Bug 683262 - window.crypto throws if MOZ_DISABLE_DOMCRYPTO is turned on - window.crypto patch - r=jst
authorDavid Dahl <ddahl@mozilla.com>
Sat, 16 Feb 2013 22:43:16 -0600
changeset 132036 4a7cf5d271cb0156a153b1c3ec7f8267f02eb433
parent 132035 0e3aca33a0391df2fc6354b6ced74817bb722a74
child 132037 73437c0d0091151511699aa563f640f589ed8993
push id2323
push userbbajaj@mozilla.com
push dateMon, 01 Apr 2013 19:47:02 +0000
treeherdermozilla-beta@7712be144d91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjst
bugs683262
milestone21.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 683262 - window.crypto throws if MOZ_DISABLE_DOMCRYPTO is turned on - window.crypto patch - r=jst
b2g/confvars.sh
configure.in
dom/base/Crypto.cpp
dom/base/Crypto.h
dom/base/Makefile.in
dom/base/nsDOMClassInfo.cpp
dom/base/nsDOMClassInfo.h
dom/base/nsDOMClassInfoClasses.h
dom/base/nsGlobalWindow.cpp
dom/base/nsGlobalWindow.h
dom/interfaces/base/Makefile.in
dom/interfaces/base/nsIDOMCrypto.idl
dom/interfaces/base/nsIDOMCryptoLegacy.idl
dom/tests/mochitest/Makefile.in
dom/tests/mochitest/crypto/Makefile.in
dom/tests/mochitest/crypto/test_legacy.html
dom/tests/mochitest/crypto/test_no_legacy.html
mobile/android/confvars.sh
security/manager/ssl/src/Makefile.in
security/manager/ssl/src/nsCrypto.cpp
security/manager/ssl/src/nsCrypto.h
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSComponent.h
security/manager/ssl/src/nsNSSModule.cpp
--- a/b2g/confvars.sh
+++ b/b2g/confvars.sh
@@ -18,17 +18,17 @@ MOZ_OFFICIAL_BRANDING_DIRECTORY=b2g/bran
 # MOZ_APP_DISPLAYNAME is set by branding/configure.sh
 
 MOZ_SAFE_BROWSING=
 MOZ_SERVICES_COMMON=1
 MOZ_SERVICES_METRICS=1
 MOZ_CAPTIVEDETECT=1
 
 MOZ_WEBSMS_BACKEND=1
-MOZ_DISABLE_DOMCRYPTO=1
+MOZ_DISABLE_CRYPTOLEGACY=1
 MOZ_APP_STATIC_INI=1
 
 if test "$OS_TARGET" = "Android"; then
 MOZ_CAPTURE=1
 MOZ_RAW=1
 MOZ_AUDIO_CHANNEL_MANAGER=1
 fi
 
--- a/configure.in
+++ b/configure.in
@@ -4236,17 +4236,17 @@ MOZ_ONLY_TOUCH_EVENTS=
 MOZ_TOOLKIT_SEARCH=1
 MOZ_UI_LOCALE=en-US
 MOZ_UNIVERSALCHARDET=1
 MOZ_URL_CLASSIFIER=
 MOZ_XUL=1
 MOZ_ZIPWRITER=1
 NS_PRINTING=1
 MOZ_PDF_PRINTING=
-MOZ_DISABLE_DOMCRYPTO=
+MOZ_DISABLE_CRYPTOLEGACY=
 NSS_DISABLE_DBM=
 NECKO_WIFI=1
 NECKO_COOKIES=1
 NECKO_PROTOCOLS_DEFAULT="about data file ftp http res viewsource websocket wyciwyg device"
 USE_ARM_KUSER=
 BUILD_CTYPES=1
 MOZ_USE_NATIVE_POPUP_WINDOWS=
 MOZ_ANDROID_HISTORY=
@@ -6335,19 +6335,20 @@ if test -n "$MOZ_DISABLE_PARENTAL_CONTRO
     AC_DEFINE(MOZ_DISABLE_PARENTAL_CONTROLS)
 fi
 
 AC_SUBST(MOZ_DISABLE_PARENTAL_CONTROLS)
 
 dnl ========================================================
 dnl = Disable DOMCrypto
 dnl ========================================================
-if test -n "$MOZ_DISABLE_DOMCRYPTO"; then
-    AC_DEFINE(MOZ_DISABLE_DOMCRYPTO)
-fi
+if test -n "$MOZ_DISABLE_CRYPTOLEGACY"; then
+    AC_DEFINE(MOZ_DISABLE_CRYPTOLEGACY)
+fi
+AC_SUBST(MOZ_DISABLE_CRYPTOLEGACY)
 
 dnl ========================================================
 dnl =
 dnl = Module specific options
 dnl =
 dnl ========================================================
 MOZ_ARG_HEADER(Individual module options)
 
new file mode 100644
--- /dev/null
+++ b/dom/base/Crypto.cpp
@@ -0,0 +1,100 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "Crypto.h"
+#include "nsIDOMClassInfo.h"
+#include "nsString.h"
+
+namespace mozilla {
+namespace dom {
+
+NS_INTERFACE_MAP_BEGIN(Crypto)
+  NS_INTERFACE_MAP_ENTRY(nsISupports)
+  NS_INTERFACE_MAP_ENTRY(nsIDOMCrypto)
+  NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Crypto)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_ADDREF(Crypto)
+NS_IMPL_RELEASE(Crypto)
+
+Crypto::Crypto()
+{
+  MOZ_COUNT_CTOR(Crypto);
+}
+
+Crypto::~Crypto()
+{
+  MOZ_COUNT_DTOR(Crypto);
+}
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+// Stub out the legacy nsIDOMCrypto methods. The actual
+// implementations are in security/manager/ssl/src/nsCrypto.{cpp,h}
+
+NS_IMETHODIMP
+Crypto::GetVersion(nsAString & aVersion)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::GetEnableSmartCardEvents(bool *aEnableSmartCardEvents)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::SetEnableSmartCardEvents(bool aEnableSmartCardEvents)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::GenerateCRMFRequest(nsIDOMCRMFObject * *_retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::ImportUserCertificates(const nsAString & nickname,
+                               const nsAString & cmmfResponse,
+                               bool doForcedBackup, nsAString & _retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::PopChallengeResponse(const nsAString & challenge,
+                             nsAString & _retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::Random(int32_t numBytes, nsAString & _retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::SignText(const nsAString & stringToSign, const nsAString & caOption,
+                 nsAString & _retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::Logout()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+Crypto::DisableRightClick()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+#endif
+
+} // namespace dom
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/dom/base/Crypto.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef mozilla_dom_Crypto_h
+#define mozilla_dom_Crypto_h
+
+#ifdef MOZ_DISABLE_CRYPTOLEGACY
+#include "nsIDOMCrypto.h"
+#else
+#include "nsIDOMCryptoLegacy.h"
+#endif
+
+#define NS_DOMCRYPTO_CLASSNAME "Crypto JavaScript Class"
+#define NS_DOMCRYPTO_CID \
+  {0x929d9320, 0x251e, 0x11d4, { 0x8a, 0x7c, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
+
+namespace mozilla {
+namespace dom {
+
+class Crypto : public nsIDOMCrypto
+{
+public:
+  Crypto();
+  virtual ~Crypto();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIDOMCRYPTO
+};
+
+} // namespace dom
+} // namespace mozilla
+
+#endif // mozilla_dom_Crypto_h
--- a/dom/base/Makefile.in
+++ b/dom/base/Makefile.in
@@ -74,16 +74,17 @@ EXPORTS = \
   nsPIDOMWindow.h \
   nsPIWindowRoot.h \
   nsFocusManager.h \
   nsWrapperCache.h \
   nsWrapperCacheInlines.h \
   nsContentPermissionHelper.h \
   nsStructuredCloneContainer.h \
   nsWindowMemoryReporter.h \
+  Crypto.h \
   $(NULL)
 
