectorClass;
-    jmethodID addElement;
-    jobject module;
-
-    PR_ASSERT(env!=NULL && this!=NULL && vector!=NULL);
-
-    /***************************************************
-     * Get JNI ids
-     ***************************************************/
-    vectorClass = (*env)->GetObjectClass(env, vector);
-    if(vectorClass == NULL) goto finish;
-
-    addElement = (*env)->GetMethodID(env,
-                                     vectorClass,
-                                     VECTOR_ADD_ELEMENT_NAME,
-                                     VECTOR_ADD_ELEMENT_SIG);
-    if(addElement==NULL) goto finish;
-
-    /***************************************************
-     * Lock the list
-     ***************************************************/
-    listLock = SECMOD_GetDefaultModuleListLock();
-    PR_ASSERT(listLock!=NULL);
-
-    SECMOD_GetReadLock(listLock);
-
-    /***************************************************
-     * Loop over the modules, adding each one to the vector
-     ***************************************************/
-    for( list = SECMOD_GetDefaultModuleList(); list != NULL; list=list->next) {
-        PR_ASSERT(list->module != NULL);
-
-        /** Make a PK11Module **/
-        modp = SECMOD_ReferenceModule(list->module);
-        module = JSS_PK11_wrapPK11Module(env, &modp);
-        PR_ASSERT(modp==NULL);
-        if(module == NULL) {
-            goto finish;
-        }
-
-        /** Stick the PK11Module in the Vector **/
-        (*env)->CallVoidMethod(env, vector, addElement, module);
-    }
-
-finish:
-    /*** Unlock the list ***/
-    if(listLock != NULL) {
-        SECMOD_ReleaseReadLock(listLock);
-    }
-    /*** Free this module if it wasn't properly Java-ized ***/
-    if(modp!=NULL) {
-        SECMOD_DestroyModule(modp);
-    }
-
-    return;
-}
-
-
-/**********************************************************************
- * CryptoManager.enableFIPS
- *
- * Enables or disables FIPS mode.
- * INPUTS
- *      fips
- *          true means turn on FIPS mode, false means turn it off.
- * RETURNS
- *      true if a switch happened, false if the library was already
- *      in the requested mode.
- * THROWS
- *      java.security.GeneralSecurityException if an error occurred with
- *      the PKCS #11 library.
- */
-JNIEXPORT jboolean JNICALL
-Java_org_mozilla_jss_CryptoManager_enableFIPS
-    (JNIEnv *env, jclass clazz, jboolean fips)
-{
-    char *name=NULL;
-    jboolean switched = JNI_FALSE;
-    SECStatus status = SECSuccess;
-
-    if( ((fips==JNI_TRUE)  && !PK11_IsFIPS()) ||
-        ((fips==JNI_FALSE) &&  PK11_IsFIPS())  )
-    {
-        name = PL_strdup(SECMOD_GetInternalModule()->commonName);
-        status = SECMOD_DeleteInternalModule(name);
-        PR_Free(name);
-        switched = JNI_TRUE;
-    }
-
-    if(status != SECSuccess) {
-        JSS_throwMsg(env,
-                     GENERAL_SECURITY_EXCEPTION,
-                     "Failed to toggle FIPS mode");
-    }
-
-    return switched;
-}
-
-/***********************************************************************
- * CryptoManager.FIPSEnabled
- *
- * Returns true if FIPS mode is currently on, false if it ain't.
- */
-JNIEXPORT jboolean JNICALL
-Java_org_mozilla_jss_CryptoManager_FIPSEnabled(JNIEnv *env, jobject this)
-{
-    if( PK11_IsFIPS() ) {
-        return JNI_TRUE;
-    } else {
-        return JNI_FALSE;
-    }
-}
-
-/***********************************************************************
- * DatabaseCloser.closeDatabases
- *
- * Closes the cert and key database, rendering the security library
- * unusable.
- */
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_DatabaseCloser_closeDatabases
-    (JNIEnv *env, jobject this)
-{
-    NSS_Shutdown();
-}
-
-/**********************************************************************
-* configureOCSPNative
-*
-* Allows configuration of the OCSP responder during runtime.
-*/
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_configureOCSPNative(
-        JNIEnv *env, jobject this,
-        jboolean ocspCheckingEnabled,
-        jstring ocspResponderURL,
-        jstring ocspResponderCertNickname )
-{
-    SECStatus rv = SECFailure;
-
-    rv =  ConfigureOCSP(env,ocspCheckingEnabled,
-        ocspResponderURL, ocspResponderCertNickname);
-
-    if (rv != SECSuccess) {
-        JSS_throwMsgPrErr(env,
-                     GENERAL_SECURITY_EXCEPTION,
-                     "Failed to configure OCSP");
-    }
-}
-
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/CryptoManager.java
+++ /dev/null
@@ -1,1554 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.util.*;
-import org.mozilla.jss.asn1.*;
-import java.security.cert.CertificateException;
-import java.security.GeneralSecurityException;
-import org.mozilla.jss.pkcs11.PK11Cert;
-import java.util.*;
-import org.mozilla.jss.pkcs11.KeyType;
-import org.mozilla.jss.pkcs11.PK11Token;
-import org.mozilla.jss.pkcs11.PK11Module;
-import org.mozilla.jss.pkcs11.PK11SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import org.mozilla.jss.CRLImportException;
-import org.mozilla.jss.provider.java.security.JSSMessageDigestSpi;
-
-/**
- * This class is the starting poing for the crypto package.
- * Use it to initialize the subsystem and to lookup certs, keys, and tokens.
- * Initialization is done with static methods, and must be done before
- * an instance can be created.  All other operations are done with instance
- * methods.
- * @version $Revision$ $Date$
- */
-public final class CryptoManager implements TokenSupplier
-{
-    /**
-     * CertUsage options for validation
-     */
-    public final static class CertUsage {
-        private int usage;
-        private String name;
-        static private ArrayList list = new ArrayList();
-        private CertUsage() {};
-        private CertUsage(int usage, String name) {
-            this.usage = usage;
-            this.name =  name;
-            this.list.add(this);
-
-        }
-        public int getUsage() {
-            return usage;
-        }
-
-        static public Iterator getCertUsages() {
-            return list.iterator();
-
-        }
-        public String toString() {
-            return name;
-        }
-
-
-
-        // certUsage, these must be kept in sync with nss/lib/certdb/certt.h
-        public static final CertUsage SSLClient = new CertUsage(0, "SSLClient");
-        public static final CertUsage SSLServer = new CertUsage(1, "SSLServer");
-        public static final CertUsage SSLServerWithStepUp = new CertUsage(2, "SSLServerWithStepUp");
-        public static final CertUsage SSLCA = new CertUsage(3, "SSLCA");
-        public static final CertUsage EmailSigner = new CertUsage(4, "EmailSigner");
-        public static final CertUsage EmailRecipient = new CertUsage(5, "EmailRecipient");
-        public static final CertUsage ObjectSigner = new CertUsage(6, "ObjectSigner");
-        public static final CertUsage UserCertImport = new CertUsage(7, "UserCertImport");
-        public static final CertUsage VerifyCA = new CertUsage(8, "VerifyCA");
-        public static final CertUsage ProtectedObjectSigner = new CertUsage(9, "ProtectedObjectSigner");
-        public static final CertUsage StatusResponder = new CertUsage(10, "StatusResponder");
-        public static final CertUsage AnyCA = new CertUsage(11, "AnyCA");
-    }
-
-    public final static class NotInitializedException extends Exception {}
-    public final static class NicknameConflictException extends Exception {}
-    public final static class UserCertConflictException extends Exception {}
-    public final static class InvalidLengthException extends Exception {}
-
-    /**
-     * The various options that can be used to initialize CryptoManager.
-     */
-    public final static class InitializationValues {
-        protected InitializationValues() {
-            Assert.notReached("Default constructor");
-        }
-
-        /////////////////////////////////////////////////////////////
-        // Constants
-        /////////////////////////////////////////////////////////////
-        /**
-         * Token names must be this length exactly.
-         */
-        public final int TOKEN_LENGTH = 33;
-        /**
-         * Slot names must be this length exactly.
-         */
-        public final int SLOT_LENGTH = 65;
-        /**
-         * ManufacturerID must be this length exactly.
-         */
-        public final int MANUFACTURER_LENGTH = 33;
-        /**
-         * Library description must be this length exactly.
-         */
-        public final int LIBRARY_LENGTH = 33;
-
-        /**
-         * This class enumerates the possible modes for FIPS compliance.
-         */
-        public static final class FIPSMode {
-            private FIPSMode() {}
-
-            /**
-             * Enable FIPS mode.
-             */
-            public static final FIPSMode ENABLED = new FIPSMode();
-            /**
-             * Disable FIPS mode.
-             */
-            public static final FIPSMode DISABLED = new FIPSMode();
-            /**
-             * Leave FIPS mode unchanged.  All servers except Admin
-             * Server should use this, because only Admin Server should
-             * be altering FIPS mode.
-             */
-            public static final FIPSMode UNCHANGED = new FIPSMode();
-                }
-
-        public InitializationValues(String configDir) {
-            this.configDir = configDir;
-        }
-
-        public InitializationValues(String configDir, String certPrefix,
-            String keyPrefix, String secmodName)
-        {
-            this.configDir = configDir;
-            this.certPrefix = certPrefix;
-            this.keyPrefix = keyPrefix;
-            this.secmodName = secmodName;
-        }
-
-        public String configDir = null;
-        public String certPrefix = null;
-        public String keyPrefix = null;
-        public String secmodName = null;
-
-        /**
-         * The password callback to be used by JSS whenever a password
-         * is needed. May be NULL, in which the library will immediately fail
-         * to get a password if it tries to login automatically while
-         * performing
-         * a cryptographic operation.  It will still work if the token
-         * has been manually logged in with <code>CryptoToken.login</code>.
-         * <p>The default is a <code>ConsolePasswordCallback</code>.
-         */
-        public PasswordCallback passwordCallback =
-            new ConsolePasswordCallback();
-
-        /**
-         * The FIPS mode of the security library.  Servers should
-         * use <code>FIPSMode.UNCHANGED</code>, since only
-         * Admin Server is supposed to alter this value.
-         * <p>The default is <code>FIPSMode.UNCHANGED</code>.
-         */
-        public FIPSMode fipsMode = FIPSMode.UNCHANGED;
-
-        /**
-         * To open the databases in read-only mode, set this flag to
-         * <code>true</code>.  The default is <code>false</code>, meaning
-         * the databases are opened in read-write mode.
-         */
-        public boolean readOnly = false;
-
-        ////////////////////////////////////////////////////////////////////
-        // Manufacturer ID
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the Manufacturer ID of the internal PKCS #11 module.
-         * <p>The default is <code>"mozilla.org                     "</code>.
-         */
-        public String getManufacturerID() { return manufacturerID; }
-
-        /**
-         * Sets the Manufacturer ID of the internal PKCS #11 module.
-         * This value must be exactly <code>MANUFACTURER_LENGTH</code>
-         * characters long.
-         * @exception InvalidLengthException If <code>s.length()</code> is not
-         *      exactly <code>MANUFACTURER_LENGTH</code>.
-         */
-        public void setManufacturerID(String s) throws InvalidLengthException {
-            if( s.length() != MANUFACTURER_LENGTH ) {
-                throw new InvalidLengthException();
-            }
-            manufacturerID = s;
-        }
-        private String manufacturerID =
-            "mozilla.org                      ";
-
-        ////////////////////////////////////////////////////////////////////
-        // Library Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 module.
-         * <p>The default is <code>"Internal Crypto Services         "</code>.
-         */
-        public String getLibraryDescription() { return libraryDescription; }
-
-        /**
-         * Sets the description of the internal PKCS #11 module.
-         * This value must be exactly <code>LIBRARY_LENGTH</code>
-         *  characters long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>LIBRARY_LENGTH</code>.
-         */
-        public void setLibraryDescription(String s)
-            throws InvalidLengthException
-        {
-            if( s.length() != LIBRARY_LENGTH ) {
-                throw new InvalidLengthException();
-            }
-            libraryDescription = s;
-        }
-        private String libraryDescription =
-            "Internal Crypto Services         ";
-
-        ////////////////////////////////////////////////////////////////////
-        // Internal Token Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 token.
-         * <p>The default is <code>"Internal Crypto Services Token   "</code>.
-         */
-        public String getInternalTokenDescription() {
-            return internalTokenDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 token.
-         * This value must be exactly <code>TOKEN_LENGTH</code> characters long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>TOKEN_LENGTH</code>.
-         */
-        public void setInternalTokenDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != TOKEN_LENGTH) {
-                throw new InvalidLengthException();
-            }
-            internalTokenDescription = s;
-        }
-        private String internalTokenDescription =
-            "NSS Generic Crypto Services      ";
-
-        ////////////////////////////////////////////////////////////////////
-        // Internal Key Storage Token Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 key storage token.
-         * <p>The default is <code>"Internal Key Storage Token       "</code>.
-         */
-        public String getInternalKeyStorageTokenDescription() {
-            return internalKeyStorageTokenDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 key storage token.
-         * This value must be exactly <code>TOKEN_LENGTH</code> characters long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>TOKEN_LENGTH</code>.
-         */
-        public void setInternalKeyStorageTokenDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != TOKEN_LENGTH) {
-                throw new InvalidLengthException();
-            }
-            internalKeyStorageTokenDescription = s;
-        }
-        private String internalKeyStorageTokenDescription =
-            "Internal Key Storage Token       ";
-
-        ////////////////////////////////////////////////////////////////////
-        // Internal Slot Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 slot.
-         * <p>The default is <code>"NSS Internal Cryptographic Services                              "</code>.
-         */
-        public String getInternalSlotDescription() {
-            return internalSlotDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 slot.
-         * This value must be exactly <code>SLOT_LENGTH</code> characters
-         * long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>SLOT_LENGTH</code>.
-         */
-        public void setInternalSlotDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != SLOT_LENGTH)  {
-                throw new InvalidLengthException();
-            }
-            internalSlotDescription = s;
-        }
-        private String internalSlotDescription =
-            "NSS Internal Cryptographic Services                              ";
-
-        ////////////////////////////////////////////////////////////////////
-        // Internal Key Storage Slot Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 key storage slot.
-         * <p>The default is <code>"NSS Internal Private Key and Certificate Storage                 "</code>.
-
-         */
-        public String getInternalKeyStorageSlotDescription() {
-            return internalKeyStorageSlotDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 key storage slot.
-         * This value must be exactly <code>SLOT_LENGTH</code> characters
-         * long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>SLOT_LENGTH</code>.
-         */
-        public void setInternalKeyStorageSlotDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != SLOT_LENGTH) {
-                throw new InvalidLengthException();
-            }
-            internalKeyStorageSlotDescription = s;
-        }
-        private String internalKeyStorageSlotDescription =
-            "NSS User Private Key and Certificate Services                    ";
-
-        ////////////////////////////////////////////////////////////////////
-        // FIPS Slot Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 FIPS slot.
-         * <p>The default is 
-         * <code>"NSS FIPS 140-2 User Private Key Services"</code>.
-         */
-        public String getFIPSSlotDescription() {
-            return FIPSSlotDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 FIPS slot.
-         * This value must be exactly <code>SLOT_LENGTH</code> characters
-         * long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>SLOT_LENGTH</code>.
-         */
-        public void setFIPSSlotDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != SLOT_LENGTH) {
-                throw new InvalidLengthException();
-            }
-            FIPSSlotDescription = s;
-        }
-        private String FIPSSlotDescription =
-            "NSS FIPS 140-2 User Private Key Services                         ";
-
-        ////////////////////////////////////////////////////////////////////
-        // FIPS Key Storage Slot Description
-        ////////////////////////////////////////////////////////////////////
-        /**
-         * Returns the description of the internal PKCS #11 FIPS
-         * Key Storage slot.
-         * <p>The default is 
-         * <code>"NSS FIPS 140-2 User Private Key Services"</code>.
-         */
-        public String getFIPSKeyStorageSlotDescription() {
-            return FIPSKeyStorageSlotDescription;
-        }
-
-        /**
-         * Sets the description of the internal PKCS #11 FIPS Key Storage slot.
-         * This value must be exactly <code>SLOT_LENGTH</code> characters
-         * long.
-         * @exception InvalidLengthException If <code>s.length()</code> is
-         *      not exactly <code>SLOT_LENGTH</code>.
-         */
-        public void setFIPSKeyStorageSlotDescription(String s)
-            throws InvalidLengthException
-        {
-            if(s.length() != SLOT_LENGTH) {
-                throw new InvalidLengthException();
-            }
-            FIPSKeyStorageSlotDescription = s;
-        }
-        private String FIPSKeyStorageSlotDescription =
-            "NSS FIPS 140-2 User Private Key Services                         ";
-
-        /**
-         * To have NSS check the OCSP responder for when verifying
-         * certificates, set this flags to true. It is false by
-         * default.
-         */
-        public boolean ocspCheckingEnabled = false;
-
-        /**
-         * Specify the location and cert of the responder.
-         * If OCSP checking is enabled *and* this variable is
-         * set to some URL, all OCSP checking will be done via
-         * this URL.
-         *
-         * If this variable is null, the OCSP responder URL will
-         * be obtained from the AIA extension in the certificate
-         * being queried.
-         *
-         * If this is set, you must also set ocspResponderCertNickname
-         *
-         */
-        public String ocspResponderURL = null;
-
-        /**
-         * The nickname of the cert to trust (expected) to
-         * sign the OCSP responses.
-         * Only checked when the OCSPResponder value is set.
-         */
-        public String ocspResponderCertNickname = null;
-
-
-        /**
-         * Install the JSS crypto provider. Default is true.
-         */
-        public boolean installJSSProvider = true;
-
-        /**
-         * Remove the Sun crypto provider. Default is false.