 EXPORTS_NAMESPACES = mozilla/dom
 EXPORTS_mozilla/dom = \
   DOMError.h \
   DOMRequest.h \
   DOMCursor.h \
   StructuredCloneTags.h \
@@ -112,16 +113,17 @@ CPPSRCS =			\
 	nsScriptNameSpaceManager.cpp \
 	nsDOMScriptObjectFactory.cpp \
 	nsQueryContentEventResult.cpp \
 	nsContentPermissionHelper.cpp \
 	nsStructuredCloneContainer.cpp \
 	nsDOMNavigationTiming.cpp \
 	nsPerformance.cpp	\
 	nsWindowMemoryReporter.cpp \
+	Crypto.cpp \
 	DOMError.cpp \
 	DOMRequest.cpp \
 	DOMCursor.cpp \
 	Navigator.cpp \
 	URL.cpp \
 	$(NULL)
 
 include $(topsrcdir)/dom/dom-config.mk
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -281,18 +281,22 @@
 #undef MOZ_GENERATED_EVENTS_INCLUDES
 #include "nsIDOMDeviceMotionEvent.h"
 #include "nsIDOMRange.h"
 #include "nsIDOMNodeIterator.h"
 #include "nsIDOMTreeWalker.h"
 #include "nsIDOMXULDocument.h"
 #include "nsIDOMXULElement.h"
 #include "nsIDOMXULCommandDispatcher.h"
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+#include "nsIDOMCRMFObject.h"
+#include "nsIDOMCryptoLegacy.h"
+#else
 #include "nsIDOMCrypto.h"
-#include "nsIDOMCRMFObject.h"
+#endif
 #include "nsIControllers.h"
 #include "nsISelection.h"
 #include "nsIBoxObject.h"
 #ifdef MOZ_XUL
 #include "nsITreeSelection.h"
 #include "nsITreeContentView.h"
 #include "nsITreeView.h"
 #include "nsIXULTemplateBuilder.h"
@@ -472,17 +476,17 @@ using mozilla::dom::workers::ResolveWork
 using namespace mozilla;
 using namespace mozilla::dom;
 
 static NS_DEFINE_CID(kDOMSOF_CID, NS_DOM_SCRIPT_OBJECT_FACTORY_CID);
 
 static const char kDOMStringBundleURL[] =
   "chrome://global/locale/dom/dom.properties";
 
-#ifdef MOZ_DISABLE_DOMCRYPTO
+#ifdef MOZ_DISABLE_CRYPTOLEGACY
   static const bool domCryptoEnabled = false;
 #else
   static const bool domCryptoEnabled = true;
 #endif
 
 // NOTE: DEFAULT_SCRIPTABLE_FLAGS and DOM_DEFAULT_SCRIPTABLE_FLAGS
 //       are defined in nsIDOMClassInfo.h.
 
@@ -551,18 +555,21 @@ static const char kDOMStringBundleURL[] 
 /**
  * To generate the bitmap for a class that we're sure doesn't implement any of
  * the interfaces in DOMCI_CASTABLE_INTERFACES.
  */
 #define DOMCI_DATA_NO_CLASS(_dom_class)                                       \
 const uint32_t kDOMClassInfo_##_dom_class##_interfaces =                      \
   0;
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+DOMCI_DATA_NO_CLASS(CRMFObject)
+#endif
 DOMCI_DATA_NO_CLASS(Crypto)
-DOMCI_DATA_NO_CLASS(CRMFObject)
+
 DOMCI_DATA_NO_CLASS(ContentFrameMessageManager)
 DOMCI_DATA_NO_CLASS(ChromeMessageBroadcaster)
 DOMCI_DATA_NO_CLASS(ChromeMessageSender)
 
 DOMCI_DATA_NO_CLASS(DOMPrototype)
 DOMCI_DATA_NO_CLASS(DOMConstructor)
 
 #define NS_DEFINE_CLASSINFO_DATA_WITH_NAME(_class, _name, _helper,            \
@@ -951,20 +958,22 @@ static nsDOMClassInfoData sClassInfoData
 #ifdef MOZ_XUL
   NS_DEFINE_CLASSINFO_DATA(TreeSelection, nsDOMGenericSH,
                            DEFAULT_SCRIPTABLE_FLAGS)
   NS_DEFINE_CLASSINFO_DATA(TreeContentView, nsDOMGenericSH,
                            DEFAULT_SCRIPTABLE_FLAGS)
 #endif
 
   // Crypto classes
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+  NS_DEFINE_CLASSINFO_DATA(CRMFObject, nsDOMGenericSH,
+                           DOM_DEFAULT_SCRIPTABLE_FLAGS)
+#endif
   NS_DEFINE_CLASSINFO_DATA(Crypto, nsDOMGenericSH,
                            DOM_DEFAULT_SCRIPTABLE_FLAGS)
-  NS_DEFINE_CLASSINFO_DATA(CRMFObject, nsDOMGenericSH,
-                           DOM_DEFAULT_SCRIPTABLE_FLAGS)
 
   // DOM Traversal classes
   NS_DEFINE_CLASSINFO_DATA(TreeWalker, nsDOMGenericSH,
                            DOM_DEFAULT_SCRIPTABLE_FLAGS)
 
   // We are now trying to preserve binary compat in classinfo.  No
   // more putting things in those categories up there.  New entries
   // are to be added to the end of the list
@@ -2759,24 +2768,26 @@ nsDOMClassInfo::Init()
   DOM_CLASSINFO_MAP_END
 
   DOM_CLASSINFO_MAP_BEGIN(TreeContentView, nsITreeContentView)
     DOM_CLASSINFO_MAP_ENTRY(nsITreeContentView)
     DOM_CLASSINFO_MAP_ENTRY(nsITreeView)
   DOM_CLASSINFO_MAP_END
 #endif
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+   DOM_CLASSINFO_MAP_BEGIN(CRMFObject, nsIDOMCRMFObject)
+     DOM_CLASSINFO_MAP_ENTRY(nsIDOMCRMFObject)
+   DOM_CLASSINFO_MAP_END
+#endif
+
   DOM_CLASSINFO_MAP_BEGIN(Crypto, nsIDOMCrypto)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMCrypto)
   DOM_CLASSINFO_MAP_END
 
-  DOM_CLASSINFO_MAP_BEGIN(CRMFObject, nsIDOMCRMFObject)
-    DOM_CLASSINFO_MAP_ENTRY(nsIDOMCRMFObject)
-  DOM_CLASSINFO_MAP_END
-
   DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(XMLStylesheetProcessingInstruction, nsIDOMProcessingInstruction)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMProcessingInstruction)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMLinkStyle)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMEventTarget)
   DOM_CLASSINFO_MAP_END
 
   DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(ChromeWindow, nsIDOMWindow)
     DOM_CLASSINFO_WINDOW_MAP_ENTRIES(true)
--- a/dom/base/nsDOMClassInfo.h
+++ b/dom/base/nsDOMClassInfo.h
@@ -24,16 +24,21 @@ class nsContentList;
 class nsGlobalWindow;
 class nsICanvasRenderingContextInternal;
 class nsIDOMHTMLOptionsCollection;
 class nsIDOMWindow;
 class nsIForm;
 class nsIHTMLDocument;
 class nsNPAPIPluginInstance;
 
+class nsIDOMCrypto;
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+class nsIDOMCRMFObject;
+#endif
+
 struct nsDOMClassInfoData;
 
 typedef nsIClassInfo* (*nsDOMClassInfoConstructorFnc)
   (nsDOMClassInfoData* aData);
 
 typedef nsresult (*nsDOMConstructorFunc)(nsISupports** aNewObject);
 
 struct nsDOMClassInfoData
--- a/dom/base/nsDOMClassInfoClasses.h
+++ b/dom/base/nsDOMClassInfoClasses.h
@@ -144,18 +144,20 @@ DOMCI_CLASS(XULCommandDispatcher)
 DOMCI_CLASS(XULControllers)
 DOMCI_CLASS(BoxObject)
 #ifdef MOZ_XUL
 DOMCI_CLASS(TreeSelection)
 DOMCI_CLASS(TreeContentView)
 #endif
 
 // Crypto classes
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+DOMCI_CLASS(CRMFObject)
+#endif
 DOMCI_CLASS(Crypto)
-DOMCI_CLASS(CRMFObject)
 
 // DOM Traversal classes
 DOMCI_CLASS(TreeWalker)
 
 // Rect object used by getComputedStyle
 DOMCI_CLASS(CSSRect)
 
 // DOM Chrome Window class, almost identical to Window
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -80,19 +80,17 @@
 #include "nsIContentViewerEdit.h"
 #include "nsIDocShell.h"
 #include "nsIDocShellLoadInfo.h"
 #include "nsIDocCharset.h"
 #include "nsIDocument.h"
 #include "nsIHTMLDocument.h"
 #include "nsIDOMHTMLDocument.h"
 #include "nsIDOMHTMLElement.h"
-#ifndef MOZ_DISABLE_DOMCRYPTO
-#include "nsIDOMCrypto.h"
-#endif
+#include "Crypto.h"
 #include "nsIDOMDocument.h"
 #include "nsIDOMElement.h"
 #include "nsIDOMEvent.h"
 #include "nsIDOMHTMLAnchorElement.h"
 #include "nsIDOMKeyEvent.h"
 #include "nsIDOMMessageEvent.h"
 #include "nsIDOMPopupBlockedEvent.h"
 #include "nsIDOMPopStateEvent.h"
@@ -415,20 +413,16 @@ nsGlobalWindow::DOMMinTimeoutValue() con
     return GetCurrentInnerWindowInternal()->method args;                      \
   }                                                                           \
   PR_END_MACRO
 
 // CIDs
 static NS_DEFINE_CID(kXULControllersCID, NS_XULCONTROLLERS_CID);
 
 static const char sJSStackContractID[] = "@mozilla.org/js/xpc/ContextStack;1";
-#ifndef MOZ_DISABLE_DOMCRYPTO
-static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID;
-static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID;
-#endif
 static const char sPopStatePrefStr[] = "browser.history.allowPopState";
 
 #define NETWORK_UPLOAD_EVENT_NAME     NS_LITERAL_STRING("moznetworkupload")
 #define NETWORK_DOWNLOAD_EVENT_NAME   NS_LITERAL_STRING("moznetworkdownload")
 
 /**
  * An indirect observer object that means we don't have to implement nsIObserver
  * on nsGlobalWindow, where any script could see it.
@@ -2019,22 +2013,25 @@ nsGlobalWindow::SetNewDocument(nsIDocume
   }
 
   nsCOMPtr<nsIDocument> oldDoc(do_QueryInterface(mDocument));
 
   nsIScriptContext *scx = GetContextInternal();
   NS_ENSURE_TRUE(scx, NS_ERROR_NOT_INITIALIZED);
 
   JSContext *cx = scx->GetNativeContext();
-#ifndef MOZ_DISABLE_DOMCRYPTO
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   // clear smartcard events, our document has gone away.
   if (mCrypto) {
-    mCrypto->SetEnableSmartCardEvents(false);
+    nsresult rv = mCrypto->SetEnableSmartCardEvents(false);
+    NS_ENSURE_SUCCESS(rv, rv);
   }
 #endif
+
   if (!mDocument) {
     // First document load.
 
     // Get our private root. If it is equal to us, then we need to
     // attach our global key bindings that handles browser scrolling
     // and other browser commands.
     nsIDOMWindow* privateRoot = nsGlobalWindow::GetPrivateRoot();
 
@@ -3574,29 +3571,27 @@ nsGlobalWindow::GetApplicationCache(nsID
   NS_IF_ADDREF(*aApplicationCache = mApplicationCache);
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsGlobalWindow::GetCrypto(nsIDOMCrypto** aCrypto)
 {
-#ifdef MOZ_DISABLE_DOMCRYPTO
-  return NS_ERROR_NOT_IMPLEMENTED;
-#else
   FORWARD_TO_OUTER(GetCrypto, (aCrypto), NS_ERROR_NOT_INITIALIZED);
 
   if (!mCrypto) {
-    mCrypto = do_CreateInstance(kCryptoContractID);
-  }
-
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+    mCrypto = do_CreateInstance(NS_CRYPTO_CONTRACTID);
+#else
+    mCrypto = new Crypto();
+#endif
+  }
   NS_IF_ADDREF(*aCrypto = mCrypto);
-
-  return NS_OK;
-#endif
+  return NS_OK;
 }
 
 NS_IMETHODIMP
 nsGlobalWindow::GetPkcs11(nsIDOMPkcs11** aPkcs11)
 {
   *aPkcs11 = nullptr;
   return NS_OK;
 }
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -36,19 +36,16 @@
 #include "nsIScriptTimeoutHandler.h"
 #include "nsITimer.h"
 #include "nsIWebBrowserChrome.h"
 #include "nsPIDOMWindow.h"
 #include "nsIDOMModalContentWindow.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsEventListenerManager.h"
 #include "nsIDOMDocument.h"
-#ifndef MOZ_DISABLE_DOMCRYPTO
-#include "nsIDOMCrypto.h"
-#endif
 #include "nsIPrincipal.h"
 #include "nsIXPCScriptable.h"
 #include "nsPoint.h"
 #include "nsSize.h"
 #include "nsRect.h"
 #include "mozFlushType.h"
 #include "prclist.h"
 #include "nsIDOMStorageObsolete.h"
@@ -91,16 +88,17 @@
 #define MAX_IDLE_FUZZ_TIME_MS 90000
 
 // Min idle notification time in seconds.
 #define MIN_IDLE_NOTIFICATION_TIME_S 1
 
 class nsIDOMBarProp;
 class nsIDocument;
 class nsPresContext;
+class nsIDOMCrypto;
 class nsIDOMEvent;
 class nsIScrollableFrame;
 class nsIControllers;
 
 class nsBarProp;
 class nsLocation;
 class nsScreen;
 class nsHistory;
@@ -110,20 +108,16 @@ class nsGlobalWindowObserver;
 class nsGlobalWindow;
 class PostMessageEvent;
 class nsRunnable;
 class nsDOMEventTargetHelper;
 class nsDOMOfflineResourceList;
 class nsDOMWindowUtils;
 class nsIIdleService;
 
-#ifdef MOZ_DISABLE_DOMCRYPTO
-class nsIDOMCrypto;
-#endif
-
 class nsWindowSizes;
 
 namespace mozilla {
 namespace dom {
 class Navigator;
 class URL;
 } // namespace dom
 } // namespace mozilla
@@ -1075,19 +1069,18 @@ protected:
   nsRefPtr<nsBarProp>           mPersonalbar;
   nsRefPtr<nsBarProp>           mStatusbar;
   nsRefPtr<nsBarProp>           mScrollbars;
   nsRefPtr<nsDOMWindowUtils>    mWindowUtils;
   nsString                      mStatus;
   nsString                      mDefaultStatus;
   // index 0->language_id 1, so index MAX-1 == language_id MAX
   nsGlobalWindowObserver*       mObserver;
-#ifndef MOZ_DISABLE_DOMCRYPTO
   nsCOMPtr<nsIDOMCrypto>        mCrypto;
-#endif
+
   nsCOMPtr<nsIDOMStorage>      mLocalStorage;
   nsCOMPtr<nsIDOMStorage>      mSessionStorage;
 
   nsCOMPtr<nsIXPConnectJSObjectHolder> mInnerWindowHolder;
 
   // These member variable are used only on inner windows.
   nsRefPtr<nsEventListenerManager> mListenerManager;
   // mTimeouts is generally sorted by mWhen, unless mTimeoutInsertionPoint is
--- a/dom/interfaces/base/Makefile.in
+++ b/dom/interfaces/base/Makefile.in
@@ -27,17 +27,16 @@ XPIDLSRCS =					\
 	nsIBrowserDOMWindow.idl			\
 	nsIContentPermissionPrompt.idl  \
 	nsIContentPrefService.idl		\
 	nsIContentPrefService2.idl		\
 	nsIContentURIGrouper.idl		\
 	nsIDOMClientInformation.idl		\
 	nsIDOMConstructor.idl			\
 	nsIDOMCRMFObject.idl			\
-	nsIDOMCrypto.idl			\
 	nsIDOMHistory.idl			\
 	nsIDOMLocation.idl			\
 	nsIDOMMediaQueryList.idl		\
 	nsIDOMMimeType.idl			\
 	nsIDOMMimeTypeArray.idl			\
 	nsIDOMNavigator.idl			\
 	nsIDOMPkcs11.idl			\
 	nsIDOMPlugin.idl			\
@@ -53,19 +52,29 @@ XPIDLSRCS =					\
 	nsITabChild.idl				\
 	nsITabParent.idl			\
 	nsIDOMGlobalPropertyInitializer.idl	\
 	nsIDOMGlobalObjectConstructor.idl \
 	nsIStructuredCloneContainer.idl		\
 	nsIIdleObserver.idl			\
 	$(NULL)
 
+ifdef MOZ_DISABLE_CRYPTOLEGACY
+XPIDLSRCS += \
+	nsIDOMCrypto.idl			\
+	$(NULL)
+else
+XPIDLSRCS += \
+	nsIDOMCryptoLegacy.idl			\
+	$(NULL)
+endif
+
 ifdef MOZ_B2G
 XPIDLSRCS += \
-  nsIDOMWindowB2G.idl \
-  $(NULL)
+	nsIDOMWindowB2G.idl \
+	$(NULL)
 endif
 
 include $(topsrcdir)/config/rules.mk
 
 XPIDL_FLAGS += \
   -I$(topsrcdir)/dom/interfaces/events \
   $(NULL)
--- a/dom/interfaces/base/nsIDOMCrypto.idl
+++ b/dom/interfaces/base/nsIDOMCrypto.idl
@@ -1,24 +1,11 @@
 /* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "domstubs.idl"
-
-[scriptable, uuid(12b6d899-2aed-4ea9-8c02-2223ab7ab592)]
+#include "nsISupports.idl"
+ 
+[scriptable, uuid(eadb45d6-aec2-4b70-95f4-ffdf1f86738f)]
 interface nsIDOMCrypto : nsISupports
 {
-  readonly attribute DOMString        version;
-  attribute boolean         enableSmartCardEvents;
-
-  nsIDOMCRMFObject          generateCRMFRequest(/* ... */);
-  DOMString                 importUserCertificates(in DOMString nickname,
-                                                   in DOMString cmmfResponse,
-                                                   in boolean doForcedBackup);
-  DOMString                 popChallengeResponse(in DOMString challenge);
-  DOMString                 random(in long numBytes);
-  DOMString                 signText(in DOMString stringToSign,
-                                     in DOMString caOption /* ... */);
-  void                      logout();
-  void                      disableRightClick();
 };
copy from dom/interfaces/base/nsIDOMCrypto.idl
copy to dom/interfaces/base/nsIDOMCryptoLegacy.idl
--- a/dom/interfaces/base/nsIDOMCrypto.idl
+++ b/dom/interfaces/base/nsIDOMCryptoLegacy.idl
@@ -1,16 +1,18 @@
 /* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "domstubs.idl"
 
-[scriptable, uuid(12b6d899-2aed-4ea9-8c02-2223ab7ab592)]
+interface nsIDOMCRMFObject;
+
+[scriptable, uuid(b50312fa-06ec-460c-b5e9-5dbb009eb457)]
 interface nsIDOMCrypto : nsISupports
 {
   readonly attribute DOMString        version;
   attribute boolean         enableSmartCardEvents;
 
   nsIDOMCRMFObject          generateCRMFRequest(/* ... */);
   DOMString                 importUserCertificates(in DOMString nickname,
                                                    in DOMString cmmfResponse,
--- a/dom/tests/mochitest/Makefile.in
+++ b/dom/tests/mochitest/Makefile.in
@@ -13,16 +13,17 @@ include $(DEPTH)/config/autoconf.mk
 DIRS	+= \
 	dom-level0 \
 	dom-level1-core \
 	dom-level2-core \
 	dom-level2-html \
 	ajax \
 	bugs \
 	chrome \
+	crypto \
 	general \
 	whatwg \
 	geolocation \
 	localstorage \
 	orientation \
 	sessionstorage \
 	storageevent \
 	pointerlock \
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/crypto/Makefile.in
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+relativesrcdir	= dom/tests/mochitest/crypto
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_TEST_FILES = \
+    $(NULL)
+    
+ifndef MOZ_DISABLE_CRYPTOLEGACY
+_TEST_FILES += test_legacy.html
+else
+_TEST_FILES += test_no_legacy.html
+endif
+
+libs::	$(_TEST_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/crypto/test_legacy.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test presence of legacy window.crypto features when
+         MOZ_DISABLE_CRYPTOLEGACY is NOT set.</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+ok("crypto" in window, "crypto in window");
+ok("version" in window.crypto, "version in window.crypto");
+ok("enableSmartCardEvents" in window.crypto,
+   "enableSmartCardEvents in window.crypto");
+ok("generateCRMFRequest" in window.crypto,
+   "generateCRMFRequest in window.crypto");
+ok("importUserCertificates" in window.crypto,
+   "importUserCertificates in window.crypto");
+ok("popChallengeResponse" in window.crypto,
+   "popChallengeResponse in window.crypto");
+ok("random" in window.crypto, "random in window.crypto");
+ok("signText" in window.crypto, "signText in window.crypto");
+ok("disableRightClick" in window.crypto,
+   "disableRightClick in window.crypto");
+
+</script>
+</body></html>
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/crypto/test_no_legacy.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test lack of legacy window.crypto features when
+         MOZ_DISABLE_CRYPTOLEGACY is set</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+ok("crypto" in window, "crypto in window");
+ok(!("version" in window.crypto), "version not in window.crypto");
+ok(!("enableSmartCardEvents" in window.crypto),
+   "enableSmartCardEvents not in window.crypto");
+ok(!("generateCRMFRequest" in window.crypto),
+   "generateCRMFRequest not in window.crypto");
+ok(!("importUserCertificates" in window.crypto),
+   "importUserCertificates not in window.crypto");
+ok(!("popChallengeResponse" in window.crypto),
+   "popChallengeResponse not in window.crypto");
+ok(!("random" in window.crypto), "random not in window.crypto");
+ok(!("signText" in window.crypto), "signText not in window.crypto");
+ok(!("disableRightClick" in window.crypto),
+   "disableRightClick not in window.crypto");
+
+</script>
+</body></html>
--- a/mobile/android/confvars.sh
+++ b/mobile/android/confvars.sh
@@ -9,17 +9,17 @@ MOZ_APP_VERSION=21.0a1
 MOZ_APP_UA_NAME=Firefox
 