-         */
-        public boolean removeSunProvider = false;
-
-        /**
-         * If <tt>true</tt>, none of the underlying NSS components will
-         * be initialized. Only the Java portions of JSS will be
-         * initialized. This should only be used if NSS has been initialized
-         * elsewhere.
-         *
-         * <p>Specifically, the following components will <b>not</b> be
-         *  configured by <tt>CryptoManager.initialize</tt> if this flag is set:
-         * <ul>
-         * <li>The NSS databases.
-         * <li>OCSP checking.
-         * <li>The NSS password callback.
-         * <li>The internal PKCS #11 software token's identifier labels:
-         *      slot, token, module, and manufacturer.
-         * <li>The minimum PIN length for the software token.
-         * <li>The frequency with which the user must login to the software
-         *      token.
-         * <li>The cipher strength policy (export/domestic).
-         * </ul>
-         *
-         * <p>The default is <tt>false</tt>.
-         */
-        public boolean initializeJavaOnly = false;
-
-        /**
-         * Enable PKIX verify rather than the old cert library, 
-         * to verify certificates. Default is false.
-         */
-        public boolean PKIXVerify = false;
-
-        /**
-         * Don't open the cert DB and key DB's, just 
-         * initialize the volatile certdb. Default is false.
-         */
-        public boolean noCertDB = false;
-
-        /**
-         * Don't open the security module DB, 
-         * just initialize the PKCS #11 module.
-         * Default is false.
-         */
-        public boolean noModDB = false; 
-
-        /** 
-         * Continue to force initializations even if the 
-         * databases cannot be opened.
-         * Default is false.
-         */
-        public boolean forceOpen = false;
-
-        /**
-         * Don't try to look for the root certs module
-         * automatically.
-         * Default is false.
-         */
-        public boolean noRootInit = false;
-
-        /** 
-         * Use smaller tables and caches.
-         * Default is false.
-         */
-        public boolean optimizeSpace = false;
-
-        /**
-         * only load PKCS#11 modules that are
-         * thread-safe, ie. that support locking - either OS
-         * locking or NSS-provided locks . If a PKCS#11
-         * module isn't thread-safe, don't serialize its
-         * calls; just don't load it instead. This is necessary
-         * if another piece of code is using the same PKCS#11
-         * modules that NSS is accessing without going through
-         * NSS, for example the Java SunPKCS11 provider.
-         * Default is false.
-         */
-        public boolean PK11ThreadSafe = false;
-
-        /**
-         * Init PK11Reload to ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
-         * error when loading PKCS#11 modules. This is necessary
-         * if another piece of code is using the same PKCS#11
-         * modules that NSS is accessing without going through
-         * NSS, for example Java SunPKCS11 provider. 
-         * default is false.
-         */
-        public boolean PK11Reload = false;
-        
-        /**
-         * never call C_Finalize on any
-         * PKCS#11 module. This may be necessary in order to
-         * ensure continuous operation and proper shutdown
-         * sequence if another piece of code is using the same
-         * PKCS#11 modules that NSS is accessing without going
-         * through NSS, for example Java SunPKCS11 provider.
-         * The following limitation applies when this is set :
-         * SECMOD_WaitForAnyTokenEvent will not use
-         * C_WaitForSlotEvent, in order to prevent the need for
-         * C_Finalize. This call will be emulated instead.
-         * Default is false.
-         */
-        public boolean noPK11Finalize = false;
- 
-        /**
-         * Sets 4 recommended options for applications that
-         * use both NSS and the Java SunPKCS11 provider.
-         * Default is false.
-         */
-        public boolean cooperate = false;
-
-    }
-
-    ////////////////////////////////////////////////////
-    //  Module and Token Management
-    ////////////////////////////////////////////////////
-
-    /**
-     * Retrieves the internal cryptographic services token. This is the
-     * token built into NSS that performs bulk
-     * cryptographic operations.
-     * <p>In FIPS mode, the internal cryptographic services token is the
-     * same as the internal key storage token.
-     *
-     * @return The internal cryptographic services token.
-     */
-    public synchronized CryptoToken getInternalCryptoToken() {
-        return internalCryptoToken;
-    }
-
-    /**
-     * Retrieves the internal key storage token.  This is the token
-     * provided by NSS to store private keys.
-     * The keys stored in this token are stored in an encrypted key database.
-     * <p>In FIPS mode, the internal key storage token is the same as
-     * the internal cryptographic services token.
-     *
-     * @return The internal key storage token.
-     */
-    public synchronized CryptoToken getInternalKeyStorageToken() {
-        return internalKeyStorageToken;
-    }
-
-    /**
-     * Looks up the CryptoToken with the given name.  Searches all
-     * loaded cryptographic modules for the token.
-     *
-     * @param name The name of the token.
-     * @exception org.mozilla.jss.crypto.NoSuchTokenException If no token
-     *  is found with the given name.
-     */
-    public synchronized CryptoToken getTokenByName(String name)
-        throws NoSuchTokenException
-    {
-        Enumeration tokens = getAllTokens();
-        CryptoToken token;
-
-        while(tokens.hasMoreElements()) {
-            token = (CryptoToken) tokens.nextElement();
-            try {
-                if( name.equals(token.getName()) ) {
-                    return token;
-                }
-            } catch( TokenException e ) {
-                Assert._assert(false, "Got a token exception");
-            }
-        }
-        throw new NoSuchTokenException();
-    }
-
-    /**
-     * Retrieves all tokens that support the given algorithm.
-     *
-     */
-    public synchronized Enumeration getTokensSupportingAlgorithm(Algorithm alg)
-    {
-        Enumeration tokens = getAllTokens();
-        Vector goodTokens = new Vector();
-        CryptoToken tok;
-
-        while(tokens.hasMoreElements()) {
-            tok = (CryptoToken) tokens.nextElement();
-            if( tok.doesAlgorithm(alg) ) {
-                goodTokens.addElement(tok);
-            }
-        }
-        return goodTokens.elements();
-    }
-
-    /**
-     * Retrieves all tokens. This is an enumeration of all tokens on all
-     * modules.
-     *
-     * @return All tokens accessible from JSS. Each item of the enumeration
-     *      is a <code>CryptoToken</code>
-     * @see org.mozilla.jss.crypto.CryptoToken
-     */
-    public synchronized Enumeration getAllTokens() {
-        Enumeration modules = getModules();
-        Enumeration tokens;
-        Vector allTokens = new Vector();
-
-        while(modules.hasMoreElements()) {
-            tokens = ((PK11Module)modules.nextElement()).getTokens();
-            while(tokens.hasMoreElements()) {
-                allTokens.addElement( tokens.nextElement() );
-            }
-        }
-        return allTokens.elements();
-    }
-
-    /**
-     * Retrieves all tokens except those built into NSS.
-     * This excludes the internal token and the internal
-     * key storage token (which are one and the same in FIPS mode).
-     *
-     * @return All tokens accessible from JSS, except for the built-in
-     *      internal tokens.
-     */
-    public synchronized Enumeration getExternalTokens() {
-        Enumeration modules = getModules();
-        Enumeration tokens;
-        PK11Token token;
-        Vector allTokens = new Vector();
-
-        while(modules.hasMoreElements()) {
-            tokens = ((PK11Module)modules.nextElement()).getTokens();
-            while(tokens.hasMoreElements()) {
-                token = (PK11Token) tokens.nextElement();
-                if( ! token.isInternalCryptoToken() &&
-                    ! token.isInternalKeyStorageToken() )
-                {
-                    allTokens.addElement( token );
-                }
-            }
-        }
-        return allTokens.elements();
-    }
-
-    /**
-     * Retrieves all installed cryptographic modules.
-     *
-     * @return An enumeration of all installed PKCS #11 modules. Each
-     *      item in the enumeration is a <code>PK11Module</code>.
-     * @see org.mozilla.jss.pkcs11.PK11Module
-     */
-    public synchronized Enumeration getModules() {
-        return moduleVector.elements();
-    }
-
-    // Need to reload modules after adding new one
-    //public native addModule(String name, String libraryName);
-
-    /**
-     * The list of modules. This should be initialized by the constructor
-     * and updated whenever 1) a new module is added, 2) a module is deleted,
-     * or 3) FIPS mode is switched.
-     */
-    private Vector moduleVector;
-
-    /**
-     * Re-creates the Vector of modules that is stored by CryptoManager.
-     * This entails going into native code to enumerate all modules,
-     * wrap each one in a PK11Module, and storing the PK11Module in the vector.
-     */
-    private synchronized void reloadModules() {
-        moduleVector = new Vector();
-        putModulesInVector(moduleVector);
-
-        // Get the internal tokens
-        Enumeration tokens = getAllTokens();
-
-        internalCryptoToken = null;
-        internalKeyStorageToken = null;
-        while(tokens.hasMoreElements()) {
-            PK11Token token = (PK11Token) tokens.nextElement();
-            if( token.isInternalCryptoToken() ) {
-                Assert._assert(internalCryptoToken == null);
-                internalCryptoToken = token;
-            }
-            if( token.isInternalKeyStorageToken() ) {
-                Assert._assert(internalKeyStorageToken == null);
-                internalKeyStorageToken = token;
-            }
-        }
-        Assert._assert(internalKeyStorageToken != null);
-        Assert._assert(internalCryptoToken != null);
-    }
-
-    /**
-     * The internal cryptographic services token.
-     */
-    private CryptoToken internalCryptoToken;
-
-    /**
-     * The internal key storage token.
-     */
-    private CryptoToken internalKeyStorageToken;
-
-    /**
-     * Native code to traverse all PKCS #11 modules, wrap each one in
-     * a PK11Module, and insert each PK11Module into the given vector.
-     */
-    private native void putModulesInVector(Vector vector);
-
-
-    ///////////////////////////////////////////////////////////////////////
-    // Constructor and Accessors
-    ///////////////////////////////////////////////////////////////////////
-
-    /**
-     * Constructor, for internal use only.
-     */
-    protected CryptoManager()  {
-        TokenSupplierManager.setTokenSupplier(this);
-        reloadModules();
-    }
-
-    /**
-     * Retrieve the single instance of CryptoManager.
-     * This cannot be called before initialization.
-     *
-     * @see #initialize(CryptoManager.InitializationValues)
-     * @exception NotInitializedException If
-     *      <code>initialize(InitializationValues</code> has not yet been
-     *      called.
-     */
-    public synchronized static CryptoManager getInstance()
-        throws NotInitializedException
-    {
-        if(instance==null) {
-            throw new NotInitializedException();
-        }
-        return instance;
-    }
-
-    /**
-     * The singleton instance, and a static initializer to create it.
-     */
-    private static CryptoManager instance=null;
-
-
-    ///////////////////////////////////////////////////////////////////////
-    // FIPS management
-    ///////////////////////////////////////////////////////////////////////
-
-    /**
-     * Enables or disables FIPS-140-2 compliant mode. If this returns true,
-     * you must reloadModules(). This should only be called once in a program,
-     * at the beginning, because it invalidates tokens and modules.
-     *
-     * @param fips true to turn FIPS compliant mode on, false to turn it off.
-     */
-    private static native boolean enableFIPS(boolean fips)
-        throws GeneralSecurityException;
-
-    /**
-     * Determines whether FIPS-140-2 compliance is active.
-     *
-     * @return true if the security library is in FIPS-140-2 compliant mode.
-     */
-    public synchronized native boolean FIPSEnabled();
-
-
-    ///////////////////////////////////////////////////////////////////////
-    // Password Callback management
-    ///////////////////////////////////////////////////////////////////////
-
-    /**
-     * This function sets the global password callback.  It is
-     * not thread-safe to change this.
-     * <p>The callback may be NULL, in which case password callbacks will
-     * fail gracefully.
-     */
-    public synchronized void setPasswordCallback(PasswordCallback pwcb) {
-        passwordCallback = pwcb;
-        setNativePasswordCallback( pwcb );
-    }
-    private native void setNativePasswordCallback(PasswordCallback cb);
-
-    /**
-     * Returns the currently registered password callback.
-     */
-    public synchronized PasswordCallback getPasswordCallback() {
-        return passwordCallback;
-    }
-
-    private PasswordCallback passwordCallback;
-
-
-    ////////////////////////////////////////////////////
-    // Initialization
-    ////////////////////////////////////////////////////
-
-    /**
-     * Initialize the security subsystem.  Opens the databases, loads all
-     * PKCS #11 modules, initializes the internal random number generator.
-     * The <code>initialize</code> methods that take arguments should be
-     * called only once, otherwise they will throw
-     * an exception. It is OK to call them after calling
-     * <code>initialize()</code>.
-     *
-     * @param configDir The directory containing the security databases.
-     * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open
-     *  the key database, or it was currupted.
-     * @exception org.mozilla.jss.util.CertDatabaseException Unable
-     *  to open the certificate database, or it was currupted.
-     **/
-    public static synchronized void initialize( String configDir )
-        throws  KeyDatabaseException,
-                CertDatabaseException,
-                AlreadyInitializedException,
-                GeneralSecurityException
-    {
-        initialize( new InitializationValues(configDir) );
-    }
-
-    /**
-     * Initialize the security subsystem.  Opens the databases, loads all
-     * PKCS #11 modules, initializes the internal random number generator.
-     * The <code>initialize</code> methods that take arguments should be
-     * called only once, otherwise they will throw
-     * an exception. It is OK to call them after calling
-     * <code>initialize()</code>.
-     *
-     * @param values The options with which to initialize CryptoManager.
-     * @exception org.mozilla.jss.util.KeyDatabaseException Unable to open
-     *  the key database, or it was corrupted.
-     * @exception org.mozilla.jss.util.CertDatabaseException Unable
-     *  to open the certificate database, or it was corrupted.
-     **/
-    public static synchronized void initialize( InitializationValues values )
-        throws
-        KeyDatabaseException,
-        CertDatabaseException,
-        AlreadyInitializedException,
-        GeneralSecurityException
-    {
-        if(instance != null) {
-            throw new AlreadyInitializedException();
-        }
-        loadNativeLibraries();
-        if (values.ocspResponderURL != null) {
-            if (values.ocspResponderCertNickname == null) {
-                throw new GeneralSecurityException(
-                    "Must set ocspResponderCertNickname");
-            }
-        }
-        initializeAllNative(values.configDir,
-                            values.certPrefix,
-                            values.keyPrefix,
-                            values.secmodName,
-                            values.readOnly,
-                            values.getManufacturerID(),
-                            values.getLibraryDescription(),
-                            values.getInternalTokenDescription(),
-                            values.getInternalKeyStorageTokenDescription(),
-                            values.getInternalSlotDescription(),
-                            values.getInternalKeyStorageSlotDescription(),
-                            values.getFIPSSlotDescription(),
-                            values.getFIPSKeyStorageSlotDescription(),
-                            values.ocspCheckingEnabled,
-                            values.ocspResponderURL,
-                            values.ocspResponderCertNickname,
-                            values.initializeJavaOnly,
-                            values.PKIXVerify,
-                            values.noCertDB,
-                            values.noModDB, 
-                            values.forceOpen,
-                            values.noRootInit,
-                            values.optimizeSpace,
-                            values.PK11ThreadSafe,
-                            values.PK11Reload,
-                            values.noPK11Finalize,
-                            values.cooperate
-                            );
-
-        instance = new CryptoManager();
-        instance.setPasswordCallback(values.passwordCallback);
-        if( values.fipsMode != InitializationValues.FIPSMode.UNCHANGED) {
-            if( enableFIPS(values.fipsMode ==
-                    InitializationValues.FIPSMode.ENABLED) )
-            {
-                instance.reloadModules();
-            }
-        }
-
-        // Force class load before we install the provider. Otherwise we get
-        // an infinite loop as the Security manager tries to instantiate the
-        // digest to verify its own JAR file.
-        JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();
-        // Force the KeyType class to load before we can install JSS as a
-        // provider.  JSS's signature provider accesses KeyType.
-        KeyType kt = KeyType.getKeyTypeFromAlgorithm(
-            SignatureAlgorithm.RSASignatureWithSHA1Digest);
-
-        if( values.installJSSProvider ) {
-            int position = java.security.Security.insertProviderAt(
-                            new JSSProvider(), 1);
-            // This returns -1 if the provider was already installed, in which
-            // case it is not installed again.  Is this
-            // an error? I don't think so, although it might be confusing
-            // if the provider is not in the position they expected.
-            // However, this will only happen if they are installing the
-            // provider themselves, so presumably they know what they're
-            // doing.
-        }
-        if( values.removeSunProvider ) {
-            java.security.Security.removeProvider("SUN");
-        }
-    }
-
-    private static native void
-    initializeAllNative(String configDir,
-                        String certPrefix,
-                        String keyPrefix,
-                        String secmodName,
-                        boolean readOnly,
-                        String manufacturerID,
-                        String libraryDescription,
-                        String internalTokenDescription,
-                        String internalKeyStorageTokenDescription,
-                        String internalSlotDescription,
-                        String internalKeyStorageSlotDescription,
-                        String fipsSlotDescription,
-                        String fipsKeyStorageSlotDescription,
-                        boolean ocspCheckingEnabled,
-                        String ocspResponderURL,
-                        String ocspResponderCertNickname,
-                        boolean initializeJavaOnly,
-                        boolean PKIXVerify,
-                        boolean noCertDB,
-                        boolean noModDB, 
-                        boolean forceOpen,
-                        boolean noRootInit,
-                        boolean optimizeSpace,
-                        boolean PK11ThreadSafe,
-                        boolean PK11Reload,
-                        boolean noPK11Finalize,
-                        boolean cooperate)
-        throws KeyDatabaseException,
-        CertDatabaseException,
-        AlreadyInitializedException;
-
-    /////////////////////////////////////////////////////////////
-    // Cert Lookup
-    /////////////////////////////////////////////////////////////
-    /**
-     * Retrieves all CA certificates in the trust database.  This
-     * is a fairly expensive operation in that it involves traversing
-     * the entire certificate database.
-     * @return An array of all CA certificates stored permanently
-     *      in the trust database.
-     */
-    public native X509Certificate[]
-    getCACerts();
-
-    /**
-     * Retrieves all certificates in the trust database.  This
-     * is a fairly expensive operation in that it involves traversing
-     * the entire certificate database.
-     * @return An array of all certificates stored permanently
-     *      in the trust database.
-     */
-    public native X509Certificate[]
-    getPermCerts();
-
-    /**
-     * Imports a chain of certificates.  The leaf certificate may be a
-     *  a user certificate, that is, a certificate that belongs to the
-     *  current user and whose private key is available for use.
-     *  If the leaf certificate is a user certificate, it is stored
-     *  on the token
-     *  that contains the corresponding private key, and is assigned the
-     *  given nickname.
-     *
-     * @param certPackage An encoded certificate or certificate chain.
-     *      Acceptable
-     *      encodings are binary PKCS #7 <i>SignedData</i> objects and
-     *      DER-encoded certificates, which may or may not be wrapped
-     *      in a Base-64 encoding package surrounded by
-     *      "<code>-----BEGIN CERTIFICATE-----</code>" and
-     *      "<code>-----END CERTIFICATE-----</code>".
-     * @param nickname The nickname for the user certificate.  It must
-     *      be unique. It is ignored if there is no user certificate.
-     * @return The leaf certificate from the chain.
-     * @exception CertificateEncodingException If the package encoding
-     *      was not recognized.
-     * @exception CertificateNicknameConflictException If the leaf certificate
-     *      is a user certificate, and another certificate already has the
-     *      given nickname.
-     * @exception UserCertConflictException If the leaf certificate
-     *      is a user certificate, but it has already been imported.
-     * @exception NoSuchItemOnTokenException If the leaf certificate is
-     *      a user certificate, but the matching private key cannot be found.
-     * @exception TokenException If an error occurs importing a leaf
-     *      certificate into a token.
-     */
-    public X509Certificate
-    importCertPackage(byte[] certPackage, String nickname )
-        throws CertificateEncodingException,
-            NicknameConflictException,
-            UserCertConflictException,
-            NoSuchItemOnTokenException,
-            TokenException
-    {
-        return importCertPackageNative(certPackage, nickname, false, false);
-    }
-
-    /**
-     * Imports a chain of certificates.  The leaf of the chain is a CA
-     * certificate AND a user certificate (this would only be called by
-     * a CA installing its own certificate).
-     *
-     * @param certPackage An encoded certificate or certificate chain.
-     *      Acceptable
-     *      encodings are binary PKCS #7 <i>SignedData</i> objects and
-     *      DER-encoded certificates, which may or may not be wrapped
-     *      in a Base-64 encoding package surrounded by
-     *      "<code>-----BEGIN CERTIFICATE-----</code>" and
-     *      "<code>-----END CERTIFICATE-----</code>".
-     * @param nickname The nickname for the user certificate.  It must
-     *      be unique.
-     * @return The leaf certificate from the chain.
-     * @exception CertificateEncodingException If the package encoding
-     *      was not recognized.
-     * @exception CertificateNicknameConflictException If the leaf certificate
-     *      another certificate already has the given nickname.
-     * @exception UserCertConflictException If the leaf certificate
-     *      has already been imported.
-     * @exception NoSuchItemOnTokenException If the the private key matching
-     *      the leaf certificate cannot be found.
-     * @exception TokenException If an error occurs importing the leaf
-     *      certificate into a token.
-     */
-    public X509Certificate
-    importUserCACertPackage(byte[] certPackage, String nickname)
-        throws CertificateEncodingException,
-            NicknameConflictException,
-            UserCertConflictException,
-            NoSuchItemOnTokenException,
-            TokenException
-    {
-        return importCertPackageNative(certPackage, nickname, false, true);
-    }
-
-
-
-    /**
-     * Imports a chain of certificates, none of which is a user certificate.
-     *
-     * @param certPackage An encoded certificate or certificate chain.
-     *      Acceptable
-     *      encodings are binary PKCS #7 <i>SignedData</i> objects and
-     *      DER-encoded certificates, which may or may not be wrapped
-     *      in a Base-64 encoding package surrounded by
-     *      "<code>-----BEGIN CERTIFICATE-----</code>" and
-     *      "<code>-----END CERTIFICATE-----</code>".
-     * @return The leaf certificate from the chain.
-     * @exception CertificateEncodingException If the package encoding
-     *      was not recognized.
-     * @exception TokenException If an error occurs importing a leaf
-     *      certificate into a token.
-     */
-    public X509Certificate
-    importCACertPackage(byte[] certPackage)
-        throws CertificateEncodingException,
-            TokenException
-    {
-        try {
-            return importCertPackageNative(certPackage, null, true, false);
-        } catch(NicknameConflictException e) {
-            Assert.notReached("importing CA certs caused nickname conflict");
-            Debug.trace(Debug.ERROR,
-                "importing CA certs caused nickname conflict");
-        } catch(UserCertConflictException e) {
-            Assert.notReached("importing CA certs caused user cert conflict");
-            Debug.trace(Debug.ERROR,
-                "importing CA certs caused user cert conflict");
-        } catch(NoSuchItemOnTokenException e) {
-            Assert.notReached("importing CA certs caused NoSuchItemOnToken"+
-                "Exception");
-            Debug.trace(Debug.ERROR,
-                "importing CA certs caused NoSuchItemOnTokenException");
-        }
-        return null;
-    }
-
-    /**
-     * Imports a single certificate into the permanent certificate
-     * database.
-     *
-     * @param derCert the certificate you want to add
-     * @param nickname the nickname you want to refer to the certificate as
-     *        (must not be null)
-     */
-
-    public InternalCertificate
-        importCertToPerm(X509Certificate cert, String nickname)
-        throws TokenException, InvalidNicknameException
-    {
-        if (nickname==null) {
-            throw new InvalidNicknameException("Nickname must be non-null");
-        }
-
-        else {
-            return importCertToPermNative(cert,nickname);
-        }
-    }
-
-    private native InternalCertificate
-        importCertToPermNative(X509Certificate cert, String nickname)
-        throws TokenException;
-
-    /**
-     * @param noUser true if we know that none of the certs are user certs.
-     *      In this case, no attempt will be made to find a matching private
-     *      key for the leaf certificate.
-     */
-    private native X509Certificate
-    importCertPackageNative(byte[] certPackage, String nickname,
-        boolean noUser, boolean leafIsCA)
-        throws CertificateEncodingException,
-            NicknameConflictException,
-            UserCertConflictException,
-            NoSuchItemOnTokenException,
-            TokenException;
-
-    /*============ CRL importing stuff ********************************/
-
-    private static int TYPE_KRL = 0;
-    private static int TYPE_CRL = 1;
-    /**
-     * Imports a CRL, and stores it into the cert7.db
-     * Validate CRL then import it to the dbase.  If there is already a CRL with the
-      * same CA in the dbase, it will be replaced if derCRL is more up to date.
-     *
-     * @param crl the DER-encoded CRL.
-     * @param url the URL where this CRL can be retrieved from (for future updates).
-     *    [ note that CRLs are not retrieved automatically ]. Can be null
-     * @exception CRLImportException If the package encoding
-     *      was not recognized.
-     */
-     public void
-    importCRL(byte[] crl,String url)
-        throws CRLImportException,
-            TokenException
-    {
-        importCRLNative(crl,url,TYPE_CRL);
-    }
-
-
-    /**
-     * Imports a CRL, and stores it into the cert7.db
-     *
-     * @param the DER-encoded CRL.
-     */
-    private native
-    void importCRLNative(byte[] crl, String url, int rl_type)
-        throws CRLImportException, TokenException;
-
-
-
-    /*============ Cert Exporting stuff ********************************/
-
-
-    /**
-     * Exports one or more certificates into a PKCS #7 certificate container.
-     * This is just a <i>SignedData</i> object whose <i>certificates</i>
-     * field contains the given certificates but whose <i>content</i> field
-     * is empty.
-     *
-     * @param certs One or more certificates that should be exported into
-     *      the PKCS #7 object.  The leaf certificate should be the first
-     *      in the chain.  The output of <code>buildCertificateChain</code>
-     *      would be appropriate here.
-     * @exception CertificateEncodingException If the array is empty,
-     *        or an error occurred encoding the certificates.
-     * @return A byte array containing a PKCS #7 <i>SignedData</i> object.
-     * @see #buildCertificateChain
-     */
-    public native byte[]
-    exportCertsToPKCS7(X509Certificate[] certs)
-        throws CertificateEncodingException;
-
-    /**
-     * Looks up a certificate given its nickname.
-     *
-     * @param nickname The nickname of the certificate to look for.
-     * @return The certificate matching this nickname, if one is found.
-     * @exception ObjectNotFoundException If no certificate could be found
-     *      with the given nickname.
-     * @exception TokenException If an error occurs in the security library.
-     */
-    public org.mozilla.jss.crypto.X509Certificate
-    findCertByNickname(String nickname)
-        throws ObjectNotFoundException, TokenException
-    {
-        Assert._assert(nickname!=null);
-        return findCertByNicknameNative(nickname);
-    }
-
-    /**
-     * Returns all certificates with the given nickname.
-     *
-     * @param nickname The nickname of the certificate to look for.
-     * @return The certificates matching this nickname. The array may be empty
-     *      if no matching certs were found.
-     * @exception TokenException If an error occurs in the security library.
-     */
-    public org.mozilla.jss.crypto.X509Certificate[]
-    findCertsByNickname(String nickname)
-        throws TokenException
-    {
-        Assert._assert(nickname!=null);
-        return findCertsByNicknameNative(nickname);
-    }
-
-    /**
-     * Looks up a certificate by issuer and serial number. The internal
-     *      database and all PKCS #11 modules are searched.
-     *
-     * @param derIssuer The DER encoding of the certificate issuer name.
-     *      The issuer name has ASN.1 type <i>Name</i>, which is defined in
-     *      X.501.
-     * @param serialNumber The certificate serial number.
-     * @exception ObjectNotFoundException If the certificate is not found
-     *      in the internal certificate database or on any PKCS #11 token.
-     * @exception TokenException If an error occurs in the security library.
-     */
-    public org.mozilla.jss.crypto.X509Certificate
-    findCertByIssuerAndSerialNumber(byte[] derIssuer, INTEGER serialNumber)
-        throws ObjectNotFoundException, TokenException
-    {
-      try {
-        ANY sn = (ANY) ASN1Util.decode(ANY.getTemplate(),
-                                 ASN1Util.encode(serialNumber) );
-        return findCertByIssuerAndSerialNumberNative(derIssuer,
-            sn.getContents() );
-      } catch( InvalidBERException e ) {
-        Assert.notReached("Invalid BER encoding of INTEGER");
-        return null;
-      }
-    }
-
-    /**
-     * @param serialNumber The contents octets of a DER-encoding of the
-     *  certificate serial number.
-     */
-    private native org.mozilla.jss.crypto.X509Certificate
-    findCertByIssuerAndSerialNumberNative(byte[] derIssuer, byte[] serialNumber)
-        throws ObjectNotFoundException, TokenException;
-
-    protected native org.mozilla.jss.crypto.X509Certificate
-    findCertByNicknameNative(String nickname)
-        throws ObjectNotFoundException, TokenException;
-
-    protected native org.mozilla.jss.crypto.X509Certificate[]
-    findCertsByNicknameNative(String nickname)
-        throws TokenException;
-
-    /////////////////////////////////////////////////////////////
-    // build cert chains
-    /////////////////////////////////////////////////////////////
-    /**
-     * Given a certificate, constructs its certificate chain. It may
-     * or may not chain up to a trusted root.
-     * @param leaf The certificate that is the starting point of the chain.
-     * @return An array of certificates, starting at the leaf and ending
-     *      with the highest certificate on the chain that was found.
-     * @throws CertificateException If the certificate is not recognized
-     *      by the underlying provider.
-     */
-    public org.mozilla.jss.crypto.X509Certificate[]
-    buildCertificateChain(org.mozilla.jss.crypto.X509Certificate leaf)
-        throws java.security.cert.CertificateException, TokenException
-    {
-        if( ! (leaf instanceof PK11Cert) ) {
-            throw new CertificateException(
-                        "Certificate is not a PKCS #11 certificate");
-        }
-        return buildCertificateChainNative((PK11Cert)leaf);
-    }
-
-    native org.mozilla.jss.crypto.X509Certificate[]
-    buildCertificateChainNative(PK11Cert leaf)
-        throws CertificateException, TokenException;
-
-
-    /////////////////////////////////////////////////////////////
-    // lookup private keys
-    /////////////////////////////////////////////////////////////
-    /**
-     * Looks up the PrivateKey matching the given certificate.
-     *
-     * @exception ObjectNotFoundException If no private key can be
-     *      found matching the given certificate.
-     * @exception TokenException If an error occurs in the security library.
-     */
-    public org.mozilla.jss.crypto.PrivateKey
-    findPrivKeyByCert(org.mozilla.jss.crypto.X509Certificate cert)
-        throws ObjectNotFoundException, TokenException
-    {
-        Assert._assert(cert!=null);
-        if(! (cert instanceof org.mozilla.jss.pkcs11.PK11Cert)) {
-            Assert.notReached("non-pkcs11 cert passed to PK11Finder");
-            throw new ObjectNotFoundException();
-        }
-        return findPrivKeyByCertNative(cert);
-    }
-
-    protected native org.mozilla.jss.crypto.PrivateKey
-    findPrivKeyByCertNative(org.mozilla.jss.crypto.X509Certificate cert)
-        throws ObjectNotFoundException, TokenException;
-
-    /////////////////////////////////////////////////////////////
-    // Provide Pseudo-Random Number Generation
-    /////////////////////////////////////////////////////////////
-
-    /**
-     * Retrieves a FIPS-140-2 validated random number generator.
-     *
-     * @return A JSS SecureRandom implemented with FIPS-validated NSS.
-     */
-    public org.mozilla.jss.crypto.JSSSecureRandom
-    createPseudoRandomNumberGenerator()
-    {
-        return new PK11SecureRandom();
-    }
-
-    /**
-     * Retrieves a FIPS-140-2 validated random number generator.
-     *
-     * @return A JSS SecureRandom implemented with FIPS-validated NSS.
-     */
-    public org.mozilla.jss.crypto.JSSSecureRandom
-    getSecureRNG() {
-        return new PK11SecureRandom();
-    }
-
-    /********************************************************************/
-    /* The VERSION Strings should be updated in the following           */
-    /* files everytime a new release of JSS is generated:               */
-    /*                                                                  */
-    /* org/mozilla/jss/CryptoManager.java                               */
-    /* org/mozilla/jss/JSSProvider.java                                 */
-    /* org/mozilla/jss/util/jssver.h                                    */
-    /* lib/manifest.mn                                                  */
-    /* mozilla/security/jss/manifest.mn                                 */
-    /*                                                                  */
-    /********************************************************************/
-
-
-    public static final String
-    JAR_JSS_VERSION     = "JSS_VERSION = JSS_4_3_2_RTM";
-    public static final String
-    JAR_JDK_VERSION     = "JDK_VERSION = N/A";
-    public static final String
-    JAR_NSS_VERSION     = "NSS_VERSION = NSS_3_12_RTM";
-    public static final String
-    JAR_DBM_VERSION     = "DBM_VERSION = N/A";
-    public static final String
-    JAR_NSPR_VERSION    = "NSPR_VERSION = NSPR_4_7_RTM";
-
-    /**
-     * Loads the JSS dynamic library if necessary.
-     * <p>This method is idempotent.
-     */
-    synchronized static void loadNativeLibraries()
-    {
-        if( ! mNativeLibrariesLoaded )
-        {
-            System.loadLibrary("jss4");
-            Debug.trace(Debug.VERBOSE, "jss library loaded");
-            mNativeLibrariesLoaded = true;
-        }
-    }
-    static private boolean mNativeLibrariesLoaded = false;
-
-    // Hashtable is synchronized.
-    private Hashtable perThreadTokenTable = new Hashtable();
-
-    /**
-     * Sets the default token for the current thread. This token will
-     * be used when JSS is called through the JCA interface, which has
-     * no means of specifying which token to use.
-     *
-     * <p>If no token is set, the InternalKeyStorageToken will be used. Setting
-     * this thread's token to <tt>null</tt> will also cause the
-     * InternalKeyStorageToken to be used.
-     *
-     * @param The token to use for crypto operations. Specifying <tt>null</tt>
-     * will cause the InternalKeyStorageToken to be used.
-     */
-    public void setThreadToken(CryptoToken token) {
-        if( token != null ) {
-            perThreadTokenTable.put(Thread.currentThread(), token);
-        } else {
-            perThreadTokenTable.remove(Thread.currentThread());
-        }
-    }
-
-    /**
-     * Returns the default token for the current thread. This token will
-     * be used when JSS is called through the JCA interface, which has
-     * no means of specifying which token to use.
-     *
-     * <p>If no token is set, the InternalKeyStorageToken will be used. Setting
-     * this thread's token to <tt>null</tt> will also cause the
-     * InternalKeyStorageToken to be used.
-     *
-     * @return The default token for this thread. If it has not been specified,
-     * it will be the InternalKeyStorageToken.
-     */
-    public CryptoToken getThreadToken() {
-        CryptoToken tok =
-            (CryptoToken) perThreadTokenTable.get(Thread.currentThread());
-        if( tok == null ) {
-            tok = getInternalKeyStorageToken();
-        }
-        return tok;
-    }
-    /////////////////////////////////////////////////////////////
-    // isCertValid
-    /////////////////////////////////////////////////////////////
-    /**
-     * Verify a certificate that exists in the given cert database,
-     * check if is valid and that we trust the issuer. Verify time
-     * against Now.
-     * @param nickname The nickname of the certificate to verify.