 MOZ_BRANDING_DIRECTORY=mobile/android/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official
 # MOZ_APP_DISPLAYNAME is set by branding/configure.sh
 
 MOZ_SAFE_BROWSING=1
 
-MOZ_DISABLE_DOMCRYPTO=1
+MOZ_DISABLE_CRYPTOLEGACY=1
 
 # Enable getUserMedia
 MOZ_MEDIA_NAVIGATOR=1
 
 if test "$LIBXUL_SDK"; then
 MOZ_XULRUNNER=1
 else
 MOZ_XULRUNNER=
--- a/security/manager/ssl/src/Makefile.in
+++ b/security/manager/ssl/src/Makefile.in
@@ -57,30 +57,35 @@ CPPSRCS = 				\
   nsNSSCertHelper.cpp \
   nsNSSCertificateDB.cpp \
   nsNSSCertTrust.cpp \
   nsNSSCertValidity.cpp \
   nsUsageArrayHelper.cpp \
   nsCRLManager.cpp \
   nsNSSShutDown.cpp \
   nsNTLMAuthModule.cpp \
-  nsSmartCardMonitor.cpp \
   nsStreamCipher.cpp \
   nsKeyModule.cpp \
   nsIdentityChecking.cpp \
   nsDataSignatureVerifier.cpp \
   nsRandomGenerator.cpp \
   NSSErrorsService.cpp \
   nsNSSCertificateFakeTransport.cpp \
   PSMRunnable.cpp \
   nsNSSVersion.cpp \
   nsCertificatePrincipal.cpp \
   SharedSSLState.cpp \
   $(NULL)
 
+ifndef MOZ_DISABLE_CRYPTOLEGACY
+CPPSRCS += \
+  nsSmartCardMonitor.cpp \
+  $(NULL)
+endif
+
 ifdef MOZ_XUL
 CPPSRCS += nsCertTree.cpp
 endif
 
 CSRCS += md4.c
 
 EXTRA_DEPS = $(NSS_DEP_LIBS)
 
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@@ -1,26 +1,35 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsCrypto.h"
 #include "nsNSSComponent.h"
-#include "nsCrypto.h"
+#include "secmod.h"
+
+#include "nsReadableUtils.h"
+#include "nsCRT.h"
+#include "nsXPIDLString.h"
+#include "nsISaveAsCharset.h"
+#include "nsNativeCharsetUtils.h"
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+#include "nsNSSComponent.h"
 #include "nsKeygenHandler.h"
 #include "nsKeygenThread.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCertificateDB.h"
 #include "nsPKCS12Blob.h"
 #include "nsPK11TokenDB.h"
 #include "nsThreadUtils.h"
 #include "nsIServiceManager.h"
 #include "nsIMemory.h"
 #include "nsAlgorithm.h"
-#include "nsCRT.h"
 #include "prprf.h"
 #include "nsDOMCID.h"
 #include "nsIDOMWindow.h"
 #include "nsIDOMClassInfo.h"
 #include "nsIDOMDocument.h"
 #include "nsIDocument.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIScriptContext.h"
@@ -29,55 +38,49 @@
 #include "nsIXPConnect.h"
 #include "nsIRunnable.h"
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsIFilePicker.h"
 #include "nsJSPrincipals.h"
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
-#include "nsXPIDLString.h"
 #include "nsIGenKeypairInfoDlg.h"
 #include "nsIDOMCryptoDialogs.h"
 #include "nsIFormSigningDialog.h"
 #include "nsIJSContextStack.h"
 #include "jsapi.h"
 #include "jsdbgapi.h"
 #include <ctype.h>
-#include "nsReadableUtils.h"
 #include "pk11func.h"
 #include "keyhi.h"
 #include "cryptohi.h"
 #include "seccomon.h"
 #include "secerr.h"
 #include "sechash.h"
 #include "crmf.h"
 #include "pk11pqg.h"
 #include "cmmf.h"
 #include "nssb64.h"
 #include "base64.h"
 #include "cert.h"
 #include "certdb.h"
 #include "secmod.h"
-#include "nsISaveAsCharset.h"
-#include "nsNativeCharsetUtils.h"
 #include "ScopedNSSTypes.h"
 
 #include "ssl.h" // For SSL_ClearSessionCache
 
 #include "nsNSSCleaner.h"
 
-#include "nsNSSShutDown.h"
 #include "nsNSSCertHelper.h"
 #include <algorithm>
+#endif
 
 using namespace mozilla;
 
-NSSCleanupAutoPtrClass_WithParam(PK11Context, PK11_DestroyContext, TrueParam, true)
-
 /*
  * These are the most common error strings that are returned
  * by the JavaScript methods in case of error.
  */
 
 #define JS_ERROR       "error:"
 #define JS_ERROR_INTERNAL  JS_ERROR"internalError"
 
@@ -93,16 +96,26 @@ NSSCleanupAutoPtrClass_WithParam(PK11Con
 #define JS_ERR_DEL_MOD                    -4
 #define JS_ERR_ADD_MOD                    -5
 #define JS_ERR_BAD_MODULE_NAME            -6
 #define JS_ERR_BAD_DLL_NAME               -7
 #define JS_ERR_BAD_MECHANISM_FLAGS        -8
 #define JS_ERR_BAD_CIPHER_ENABLE_FLAGS    -9
 #define JS_ERR_ADD_DUPLICATE_MOD          -10
 
+namespace {
+  
+NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+} // unnamed namespace
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+
+NSSCleanupAutoPtrClass_WithParam(PK11Context, PK11_DestroyContext, TrueParam, true)
+
 /*
  * This structure is used to store information for one key generation.
  * The nsCrypto::GenerateCRMFRequest method parses the inputs and then
  * stores one of these structures for every key generation that happens.
  * The information stored in this structure is then used to set some
  * values in the CRMF request.
  */
 typedef enum {
@@ -190,53 +203,53 @@ private:
   nsCOMPtr<nsIPK11Token> mToken;
   nsIX509Cert **mCertArr;
   int32_t       mNumCerts;
 };
 