-     * @param checkSig verify the signature of the certificate
-     * @param certUsage see exposed certUsage defines to verify Certificate
-     * @return true for success; false otherwise
-     *
-     * @exception InvalidNicknameException If the nickname is null
-     * @exception ObjectNotFoundException If no certificate could be found
-     *      with the given nickname.
-     */
-
-    public boolean isCertValid(String nickname, boolean checkSig,
-            CertUsage certUsage)
-        throws ObjectNotFoundException, InvalidNicknameException
-    {
-        if (nickname==null) {
-            throw new InvalidNicknameException("Nickname must be non-null");
-        }
-        return verifyCertNowNative(nickname, checkSig, certUsage.getUsage());
-    }
-
-    private native boolean verifyCertNowNative(String nickname,
-        boolean checkSig, int cUsage) throws ObjectNotFoundException;
-
-    /////////////////////////////////////////////////////////////
-    // isCertValid
-    /////////////////////////////////////////////////////////////
-    /**
-     * Verify a certificate in memory. Check if
-     * valid and that we trust the issuer. Verify time
-     * against Now.
-     * @param certificate in memory
-     * @param checkSig verify the signature of the certificate
-     * @param certUsage see exposed certUsage defines to verify Certificate
-     * @return true for success; false otherwise
-     *
-     * @exception TokenException unable to insert temporary certificate
-     *            into database.
-     * @exception CertificateEncodingException If the package encoding
-     *      was not recognized.
-     */
-
-    public boolean isCertValid(byte[] certPackage, boolean checkSig,
-            CertUsage certUsage)
-        throws TokenException, CertificateEncodingException
-    {
-        return verifyCertTempNative(certPackage , checkSig,
-                                    certUsage.getUsage());
-    }
-
-
-    private native boolean verifyCertTempNative(byte[] certPackage,
-        boolean checkSig, int cUsage)
-        throws TokenException, CertificateEncodingException;
-
-     ///////////////////////////////////////////////////////////////////////
-    // OCSP management
-    ///////////////////////////////////////////////////////////////////////
-
-    /**
-     * Enables OCSP, note when you Initialize JSS for the first time, for
-     * backwards compatibility, the initialize will enable OCSP if you
-     * previously set values.ocspCheckingEnabled and
-     * values.ocspResponderURL/values.ocspResponderCertNickname
-     * configureOCSP will allow changing of the the OCSPResponder at runtime.
-     *      * @param ocspChecking true or false to enable/disable OCSP
-     *      * @param ocspResponderURL - url of the OCSP responder
-     *      * @param ocspResponderCertNickname - the nickname of the OCSP
-     *        signer certificate or the CA certificate found in the cert DB
-     */
-
-    public void configureOCSP(
-        boolean ocspCheckingEnabled,
-        String ocspResponderURL,
-        String ocspResponderCertNickname )
-    throws GeneralSecurityException
-    {
-        configureOCSPNative(ocspCheckingEnabled,
-                                   ocspResponderURL,
-                                    ocspResponderCertNickname );
-    }
-
-    private native void configureOCSPNative( boolean ocspCheckingEnabled,
-                    String ocspResponderURL,
-                    String ocspResponderCertNickname )
-                    throws GeneralSecurityException;
-
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/DatabaseCloser.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-/**
- * A class for closing databases. Since closing the databases is
- * very dangerous and breaks the JSS model, it may only be done from  
- * special applications. This class should be subclasses by
- * authorized subclasses.  It cannot be instantiated itself.
- */
-public abstract class DatabaseCloser {
-
-    private static final String authorizedClosers[] =
-        {   "org.mozilla.certsetup.apps.CertSetup$DatabaseCloser",
-            "org.mozilla.jss.CloseDBs"                                  };
-
-    /**
-     * Creates a new DatabaseCloser.  This should only be called
-     * from an authorized subclass.  This class cannot itself be
-     * instantiated.
-     *
-     * @throws Exception If the instantiation is not a valid subclass.
-     */
-    public DatabaseCloser() throws Exception {
-        Class clazz = this.getClass();
-        String name = clazz.getName();
-        boolean approved = false;
-        for(int i=0; i < authorizedClosers.length; i++) {
-            if( name.equals( authorizedClosers[i] ) ) {
-                approved = true;
-                break;
-            }
-        }
-        if(!approved) {
-            throw new Exception();
-        }
-    }
-
-    /**
-     * Closes the certificate and key databases.  This is extremely
-     * dangerous.
-     */
-    protected native void closeDatabases();
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/JSSProvider.java
+++ /dev/null
@@ -1,248 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-public final class JSSProvider extends java.security.Provider {
-
-    /********************************************************************/
-    /* The VERSION Strings should be updated in the following           */
-    /* files everytime a new release of JSS is generated:               */
-    /*                                                                  */
-    /* org/mozilla/jss/CryptoManager.java                               */
-    /* org/mozilla/jss/JSSProvider.java                                 */
-    /* org/mozilla/jss/util/jssver.h                                    */
-    /* lib/manifest.mn                                                  */
-    /* mozilla/security/jss/manifest.mn                                 */
-    /*                                                                  */
-    /********************************************************************/
-
-    private static int JSS_MAJOR_VERSION  = 4;
-    private static int JSS_MINOR_VERSION  = 3;
-    private static int JSS_PATCH_VERSION  = 2;
-    private static double JSS_VERSION     = JSS_MAJOR_VERSION +
-                                           (JSS_MINOR_VERSION * 100 +
-                                            JSS_PATCH_VERSION)/10000.0;
-
-    public JSSProvider() {
-        super("Mozilla-JSS", JSS_VERSION,
-                "Provides Signature, Message Digesting, and RNG");
-
-        /////////////////////////////////////////////////////////////
-        // Signature
-        /////////////////////////////////////////////////////////////
-        put("Signature.SHA1withDSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$DSA");
-
-        put("Alg.Alias.Signature.DSA", "SHA1withDSA");
-        put("Alg.Alias.Signature.DSS", "SHA1withDSA");
-        put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
-        put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
-        put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
-        put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-        put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
-
-        put("Signature.MD5/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$MD5RSA");
-        put("Alg.Alias.Signature.MD5withRSA", "MD5/RSA");
-
-        put("Signature.MD2/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$MD2RSA");
-
-        put("Signature.SHA-1/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1RSA");
-        put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
-        put("Alg.Alias.Signature.SHA1withRSA", "SHA-1/RSA");
-
-        put("Signature.SHA-256/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256RSA");
-        put("Alg.Alias.Signature.SHA256/RSA", "SHA-256/RSA");
-        put("Alg.Alias.Signature.SHA256withRSA", "SHA-256/RSA");
-
-        put("Signature.SHA-384/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSA");
-        put("Alg.Alias.Signature.SHA384/RSA", "SHA-384/RSA");
-        put("Alg.Alias.Signature.SHA384withRSA", "SHA-384/RSA");
-
-        put("Signature.SHA-512/RSA",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSA");
-        put("Alg.Alias.Signature.SHA512/RSA", "SHA-512/RSA");
-        put("Alg.Alias.Signature.SHA512withRSA", "SHA-512/RSA");
-// ECC
-        put("Signature.SHA1withEC",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1EC");
-        put("Alg.Alias.Signature.EC", "SHA1withEC");
-        put("Alg.Alias.Signature.ECC", "SHA1withEC");
-        put("Alg.Alias.Signature.ECDSA", "SHA1withEC");
-        put("Alg.Alias.Signature.SHA/EC", "SHA1withEC");
-        put("Alg.Alias.Signature.SHA1/EC", "SHA1withEC");
-        put("Alg.Alias.Signature.SHA-1/EC", "SHA1withEC");
-        put("Alg.Alias.Signature.SHA/ECDSA", "SHA1withEC");
-        put("Alg.Alias.Signature.SHA1/ECDSA", "SHA1withEC");
-
-        put("Signature.SHA256withEC",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256EC");
-        put("Alg.Alias.Signature.SHA256/EC", "SHA256withEC");
-        put("Alg.Alias.Signature.SHA-256/EC", "SHA256withEC");
-
-        put("Signature.SHA384withEC",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384EC");
-        put("Alg.Alias.Signature.SHA384/EC", "SHA384withEC");
-        put("Alg.Alias.Signature.SHA-384/EC", "SHA384withEC");
-
-        put("Signature.SHA512withEC",
-            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512EC");
-        put("Alg.Alias.Signature.SHA512/EC", "SHA512withEC");
-        put("Alg.Alias.Signature.SHA-512/EC", "SHA512withEC");
-
-        /////////////////////////////////////////////////////////////
-        // Message Digesting
-        /////////////////////////////////////////////////////////////
-
-        put("MessageDigest.SHA-1",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA1");
-        put("MessageDigest.MD2",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$MD2");
-        put("MessageDigest.MD5",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$MD5");
-        put("MessageDigest.SHA-256",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA256");
-        put("MessageDigest.SHA-384",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA384");
-        put("MessageDigest.SHA-512",
-                "org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA512");
-
-        put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
-        put("Alg.Alias.MessageDigest.SHA", "SHA-1");
-        put("Alg.Alias.MessageDigest.SHA256", "SHA-256");
-        put("Alg.Alias.MessageDigest.SHA384", "SHA-384");
-        put("Alg.Alias.MessageDigest.SHA512", "SHA-512");
-
-        /////////////////////////////////////////////////////////////
-        // SecureRandom
-        /////////////////////////////////////////////////////////////
-        put("SecureRandom.pkcs11prng",
-            "org.mozilla.jss.provider.java.security.JSSSecureRandomSpi");
-
-        /////////////////////////////////////////////////////////////
-        // KeyPairGenerator
-        /////////////////////////////////////////////////////////////
-        put("KeyPairGenerator.RSA",
-            "org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$RSA");
-        put("KeyPairGenerator.DSA",
-            "org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$DSA");
-        put("KeyPairGenerator.EC",
-            "org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC");
-
-        /////////////////////////////////////////////////////////////
-        // KeyFactory
-        /////////////////////////////////////////////////////////////
-        put("KeyFactory.RSA",
-            "org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
-        put("KeyFactory.DSA",
-            "org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
-        put("KeyFactory.EC",
-            "org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
-
-        /////////////////////////////////////////////////////////////
-        // AlgorithmParameters
-        /////////////////////////////////////////////////////////////
-        put("AlgorithmParameters.IvAlgorithmParameters",
-            "org.mozilla.jss.provider.java.security.IvAlgorithmParameters");
-        put("AlgorithmParameters.RC2AlgorithmParameters",
-            "org.mozilla.jss.provider.java.security.RC2AlgorithmParameters");
-
-        /////////////////////////////////////////////////////////////
-        // Cipher
-        /////////////////////////////////////////////////////////////
-        put("Cipher.DES",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$DES");
-        put("Cipher.DESede",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$DESede");
-        put("Alg.Alias.Cipher.DES3", "DESede");
-        put("Cipher.AES",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$AES");
-        put("Cipher.RC4",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC4");
-        put("Cipher.RSA",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RSA");
-        put("Cipher.RC2",
-            "org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC2");
-
-        /////////////////////////////////////////////////////////////
-        // KeyGenerator
-        /////////////////////////////////////////////////////////////
-        put("KeyGenerator.DES",
-            "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$DES");
-        put("KeyGenerator.DESede",
-            "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$DESede");
-        put("Alg.Alias.KeyGenerator.DES3", "DESede");
-        put("KeyGenerator.AES",
-            "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$AES");
-        put("KeyGenerator.RC4",
-            "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC4");
-        put("KeyGenerator.RC2",
-            "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC2");
-        put("KeyGenerator.HmacSHA1",
-           "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$HmacSHA1");
-        put("KeyGenerator.PBAHmacSHA1",
-           "org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$PBAHmacSHA1");
-
-        /////////////////////////////////////////////////////////////
-        // SecretKeyFactory
-        /////////////////////////////////////////////////////////////
-        put("SecretKeyFactory.DES",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$DES");
-        put("SecretKeyFactory.DESede",
-         "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$DESede");
-        put("Alg.Alias.SecretKeyFactory.DES3", "DESede");
-        put("SecretKeyFactory.AES",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$AES");
-        put("SecretKeyFactory.RC4",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC4");
-        put("SecretKeyFactory.RC2",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC2");
-        put("SecretKeyFactory.HmacSHA1",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA1");
-        put("SecretKeyFactory.PBAHmacSHA1",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBAHmacSHA1");
-        put("SecretKeyFactory.PBEWithMD5AndDES",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_MD5_DES_CBC");
-        put("SecretKeyFactory.PBEWithSHA1AndDES",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_DES_CBC");
-        put("SecretKeyFactory.PBEWithSHA1AndDESede",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_DES3_CBC");
-        put("Alg.Alias.SecretKeyFactory.PBEWithSHA1AndDES3", "PBEWithSHA1AndDESede");
-        put("SecretKeyFactory.PBEWithSHA1And128RC4",
-            "org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$PBE_SHA1_RC4_128");
-
-
-        /////////////////////////////////////////////////////////////
-        // MAC
-        /////////////////////////////////////////////////////////////
-        put("Mac.HmacSHA1",
-            "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA1");
-        put("Alg.Alias.Mac.Hmac-SHA1", "HmacSHA1");
-        put("Mac.HmacSHA256",
-            "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA256");
-        put("Alg.Alias.Mac.Hmac-SHA256", "HmacSHA256");
-        put("Mac.HmacSHA384",
-            "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA384");
-        put("Alg.Alias.Mac.Hmac-SHA384", "HmacSHA384");
-        put("Mac.HmacSHA512",
-            "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA512");
-        put("Alg.Alias.Mac.Hmac-SHA512", "HmacSHA512");
-
-    }
-
-    public String toString() {
-        String mozillaProviderVersion = JSS_MAJOR_VERSION + "." + 
-                                        JSS_MINOR_VERSION;
-        if ( JSS_PATCH_VERSION != 0 ) {
-            mozillaProviderVersion = mozillaProviderVersion + "." +
-                                     JSS_PATCH_VERSION;
-        }
-
-        return "Mozilla-JSS version " + mozillaProviderVersion;
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/KeyDatabaseException.java
+++ /dev/null
@@ -1,15 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-/**
- * This exception is thrown if the key database does not exist, or if
- * an error occurs while opening it.
- */
-public class KeyDatabaseException extends java.lang.Exception {
-    public KeyDatabaseException() {}
-    public KeyDatabaseException(String mesg) {
-        super(mesg);
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/Makefile
+++ /dev/null
@@ -1,49 +0,0 @@
-#! gmake
-# 
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-include rules.mk
-
-
-
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/NoSuchTokenException.java
+++ /dev/null
@@ -1,14 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-package org.mozilla.jss;
-
-/**
- * Thrown if a token cannot be found.
- */
-public class NoSuchTokenException extends java.lang.Exception {
-    public NoSuchTokenException() {}
-    public NoSuchTokenException(String mesg) {
-        super(mesg);
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/PK11Finder.c
+++ /dev/null
@@ -1,1644 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "_jni/org_mozilla_jss_CryptoManager.h"
-
-#include <plarena.h>
-#include <secmodt.h>
-#include <pk11func.h>
-#include <secerr.h>
-#include <nspr.h>
-#include <cert.h>
-#include <certdb.h>
-#include <key.h>
-#include <secpkcs7.h>
-
-#include <jssutil.h>
-
-#include <jss_exceptions.h>
-#include "pk11util.h"
-#include <java_ids.h>
-
-/*
- * This is a semi-private NSS function, exposed only for JSS.
- */
-SECStatus
-CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage);
-
-/*****************************************************************
- *
- * CryptoManager. f i n d C e r t B y N i c k n a m e N a t i v e
- *
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative
-  (JNIEnv *env, jobject this, jstring nickname)
-{
-    char *nick=NULL;
-    jobject certObject=NULL;
-    CERTCertificate *cert=NULL;
-    PK11SlotInfo *slot=NULL;
-
-    PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL);
-
-    nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL);
-    PR_ASSERT(nick!=NULL);
-
-    cert = JSS_PK11_findCertAndSlotFromNickname(nick, NULL, &slot);
-
-    if(cert == NULL) {
-        JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    }
-
-    certObject = JSS_PK11_wrapCertAndSlot(env, &cert, &slot);
-
-finish:
-    if(nick != NULL) {
-        (*env)->ReleaseStringUTFChars(env, nickname, nick);
-    }
-    if(cert != NULL) {
-        CERT_DestroyCertificate(cert);
-    }
-    if(slot != NULL) {
-        PK11_FreeSlot(slot);
-    }
-    return certObject;
-}
-
-/*****************************************************************
- *
- * CryptoManager. f i n d C e r t s B y N i c k n a m e N a t i v e
- *
- */
-JNIEXPORT jobjectArray JNICALL
-Java_org_mozilla_jss_CryptoManager_findCertsByNicknameNative
-  (JNIEnv *env, jobject this, jstring nickname)
-{
-    CERTCertList *list =NULL;
-    PK11SlotInfo *slot =NULL;
-    jobjectArray certArray=NULL;
-    CERTCertListNode *node;
-    const char *nickChars=NULL;
-    jboolean charsAreCopied;
-    jclass certClass;
-    int count;
-    int i;
-
-    /* convert the nickname string */
-    nickChars = (*env)->GetStringUTFChars(env, nickname, &charsAreCopied);
-    if( nickChars == NULL ) {
-        goto finish;
-    }
-
-    /* get the list of certs with the given nickname */
-    list = JSS_PK11_findCertsAndSlotFromNickname( (char*)nickChars,
-        NULL /*wincx*/, &slot);
-    if( list == NULL ) {
-        count = 0;
-    } else {
-        /* Since this structure changed in NSS_2_7_RTM (the reference */
-        /* to "count" was removed from the "list" structure) we must  */
-        /* now count up the number of nodes manually!                 */
-        for( node = CERT_LIST_HEAD(list), count=0;
-             ! CERT_LIST_END(node, list);
-             node = CERT_LIST_NEXT(node), count++ );
-    }
-    PR_ASSERT(count >= 0);
-
-    /* create the cert array */
-    certClass = (*env)->FindClass(env, X509_CERT_CLASS);
-    if( certClass == NULL ) {
-        goto finish;
-    }
-    certArray = (*env)->NewObjectArray(env, count, certClass, NULL);
-    if( certArray == NULL ) {
-        /* exception was thrown */
-        goto finish;
-    }
-
-    if( list == NULL ) {
-        goto finish;
-    }
-
-    /* traverse the list, placing each cert into the array */
-    for(    node = CERT_LIST_HEAD(list), i=0;
-            ! CERT_LIST_END(node, list);
-            node = CERT_LIST_NEXT(node), i++       )     {
-
-        CERTCertificate *cert;
-        PK11SlotInfo *slotCopy;
-        jobject certObj;
-
-        /* Create a Java certificate object from the current CERTCertificate */
-        cert = CERT_DupCertificate(node->cert);
-        slotCopy = PK11_ReferenceSlot(slot);
-        certObj = JSS_PK11_wrapCertAndSlot(env, &cert, &slotCopy);
-        if( certObj == NULL ) {
-            goto finish;
-        }
-
-        /* put the Java certificate into the next element in the array */
-        (*env)->SetObjectArrayElement(env, certArray, i, certObj);
-
-        if( (*env)->ExceptionOccurred(env) ) {
-            goto finish;
-        }
-    }
-
-    /* sanity check */
-    PR_ASSERT( i == count );
-
-finish:
-    if(list) {
-        CERT_DestroyCertList(list);
-    }
-    if(slot) {
-        PK11_FreeSlot(slot);
-    }
-    if( nickChars && charsAreCopied ) {
-        (*env)->ReleaseStringUTFChars(env, nickname, nickChars);
-    }
-    return certArray;
-}
-
-/*****************************************************************
- *
- * CryptoManager.findCertByIssuerAndSerialNumberNative
- *
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_CryptoManager_findCertByIssuerAndSerialNumberNative
-  (JNIEnv *env, jobject this, jbyteArray issuerBA, jbyteArray serialNumBA)
-{
-    jobject certObject=NULL;
-    CERTCertificate *cert=NULL;
-    SECItem *issuer=NULL, *serialNum=NULL;
-    CERTIssuerAndSN issuerAndSN;
-    PK11SlotInfo *slot=NULL;
-
-    PR_ASSERT(env!=NULL && this!=NULL);
-
-    /* validate args */
-    if( issuerBA == NULL || serialNumBA == NULL ) {
-        JSS_throwMsg(env, ILLEGAL_ARGUMENT_EXCEPTION,
-            "NULL parameter passed to CryptoManager.findCertByIssuer"
-            "AndSerialNumberNative");
-        goto finish;
-    }
-
-    /* convert byte arrays to SECItems */
-    issuer = JSS_ByteArrayToSECItem(env, issuerBA);
-    if( issuer == NULL ) {
-        goto finish; }
-    serialNum = JSS_ByteArrayToSECItem(env, serialNumBA);
-    if( serialNum == NULL ) {
-        goto finish; }
-    issuerAndSN.derIssuer = *issuer;
-    issuerAndSN.serialNumber = *serialNum;
-
-    /* lookup with PKCS #11 first, then use cert database */
-    cert = PK11_FindCertByIssuerAndSN(&slot, &issuerAndSN, NULL /*wincx*/);
-    if( cert == NULL ) {
-        JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    }
-
-    certObject = JSS_PK11_wrapCertAndSlot(env, &cert, &slot);
-
-finish:
-    if(slot) {
-        PK11_FreeSlot(slot);
-    }
-    if(cert != NULL) {
-        CERT_DestroyCertificate(cert);
-    }
-    if(issuer) {
-        SECITEM_FreeItem(issuer, PR_TRUE /*freeit*/);
-    }
-    if(serialNum) {
-        SECITEM_FreeItem(serialNum, PR_TRUE /*freeit*/);
-    }
-    return certObject;
-}
-
-/*****************************************************************
- *
- * CryptoManager. f i n d P r i v K e y B y C e r t N a t i v e
- *
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_CryptoManager_findPrivKeyByCertNative
-  (JNIEnv *env, jobject this, jobject Cert)
-{
-    PRThread *pThread;
-    CERTCertificate *cert;
-    PK11SlotInfo *slot;
-    SECKEYPrivateKey *privKey=NULL;
-    jobject Key = NULL;
-
-    pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL);
-    PR_ASSERT( pThread != NULL);
-    PR_ASSERT( env!=NULL && this!=NULL && Cert!=NULL);
-
-    if( JSS_PK11_getCertPtr(env, Cert, &cert) != PR_SUCCESS) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
-        goto finish;
-    }
-    if(cert==NULL) {
-        PR_ASSERT(PR_FALSE);
-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    }
-    if( JSS_PK11_getCertSlotPtr(env, Cert, &slot) != PR_SUCCESS) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
-        goto finish;
-    }
-    if(slot==NULL) {
-        PR_ASSERT(PR_FALSE);
-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    }
-
-    privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
-    if(privKey == NULL) {
-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    }
-
-    Key = JSS_PK11_wrapPrivKey(env, &privKey);
-
-finish:
-    if(privKey != NULL) {
-        SECKEY_DestroyPrivateKey(privKey);
-    }
-    PR_DetachThread();
-    return Key;
-}
-
-
-/***********************************************************************
- * Node in linked list of certificates
- */
-typedef struct JSScertNode {
-    struct JSScertNode *next;
-    CERTCertificate *cert;
-} JSScertNode;
-
-
-/***********************************************************************
- *
- * c e r t _ c h a i n _ f r o m _ c e r t
- *
- * Builds a certificate chain from a certificate. Returns a Java array
- * of PK11Certs.
- *
- * INPUTS:
- *      env
- *          The JNI environment. Must not be NULL.
- *      handle
- *          The certificate database in which to search for the certificate
- *          chain.  This should usually be the default cert db. Must not
- *          be NULL.
- *      leaf
- *          A CERTCertificate that is the leaf of the cert chain. Must not
- *          be NULL.
- * RETURNS:
- *      NULL if an exception was thrown, or
- *      A Java array of PK11Cert objects which constitute the chain of
- *      certificates. The chains starts with the one passed in and
- *      continues until either a self-signed root is found or the next
- *      certificate in the chain cannot be found. At least one cert will
- *      be in the chain: the leaf certificate passed in.
- */
-static jobjectArray
-cert_chain_from_cert(JNIEnv *env, CERTCertDBHandle *handle,
-    CERTCertificate *leaf)
-{
-    CERTCertificate *c;
-    int i, len = 0;
-    JSScertNode *head=NULL, *tail, *node;
-    jobjectArray certArray = NULL;
-    jclass certClass;
-
-    PR_ASSERT(env!=NULL && handle!=NULL && leaf!=NULL);
-
-    head = tail = (JSScertNode*) PR_CALLOC( sizeof(JSScertNode) );
-    if (head == NULL) goto no_memory;
-
-    /* put primary cert first in the linked list */
-    head->cert = c = CERT_DupCertificate(leaf);
-    head->next = NULL;
-    PR_ASSERT(c != NULL); /* CERT_DupCertificate really can't return NULL */
-    len++;
-
-    /*
-     * add certs until we come to a self-signed one
-     */
-    while(SECITEM_CompareItem(&c->derIssuer, &c->derSubject) != SECEqual) {
-        c = CERT_FindCertByName(handle, &tail->cert->derIssuer);
-        if (c == NULL) break;
-
-        tail->next = (JSScertNode*) PR_CALLOC( sizeof(JSScertNode) );
-        tail = tail->next;
-        if (tail == NULL) goto no_memory;
-
-        tail->cert = c;
-        len++;
-    }
-
-    /*
-     * Turn the cert chain into a Java array of certificates
-     */
-    certClass = (*env)->FindClass(env, CERT_CLASS_NAME);
-    if(certClass==NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    certArray = (*env)->NewObjectArray(env, len, certClass, (jobject)NULL);
-    if(certArray==NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    /* convert linked list to array, freeing the linked list as we go */
-    for( i=0; head != NULL; ++i ) {
-        jobject certObj;
-
-        node = head;
-
-        PR_ASSERT(i < len);
-        PR_ASSERT(node->cert != NULL);
-
-        /* Convert C cert to Java cert */
-        certObj = JSS_PK11_wrapCert(env, &node->cert);
-        PR_ASSERT( node->cert == NULL );
-        if(certObj == NULL) {
-            PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL );
-            goto finish;
-        }
-
-        /* Insert Java cert into array */
-        (*env)->SetObjectArrayElement(env, certArray, i, certObj);
-        if( (*env)->ExceptionOccurred(env) ) {
-            goto finish;
-        }
-
-        /* Free this list element */
-        head = head->next;
-        PR_Free(node);
-    }
-
-    goto finish;
-no_memory:
-    JSS_throw(env, OUT_OF_MEMORY_ERROR);
-finish:
-    /* Free the linked list of certs if it hasn't been deleted already */
-    while(head != NULL) {
-        node = head;
-        head = head->next;
-        if (node->cert != NULL) {
-            CERT_DestroyCertificate(node->cert);
-        }
-        PR_Free(node);
-    }
-
-    return certArray;
-}
-
-/*****************************************************************
- *
- * CryptoManager. b u i l d C e r t i f i c a t e C h a i n N a t i v e
- *
- * INPUTS:
- *      env
- *          The JNI environment. Must not be NULL.
- *      this
- *          The PK11Finder object. Must not be NULL.
- *      leafCert
- *          A PK11Cert object from which a cert chain will be built.
- *          Must not be NULL.
- * RETURNS:
- *      NULL if an exception occurred, or
- *      An array of PK11Certs, the cert chain, with the leaf at the bottom.
- *      There will always be at least one element in the array (the leaf).
- */
-JNIEXPORT jobjectArray JNICALL
-Java_org_mozilla_jss_CryptoManager_buildCertificateChainNative
-    (JNIEnv *env, jobject this, jobject leafCert)
-{
-    PRThread *pThread;
-    CERTCertificate *leaf;
-    jobjectArray chainArray=NULL;
-    CERTCertDBHandle *certdb;
-
-    pThread = PR_AttachThread(PR_SYSTEM_THREAD, 0, NULL);
-    PR_ASSERT(pThread != NULL);
-
-    PR_ASSERT(env!=NULL && this!=NULL && leafCert!=NULL);
-
-    if( JSS_PK11_getCertPtr(env, leafCert, &leaf) != PR_SUCCESS) {
-        JSS_throwMsgPrErr(env, CERTIFICATE_EXCEPTION,
-            "Could not extract pointer from PK11Cert");
-        goto finish;
-    }
-    PR_ASSERT(leaf!=NULL);
-
-    certdb = CERT_GetDefaultCertDB();
-    if(certdb == NULL) {
-        PR_ASSERT(PR_FALSE);
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "No default certificate database has been registered");
-        goto finish;
-    }
-
-    /* Get the cert chain */
-    chainArray = cert_chain_from_cert(env, certdb, leaf);
-    if(chainArray == NULL) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
-        goto finish;
-    }
-
-finish:
-
-    PR_DetachThread();
-    return chainArray;
-}
-
-/***********************************************************************
- * DERCertCollection
- */
-typedef struct {
-    SECItem *derCerts;
-    int numCerts;
-} DERCertCollection;
-
-/***********************************************************************
- * c o l l e c t _ c e r t s
- *
- * Copies certs into a new array.
- *
- * 'arg' is a pointer to a DERCertCollection structure, which will be filled in.
- * 'certs' is an array of pointers to SECItems.
- */
-static SECStatus
-collect_der_certs(void *arg, SECItem **certs, int numcerts)
-{
-    int itemsCopied=0;
-    SECItem *certCopies; /* array of SECItem */
-    SECStatus rv;
-
-    PR_ASSERT(arg!=NULL);
-
-    certCopies = PR_MALLOC( sizeof(SECItem) * numcerts);
-    ((DERCertCollection*)arg)->derCerts = certCopies;
-    ((DERCertCollection*)arg)->numCerts = numcerts;
-    if(certCopies == NULL) {
-        return SECFailure;
-    }
-    for(itemsCopied=0; itemsCopied < numcerts; itemsCopied++) {
-        rv=SECITEM_CopyItem(NULL, &certCopies[itemsCopied], certs[itemsCopied]);
-        if( rv == SECFailure ) {
-            goto loser;
-        }
-    }
-    PR_ASSERT(itemsCopied == numcerts);
-
-    return SECSuccess;
-
-loser:
-    for(; itemsCopied >= 0; itemsCopied--) {
-        SECITEM_FreeItem( &certCopies[itemsCopied], PR_FALSE /*freeit*/);
-    }
-    PR_Free( certCopies );
-    ((DERCertCollection*)arg)->derCerts = NULL;
-    ((DERCertCollection*)arg)->numCerts = 0;
-    return SECFailure;
-}
-
-/***********************************************************************
- * CryptoManager.importCertToPerm
- *  - add the certificate to the permanent database
- *
- * throws TOKEN_EXCEPTION
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_CryptoManager_importCertToPermNative
-    (JNIEnv *env, jobject this, jobject cert, jstring nickString)
-{
-    SECStatus rv;
-    CERTCertificate *oldCert;
-    jobject          result=NULL;
-    char *nickname=NULL;
-    CERTCertificate **certArray = NULL;
-    SECItem *derCertArray[1];
-    PK11SlotInfo *slot;
-
-    /* first, get the NSS cert pointer from the 'cert' object */
-
-    if ( JSS_PK11_getCertPtr(env, cert, &oldCert) != PR_SUCCESS) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
-        goto finish;
-    }
-    PR_ASSERT(oldCert != NULL);
-
-    if (nickString != NULL) {
-        nickname = (char*) (*env)->GetStringUTFChars(env, nickString, NULL);
-    }
-    /* Then, add to permanent database */
-
-    derCertArray[0] = &oldCert->derCert;
-    rv = CERT_ImportCerts(CERT_GetDefaultCertDB(), -1 /* usage */,
-            1, derCertArray, &certArray, PR_TRUE /*keepCerts*/,
-            PR_FALSE /*caOnly*/, nickname);
-    if( rv != SECSuccess || certArray == NULL || certArray[0] == NULL) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Unable to insert certificate"
-                " into permanent database");
-        goto finish;
-    }
-    slot = PK11_GetInternalKeySlot();  /* the permanent database token */
-    result = JSS_PK11_wrapCertAndSlot(env, &certArray[0], &slot);
-
-finish:
-    /* this checks for NULL */
-    CERT_DestroyCertArray(certArray, 1);
-    if (nickname != NULL) {
-        (*env)->ReleaseStringUTFChars(env, nickString, nickname);
-    }
-    return result;
-}
-
-static unsigned char*
-data_start(unsigned char *buf, int length, unsigned int *data_length,
-    PRBool includeTag)
-{
-    unsigned char tag;
-    int used_length= 0;
-
-    tag = buf[used_length++];
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-        return NULL;
-    }
-
-    *data_length = buf[used_length++];
-
-    if (*data_length&0x80) {
-        int  len_count = *data_length & 0x7f;
-
-        *data_length = 0;
-
-        while (len_count-- > 0) {
-            *data_length = (*data_length << 8) | buf[used_length++];
-        }
-    }
-
-    if (*data_length > (length-used_length) ) {
-        *data_length = length-used_length;
-        return NULL;
-    }
-    if (includeTag) *data_length += used_length;
-
-    return (buf + (includeTag ? 0 : used_length));
-}
-
-static PRStatus
-getCertFields(SECItem *derCert, SECItem *issuer,
-                     SECItem *serial, SECItem *subject)
-{
-    unsigned char *buf;
-    unsigned int buf_length;
-    unsigned char *date;
-    unsigned int datelen;
-    unsigned char *cert = derCert->data;
-    unsigned int cert_length = derCert->len;
-
-    /* get past the signature wrap */
-    buf = data_start(cert,cert_length,&buf_length,PR_FALSE);
-    if (buf == NULL) return PR_FAILURE;
-
-    /* get into the raw cert data */
-    buf = data_start(buf,buf_length,&buf_length,PR_FALSE);
-    if (buf == NULL) return PR_FAILURE;
-
-    /* skip past any optional version number */
-    if ((buf[0] & 0xa0) == 0xa0) {
-        date = data_start(buf,buf_length,&datelen,PR_FALSE);
-        if (date == NULL) return PR_FAILURE;
-        buf_length -= (date-buf) + datelen;
-        buf = date + datelen;
-    }
-
-    /* serial number */
-    serial->data = data_start(buf,buf_length,&serial->len,PR_FALSE);
-    if (serial->data == NULL) return PR_FAILURE;
-    buf_length -= (serial->data-buf) + serial->len;
-    buf = serial->data + serial->len;
-
-    /* skip the OID */
-    date = data_start(buf,buf_length,&datelen,PR_FALSE);
-    if (date == NULL) return PR_FAILURE;
-    buf_length -= (date-buf) + datelen;
-    buf = date + datelen;
-
-    /* issuer */
-    issuer->data = data_start(buf,buf_length,&issuer->len,PR_TRUE);
-    if (issuer->data == NULL) return PR_FAILURE;
-    buf_length -= (issuer->data-buf) + issuer->len;
-    buf = issuer->data + issuer->len;
-
-    /* skip the date */
-    date = data_start(buf,buf_length,&datelen,PR_FALSE);
-    if (date == NULL) return PR_FAILURE;
-    buf_length -= (date-buf) + datelen;
-    buf = date + datelen;
-
-    /*subject */
-    subject->data=data_start(buf,buf_length,&subject->len,PR_TRUE);
-    if (subject->data == NULL) return PR_FAILURE;
-    buf_length -= (subject->data-buf) + subject->len;
-    buf = subject->data +subject->len;
-
-    /*subject */
-    return PR_SUCCESS;
-}
-
-
-/**
- * Returns
- *   -1 if operation error.