 // QueryInterface implementation for nsCrypto
 NS_INTERFACE_MAP_BEGIN(nsCrypto)
   NS_INTERFACE_MAP_ENTRY(nsIDOMCrypto)
-  NS_INTERFACE_MAP_ENTRY(nsISupports)
-  NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Crypto)
-NS_INTERFACE_MAP_END
-
-NS_IMPL_ADDREF(nsCrypto)
-NS_IMPL_RELEASE(nsCrypto)
-
+NS_INTERFACE_MAP_END_INHERITING(mozilla::dom::Crypto)
+
+NS_IMPL_ADDREF_INHERITED(nsCrypto, mozilla::dom::Crypto)
+NS_IMPL_RELEASE_INHERITED(nsCrypto, mozilla::dom::Crypto)
+ 
 // QueryInterface implementation for nsCRMFObject
 NS_INTERFACE_MAP_BEGIN(nsCRMFObject)
   NS_INTERFACE_MAP_ENTRY(nsIDOMCRMFObject)
   NS_INTERFACE_MAP_ENTRY(nsISupports)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(CRMFObject)
 NS_INTERFACE_MAP_END
 
 NS_IMPL_ADDREF(nsCRMFObject)
 NS_IMPL_RELEASE(nsCRMFObject)
 
 // QueryInterface implementation for nsPkcs11
+#endif // MOZ_DISABLE_CRYPTOLEGACY
+
 NS_INTERFACE_MAP_BEGIN(nsPkcs11)
   NS_INTERFACE_MAP_ENTRY(nsIPKCS11)
   NS_INTERFACE_MAP_ENTRY(nsISupports)
 NS_INTERFACE_MAP_END
 
 NS_IMPL_ADDREF(nsPkcs11)
 NS_IMPL_RELEASE(nsPkcs11)
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+
 // ISupports implementation for nsCryptoRunnable
 NS_IMPL_ISUPPORTS1(nsCryptoRunnable, nsIRunnable)
 
 // ISupports implementation for nsP12Runnable
 NS_IMPL_ISUPPORTS1(nsP12Runnable, nsIRunnable)
 
 // ISupports implementation for nsCryptoRunArgs
 NS_IMPL_ISUPPORTS0(nsCryptoRunArgs)
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 nsCrypto::nsCrypto() :
   mEnableSmartCardEvents(false)
 {
 }
 
 nsCrypto::~nsCrypto()
 {
 }
@@ -2866,51 +2879,26 @@ nsCRMFObject::GetRequest(nsAString& aReq
 
 nsresult
 nsCRMFObject::SetCRMFRequest(char *inRequest)
 {
   mBase64Request.AssignWithConversion(inRequest);  
   return NS_OK;
 }
 
+#endif // MOZ_DISABLE_CRYPTOLEGACY
+
 nsPkcs11::nsPkcs11()
 {
 }
 
 nsPkcs11::~nsPkcs11()
 {
 }
 
-//Quick function to confirm with the user.
-bool
-confirm_user(const PRUnichar *message)
-{
-  int32_t buttonPressed = 1; // If the user exits by clicking the close box, assume No (button 1)
-
-  nsCOMPtr<nsIPrompt> prompter;
-  (void) nsNSSComponent::GetNewPrompter(getter_AddRefs(prompter));
-
-  if (prompter) {
-    nsPSMUITracker tracker;
-    if (!tracker.isUIForbidden()) {
-      // The actual value is irrelevant but we shouldn't be handing out
-      // malformed JSBools to XPConnect.
-      bool checkState = false;
-      prompter->ConfirmEx(0, message,
-                          (nsIPrompt::BUTTON_DELAY_ENABLE) +
-                          (nsIPrompt::BUTTON_POS_1_DEFAULT) +
-                          (nsIPrompt::BUTTON_TITLE_OK * nsIPrompt::BUTTON_POS_0) +
-                          (nsIPrompt::BUTTON_TITLE_CANCEL * nsIPrompt::BUTTON_POS_1),
-                          nullptr, nullptr, nullptr, nullptr, &checkState, &buttonPressed);
-    }
-  }
-
-  return (buttonPressed == 0);
-}
-
 //Delete a PKCS11 module from the user's profile.
 NS_IMETHODIMP
 nsPkcs11::DeleteModule(const nsAString& aModuleName)
 {
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
   nsString errorMessage;
 
@@ -2923,17 +2911,19 @@ nsPkcs11::DeleteModule(const nsAString& 
   }
   
   NS_ConvertUTF16toUTF8 modName(aModuleName);
   int32_t modType;
   SECStatus srv = SECMOD_DeleteModule(modName.get(), &modType);
   if (srv == SECSuccess) {
     SECMODModule *module = SECMOD_FindModule(modName.get());
     if (module) {
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
       nssComponent->ShutdownSmartCardThread(module);
+#endif
       SECMOD_DestroyModule(module);
     }
     rv = NS_OK;
   } else {
     rv = NS_ERROR_FAILURE;
   }
   return rv;
 }
@@ -2955,17 +2945,19 @@ nsPkcs11::AddModule(const nsAString& aMo
   NS_CopyUnicodeToNative(aLibraryFullPath, fullPath);
   uint32_t mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags);
   uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags);
   SECStatus srv = SECMOD_AddNewModule(moduleName.get(), fullPath.get(), 
                                       mechFlags, cipherFlags);
   if (srv == SECSuccess) {
     SECMODModule *module = SECMOD_FindModule(moduleName.get());
     if (module) {
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
       nssComponent->LaunchSmartCardThread(module);
+#endif
       SECMOD_DestroyModule(module);
     }
   }
 
   // The error message we report to the user depends directly on 
   // what the return value for SEDMOD_AddNewModule is
   switch (srv) {
   case SECSuccess:
--- a/security/manager/ssl/src/nsCrypto.h
+++ b/security/manager/ssl/src/nsCrypto.h
@@ -1,32 +1,29 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef _nsCrypto_h_
 #define _nsCrypto_h_
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+#include "Crypto.h"
 #include "nsCOMPtr.h"
 #include "nsIDOMCRMFObject.h"
-#include "nsIDOMCrypto.h"
-#include "nsIPKCS11.h"
+#include "nsIDOMCryptoLegacy.h"
 #include "nsIRunnable.h"
 #include "nsString.h"
 #include "jsapi.h"
 #include "nsIPrincipal.h"
 
 #define NS_CRYPTO_CLASSNAME "Crypto JavaScript Class"
 #define NS_CRYPTO_CID \
   {0x929d9320, 0x251e, 0x11d4, { 0x8a, 0x7c, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
-
-#define NS_PKCS11_CLASSNAME "Pkcs11 JavaScript Class"
-#define NS_PKCS11_CID \
-  {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
-
 #define PSM_VERSION_STRING "2.4"
 
 class nsIPSMComponent;
 class nsIDOMScriptObjectFactory;
 
 
 class nsCRMFObject : public nsIDOMCRMFObject
 {
@@ -41,31 +38,40 @@ public:
 
   nsresult SetCRMFRequest(char *inRequest);
 private:
 
   nsString mBase64Request;
 };
 
 
-class nsCrypto: public nsIDOMCrypto
+class nsCrypto: public mozilla::dom::Crypto
 {
 public:
   nsCrypto();
   virtual ~nsCrypto();
-  nsresult init();
-  
-  NS_DECL_ISUPPORTS
+
+  NS_DECL_ISUPPORTS_INHERITED
+
+  // If legacy DOM crypto is enabled this is the class that actually
+  // implements the legacy methods.
   NS_DECL_NSIDOMCRYPTO
 
 private:
   static already_AddRefed<nsIPrincipal> GetScriptPrincipal(JSContext *cx);
 
   bool mEnableSmartCardEvents;
 };
+#endif // MOZ_DISABLE_CRYPTOLEGACY
+
+#include "nsIPKCS11.h"
+
+#define NS_PKCS11_CLASSNAME "Pkcs11 JavaScript Class"
+#define NS_PKCS11_CID \
+  {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
 
 class nsPkcs11 : public nsIPKCS11
 {
 public:
   nsPkcs11();
   virtual ~nsPkcs11();
 
   NS_DECL_ISUPPORTS
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -14,36 +14,43 @@
 #include "nsCertVerificationThread.h"
 
 #include "nsNetUtil.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryService.h"
 #include "nsIStreamListener.h"
 #include "nsIStringBundle.h"
 #include "nsIDirectoryService.h"
-#include "nsIDOMNode.h"
 #include "nsCURILoader.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsIX509Cert.h"
 #include "nsIX509CertDB.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSHelper.h"
-#include "nsSmartCardMonitor.h"
 #include "prlog.h"
 #include "nsIPrefService.h"
 #include "nsIPrefBranch.h"
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
+#include "nsThreadUtils.h"
+
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+#include "nsIDOMNode.h"
 #include "nsIDOMEvent.h"
 #include "nsIDOMDocument.h"
 #include "nsIDOMWindow.h"
 #include "nsIDOMWindowCollection.h"
 #include "nsIDOMSmartCardEvent.h"
+#include "nsSmartCardMonitor.h"
+#include "nsIDOMCryptoLegacy.h"
+#include "nsIPrincipal.h"
+#else
 #include "nsIDOMCrypto.h"
-#include "nsThreadUtils.h"
+#endif
+
 #include "nsCRT.h"
 #include "nsCRLInfo.h"
 #include "nsCertOverrideService.h"
 #include "nsNTLMAuthModule.h"
 
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsCertificatePrincipal.h"
@@ -53,17 +60,16 @@
 #include "nsIEntropyCollector.h"
 #include "nsIBufEntropyCollector.h"
 #include "nsIServiceManager.h"
 #include "nsIFile.h"
 #include "nsITokenPasswordDialogs.h"
 #include "nsICRLManager.h"
 #include "nsNSSShutDown.h"
 #include "GeneratedEvents.h"
-#include "nsIDOMSmartCardEvent.h"
 #include "nsIKeyModule.h"
 #include "ScopedNSSTypes.h"
 #include "SharedSSLState.h"
 
 #include "nss.h"
 #include "pk11func.h"
 #include "ssl.h"
 #include "sslproto.h"
@@ -200,16 +206,17 @@ public:
     return NS_OK;
   }
 
 private:
   nsCString mURLString;
   nsCOMPtr<nsIStreamListener> mListener;
 };
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
 //This class is used to run the callback code
 //passed to the event handlers for smart card notification
 class nsTokenEventRunnable : public nsIRunnable {
 public:
   nsTokenEventRunnable(const nsAString &aType, const nsAString &aTokenName);
   virtual ~nsTokenEventRunnable();
 
   NS_IMETHOD Run ();
@@ -234,16 +241,17 @@ nsTokenEventRunnable::Run()
 { 
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
   return nssComponent->DispatchEvent(mType, mTokenName);
 }
+#endif // MOZ_DISABLE_CRYPTOLEGACY
 
 bool nsPSMInitPanic::isPanic = false;
 
 // We must ensure that the nsNSSComponent has been loaded before
 // creating any other components.
 bool EnsureNSSInitialized(EnsureNSSOperator op)
 {
   if (nsPSMInitPanic::GetPanic())
@@ -321,17 +329,19 @@ bool EnsureNSSInitialized(EnsureNSSOpera
     return false;
   }
 }
 
 nsNSSComponent::nsNSSComponent()
   :mutex("nsNSSComponent.mutex"),
    mNSSInitialized(false),
    mCrlTimerLock("nsNSSComponent.mCrlTimerLock"),
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
    mThreadList(nullptr),
+#endif
    mCertVerificationThread(nullptr)
 {
 #ifdef PR_LOGGING
   if (!gPIPNSSLog)
     gPIPNSSLog = PR_NewLogModule("pipnss");
 #endif
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ctor\n"));
   mUpdateTimerInitialized = false;
@@ -410,16 +420,17 @@ nsNSSComponent::~nsNSSComponent()
 
   // We are being freed, drop the haveLoaded flag to re-enable
   // potential nss initialization later.
   EnsureNSSInitialized(nssShutdown);
 
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor finished\n"));
 }
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
 NS_IMETHODIMP
 nsNSSComponent::PostEvent(const nsAString &eventType, 
                                                   const nsAString &tokenName)
 {
   nsCOMPtr<nsIRunnable> runnable = 
                                new nsTokenEventRunnable(eventType, tokenName);
 
   return NS_DispatchToMainThread(runnable);
@@ -533,17 +544,17 @@ nsNSSComponent::DispatchEventToWindow(ns
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   bool boolrv;
   rv = target->DispatchEvent(smartCardEvent, &boolrv);
   return rv;
 }
-
+#endif // MOZ_DISABLE_CRYPTOLEGACY
 
 NS_IMETHODIMP
 nsNSSComponent::PIPBundleFormatStringFromName(const char *name,
                                               const PRUnichar **params,
                                               uint32_t numParams,
                                               nsAString &outString)
 {
   nsresult rv = NS_ERROR_FAILURE;
@@ -615,16 +626,17 @@ nsNSSComponent::GetNSSBundleString(const
       outString = result;
       rv = NS_OK;
     }
   }
 
   return rv;
 }
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
 void
 nsNSSComponent::LaunchSmartCardThreads()
 {
   nsNSSShutDownPreventionLock locker;
   {
     SECMODModuleList *list;
     SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
     if (!lock) {
@@ -670,16 +682,17 @@ nsNSSComponent::ShutdownSmartCardThread(
 }
 
 void
 nsNSSComponent::ShutdownSmartCardThreads()
 {
   delete mThreadList;
   mThreadList = nullptr;
 }
+#endif // MOZ_DISABLE_CRYPTOLEGACY
 
 static char *
 nss_addEscape(const char *string, char quote)
 {
     char *newString = 0;
     int escapes = 0, size = 0;
     const char *src;
     char *dest;
@@ -1795,17 +1808,19 @@ nsNSSComponent::InitializeNSS(bool showW
       
       RegisterMyOCSPAIAInfoCallback();
 
       mHttpForNSS.initTable();
       mHttpForNSS.registerHttpClient();
 
       InstallLoadableRoots();
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
       LaunchSmartCardThreads();
+#endif
 
       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
     }
   }
 
   if (problem_none != which_nss_problem) {
     nsPSMInitPanic::SetPanic();
 