- *    0 if no leaf found.
- *    1 if leaf is found
- */
-static int find_child_cert(
-  CERTCertDBHandle *certdb,
-  SECItem *derCerts,
-  int numCerts,
-  int *linked,
-  int cur_link,
-  int *leaf_link
-)
-{
-    int i;
-    int status = 0;
-    SECItem parentIssuer, parentSerial, parentSubject;
-    PRStatus decodeStatus;
-
-    decodeStatus = getCertFields(&derCerts[cur_link], &parentIssuer,
-        &parentSerial, &parentSubject);
-    if( decodeStatus != PR_SUCCESS ) {
-        status = -1;
-        goto finish;
-    }
-
-    for (i=0; i<numCerts; i++) {
-        SECItem childIssuer, childSerial, childSubject;
-
-        if (linked[i] == 1) {
-            continue;
-        }
-        status = getCertFields(&derCerts[i], &childIssuer, &childSerial,
-                                &childSubject);
-        if( status != PR_SUCCESS ) {
-            status = -1;
-            goto finish;
-        }
-        if (SECITEM_CompareItem(&parentSubject, &childIssuer) == SECEqual) {
-            linked[i] = 1;
-            *leaf_link = i;
-            status = 1; /* got it */
-            goto finish;
-        }
-      }
-
-finish:
-    /* nothing allocated, nothing freed */
-    return status;
-}
-
-/**
- * This function handles unordered certificate chain also.
- * Return:
- *   1 on success
- *   0 otherwise
- */
-static int find_leaf_cert(
-  CERTCertDBHandle *certdb,
-  SECItem *derCerts,
-  int numCerts,
-  SECItem *theDerCert
-)
-{
-    int status = 1;
-    int found;
-    int i;
-    int cur_link, leaf_link;
-    int *linked = NULL;
-
-    linked = PR_Malloc( sizeof(int) * numCerts );
-
-    /* initialize the bitmap */
-    for (i = 0; i < numCerts; i++) {
-      linked[i] = 0;
-    }
-
-    /* pick the first cert to start with */
-    leaf_link = 0;
-    cur_link = leaf_link;
-    linked[leaf_link] = 1;
-
-    while (((found = find_child_cert(certdb,
-       derCerts, numCerts, linked, cur_link, &leaf_link)) == 1))
-    {
-        cur_link = leaf_link;
-    }
-    if (found == -1) {
-        /* the certificate chain is problematic! */
-        status = 0;
-        goto finish;
-    }
-
-    *theDerCert = derCerts[leaf_link];
-
-finish:
-
-    if (linked != NULL) {
-        PR_Free(linked);
-    }
-
-    return status;
-} /* find_leaf_cert */
-
-/***********************************************************************
- * CryptoManager.importCertPackage
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_CryptoManager_importCertPackageNative
-    (JNIEnv *env, jobject this, jbyteArray packageArray, jstring nickString,
-     jboolean noUser, jboolean leafIsCA)
-{
-    SECItem *derCerts=NULL;
-    int certi= -1;
-    SECItem theDerCert;
-    int numCerts;
-    jbyte *packageBytes=NULL;
-    jsize packageLen;
-    SECStatus status;
-    int i, userCertFound = 0;
-    DERCertCollection collection;
-    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
-    CK_OBJECT_HANDLE keyID;
-    PK11SlotInfo *slot=NULL;
-    char *nickChars = NULL;
-    jobject leafObject=NULL;
-    CERTIssuerAndSN issuerAndSN;
-    PRStatus decodeStatus;
-    SECItem leafSubject;
-    CERTCertificate *leafCert = NULL;
-
-    /***************************************************
-     * Validate arguments
-     ***************************************************/
-    PR_ASSERT( env!=NULL && this!=NULL );
-    if(packageArray == NULL) {
-        PR_ASSERT(PR_FALSE);
-        JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
-            "Certificate package is NULL");
-        goto finish;
-    }
-    PR_ASSERT(certdb != NULL);
-
-    /***************************************************
-     * Convert package from byte array to jbyte*
-     ***************************************************/
-    packageBytes = (*env)->GetByteArrayElements(env, packageArray, NULL);
-    if(packageBytes == NULL) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) );
-        goto finish;
-    }
-    packageLen = (*env)->GetArrayLength(env, packageArray);
-
-    /***************************************************
-     * Decode package with NSS function
-     ***************************************************/
-    status = CERT_DecodeCertPackage((char*) packageBytes,
-                                    (int) packageLen,
-                                    collect_der_certs,
-                                    (void*) &collection);
-    if( status != SECSuccess  || collection.numCerts < 1 ) {
-        if( (*env)->ExceptionOccurred(env) == NULL) {
-            JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "Security library failed to decode certificate package");
-        }
-        goto finish;
-    }
-    derCerts = collection.derCerts;
-    numCerts = collection.numCerts;
-
-    /***************************************************
-     * convert nickname to char*
-     ***************************************************/
-    if(nickString == NULL) {
-        nickChars = NULL;
-    } else {
-        nickChars = (char*) (*env)->GetStringUTFChars(env, nickString, NULL);
-    }
-
-    /***************************************************
-     * user cert can be anywhere in the cert chain. loop and find it.
-     * The point is to find the user cert with keys on the db, then
-     * treat the other certs in the chain as CA certs to import.
-     * The real order of the cert chain shouldn't matter, and shouldn't
-     * be assumed, and the real location of this user cert in the chain,
-     * if present, shouldn't be assumed either.
-     ***************************************************/
-    if (numCerts > 1) {
-        for (certi=0; certi<numCerts; certi++) {
-            slot = PK11_KeyForDERCertExists(&derCerts[certi], &keyID, NULL);
-            if (slot != NULL) { /* found the user cert */
-                theDerCert = derCerts[certi];
-                /*certi now indicates the location of our user cert in chain*/
-                break;
-            }
-
-        } /* end for */
-
-        /* (NO_USER_CERT_HANDLING)
-         Handles the case when the user certificate is not in
-         the certificate chain.
-        */
-        if ((slot == NULL)) { /* same as "noUser = 1" */
-            /* #397713 */
-            if (!find_leaf_cert(certdb, derCerts,
-                    numCerts, &theDerCert))
-            {
-                JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                    "Failed to locate leaf certificate in chain");
-                goto finish;
-            }
-        }
-
-    } else {/* numCerts <= 1 */
-        theDerCert = derCerts[0];
-        certi = 0;
-    }
-
-    /***************************************************
-     * Create a new cert structure for the leaf cert
-     ***************************************************/
-
-    /* get issuer and serial number of leaf certificate */
-    decodeStatus = getCertFields(&theDerCert, &issuerAndSN.derIssuer,
-        &issuerAndSN.serialNumber, &leafSubject);
-    if( decodeStatus != PR_SUCCESS ) {
-        JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-            "Failed to extract issuer and serial number from certificate");
-        goto finish;
-    }
-
-    /***************************************************
-     * Is this a user cert?
-     ***************************************************/
-    if(noUser) {
-        slot = NULL;
-    } else {
-        slot = PK11_KeyForDERCertExists(&theDerCert, &keyID, NULL);
-    }
-    if( slot == NULL ) {
-        if( !noUser && !CERT_IsCADERCert(&theDerCert, NULL)) {
-            /*****************************************
-             * This isn't a CA cert, but it also doesn't have a matching
-             * key, so it's supposed to be a user cert but it has failed
-             * miserably at its calling.
-             *****************************************/
-            JSS_throwMsgPrErr(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION,
-                    "Expected user cert but no matching key?");             
-            goto finish;
-        }
-    } else {
-        /***************************************************
-         * We have a user cert, import it
-         ***************************************************/
-
-        /***************************************************
-         * Check for nickname conflicts
-         ***************************************************/
-        if( SEC_CertNicknameConflict(nickChars, &leafSubject, certdb))
-        {
-            JSS_throw(env, NICKNAME_CONFLICT_EXCEPTION);
-            goto finish;
-        }
-
-        /***************************************************
-         * Import this certificate onto its token.
-         ***************************************************/
-        PK11_FreeSlot(slot);
-        slot = PK11_ImportDERCertForKey(&theDerCert, nickChars, NULL);
-        if( slot == NULL ) {
-            /* We already checked for this, shouldn't fail here */
-            if(PR_GetError() == SEC_ERROR_ADDING_CERT) {
-                PR_ASSERT(PR_FALSE);
-                JSS_throwMsgPrErr(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION, 
-                     "PK11_ImportDERCertForKey SEC_ERROR_ADDING_CERT");
-            } else {
-                JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-                        "PK11_ImportDERCertForKey Unable to "
-                        "import certificate to its token");
-            }
-            goto finish;
-        }
-
-        if( ! leafIsCA ) {
-            ++userCertFound;
-        }
-    }
-
-    /***************************************************
-     * Now add the rest of the certs (which should all be CAs)
-     ***************************************************/
-    if( numCerts-userCertFound>= 1 ) {
-
-      if (certi == 0) {
-        status = CERT_ImportCAChainTrusted(derCerts+userCertFound,
-                                    numCerts-userCertFound,
-                                    certUsageUserCertImport);
-        if(status != SECSuccess) {
-            JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "CERT_ImportCAChainTrusted returned an error");
-            goto finish;
-        }
-      } else if (certi == numCerts) {
-        status = CERT_ImportCAChainTrusted(derCerts,
-                                    numCerts-userCertFound,
-                                    certUsageUserCertImport);
-        if(status != SECSuccess) {
-            JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "CERT_ImportCAChainTrusted returned an error");
-            goto finish;
-        }
-      } else {
-        status = CERT_ImportCAChainTrusted(derCerts,
-                   certi,
-                   certUsageUserCertImport);
-        if(status != SECSuccess) {
-            JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "CERT_ImportCAChainTrusted returned an error");
-            goto finish;
-        }
-
-        status = CERT_ImportCAChainTrusted(derCerts+certi+1,
-                   numCerts-certi-1,
-                   certUsageUserCertImport);
-        if(status != SECSuccess) {
-            JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "CERT_ImportCAChainTrusted returned an error");
-            goto finish;
-        }
-
-      }
-
-    }
-
-    /***************************************************
-     * Now lookup the leaf cert and make it into a Java object.
-     ***************************************************/
-    if(slot) {
-        PK11_FreeSlot(slot);
-    }
-    leafCert = PK11_FindCertByIssuerAndSN(&slot, &issuerAndSN, NULL);
-    if( leafCert == NULL ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to find certificate that was just imported");
-        goto finish;
-    }
-    leafObject = JSS_PK11_wrapCertAndSlot(env, &leafCert, &slot);
-
-finish:
-    if(slot!=NULL) {
-        PK11_FreeSlot(slot);
-    }
-    if(derCerts != NULL) {
-        for(i=0; i < numCerts; i++) {
-            SECITEM_FreeItem(&derCerts[i], PR_FALSE /*freeit*/);
-        }
-        PR_Free(derCerts);
-    }
-    if(packageBytes != NULL) {
-        (*env)->ReleaseByteArrayElements(env, packageArray, packageBytes,
-                                            JNI_ABORT); /* don't copy back */
-    }
-    if(leafCert != NULL) {
-        CERT_DestroyCertificate(leafCert);
-    }
-
-    return leafObject;
-}
-
-/**********************************************************************
- * PKCS #7 Encoding data structures
- */
-typedef struct BufferNodeStr {
-    char *data;
-    unsigned long len;
-    struct BufferNodeStr *next;
-} BufferNode;
-
-typedef struct {
-    BufferNode *head;
-    BufferNode *tail;
-    unsigned long totalLen;
-} EncoderCallbackInfo;
-
-/**********************************************************************
- * c r e a t e E n c o d e r C a l l b a c k I n f o
- *
- * Constructor for EncoderCallbackInfo structure.
- * Returns NULL if it runs out of memory, otherwise a new EncoderCallbackInfo.
- */
-static EncoderCallbackInfo*
-createEncoderCallbackInfo()
-{
-    EncoderCallbackInfo *info;
-
-    info = PR_Malloc( sizeof(EncoderCallbackInfo) );
-    if( info == NULL ) {
-        return NULL;
-    }
-    info->head = info->tail = NULL;
-    info->totalLen = 0;
-
-    return info;
-}
-
-/***********************************************************************
- * d e s t r o y E n c o d e r C a l l b a c k I n f o
- *
- * Destructor for EncoderCallbackInfo structure.
- */
-static void
-destroyEncoderCallbackInfo(EncoderCallbackInfo *info)
-{
-    BufferNode *node;
-
-    PR_ASSERT(info != NULL);
-
-    while(info->head != NULL) {
-        node = info->head;
-        info->head = info->head->next;
-
-        if(node->data) {
-            PR_Free(node->data);
-        }
-        PR_Free(node);
-    }
-    PR_Free(info);
-}
-
-/***********************************************************************
- * e n c o d e r O u t p u t C a l l b a c k
- *
- * Called by the PKCS #7 encoder whenever output is available.
- * Appends the output to a linked list.
- */
-static void
-encoderOutputCallback( void *arg, const char *buf, unsigned long len)
-{
-    BufferNode *node;
-    EncoderCallbackInfo *info;
-
-    /***************************************************
-     * validate arguments
-     ***************************************************/
-    PR_ASSERT(arg!=NULL);
-    info = (EncoderCallbackInfo*) arg;
-    if(len == 0) {
-        return;
-    }
-    PR_ASSERT(buf != NULL);
-
-    /***************************************************
-     * Create a new node to store this information
-     ***************************************************/
-    node = PR_NEW( BufferNode );
-    if( node == NULL ) {
-        PR_ASSERT(PR_FALSE);
-        goto finish;
-    }
-    node->len = len;
-    node->data = PR_Malloc( len );
-    if( node->data == NULL ) {
-        PR_ASSERT(PR_FALSE);
-        goto finish;
-    }
-    memcpy( node->data, buf, len );
-    node->next = NULL;
-
-    /***************************************************
-     * Stick the new node onto the end of the list
-     ***************************************************/
-    if( info->head == NULL ) {
-        PR_ASSERT(info->tail == NULL);
-
-        info->head = info->tail = node;
-    } else {
-        PR_ASSERT(info->tail != NULL);
-        info->tail->next = node;
-        info->tail = node;
-    }
-    node = NULL;
-
-    info->totalLen += len;
-
-finish:
-    if(node != NULL) {
-        if( node->data != NULL) {
-            PR_Free(node->data);
-        }
-        PR_Free(node);
-    }
-    return;
-}
-
-/***********************************************************************
- * CryptoManager.exportCertsToPKCS7
- */
-JNIEXPORT jbyteArray JNICALL
-Java_org_mozilla_jss_CryptoManager_exportCertsToPKCS7
-    (JNIEnv *env, jobject this, jobjectArray certArray)
-{
-    int i, certcount;
-    SEC_PKCS7ContentInfo *cinfo=NULL;
-    CERTCertificate *cert;
-    jclass certClass;
-    jbyteArray pkcs7ByteArray=NULL;
-    jbyte *pkcs7Bytes=NULL;
-    EncoderCallbackInfo *info=NULL;
-    SECStatus status;
-
-    /**************************************************
-     * Validate arguments
-     **************************************************/
-    PR_ASSERT(env!=NULL && this!=NULL);
-    if(certArray == NULL) {
-        JSS_throw(env, NULL_POINTER_EXCEPTION);
-        goto finish;
-    }
-
-    certcount = (*env)->GetArrayLength(env, certArray);
-    if(certcount < 1) {
-        JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
-            "At least one certificate must be passed to exportCertsToPKCS7");
-        goto finish;
-    }
-
-    /*
-     * JNI ID lookup
-     */
-    certClass = (*env)->FindClass(env, CERT_CLASS_NAME);
-    if(certClass == NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /***************************************************
-     * Add each cert to the PKCS #7 context.  Create the context
-     * for the first cert.
-     ***************************************************/
-    for(i=0; i < certcount; i++) {
-        jobject certObject;
-
-        certObject = (*env)->GetObjectArrayElement(env, certArray, i);
-        if( (*env)->ExceptionOccurred(env) != NULL) {
-            goto finish;
-        }
-        PR_ASSERT( certObject != NULL );
-
-        /*
-         * Make sure this is a PK11Cert
-         */
-        if( ! (*env)->IsInstanceOf(env, certObject, certClass) ) {
-            JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
-                "Certificate was not a PK11 Certificate");
-            goto finish;
-        }
-
-        /*
-         * Convert it to a CERTCertificate
-         */
-        if( JSS_PK11_getCertPtr(env, certObject, &cert) != PR_SUCCESS) {
-            JSS_trace(env, JSS_TRACE_ERROR,
-                "Unable to convert Java certificate to CERTCertificate");
-            goto finish;
-        }
-        PR_ASSERT(cert != NULL);
-
-        if( i == 0 ) {
-            /*
-             * First certificate: create a new PKCS #7 cert-only context
-             */
-            PR_ASSERT(cinfo == NULL);
-            cinfo = SEC_PKCS7CreateCertsOnly(cert,
-                                         PR_FALSE, /* don't include chain */
-                                         NULL /* cert db */ );
-            if(cinfo == NULL) {
-                JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                    "Failed to create PKCS #7 encoding context");
-                goto finish;
-            }
-        } else {
-            /*
-             * All remaining certificates: add cert to context
-             */
-            PR_ASSERT(cinfo != NULL);
-
-            if( SEC_PKCS7AddCertificate(cinfo, cert) != SECSuccess ) {
-                JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-                    "Failed to add certificate to PKCS #7 encoding context");
-                goto finish;
-            }
-        }
-    }
-    PR_ASSERT( i == certcount );
-    PR_ASSERT( cinfo != NULL );
-
-    /**************************************************
-     * Encode the PKCS #7 context into its DER encoding
-     **************************************************/
-    info = createEncoderCallbackInfo();
-    if(info == NULL) {
-        JSS_throw(env, OUT_OF_MEMORY_ERROR);
-        goto finish;
-    }
-
-    status = SEC_PKCS7Encode(cinfo,
-                             encoderOutputCallback,
-                             (void*)info,
-                             NULL /* bulk key */,
-                             NULL /* password function */,
-                             NULL /* password function arg */ );
-    if( status != SECSuccess ) {
-        JSS_throwMsgPrErr(env, CERTIFICATE_ENCODING_EXCEPTION,
-            "Failed to encode PKCS #7 context");
-    }
-    /* Make sure we got at least some data from the encoder */
-    PR_ASSERT(info->totalLen > 0);
-    PR_ASSERT(info->head != NULL);
-
-    /**************************************************
-     * Create a new byte array to hold the encoded PKCS #7
-     **************************************************/
-    pkcs7ByteArray = (*env)->NewByteArray(env, info->totalLen);
-    if(pkcs7ByteArray == NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    pkcs7Bytes = (*env)->GetByteArrayElements(env, pkcs7ByteArray, NULL);
-    if(pkcs7Bytes == NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /**************************************************
-     * Copy the PKCS #7 encoding into the byte array
-     **************************************************/
-    {
-        BufferNode *node;
-        unsigned long processed=0;
-
-        for(node=info->head; node!=NULL; node = node->next) {
-            PR_ASSERT(processed < info->totalLen);
-            PR_ASSERT(node->data != NULL);
-            PR_ASSERT(node->len > 0);
-            memcpy(pkcs7Bytes+processed, node->data, node->len);
-            processed += node->len;
-        }
-        PR_ASSERT( processed == info->totalLen );
-    }
-
-finish:
-    /**************************************************
-     * Free allocated resources
-     **************************************************/
-    if( cinfo != NULL) {
-        SEC_PKCS7DestroyContentInfo(cinfo);
-    }
-    if(pkcs7Bytes != NULL) {
-        PR_ASSERT(pkcs7ByteArray != NULL);
-        (*env)->ReleaseByteArrayElements(env, pkcs7ByteArray, pkcs7Bytes, 0);
-    }
-    if( info != NULL ) {
-        destroyEncoderCallbackInfo(info);
-    }
-
-    /**************************************************
-     * Return the PKCS #7 information in a byte array, or NULL if an
-     * exception occurred
-     **************************************************/
-    PR_ASSERT( (*env)->ExceptionOccurred(env)!=NULL || pkcs7ByteArray!=NULL );
-    return pkcs7ByteArray;
-}
-
-/***************************************************************************
- * getCerts
- *
- * Gathers all certificates of the given type into a Java array.
- */
-static jobjectArray
-getCerts(JNIEnv *env, PK11CertListType type)
-{
-    jobjectArray certArray = NULL;
-    jclass certClass;
-    jobject certObject;
-    CERTCertList *certList = NULL;
-    CERTCertListNode *node;
-    int numCerts, i;
-
-    certList = PK11_ListCerts(type, NULL);
-    if( certList == NULL ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Unable to list certificates");
-        goto finish;
-    }
-
-    /* first count the damn certs */
-    numCerts = 0;
-    for( node = CERT_LIST_HEAD(certList); ! CERT_LIST_END(node, certList);
-            node = CERT_LIST_NEXT(node) ) {
-        ++numCerts;
-    }
-
-    /**************************************************
-     * Create array of Java certificates
-     **************************************************/
-    certClass = (*env)->FindClass(env, X509_CERT_CLASS);
-    if(certClass == NULL) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    certArray = (*env)->NewObjectArray( env,
-                                        numCerts,
-                                        certClass,
-                                        NULL );
-    if( certArray == NULL ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-    PR_ASSERT( (*env)->ExceptionOccurred(env) == NULL );
-
-
-    /**************************************************
-     * Put all the certs in the array
-     **************************************************/
-    i = 0;
-    for( node = CERT_LIST_HEAD(certList); ! CERT_LIST_END(node, certList);
-            node = CERT_LIST_NEXT(node) ) {
-
-        PR_ASSERT( i < numCerts );
-
-        certObject = JSS_PK11_wrapCert(env, &(node->cert));
-        if( certObject == NULL ) {
-            goto finish;
-        }
-        (*env)->SetObjectArrayElement(env, certArray, i, certObject);
-        if( (*env)->ExceptionOccurred(env) ) {
-            goto finish;
-        }
-        ++i;
-
-    }
-    PR_ASSERT( i == numCerts );
-
-finish:
-    if( certList != NULL ) {
-        CERT_DestroyCertList(certList);
-    }
-
-    return certArray;
-}
-
-
-/***********************************************************************
- * CryptoManager.getCACerts
- */
-JNIEXPORT jobjectArray JNICALL
-Java_org_mozilla_jss_CryptoManager_getCACerts
-    (JNIEnv *env, jobject this)
-{
-    return getCerts(env, PK11CertListCA);
-}
-
-/***********************************************************************
- * CryptoManager.getPermCerts
- */
-JNIEXPORT jobjectArray JNICALL
-Java_org_mozilla_jss_CryptoManager_getPermCerts
-    (JNIEnv *env, jobject this)
-{
-    return getCerts(env, PK11CertListUnique);
-}
-
-
- /* Imports a CRL, and stores it into the cert7.db
-  *
-  * @param the DER-encoded CRL.
-  */
-
-
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_importCRLNative
-    (JNIEnv *env, jobject this,
-        jbyteArray der_crl, jstring url_jstr, jint rl_type)
-
-{
-    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
-    CERTSignedCrl *crl = NULL;
-    SECItem *packageItem = NULL;
-    int status = SECFailure;
-    char *url;
-    char *errmsg = NULL;
-
-    /***************************************************
-     * Validate arguments
-     ***************************************************/
-    PR_ASSERT( env!=NULL && this!=NULL );
-    if(der_crl == NULL) {
-        PR_ASSERT(PR_FALSE);
-        /* XXX need new exception here */
-        JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
-            "CRL package is NULL");
-        goto finish;
-    }
-    PR_ASSERT(certdb != NULL);
-
-    /* convert CRL byte[] into secitem */
-
-    packageItem = JSS_ByteArrayToSECItem(env, der_crl);
-    if ( packageItem == NULL ) {
-        goto finish;
-    }
-    /* XXX need to deal with if error */
-
-    if (url_jstr != NULL) {
-        url = (char*) (*env)->GetStringUTFChars(env, url_jstr, NULL);
-        PR_ASSERT(url!=NULL);
-    }
-    else {
-        url = NULL;
-    }
-
-    crl = CERT_ImportCRL( certdb, packageItem, url, rl_type, NULL);
-
-    if( crl == NULL ) {
-        status = PR_GetError();
-        errmsg = NULL;
-        switch (status) {
-            case SEC_ERROR_OLD_CRL:
-            case SEC_ERROR_OLD_KRL:
-                /* not an error - leave as NULL */
-                errmsg = NULL;
-                goto finish;
-            case SEC_ERROR_CRL_EXPIRED:
-                errmsg = "CRL Expired";
-                break;
-            case SEC_ERROR_KRL_EXPIRED:
-                errmsg = "KRL Expired";
-                break;
-            case SEC_ERROR_CRL_NOT_YET_VALID:
-                errmsg = "CRL Not yet valid";
-                break;
-            case SEC_ERROR_KRL_NOT_YET_VALID:
-                errmsg = "KRL Not yet valid";
-                break;
-            case SEC_ERROR_CRL_INVALID:
-                errmsg = "Invalid encoding of CRL";
-                break;
-            case SEC_ERROR_KRL_INVALID:
-                errmsg = "Invalid encoding of KRL";
-                break;
-            case SEC_ERROR_BAD_DATABASE:
-                errmsg = "Database error";
-                break;
-            default:
-                /* printf("NSS ERROR = %d\n",status);  */
-                errmsg = "Failed to import Revocation List";
-            }
-        if (errmsg) {
-            JSS_throwMsgPrErr(env, CRL_IMPORT_EXCEPTION, errmsg);
-        }
-    }
-
-finish:
-
-    if (packageItem) {
-        SECITEM_FreeItem(packageItem, PR_TRUE /*freeit*/);
-    }
-
-    if(url != NULL) {
-        (*env)->ReleaseStringUTFChars(env, url_jstr, url);
-    }
-
-    if (crl) {
-        SEC_DestroyCrl(crl);
-    }
-}
-
-/***********************************************************************
- * CryptoManager.verifyCertNowNative
- *
- * Returns JNI_TRUE if success, JNI_FALSE otherwise
- */
-JNIEXPORT jboolean JNICALL
-Java_org_mozilla_jss_CryptoManager_verifyCertNowNative(JNIEnv *env,
-        jobject self, jstring nickString, jboolean checkSig, jint cUsage)
-{
-    SECStatus         rv    = SECFailure;
-    SECCertUsage      certUsage;
-    CERTCertificate   *cert=NULL;
-    char *nickname=NULL;
-
-    nickname = (char *) (*env)->GetStringUTFChars(env, nickString, NULL);
-    if( nickname == NULL ) {
-         goto finish;
-    }
-    certUsage = cUsage;
-    cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname);
-
-    if (cert == NULL) {
-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);
-        goto finish;
-    } else {
-        rv = CERT_VerifyCertNow(CERT_GetDefaultCertDB(), cert,
-            checkSig, certUsage, NULL );
-    }
-
-finish:
-    if(nickname != NULL) {
-      (*env)->ReleaseStringUTFChars(env, nickString, nickname);
-    }
-    if(cert != NULL) {
-       CERT_DestroyCertificate(cert);
-    }
-    if( rv == SECSuccess) {
-        return JNI_TRUE;
-    } else {
-        return JNI_FALSE;
-    }
-}
-
-/***********************************************************************
- * CryptoManager.verifyCertNative
- *
- * Returns JNI_TRUE if success, JNI_FALSE otherwise
- */
-JNIEXPORT jboolean JNICALL
-Java_org_mozilla_jss_CryptoManager_verifyCertTempNative(JNIEnv *env,
-     jobject self, jbyteArray packageArray,jboolean checkSig, jint cUsage)
-{
-    SECStatus         rv    = SECFailure;
-    SECCertUsage      certUsage;
-    SECItem *derCerts[2];
-    SECStatus status;
-    CERTCertificate **certArray = NULL;
-    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
-
-    /***************************************************
-     * Validate arguments
-     ***************************************************/
-    if (packageArray == NULL) {
-        JSS_throwMsg(env, CERTIFICATE_ENCODING_EXCEPTION,
-                     "Certificate package is NULL");
-        goto finish;
-    }
-    PR_ASSERT(certdb != NULL);
-
-    derCerts[0] = NULL;
-    derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray);
-    derCerts[1] = NULL;
-
-    rv = CERT_ImportCerts(certdb, cUsage,
-                          1, derCerts, &certArray, PR_FALSE /*temp Certs*/,
-                          PR_FALSE /*caOnly*/, NULL);
-
-    if ( rv != SECSuccess || certArray == NULL || certArray[0] == NULL) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Unable to insert certificate"
-                     " into temporary database");
-        goto finish;
-    }
-
-    certUsage = cUsage;
-    rv = CERT_VerifyCertNow(certdb, certArray[0],
-                            checkSig, certUsage, NULL );
-
-    finish:
-    /* this checks for NULL */
-    CERT_DestroyCertArray(certArray, 1);
-    if (derCerts[0]) {
-        SECITEM_FreeItem(derCerts[0], PR_TRUE /*freeit*/);
-    }
-    if ( rv == SECSuccess) {
-        return JNI_TRUE;
-    } else {
-        return JNI_FALSE;
-    }
-}
-
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/SecretDecoderRing/Decryptor.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-package org.mozilla.jss.SecretDecoderRing;
-
-import java.security.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import org.mozilla.jss.asn1.*;
-import org.mozilla.jss.pkix.primitive.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.TokenException;
-import java.io.*;
-
-/**
- * Decrypts data with the SecretDecoderRing.
- */
-public class Decryptor {
-    private CryptoToken token;
-    private KeyManager keyManager;
-
-    /**
-     * Creates a Decryptor for use with the given CryptoToken.
-     */
-    public Decryptor(CryptoToken token) {
-        this.token = token;
-        this.keyManager = new KeyManager(token);
-    }
-
-    /**
-     * Decrypts the given ciphertext. It must have been created previously
-     * with the SecretDecoderRing, either the JSS version or the NSS version.
-     * The key used for decryption must exist on the token that was passed
-     * into the constructor. The token will be searched for a key whose keyID
-     * matches the keyID in the encoded SecretDecoderRing result.
-     *
-     * @param ciphertext A DER-encoded Encoding object, created from a previous
-     *  call to Encryptor.encrypt(), or with the NSS SecretDecoderRing.
-     * @return The decrypted plaintext.
-     * @throws InvalidKeyException If no key can be found with the matching
-     *  keyID.
-     */
-    public byte[] decrypt(byte[] ciphertext)
-        throws CryptoManager.NotInitializedException,
-        GeneralSecurityException, TokenException
-    {
-        CryptoManager cm = CryptoManager.getInstance();
-        CryptoToken savedToken = cm.getThreadToken();
-
-        try {
-            cm.setThreadToken(token);
-
-            //
-            // decode ASN1
-            //
-            Encoding encoding = (Encoding)
-                ASN1Util.decode(Encoding.getTemplate(), ciphertext);
-
-            //
-            // lookup the algorithm
-            //
-            EncryptionAlgorithm alg = EncryptionAlgorithm.fromOID(
-                encoding.getEncryptionOID() );
-
-            //
-            // Lookup the key
-            //
-            SecretKey key = keyManager.lookupKey(alg, encoding.getKeyID());
-            if( key == null ) {
-                throw new InvalidKeyException("No matching key found");
-            }
-
-            //
-            // do the decryption
-            //
-            IvParameterSpec ivSpec = new IvParameterSpec(encoding.getIv());
-
-            Cipher cipher = Cipher.getInstance(alg.toString(),
-                Encryptor.PROVIDER);
-            cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
-
-            byte[] paddedPtext = cipher.doFinal(encoding.getCiphertext());
-            return org.mozilla.jss.crypto.Cipher.unPad(paddedPtext,
-                alg.getBlockSize() );
-        } catch(InvalidBERException ibe) {
-            throw new GeneralSecurityException(ibe.toString());
-        } catch(IllegalStateException ise) {
-            throw new GeneralSecurityException(ise.toString());
-        } catch(org.mozilla.jss.crypto.BadPaddingException bpe) {
-            throw new javax.crypto.BadPaddingException(bpe.getMessage());
-        } finally {
-            cm.setThreadToken(savedToken);
-        }
-    }
-
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/SecretDecoderRing/Encoding.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-package org.mozilla.jss.SecretDecoderRing;
-
-import java.security.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import org.mozilla.jss.asn1.*;
-import org.mozilla.jss.pkix.primitive.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import java.io.*;
-
-/**
- * An ASN.1 class for encoding the SecretDecoderRing result.
- * This class is used internally by the SecretDecoderRing. 
- * You need not use this class directly in order to use the SecretDecoderRing.
- */
-public class Encoding implements ASN1Value {
-    private SEQUENCE seq = new SEQUENCE();
-
-    private byte[] iv;
-    private OBJECT_IDENTIFIER encOID;
-    private byte[] ctext;
-    private byte[] keyID;
-
-    public Encoding(byte[] keyID, byte[] iv, OBJECT_IDENTIFIER encOID,
-            byte[] ctext)
-    {
-        this.keyID = keyID;
-        this.iv = iv;
-        this.encOID = encOID;
-        this.ctext = ctext;
-        AlgorithmIdentifier algID = new AlgorithmIdentifier(
-            encOID, new OCTET_STRING(iv) );
-        seq.addElement(new OCTET_STRING(keyID));
-        seq.addElement(algID);
-        seq.addElement(new OCTET_STRING(ctext));
-    }
-
-    public byte[] getKeyID() {
-        return keyID;
-    }
-
-    public byte[] getIv() {
-        return iv;
-    }
-
-    public OBJECT_IDENTIFIER getEncryptionOID() {
-        return encOID;
-    }
-
-    public byte[] getCiphertext() {
-        return ctext;
-    }
-        
-
-    public static final Tag TAG = SEQUENCE.TAG;
-    public Tag getTag() {
-        return TAG;
-    }
-
-    public void encode(OutputStream ostream) throws IOException {
-        encode(TAG, ostream);
-    }
-
-    public void encode(Tag implicitTag, OutputStream ostream)
-        throws IOException
-    {
-        seq.encode(implicitTag, ostream);
-    }
-
-    private static final Template templateInstance = new Template();
-    public static Template getTemplate() {
-        return templateInstance;
-    }
-
-    /**
-     * An ASN.1 class for decoding the SecretDecoderRing result.
-     * This class is used internally by the SecretDecoderRing. 
-     * You need not use this class directly in order to use the
-     * SecretDecoderRing.
-    */
-    public static class Template extends SEQUENCE.Template {
-        private SEQUENCE.Template template;
-
-        public Template() {
-            template = new SEQUENCE.Template();
-            template.addElement(OCTET_STRING.getTemplate() );
-            template.addElement(AlgorithmIdentifier.getTemplate() );
-            template.addElement(OCTET_STRING.getTemplate() );
-        }
-
-        public boolean tagMatch(Tag tag) {
-            return TAG.equals(tag);
-        }
-
-        public ASN1Value decode(InputStream istream)
-            throws IOException, InvalidBERException
-        {
-            return decode(TAG, istream);
-        }
-
-        public ASN1Value decode(Tag implicitTag, InputStream istream)
-            throws IOException, InvalidBERException
-        {
-            SEQUENCE seq = (SEQUENCE) template.decode(implicitTag, istream);
-
-            OCTET_STRING keyID = (OCTET_STRING) seq.elementAt(0);
-            AlgorithmIdentifier algID = (AlgorithmIdentifier)
-                seq.elementAt(1);
-            OCTET_STRING ivOS = (OCTET_STRING)
-                ((ANY)algID.getParameters()).decodeWith(
-                        OCTET_STRING.getTemplate());
-            OCTET_STRING ctextOS = (OCTET_STRING)seq.elementAt(2);
-
-            return new Encoding(keyID.toByteArray(),
-                ivOS.toByteArray(), algID.getOID(),
-                ctextOS.toByteArray());
-        }
-    }
-}
-
-
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/SecretDecoderRing/Encryptor.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-package org.mozilla.jss.SecretDecoderRing;
-
-import java.security.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import org.mozilla.jss.asn1.*;
-import org.mozilla.jss.pkix.primitive.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.TokenException;
-import java.io.*;
-
-/**
- * Encrypts data with the SecretDecoderRing.
- */
-public class Encryptor {
-
-    private CryptoToken token;
-    private byte[] keyID;
-    private SecretKey key;
-    private EncryptionAlgorithm alg;
-    private KeyManager keyManager;
-
-    /**
-     * The default encryption algorithm, currently DES3_CBC.
-     */
-    public static final EncryptionAlgorithm DEFAULT_ENCRYPTION_ALG
-        = EncryptionAlgorithm.DES3_CBC;
-
-    static final String PROVIDER = "Mozilla-JSS";
-    static final String RNG_ALG = "pkcs11prng";
-
-    /**
-     * Creates an Encryptor on the given CryptoToken, using the key with
-     * the given keyID and algorithm
-     * @param token The CryptoToken to use for encryption. The key must
-     *  reside on this token.
-     * @param keyID The keyID of the key to use for encryption. This key
-     *  must have been generated on this token with KeyManager.
-     * @param alg The EncryptionAlgorithm this key will be used for.
-     * @throws InvalidKeyException If no key exists on this token with this
-     *  keyID.
-     */
-    public Encryptor(CryptoToken token, byte[] keyID, EncryptionAlgorithm alg)
-            throws TokenException, InvalidKeyException
-    {
-        this.token = token;
-        this.keyID = keyID;
-        this.alg = alg;
-        this.keyManager = new KeyManager(token);
-
-        // make sure this key exists on the token
-        key = keyManager.lookupKey(alg, keyID);
-        if( key == null ) {
-            throw new InvalidKeyException("Key not found");
-        }
-
-        // make sure key matches algorithm
-        // !!! not sure how to do this
-    }
-
-    /**
-     * Encrypts a byte array.
-     * @param plaintext The plaintext bytes to be encrypted.
-     * @return The ciphertext. This is actually a DER-encoded Encoding
-     *  object. It contains the keyID, AlgorithmIdentifier, and the encrypted
-     *  plaintext. It is compatible with the SDRResult created by NSS's
-     *  SecretDecoderRing.
-     */
-    public byte[] encrypt(byte[] plaintext) throws
-            CryptoManager.NotInitializedException,
-            GeneralSecurityException,
-            InvalidBERException
-    {
-        CryptoManager cm = CryptoManager.getInstance();
-
-        CryptoToken savedToken = cm.getThreadToken();
-
-        try {
-            cm.setThreadToken(token);
-
-            //
-            // generate an IV
-            //
-            byte[] iv = new byte[alg.getIVLength()];
-            SecureRandom rng = SecureRandom.getInstance(RNG_ALG,
-                PROVIDER);
-            rng.nextBytes(iv);
-            IvParameterSpec ivSpec = new IvParameterSpec(iv);
-
-            //
-            // do the encryption
-            //
-            Cipher cipher = Cipher.getInstance(alg.toString(),PROVIDER);
-            cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-            byte[] paddedPtext = 
-                org.mozilla.jss.crypto.Cipher.pad(
-                    plaintext, alg.getBlockSize() );
-            byte[] rawCtext = cipher.doFinal(paddedPtext);
-
-            //
-            // package the encrypted content and IV
-            //
-            Encoding encoding =
-                new Encoding(keyID, iv, alg.toOID(), rawCtext);
-
-            return ASN1Util.encode(encoding);
-
-        } catch(IllegalStateException ise ) {
-            throw new GeneralSecurityException(ise.toString());
-        } finally {
-            cm.setThreadToken(savedToken);
-        }
-    }
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/SecretDecoderRing/KeyManager.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "_jni/org_mozilla_jss_SecretDecoderRing_KeyManager.h"
-#include <nspr.h>
-#include <secitem.h>
-#include <jss_exceptions.h>
-#include <jssutil.h>
-#include <pk11func.h>
-#include <pk11util.h>
-#include <Algorithm.h>
-
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_generateKeyNative
-    (JNIEnv *env, jobject this, jobject tokenObj, jobject algObj,
-    jbyteArray keyIDba, jint keySize)
-{
-    PK11SlotInfo *slot = NULL;
-    CK_MECHANISM_TYPE mech;
-    PK11SymKey *symk = NULL;
-    SECItem *keyID = NULL;
-
-    /* get the slot */
-    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS ) {
-        goto finish;
-    }
-
-    if( PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/)
-        != SECSuccess)
-    {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to login to token");
-        goto finish;
-    }
-
-    /* get the key ID */
-    keyID = JSS_ByteArrayToSECItem(env, keyIDba);
-    if( keyID == NULL ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /* get the algorithm */
-    mech = JSS_getPK11MechFromAlg(env, algObj);
-    if( mech == CKM_INVALID_MECHANISM) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to find PKCS #11 "
-            "mechanism for key generation algorithm");
-        goto finish;
-    }
-
-    /* generate the key */
-    symk = PK11_TokenKeyGen(slot, mech, NULL /*param*/, keySize, keyID,
-        PR_TRUE /* isToken */, NULL /*wincx*/);
-    if( symk == NULL ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to generate token symmetric key");
-        goto finish;
-    }
-
-
-finish:
-    if( symk != NULL ) {
-        PK11_FreeSymKey(symk);
-    }
-    if( keyID != NULL ) {
-        SECITEM_FreeItem(keyID, PR_TRUE /*freeit*/);
-    }
-    return;
-}
-
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_generateUniqueNamedKeyNative
-    (JNIEnv *env, jobject this, jobject tokenObj, jobject algObj,
-    jbyteArray keyIDba, jint keySize, jstring nickname)
-{
-    PK11SlotInfo *slot = NULL;
-    CK_MECHANISM_TYPE mech;
-    PK11SymKey *symk = NULL;
-    SECItem *keyID = NULL;
-    const char *keyname = NULL;
-    SECStatus status;
-
-    /* get the slot */
-    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS ) {
-        goto finish;
-    }
-
-    if( PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/)
-        != SECSuccess)
-    {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to login to token");
-        goto finish;
-    }
-
-    /* get the key ID */
-    keyID = JSS_ByteArrayToSECItem(env, keyIDba);
-    if( keyID == NULL ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /* get the algorithm */
-    mech = JSS_getPK11MechFromAlg(env, algObj);
-    if( mech == CKM_INVALID_MECHANISM) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to find PKCS #11 "
-            "mechanism for key generation algorithm");
-        goto finish;
-    }
-
-    /* generate the key */
-    symk = PK11_TokenKeyGen(slot, mech, NULL /*param*/, keySize, keyID,
-        PR_TRUE /* isToken */, NULL /*wincx*/);
-    if( symk == NULL ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to generate token symmetric key");
-        goto finish;
-    }
-
-    /* convert the Java String into a native "C" string */
-    keyname = (*env)->GetStringUTFChars( env, nickname, 0 );
-
-    /* name the key */
-    status = PK11_SetSymKeyNickname( symk, keyname );
-    if( status != SECSuccess ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to name token symmetric key");
-    }
-
-
-finish:
-    if( symk != NULL ) {
-        PK11_FreeSymKey(symk);
-    }
-    if( keyID != NULL ) {
-        SECITEM_FreeItem(keyID, PR_TRUE /*freeit*/);
-    }
-    if( keyname != NULL ) {
-        /* free the native "C" string */
-        (*env)->ReleaseStringUTFChars(env, nickname, keyname);
-    }
-    return;
-}
-
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_lookupKeyNative
-    (JNIEnv *env, jobject this, jobject tokenObj, jobject algObj,
-    jbyteArray keyIDba)
-{
-    PK11SlotInfo *slot = NULL;
-    PK11SymKey *symk = NULL;
-    SECItem *keyID = NULL;
-    jobject symkObj = NULL;
-    CK_MECHANISM_TYPE mech;
-
-    /* get the slot */
-    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS ) {
-        goto finish;
-    }
-
-    if( PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/)
-        != SECSuccess)
-    {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to login to token");
-        goto finish;
-    }
-
-    /* get the key ID */
-    keyID = JSS_ByteArrayToSECItem(env, keyIDba);
-    if( keyID == NULL ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
-    /* get the algorithm */
-    mech = JSS_getPK11MechFromAlg(env, algObj);
-    if( mech == CKM_INVALID_MECHANISM) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to find PKCS #11 "
-            "mechanism for key generation algorithm");
-        goto finish;
-    }
-
-    symk = PK11_FindFixedKey(slot, mech, keyID, NULL /*wincx*/);
-    if( symk != NULL ) {
-        symkObj = JSS_PK11_wrapSymKey(env, &symk);
-    }
-
-finish:
-    if( symk != NULL ) {
-        PK11_FreeSymKey(symk);
-    }
-    if( keyID != NULL ) {
-        SECITEM_FreeItem(keyID, PR_TRUE /*freeit*/);
-    }
-    return symkObj;
-}
-
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_lookupUniqueNamedKeyNative
-    (JNIEnv *env, jobject this, jobject tokenObj, jobject algObj,
-    jstring nickname)
-{
-    PK11SlotInfo *slot = NULL;
-    CK_MECHANISM_TYPE mech;
-    const char *keyname = NULL;
-    char *name = NULL;
-    int count = 0;
-    int keys_found = 0;
-    PK11SymKey *symKey = NULL;
-    PK11SymKey *nextSymKey = NULL;
-    jobject symKeyObj = NULL;
-
-    /* get the slot */
-    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS ) {
-        goto finish;
-    }
-
-    if( PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/)
-        != SECSuccess)
-    {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to login to token");
-        goto finish;
-    }
-
-    /* get the algorithm -- although this is not currently used */
-    mech = JSS_getPK11MechFromAlg(env, algObj);
-    if( mech == CKM_INVALID_MECHANISM) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to find PKCS #11 "
-            "mechanism for key generation algorithm");
-        goto finish;
-    }
-
-    /* convert the Java String into a native "C" string */
-    keyname = (*env)->GetStringUTFChars( env, nickname, 0 );
-
-    /* initialize the symmetric key list. */
-    symKey = PK11_ListFixedKeysInSlot(
-             /* slot     */            slot,
-             /* nickname */            NULL,
-             /* wincx    */            NULL );
-
-    /* iterate through the symmetric key list. */
-    while( symKey != NULL ) {
-        name = PK11_GetSymKeyNickname( /* symmetric key */  symKey );
-        if( name != NULL ) {
-            if( keyname != NULL ) {
-                if( PL_strcmp( keyname, name ) == 0 ) {
-                    keys_found++;
-                }
-            }
-            PORT_Free(name);
-        }
-
-        nextSymKey = PK11_GetNextSymKey( /* symmetric key */  symKey );
-        PK11_FreeSymKey( /* symmetric key */  symKey );
-        symKey = nextSymKey;
-
-        count++;
-    }
-
-    /* case 1:  the token is empty */
-    if( count == 0 ) {
-        /* the specified token is empty */
-        goto finish;
-    }
-
-    /* case 2:  the specified key is not on this token */
-    if( ( keyname != NULL ) &&
-        ( keys_found == 0 ) ) {
-        /* the key called "keyname" could not be found */
-        goto finish;
-    }
-
-    /* case 3:  the specified key exists more than once on this token */
-    if( keys_found != 1 ) {
-        /* more than one key called "keyname" was found on this token */
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Duplicate named keys exist on this token");
-        goto finish;
-    }
-
-    /* Re-initialize the symmetric key list. */
-    symKey = PK11_ListFixedKeysInSlot(
-             /* slot     */            slot,
-             /* nickname */            NULL,
-             /* wincx    */            NULL );
-
-    /* Reiterate through the symmetric key list once more, */
-    /* this time returning an actual reference to the key. */
-    while( symKey != NULL ) {
-        name = PK11_GetSymKeyNickname( /* symmetric key */  symKey );
-        if( name != NULL ) {
-            if( keyname != NULL ) {
-                if( PL_strcmp( keyname, name ) == 0 ) {
-                    symKeyObj = JSS_PK11_wrapSymKey(env, &symKey);
-                    PORT_Free(name);
-                    goto finish;
-                }
-            }
-            PORT_Free(name);
-        }
-
-        nextSymKey = PK11_GetNextSymKey( /* symmetric key */  symKey );
-        PK11_FreeSymKey( /* symmetric key */  symKey );
-        symKey = nextSymKey;
-    }
-
-
-finish:
-    if( symKey != NULL ) {
-        PK11_FreeSymKey(symKey);
-    }
-    if( keyname != NULL ) {
-        /* free the native "C" string */
-        (*env)->ReleaseStringUTFChars(env, nickname, keyname);
-    }
-    return symKeyObj;
-}
-
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_SecretDecoderRing_KeyManager_deleteKeyNative
-    (JNIEnv *env, jobject this, jobject tokenObj, jobject key)
-{
-    PK11SlotInfo *slot = NULL;
-    PK11SymKey *symk = NULL;
-    SECStatus status;
-
-    /* get the slot */
-    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS ) {
-        goto finish;
-    }
-
-    if( PK11_Authenticate(slot, PR_TRUE /*load certs*/, NULL /*wincx*/)
-        != SECSuccess)
-    {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to login to token");
-        goto finish;
-    }
-
-    /* get the key pointer */
-    if( JSS_PK11_getSymKeyPtr(env, key, &symk) != PR_SUCCESS) {
-        goto finish;
-    }
-
-    if( PK11_DeleteTokenSymKey(symk) != SECSuccess ) {
-        JSS_throwMsgPrErr(env, TOKEN_EXCEPTION,
-            "Failed to delete token symmetric key");
-        goto finish;
-    }
-
-finish:
-    /* don't free symk or slot, they are owned by their Java objects */
-    return;
-}
deleted file mode 100644
--- a/security/jss/org/mozilla/jss/SecretDecoderRing/KeyManager.java
+++ /dev/null
@@ -1,284 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-package org.mozilla.jss.SecretDecoderRing;
-
-import java.security.*;
-import javax.crypto.*;
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.util.Assert;
-
-/**
- * Creates, finds, and deletes keys for SecretDecoderRing.
- */
-public class KeyManager {
-    private static final int KEYID_LEN = 16;
-
-    private static final String RNG_ALG = "pkcs11prng";
-    private static final String RNG_PROVIDER = "Mozilla-JSS";
-
-    /**
-     * The default key generation algorithm, currently DES3.
-     */
-    public static final KeyGenAlgorithm DEFAULT_KEYGEN_ALG =
-        KeyGenAlgorithm.DES3;
-
-    /**
-     * The default key size (in bytes). This is only relevant for algorithms
-     * with variable-length keys, such as AES.
-     */
-    public static final int DEFAULT_KEYSIZE = 0;
-
-    private CryptoToken token;
-
-    /**
-     * Creates a new KeyManager using the given CryptoToken.
-     * @param token The token on which this KeyManager operates.
-     */
-    public KeyManager(CryptoToken token) {
-        if( token == null ) {
-            throw new NullPointerException("token is null");
-        }
-        this.token = token;
-    }
-
-    /**
-     * Generates an SDR key with the default algorithm and key size.
-     * The default algorithm is stored in the constant DEFAULT_KEYGEN_ALG.
-     * The default key size is stored in the constant DEFAULT_KEYSIZE.
-     * @return The keyID of the generated key. A random keyID will be chosen
-     *  that is not currently used on the token. The keyID must be stored
-     *  by the application in order to use this key for encryption in the
-     *  future.
-     */
-    public byte[] generateKey() throws TokenException {
-        return generateKey(DEFAULT_KEYGEN_ALG, DEFAULT_KEYSIZE);
-    }
-
-    /**
-     * Generates an SDR key with the given algorithm and key size.
-     * @param keySize Length of key in bytes. This is only relevant for
-     *  algorithms that take more than one key size. Otherwise it can just
-     *  be set to 0.
-     * @return The keyID of the generated key. A random keyID will be chosen
-     *  that is not currently used on the token. The keyID must be stored
-     *  by the application in order to use this key for encryption in the
-     *  future.
-     */
-    public byte[] generateKey(KeyGenAlgorithm alg, int keySize)
-            throws TokenException
-    {
-        if( alg == null ) {
-            throw new NullPointerException("alg is null");
-        }
-        byte[] keyID = generateUnusedKeyID();
-        generateKeyNative(token, alg, keyID, keySize);
-        return keyID;
-    }
-
-    /**
-     * @param keySize Key length in bytes.
-     */
-    private native void generateKeyNative(CryptoToken token,
-        KeyGenAlgorithm alg, byte[] keyID, int keySize);
-
-    /**
-     * Generates an SDR key with the default algorithm and key size.
-     * and names it with the specified nickname.
-     * The default algorithm is stored in the constant DEFAULT_KEYGEN_ALG.
-     * The default key size is stored in the constant DEFAULT_KEYSIZE.
-     * @param nickname the name of the symmetric key. Duplicate keynames
-     *  will be checked for, and are not allowed.
-     * @return The keyID of the generated key. A random keyID will be chosen
-     *  that is not currently used on the token. The keyID must be stored
-     *  by the application in order to use this key for encryption in the
-     *  future.
-     */
-    public byte[] generateUniqueNamedKey(String nickname)
-            throws TokenException {
-        return generateUniqueNamedKey(DEFAULT_KEYGEN_ALG, DEFAULT_KEYSIZE,