@@ -1843,17 +1858,19 @@ nsNSSComponent::ShutdownNSS()
     PK11_SetPasswordFunc((PK11PasswordFunc)nullptr);
     mHttpForNSS.unregisterHttpClient();
     UnregisterMyOCSPAIAInfoCallback();
 
     if (mPrefBranch) {
       mPrefBranch->RemoveObserver("security.", this);
     }
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
     ShutdownSmartCardThreads();
+#endif
     SSL_ClearSessionCache();
     UnloadLoadableRoots();
     CleanupIdentityInfo();
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n"));
     mShutdownObjectList->evaporateAllNSSResources();
     EnsureNSSInitialized(nssShutdown);
     if (SECSuccess != ::NSS_Shutdown()) {
       PR_LOG(gPIPNSSLog, PR_LOG_ALWAYS, ("NSS SHUTDOWN FAILURE\n"));
--- a/security/manager/ssl/src/nsNSSComponent.h
+++ b/security/manager/ssl/src/nsNSSComponent.h
@@ -11,23 +11,25 @@
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
 #include "nsISignatureVerifier.h"
 #include "nsIURIContentListener.h"
 #include "nsIStreamListener.h"
 #include "nsIEntropyCollector.h"
 #include "nsString.h"
 #include "nsIStringBundle.h"
-#include "nsIDOMEventTarget.h"
 #include "nsIPrefBranch.h"
 #include "nsIObserver.h"
 #include "nsIObserverService.h"
 #include "nsWeakReference.h"
 #include "nsIScriptSecurityManager.h"
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
+#include "nsIDOMEventTarget.h"
 #include "nsSmartCardMonitor.h"
+#endif
 #include "nsINSSErrorsService.h"
 #include "nsITimer.h"
 #include "nsNetUtil.h"
 #include "nsHashtable.h"
 #include "nsICryptoHash.h"
 #include "nsICryptoHMAC.h"
 #include "hasht.h"
 #include "nsNSSCallbacks.h"
@@ -141,23 +143,25 @@ class NS_NO_VTABLE nsINSSComponent : pub
   NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
 
   NS_IMETHOD DefineNextTimer() = 0;
 
   NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
   
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0;
 
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0;
 
   NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0;
 
   NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
+#endif
   
   NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
 
   NS_IMETHOD IsNSSInitialized(bool *initialized) = 0;
 
   NS_IMETHOD GetDefaultCERTValInParam(
                   mozilla::RefPtr<nsCERTValInParamWrapper> &out) = 0;
   NS_IMETHOD GetDefaultCERTValInParamLocalOnly(
@@ -248,20 +252,25 @@ public:
   nsresult InitializeCRLUpdateTimer();
   nsresult StopCRLUpdateTimer();
   NS_IMETHOD RemoveCrlFromList(nsAutoString);
   NS_IMETHOD DefineNextTimer();
   NS_IMETHOD LogoutAuthenticatedPK11();
   NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
   NS_IMETHOD RememberCert(CERTCertificate *cert);
 
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
   NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
   NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
+  void LaunchSmartCardThreads();
+  void ShutdownSmartCardThreads();
+  nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token);
+#endif
   NS_IMETHOD EnsureIdentityInfoLoaded();
   NS_IMETHOD IsNSSInitialized(bool *initialized);
 
   NS_IMETHOD GetDefaultCERTValInParam(
                   mozilla::RefPtr<nsCERTValInParamWrapper> &out);
   NS_IMETHOD GetDefaultCERTValInParamLocalOnly(
                   mozilla::RefPtr<nsCERTValInParamWrapper> &out);
 private:
@@ -270,29 +279,26 @@ private:
   void ShutdownNSS();
 
 #ifdef XP_MACOSX
   void TryCFM2MachOMigration(nsIFile *cfmPath, nsIFile *machoPath);
 #endif
   
   void InstallLoadableRoots();
   void UnloadLoadableRoots();
-  void LaunchSmartCardThreads();
-  void ShutdownSmartCardThreads();
   void CleanupIdentityInfo();
   void setValidationOptions(nsIPrefBranch * pref);
   nsresult InitializePIPNSSBundle();
   nsresult ConfigureInternalPKCS11Token();
   nsresult RegisterPSMContentListener();
   nsresult RegisterObservers();
   nsresult DeregisterObservers();
   nsresult DownloadCrlSilently();
   nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
   nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
-  nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token);
 
   // Methods that we use to handle the profile change notifications (and to
   // synthesize a full profile change when we're just doing a profile startup):
   void DoProfileChangeNetTeardown();
   void DoProfileChangeTeardown(nsISupports* aSubject);
   void DoProfileBeforeChange(nsISupports* aSubject);
   void DoProfileChangeNetRestore();
   
@@ -310,17 +316,19 @@ private:
   nsAutoString mDownloadURL;
   nsAutoString mCrlUpdateKey;
   Mutex mCrlTimerLock;
   nsHashtable *crlsScheduledForDownload;
   bool crlDownloadTimerOn;
   bool mUpdateTimerInitialized;
   static int mInstanceCount;
   nsNSSShutDownList *mShutdownObjectList;
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   SmartCardThreadList *mThreadList;
+#endif
   bool mIsNetworkDown;
 
   void deleteBackgroundThreads();
   void createBackgroundThreads();
   nsCertVerificationThread *mCertVerificationThread;
 
   nsNSSHttpInterface mHttpForNSS;
   mozilla::RefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -181,17 +181,19 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
                                              nsNSSCertificate,
                                              nsNSSCertificateFakeTransport)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertCache)
 #ifdef MOZ_XUL
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
 #endif
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCrypto)
+#endif
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSSecureMessage)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSDecoder)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSEncoder)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSMessage)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCRLManager)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
@@ -220,17 +222,19 @@ NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_
 NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
 NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
 NS_DEFINE_NAMED_CID(NS_NSSCERTCACHE_CID);
 NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
 NS_DEFINE_NAMED_CID(NS_CRYPTO_CID);
+#endif
 NS_DEFINE_NAMED_CID(NS_CMSSECUREMESSAGE_CID);
 NS_DEFINE_NAMED_CID(NS_CMSDECODER_CID);
 NS_DEFINE_NAMED_CID(NS_CMSENCODER_CID);
 NS_DEFINE_NAMED_CID(NS_CMSMESSAGE_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
 NS_DEFINE_NAMED_CID(NS_CRLMANAGER_CID);
@@ -257,17 +261,19 @@ static const mozilla::Module::CIDEntry k
   { &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor },
   { &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor },
   { &kNS_NSSCERTCACHE_CID, false, nullptr, nsNSSCertCacheConstructor },
   { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
 #endif
   { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   { &kNS_CRYPTO_CID, false, nullptr, nsCryptoConstructor },
+#endif
   { &kNS_CMSSECUREMESSAGE_CID, false, nullptr, nsCMSSecureMessageConstructor },
   { &kNS_CMSDECODER_CID, false, nullptr, nsCMSDecoderConstructor },
   { &kNS_CMSENCODER_CID, false, nullptr, nsCMSEncoderConstructor },
   { &kNS_CMSMESSAGE_CID, false, nullptr, nsCMSMessageConstructor },
   { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
   { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
   { &kNS_CRLMANAGER_CID, false, nullptr, nsCRLManagerConstructor },
@@ -297,17 +303,19 @@ static const mozilla::Module::ContractID
   { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID },
   { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID },
   { NS_NSSCERTCACHE_CONTRACTID, &kNS_NSSCERTCACHE_CID },
   { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
 #ifdef MOZ_XUL
   { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
 #endif
   { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
+#ifndef MOZ_DISABLE_CRYPTOLEGACY
   { NS_CRYPTO_CONTRACTID, &kNS_CRYPTO_CID },
+#endif
   { NS_CMSSECUREMESSAGE_CONTRACTID, &kNS_CMSSECUREMESSAGE_CID },
   { NS_CMSDECODER_CONTRACTID, &kNS_CMSDECODER_CID },
   { NS_CMSENCODER_CONTRACTID, &kNS_CMSENCODER_CID },
   { NS_CMSMESSAGE_CONTRACTID, &kNS_CMSMESSAGE_CID },
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },