Bug 1561435 - Format security/, a=automatic-formatting
authorVictor Porof <vporof@mozilla.com>
Fri, 05 Jul 2019 10:57:28 +0200
changeset 541073 8062fdb434272ca7620c9caae8d3b8a5096c9f46
parent 541072 1b243b4ec0ace507906efdae9ef0725abc581e20
child 541074 6ceb52b9a600947561a2f5495bbac8c262003e81
push id11533
push userarchaeopteryx@coole-files.de
push dateMon, 08 Jul 2019 18:18:03 +0000
treeherdermozilla-beta@f4452e031aed [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersautomatic-formatting
bugs1561435
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1561435 - Format security/, a=automatic-formatting # ignore-this-changeset Differential Revision: https://phabricator.services.mozilla.com/D35928
.eslintrc.js
.prettierignore
security/manager/pki/resources/content/certManager.js
security/manager/pki/resources/content/certViewer.js
security/manager/pki/resources/content/changepassword.js
security/manager/pki/resources/content/clientauthask.js
security/manager/pki/resources/content/deletecert.js
security/manager/pki/resources/content/device_manager.js
security/manager/pki/resources/content/editcacert.js
security/manager/pki/resources/content/exceptionDialog.js
security/manager/pki/resources/content/load_device.js
security/manager/pki/resources/content/pippki.js
security/manager/pki/resources/content/protectedAuth.js
security/manager/pki/resources/content/resetpassword.js
security/manager/pki/resources/content/setp12password.js
security/manager/ssl/DER.jsm
security/manager/ssl/RemoteSecuritySettings.jsm
security/manager/ssl/X509.jsm
security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
security/manager/ssl/tests/mochitest/browser/head.js
security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/sss_readstate_child_worker.js
security/manager/ssl/tests/unit/test_add_preexisting_cert.js
security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
security/manager/ssl/tests/unit/test_blocklist_onecrl.js
security/manager/ssl/tests/unit/test_blocklist_pinning.js
security/manager/ssl/tests/unit/test_broken_fips.js
security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_master_password.js
security/manager/ssl/tests/unit/test_certDB_import.js
security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js
security/manager/ssl/tests/unit/test_cert_chains.js
security/manager/ssl/tests/unit/test_cert_dbKey.js
security/manager/ssl/tests/unit/test_cert_eku.js
security/manager/ssl/tests/unit/test_cert_embedded_null.js
security/manager/ssl/tests/unit/test_cert_expiration_canary.js
security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
security/manager/ssl/tests/unit/test_cert_keyUsage.js
security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js
security/manager/ssl/tests/unit/test_cert_overrides.js
security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
security/manager/ssl/tests/unit/test_cert_sha1.js
security/manager/ssl/tests/unit/test_cert_signatures.js
security/manager/ssl/tests/unit/test_cert_storage.js
security/manager/ssl/tests/unit/test_cert_storage_broken_db.js
security/manager/ssl/tests/unit/test_cert_storage_direct.js
security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
security/manager/ssl/tests/unit/test_cert_storage_prefs.js
security/manager/ssl/tests/unit/test_cert_trust.js
security/manager/ssl/tests/unit/test_cert_utf8.js
security/manager/ssl/tests/unit/test_cert_version.js
security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
security/manager/ssl/tests/unit/test_constructX509FromBase64.js
security/manager/ssl/tests/unit/test_content_signing.js
security/manager/ssl/tests/unit/test_ct.js
security/manager/ssl/tests/unit/test_der.js
security/manager/ssl/tests/unit/test_enterprise_roots.js
security/manager/ssl/tests/unit/test_ev_certs.js
security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
security/manager/ssl/tests/unit/test_hash_algorithms.js
security/manager/ssl/tests/unit/test_hmac.js
security/manager/ssl/tests/unit/test_imminent_distrust.js
security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
security/manager/ssl/tests/unit/test_intermediate_preloads.js
security/manager/ssl/tests/unit/test_js_cert_override_service.js
security/manager/ssl/tests/unit/test_keysize.js
security/manager/ssl/tests/unit/test_keysize_ev.js
security/manager/ssl/tests/unit/test_local_cert.js
security/manager/ssl/tests/unit/test_logoutAndTeardown.js
security/manager/ssl/tests/unit/test_missing_intermediate.js
security/manager/ssl/tests/unit/test_name_constraints.js
security/manager/ssl/tests/unit/test_nonascii_path.js
security/manager/ssl/tests/unit/test_nsCertType.js
security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
security/manager/ssl/tests/unit/test_nss_shutdown.js
security/manager/ssl/tests/unit/test_ocsp_caching.js
security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
security/manager/ssl/tests/unit/test_ocsp_must_staple.js
security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
security/manager/ssl/tests/unit/test_ocsp_private_caching.js
security/manager/ssl/tests/unit/test_ocsp_required.js
security/manager/ssl/tests/unit/test_ocsp_stapling.js
security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
security/manager/ssl/tests/unit/test_ocsp_timeout.js
security/manager/ssl/tests/unit/test_ocsp_url.js
security/manager/ssl/tests/unit/test_oskeystore.js
security/manager/ssl/tests/unit/test_osreauthenticator.js
security/manager/ssl/tests/unit/test_password_prompt.js
security/manager/ssl/tests/unit/test_pinning.js
security/manager/ssl/tests/unit/test_pinning_dynamic.js
security/manager/ssl/tests/unit/test_pinning_header_parsing.js
security/manager/ssl/tests/unit/test_pkcs11_module.js
security/manager/ssl/tests/unit/test_pkcs11_moduleDB.js
security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
security/manager/ssl/tests/unit/test_pkcs11_slot.js
security/manager/ssl/tests/unit/test_pkcs11_token.js
security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
security/manager/ssl/tests/unit/test_sdr.js
security/manager/ssl/tests/unit/test_sdr_preexisting.js
security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password.js
security/manager/ssl/tests/unit/test_self_signed_certs.js
security/manager/ssl/tests/unit/test_session_resumption.js
security/manager/ssl/tests/unit/test_signed_apps.js
security/manager/ssl/tests/unit/test_ssl_status.js
security/manager/ssl/tests/unit/test_sss_enumerate.js
security/manager/ssl/tests/unit/test_sss_eviction.js
security/manager/ssl/tests/unit/test_sss_originAttributes.js
security/manager/ssl/tests/unit/test_sss_readstate.js
security/manager/ssl/tests/unit/test_sss_readstate_child.js
security/manager/ssl/tests/unit/test_sss_readstate_empty.js
security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
security/manager/ssl/tests/unit/test_sss_readstate_huge.js
security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js
security/manager/ssl/tests/unit/test_sss_savestate.js
security/manager/ssl/tests/unit/test_startcom_wosign.js
security/manager/ssl/tests/unit/test_sts_fqdn.js
security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
security/manager/ssl/tests/unit/test_sts_parser.js
security/manager/ssl/tests/unit/test_sts_preload_dynamic.js
security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
security/manager/ssl/tests/unit/test_symantec_apple_google.js
security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
security/manager/ssl/tests/unit/test_validity.js
security/manager/ssl/tests/unit/test_x509.js
security/manager/tools/dumpGoogleRoots.js
security/manager/tools/genHPKPStaticPins.js
security/manager/tools/genRootCAHashes.js
security/sandbox/test/browser_bug1393259.js
security/sandbox/test/browser_content_sandbox_fs.js
security/sandbox/test/browser_content_sandbox_syscalls.js
security/sandbox/test/browser_content_sandbox_utils.js
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -40,17 +40,16 @@ module.exports = {
     "plugin:mozilla/recommended"
   ],
   "plugins": [
     "mozilla"
   ],
   "overrides": [{
       "files": [
         "devtools/**",
-        "security/**",
         "services/**",
         "servo/**",
         "startupcache/**",
         "storage/**",
         "taskcluster/**",
         "testing/**",
         "toolkit/**",
         "tools/**",
--- a/.prettierignore
+++ b/.prettierignore
@@ -35,17 +35,16 @@ security/manager/ssl/security-prefs.js
 services/common/services-common.js
 services/sync/services-sync.js
 services/sync/tests/unit/prefs_test_prefs_store.js
 testing/marionette/prefs/marionette.js
 toolkit/components/telemetry/datareporting-prefs.js
 toolkit/components/telemetry/healthreport-prefs.js
 
 # Ignore all top-level directories for now.
-security/**
 services/**
 servo/**
 startupcache/**
 storage/**
 taskcluster/**
 testing/**
 toolkit/**
 tools/**
--- a/security/manager/pki/resources/content/certManager.js
+++ b/security/manager/pki/resources/content/certManager.js
@@ -5,17 +5,19 @@
 "use strict";
 
 const gCertFileTypes = "*.p7b; *.crt; *.cert; *.cer; *.pem; *.der";
 
 var { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
 
 var key;
 
-var certdialogs = Cc["@mozilla.org/nsCertificateDialogs;1"].getService(Ci.nsICertificateDialogs);
+var certdialogs = Cc["@mozilla.org/nsCertificateDialogs;1"].getService(
+  Ci.nsICertificateDialogs
+);
 
 /**
  * List of certs currently selected in the active tab.
  * @type nsIX509Cert[]
  */
 var selected_certs = [];
 var selected_tree_items = [];
 var selected_index = [];
@@ -38,36 +40,42 @@ var serverTreeView;
 var emailTreeView;
 /**
  * Cert tree for the "Your Certificates" tab.
  * @type nsICertTree
  */
 var userTreeView;
 
 function LoadCerts() {
-  certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+  certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   var certcache = certdb.getCerts();
 
-  caTreeView = Cc["@mozilla.org/security/nsCertTree;1"]
-                    .createInstance(Ci.nsICertTree);
+  caTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
   caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
   document.getElementById("ca-tree").view = caTreeView;
 
-  serverTreeView = Cc["@mozilla.org/security/nsCertTree;1"]
-                        .createInstance(Ci.nsICertTree);
+  serverTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
   serverTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.SERVER_CERT);
   document.getElementById("server-tree").view = serverTreeView;
 
-  emailTreeView = Cc["@mozilla.org/security/nsCertTree;1"]
-                       .createInstance(Ci.nsICertTree);
+  emailTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
   emailTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.EMAIL_CERT);
   document.getElementById("email-tree").view = emailTreeView;
 
-  userTreeView = Cc["@mozilla.org/security/nsCertTree;1"]
-                      .createInstance(Ci.nsICertTree);
+  userTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
   userTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.USER_CERT);
   document.getElementById("user-tree").view = userTreeView;
 
   enableBackupAllButton();
 }
 
 function enableBackupAllButton() {
   let backupAllButton = document.getElementById("mine_backupAllButton");
@@ -87,17 +95,19 @@ function getSelectedCerts() {
   } else if (others_tab.selected) {
     items = emailTreeView.selection;
   } else if (websites_tab.selected) {
     items = serverTreeView.selection;
   }
   selected_certs = [];
   var cert = null;
   var nr = 0;
-  if (items != null) nr = items.getRangeCount();
+  if (items != null) {
+    nr = items.getRangeCount();
+  }
   if (nr > 0) {
     for (let i = 0; i < nr; i++) {
       var o1 = {};
       var o2 = {};
       items.getRangeAt(i, o1, o2);
       var min = o1.value;
       var max = o2.value;
       for (let j = min; j <= max; j++) {
@@ -135,17 +145,19 @@ function getSelectedTreeItems() {
   } else if (websites_tab.selected) {
     items = serverTreeView.selection;
   }
   selected_certs = [];
   selected_tree_items = [];
   selected_index = [];
   var tree_item = null;
   var nr = 0;
-  if (items != null) nr = items.getRangeCount();
+  if (items != null) {
+    nr = items.getRangeCount();
+  }
   if (nr > 0) {
     for (let i = 0; i < nr; i++) {
       var o1 = {};
       var o2 = {};
       items.getRangeAt(i, o1, o2);
       var min = o1.value;
       var max = o2.value;
       for (let j = min; j <= max; j++) {
@@ -220,17 +232,17 @@ async function promptError(aErrorCode) {
         msgName = "pk11-bad-password";
         break;
       case Ci.nsIX509CertDB.ERROR_DECODE_ERROR:
         msgName = "pkcs12-decode-err";
         break;
       default:
         break;
     }
-    let [message] = await document.l10n.formatValues([{id: msgName}]);
+    let [message] = await document.l10n.formatValues([{ id: msgName }]);
     let prompter = Services.ww.getNewPrompter(window);
     prompter.alert(null, message);
   }
 }
 
 /**
  * Enables or disables buttons corresponding to a cert tree depending on what
  * is selected in the cert tree.
@@ -253,91 +265,97 @@ function ca_enableButtons() {
     "ca_editButton",
     "ca_exportButton",
     "ca_deleteButton",
   ];
   enableButtonsForCertTree(caTreeView, idList);
 }
 
 function mine_enableButtons() {
-  let idList = [
-    "mine_viewButton",
-    "mine_backupButton",
-    "mine_deleteButton",
-  ];
+  let idList = ["mine_viewButton", "mine_backupButton", "mine_deleteButton"];
   enableButtonsForCertTree(userTreeView, idList);
 }
 
 function websites_enableButtons() {
   let idList = [
     "websites_viewButton",
     "websites_exportButton",
     "websites_deleteButton",
   ];
   enableButtonsForCertTree(serverTreeView, idList);
 }
 
 function email_enableButtons() {
-  let idList = [
-    "email_viewButton",
-    "email_exportButton",
-    "email_deleteButton",
-  ];
+  let idList = ["email_viewButton", "email_exportButton", "email_deleteButton"];
   enableButtonsForCertTree(emailTreeView, idList);
 }
 
 async function backupCerts() {
   getSelectedCerts();
   var numcerts = selected_certs.length;
   if (numcerts == 0) {
     return;
   }
 
   var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
   let [backupFileDialog, filePkcs12Spec] = await document.l10n.formatValues([
-    {id: "choose-p12-backup-file-dialog"},
-    {id: "file-browse-pkcs12-spec"},
+    { id: "choose-p12-backup-file-dialog" },
+    { id: "file-browse-pkcs12-spec" },
   ]);
   fp.init(window, backupFileDialog, Ci.nsIFilePicker.modeSave);
   fp.appendFilter(filePkcs12Spec, "*.p12");
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   fp.defaultExtension = "p12";
   fp.open(rv => {
-    if (rv == Ci.nsIFilePicker.returnOK || rv == Ci.nsIFilePicker.returnReplace) {
+    if (
+      rv == Ci.nsIFilePicker.returnOK ||
+      rv == Ci.nsIFilePicker.returnReplace
+    ) {
       let password = {};
       if (certdialogs.setPKCS12FilePassword(window, password)) {
-        let errorCode = certdb.exportPKCS12File(fp.file, selected_certs,
-                                                password.value);
+        let errorCode = certdb.exportPKCS12File(
+          fp.file,
+          selected_certs,
+          password.value
+        );
         promptError(errorCode);
       }
     }
   });
 }
 
 function backupAllCerts() {
   // Select all rows, then call doBackup()
   userTreeView.selection.selectAll();
   backupCerts();
 }
 
 function editCerts() {
   getSelectedCerts();
 
   for (let cert of selected_certs) {
-    window.openDialog("chrome://pippki/content/editcacert.xul", "",
-                      "chrome,centerscreen,modal", cert);
+    window.openDialog(
+      "chrome://pippki/content/editcacert.xul",
+      "",
+      "chrome,centerscreen,modal",
+      cert
+    );
   }
 }
 
 async function restoreCerts() {
   var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
-  let [restoreFileDialog, filePkcs12Spec, fileCertSpec] = await document.l10n.formatValues([
-    {id: "choose-p12-restore-file-dialog"},
-    {id: "file-browse-pkcs12-spec"},
-    {id: "file-browse-certificate-spec"},
+  let [
+    restoreFileDialog,
+    filePkcs12Spec,
+    fileCertSpec,
+  ] = await document.l10n.formatValues([
+    { id: "choose-p12-restore-file-dialog" },
+    { id: "file-browse-pkcs12-spec" },
+    { id: "file-browse-certificate-spec" },
   ]);
   fp.init(window, restoreFileDialog, Ci.nsIFilePicker.modeOpen);
   fp.appendFilter(filePkcs12Spec, "*.p12; *.pfx");
   fp.appendFilter(fileCertSpec, gCertFileTypes);
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   fp.open(rv => {
     if (rv != Ci.nsIFilePicker.returnOK) {
       return;
@@ -350,41 +368,53 @@ async function restoreCerts() {
     for (var type of fileTypesList) {
       if (fp.file.path.endsWith(type)) {
         isX509FileType = true;
         break;
       }
     }
 
     if (isX509FileType) {
-      let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
-                      .createInstance(Ci.nsIFileInputStream);
+      let fstream = Cc[
+        "@mozilla.org/network/file-input-stream;1"
+      ].createInstance(Ci.nsIFileInputStream);
       fstream.init(fp.file, -1, 0, 0);
-      let dataString = NetUtil.readInputStreamToString(fstream, fstream.available());
+      let dataString = NetUtil.readInputStreamToString(
+        fstream,
+        fstream.available()
+      );
       let dataArray = [];
       for (let i = 0; i < dataString.length; i++) {
         dataArray.push(dataString.charCodeAt(i));
       }
       fstream.close();
       let prompter = Services.ww.getNewPrompter(window);
       let interfaceRequestor = {
         getInterface() {
           return prompter;
         },
       };
-      certdb.importUserCertificate(dataArray, dataArray.length, interfaceRequestor);
+      certdb.importUserCertificate(
+        dataArray,
+        dataArray.length,
+        interfaceRequestor
+      );
     } else {
       // Otherwise, assume it's a PKCS12 file and import it that way.
       let password = {};
       let errorCode = Ci.nsIX509CertDB.ERROR_BAD_PASSWORD;
-      while (errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
-             certdialogs.getPKCS12FilePassword(window, password)) {
+      while (
+        errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
+        certdialogs.getPKCS12FilePassword(window, password)
+      ) {
         errorCode = certdb.importPKCS12File(fp.file, password.value);
-        if (errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
-            password.value.length == 0) {
+        if (
+          errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
+          password.value.length == 0
+        ) {
           // It didn't like empty string password, try no password.
           errorCode = certdb.importPKCS12File(fp.file, null);
         }
         promptError(errorCode);
       }
     }
 
     var certcache = certdb.getCerts();
@@ -410,34 +440,39 @@ async function exportCerts() {
 function deleteCerts() {
   getSelectedTreeItems();
   let numcerts = selected_tree_items.length;
   if (numcerts == 0) {
     return;
   }
 
   const treeViewMap = {
-    "mine_tab": userTreeView,
-    "websites_tab": serverTreeView,
-    "ca_tab": caTreeView,
-    "others_tab": emailTreeView,
+    mine_tab: userTreeView,
+    websites_tab: serverTreeView,
+    ca_tab: caTreeView,
+    others_tab: emailTreeView,
   };
   let selTab = document.getElementById("certMgrTabbox").selectedItem;
   let selTabID = selTab.getAttribute("id");
 
   if (!(selTabID in treeViewMap)) {
     return;
   }
 
   let retVals = {
     deleteConfirmed: false,
   };
-  window.openDialog("chrome://pippki/content/deletecert.xul", "",
-                    "chrome,centerscreen,modal", selTabID, selected_tree_items,
-                    retVals);
+  window.openDialog(
+    "chrome://pippki/content/deletecert.xul",
+    "",
+    "chrome,centerscreen,modal",
+    selTabID,
+    selected_tree_items,
+    retVals
+  );
 
   if (retVals.deleteConfirmed) {
     let treeView = treeViewMap[selTabID];
 
     for (let t = numcerts - 1; t >= 0; t--) {
       treeView.deleteEntryObject(selected_index[t]);
     }
 
@@ -456,36 +491,36 @@ function viewCerts() {
   for (let cert of selected_certs) {
     viewCertHelper(window, cert);
   }
 }
 
 async function addCACerts() {
   var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
   let [importCa, fileCertSpec] = await document.l10n.formatValues([
-    {id: "import-ca-certs-prompt"},
-    {id: "file-browse-certificate-spec"},
+    { id: "import-ca-certs-prompt" },
+    { id: "file-browse-certificate-spec" },
   ]);
   fp.init(window, importCa, Ci.nsIFilePicker.modeOpen);
   fp.appendFilter(fileCertSpec, gCertFileTypes);
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   fp.open(rv => {
     if (rv == Ci.nsIFilePicker.returnOK) {
       certdb.importCertsFromFile(fp.file, Ci.nsIX509Cert.CA_CERT);
       caTreeView.loadCerts(Ci.nsIX509Cert.CA_CERT);
       caTreeView.selection.clearSelection();
     }
   });
 }
 
 async function addEmailCert() {
   var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
   let [importEmail, fileCertSpec] = await document.l10n.formatValues([
-    {id: "import-email-cert-prompt"},
-    {id: "file-browse-certificate-spec"},
+    { id: "import-email-cert-prompt" },
+    { id: "file-browse-certificate-spec" },
   ]);
   fp.init(window, importEmail, Ci.nsIFilePicker.modeOpen);
   fp.appendFilter(fileCertSpec, gCertFileTypes);
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   fp.open(rv => {
     if (rv == Ci.nsIFilePicker.returnOK) {
       certdb.importCertsFromFile(fp.file, Ci.nsIX509Cert.EMAIL_CERT);
       var certcache = certdb.getCerts();
@@ -493,14 +528,17 @@ async function addEmailCert() {
       emailTreeView.selection.clearSelection();
       caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
       caTreeView.selection.clearSelection();
     }
   });
 }
 
 function addException() {
-  window.openDialog("chrome://pippki/content/exceptionDialog.xul", "",
-                    "chrome,centerscreen,modal");
+  window.openDialog(
+    "chrome://pippki/content/exceptionDialog.xul",
+    "",
+    "chrome,centerscreen,modal"
+  );
   var certcache = certdb.getCerts();
   serverTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.SERVER_CERT);
   serverTreeView.selection.clearSelection();
 }
--- a/security/manager/pki/resources/content/certViewer.js
+++ b/security/manager/pki/resources/content/certViewer.js
@@ -52,17 +52,21 @@ function AddUsage(l10nId) {
   text.setAttribute("style", "margin: 2px 5px");
   text.setAttribute("readonly", "readonly");
   text.setAttribute("class", "scrollfield");
   verifyInfoBox.appendChild(text);
 }
 
 function setWindowName() {
   let cert = window.arguments[0].QueryInterface(Ci.nsIX509Cert);
-  window.document.l10n.setAttributes(window.document.documentElement, "cert-viewer-title", {certName: cert.displayName});
+  window.document.l10n.setAttributes(
+    window.document.documentElement,
+    "cert-viewer-title",
+    { certName: cert.displayName }
+  );
 
   //
   //  Set the cert attributes for viewing
   //
 
   // Set initial dummy chain of just the cert itself. A more complete chain (if
   // one can be found), will be set when the promise chain beginning at
   // asyncDetermineUsages finishes.
@@ -78,73 +82,86 @@ const certificateUsageToStringBundleName
   certificateUsageSSLClient: "verify-ssl-client",
   certificateUsageSSLServer: "verify-ssl-server",
   certificateUsageSSLCA: "verify-ssl-ca",
   certificateUsageEmailSigner: "verify-email-signer",
   certificateUsageEmailRecipient: "verify-email-recip",
 };
 
 const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
-const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
-const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
-const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
-const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
-const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
-const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
-const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
-
+const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176;
 
 /**
  * Updates the usage display area given the results from asyncDetermineUsages.
  *
  * @param {Array} results
  *        An array of objects with the properties "usageString", "errorCode",
  *        and "chain".
  *        usageString is a string that is a key in the certificateUsages map.
  *        errorCode is either an NSPR error code or PRErrorCodeSuccess (which is
  *        a pseudo-NSPR error code with the value 0 that indicates success).
  *        chain is the built trust path, if one was found
  */
 function displayUsages(results) {
   document.getElementById("verify_pending").setAttribute("hidden", "true");
   let verified = document.getElementById("verified");
-  let someSuccess = results.some(result =>
-    result.errorCode == PRErrorCodeSuccess
+  let someSuccess = results.some(
+    result => result.errorCode == PRErrorCodeSuccess
   );
   if (someSuccess) {
     document.l10n.setAttributes(verified, "cert-verified");
     results.forEach(result => {
       if (result.errorCode != PRErrorCodeSuccess) {
         return;
       }
       let usageL10nId = certificateUsageToStringBundleName[result.usageString];
       AddUsage(usageL10nId);
     });
     AddCertChain("treesetDump", getBestChain(results));
   } else {
     const errorRankings = [
-      { error: SEC_ERROR_REVOKED_CERTIFICATE,
-        bundleString: "cert-not-verified-cert-revoked" },
-      { error: SEC_ERROR_UNTRUSTED_CERT,
-        bundleString: "cert-not-verified-cert-not-trusted" },
-      { error: SEC_ERROR_UNTRUSTED_ISSUER,
-        bundleString: "cert-not-verified-issuer-not-trusted" },
-      { error: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED,
-        bundleString: "cert-not-verified_algorithm-disabled" },
-      { error: SEC_ERROR_EXPIRED_CERTIFICATE,
-        bundleString: "cert-not-verified-cert-expired" },
-      { error: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,
-        bundleString: "cert-not-verified-ca-invalid" },
-      { error: SEC_ERROR_UNKNOWN_ISSUER,
-        bundleString: "cert-not-verified-issuer-unknown" },
+      {
+        error: SEC_ERROR_REVOKED_CERTIFICATE,
+        bundleString: "cert-not-verified-cert-revoked",
+      },
+      {
+        error: SEC_ERROR_UNTRUSTED_CERT,
+        bundleString: "cert-not-verified-cert-not-trusted",
+      },
+      {
+        error: SEC_ERROR_UNTRUSTED_ISSUER,
+        bundleString: "cert-not-verified-issuer-not-trusted",
+      },
+      {
+        error: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED,
+        bundleString: "cert-not-verified_algorithm-disabled",
+      },
+      {
+        error: SEC_ERROR_EXPIRED_CERTIFICATE,
+        bundleString: "cert-not-verified-cert-expired",
+      },
+      {
+        error: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,
+        bundleString: "cert-not-verified-ca-invalid",
+      },
+      {
+        error: SEC_ERROR_UNKNOWN_ISSUER,
+        bundleString: "cert-not-verified-issuer-unknown",
+      },
     ];
     let errorPresentFlag = false;
     for (let errorRanking of errorRankings) {
-      let errorPresent = results.some(result =>
-        result.errorCode == errorRanking.error
+      let errorPresent = results.some(
+        result => result.errorCode == errorRanking.error
       );
       if (errorPresent) {
         document.l10n.setAttributes(verified, errorRanking.bundleString);
         errorPresentFlag = true;
         break;
       }
     }
     if (!errorPresentFlag) {
@@ -154,18 +171,22 @@ function displayUsages(results) {
   // Notify that we are done determining the certificate's valid usages (this
   // should be treated as an implementation detail that enables tests to run
   // efficiently - other code in the browser probably shouldn't rely on this).
   Services.obs.notifyObservers(window, "ViewCertDetails:CertUsagesDone");
 }
 
 function addChildrenToTree(parentTree, label, value, addTwistie) {
   let treeChild1 = document.createXULElement("treechildren");
-  let treeElement = addTreeItemToTreeChild(treeChild1, label, value,
-                                           addTwistie);
+  let treeElement = addTreeItemToTreeChild(
+    treeChild1,
+    label,
+    value,
+    addTwistie
+  );
   parentTree.appendChild(treeChild1);
   return treeElement;
 }
 
 function addTreeItemToTreeChild(treeChild, label, value, addTwistie) {
   let treeElem1 = document.createXULElement("treeitem");
   if (addTwistie) {
     treeElem1.setAttribute("container", "true");
@@ -179,31 +200,33 @@ function addTreeItemToTreeChild(treeChil
   }
   treeRow.appendChild(treeCell);
   treeElem1.appendChild(treeRow);
   treeChild.appendChild(treeElem1);
   return treeElem1;
 }
 
 function displaySelected() {
-  var asn1Tree = document.getElementById("prettyDumpTree")
-          .view.QueryInterface(Ci.nsIASN1Tree);
+  var asn1Tree = document
+    .getElementById("prettyDumpTree")
+    .view.QueryInterface(Ci.nsIASN1Tree);
   var items = asn1Tree.selection;
   var certDumpVal = document.getElementById("certDumpVal");
   if (items.currentIndex != -1) {
     var value = asn1Tree.getDisplayData(items.currentIndex);
     certDumpVal.value = value;
   } else {
     certDumpVal.value = "";
   }
 }
 
 function BuildPrettyPrint(cert) {
-  var certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"].
-                          createInstance(Ci.nsIASN1Tree);
+  var certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"].createInstance(
+    Ci.nsIASN1Tree
+  );
   certDumpTree.loadASN1Structure(cert.ASN1Structure);
   document.getElementById("prettyDumpTree").view = certDumpTree;
 }
 
 function addAttributeFromCert(nodeName, value) {
   var node = document.getElementById(nodeName);
   if (!value) {
     document.l10n.setAttributes(node, "not-present");
@@ -229,47 +252,54 @@ function DisplayGeneralDataFromCert(cert
   addAttributeFromCert("validityend", cert.validity.notAfterLocalDay);
 
   addAttributeFromCert("issuercommonname", cert.issuerCommonName);
   addAttributeFromCert("issuerorganization", cert.issuerOrganization);
   addAttributeFromCert("issuerorgunit", cert.issuerOrganizationUnit);
 }
 
 function updateCertDump() {
-  var asn1Tree = document.getElementById("prettyDumpTree")
-          .view.QueryInterface(Ci.nsIASN1Tree);
+  var asn1Tree = document
+    .getElementById("prettyDumpTree")
+    .view.QueryInterface(Ci.nsIASN1Tree);
 
   var tree = document.getElementById("treesetDump");
   if (tree.currentIndex >= 0) {
     var item = tree.view.getItemAtIndex(tree.currentIndex);
     var dbKey = item.firstChild.firstChild.getAttribute("display");
     //  Get the cert from the cert database
-    var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+    var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+      Ci.nsIX509CertDB
+    );
     var cert = certdb.findCertByDBKey(dbKey);
     asn1Tree.loadASN1Structure(cert.ASN1Structure);
   }
   displaySelected();
 }
 
 function getCurrentCert() {
   var realIndex;
   var tree = document.getElementById("treesetDump");
-  if (tree.view.selection.isSelected(tree.currentIndex)
-      && document.getElementById("prettyprint_tab").selected) {
+  if (
+    tree.view.selection.isSelected(tree.currentIndex) &&
+    document.getElementById("prettyprint_tab").selected
+  ) {
     /* if the user manually selected a cert on the Details tab,
        then take that one  */
     realIndex = tree.currentIndex;
   } else {
     /* otherwise, take the one at the bottom of the chain
        (i.e. the one of the end-entity, unless we're displaying
        CA certs) */
     realIndex = tree.view.rowCount - 1;
   }
   if (realIndex >= 0) {
     var item = tree.view.getItemAtIndex(realIndex);
     var dbKey = item.firstChild.firstChild.getAttribute("display");
-    var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+    var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+      Ci.nsIX509CertDB
+    );
     var cert = certdb.findCertByDBKey(dbKey);
     return cert;
   }
   /* shouldn't really happen */
   return null;
 }
--- a/security/manager/pki/resources/content/changepassword.js
+++ b/security/manager/pki/resources/content/changepassword.js
@@ -78,29 +78,33 @@ function setPassword(event) {
         passok = token.checkPassword(oldpw);
       }
 
       if (passok) {
         if (initpw == "empty" && pw1.value == "") {
           // checkPasswords() should have prevented this path from being reached.
         } else {
           if (pw1.value == "") {
-            var secmoddb = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(Ci.nsIPKCS11ModuleDB);
+            var secmoddb = Cc[
+              "@mozilla.org/security/pkcs11moduledb;1"
+            ].getService(Ci.nsIPKCS11ModuleDB);
             if (secmoddb.isFIPSEnabled) {
               // empty passwords are not allowed in FIPS mode
               doPrompt(bundle.getString("pw_change2empty_in_fips_mode"));
               passok = 0;
             }
           }
           if (passok) {
             token.changePassword(oldpw, pw1.value);
             if (pw1.value == "") {
-              doPrompt(bundle.getString("pw_erased_ok")
-                    + " "
-                    + bundle.getString("pw_empty_warning"));
+              doPrompt(
+                bundle.getString("pw_erased_ok") +
+                  " " +
+                  bundle.getString("pw_empty_warning")
+              );
             } else {
               doPrompt(bundle.getString("pw_change_ok"));
             }
             success = true;
           }
         }
       } else {
         oldpwbox.focus();
@@ -108,18 +112,21 @@ function setPassword(event) {
         doPrompt(bundle.getString("incorrect_pw"));
       }
     } catch (e) {
       doPrompt(bundle.getString("failed_pw_change"));
     }
   } else {
     token.initPassword(pw1.value);
     if (pw1.value == "") {
-      doPrompt(bundle.getString("pw_not_wanted") + " " +
-               bundle.getString("pw_empty_warning"));
+      doPrompt(
+        bundle.getString("pw_not_wanted") +
+          " " +
+          bundle.getString("pw_empty_warning")
+      );
     }
     success = true;
   }
 
   if (success && params) {
     // Return value 1 means "successfully executed ok"
     params.SetInt(1, 1);
   }
@@ -157,18 +164,18 @@ function setPasswordStrength() {
   }
 
   let numupper = pw.replace(/[A-Z]/g, "");
   let upper = pw.length - numupper.length;
   if (upper > 3) {
     upper = 3;
   }
 
-  let pwstrength = (pwlength * 10) - 20 + (numeric * 10) + (numsymbols * 15) +
-                   (upper * 10);
+  let pwstrength =
+    pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;
 
   // Clamp strength to [0, 100].
   if (pwstrength < 0) {
     pwstrength = 0;
   }
   if (pwstrength > 100) {
     pwstrength = 100;
   }
@@ -190,10 +197,10 @@ function checkPasswords() {
       // was called with the intention to change the password.
       // The token currently uses an empty password.
       // We will not allow changing the password from empty to empty.
       document.documentElement.getButton("accept").disabled = true;
       return;
     }
   }
 
-  document.documentElement.getButton("accept").disabled = (pw1 != pw2);
+  document.documentElement.getButton("accept").disabled = pw1 != pw2;
 }
--- a/security/manager/pki/resources/content/clientauthask.js
+++ b/security/manager/pki/resources/content/clientauthask.js
@@ -52,90 +52,101 @@ var certArray;
 /**
  * The checkbox storing whether the user wants to remember the selected cert.
  * @type Element checkbox, has to have |checked| property.
  */
 var rememberBox;
 
 function onLoad() {
   bundle = document.getElementById("pippki_bundle");
-  let rememberSetting =
-    Services.prefs.getBoolPref("security.remember_cert_checkbox_default_setting");
+  let rememberSetting = Services.prefs.getBoolPref(
+    "security.remember_cert_checkbox_default_setting"
+  );
 
   rememberBox = document.getElementById("rememberBox");
   rememberBox.label = bundle.getString("clientAuthRemember");
   rememberBox.checked = rememberSetting;
 
   let hostname = window.arguments[0];
   let org = window.arguments[1];
   let issuerOrg = window.arguments[2];
   let port = window.arguments[3];
   let formattedOrg = bundle.getFormattedString("clientAuthMessage1", [org]);
-  let formattedIssuerOrg = bundle.getFormattedString("clientAuthMessage2",
-                                                     [issuerOrg]);
-  let formattedHostnameAndPort =
-    bundle.getFormattedString("clientAuthHostnameAndPort",
-                              [hostname, port.toString()]);
+  let formattedIssuerOrg = bundle.getFormattedString("clientAuthMessage2", [
+    issuerOrg,
+  ]);
+  let formattedHostnameAndPort = bundle.getFormattedString(
+    "clientAuthHostnameAndPort",
+    [hostname, port.toString()]
+  );
   setText("hostname", formattedHostnameAndPort);
   setText("organization", formattedOrg);
   setText("issuer", formattedIssuerOrg);
 
   let selectElement = document.getElementById("nicknames");
   certArray = window.arguments[4].QueryInterface(Ci.nsIArray);
   for (let i = 0; i < certArray.length; i++) {
     let menuItemNode = document.createXULElement("menuitem");
     let cert = certArray.queryElementAt(i, Ci.nsIX509Cert);
-    let nickAndSerial =
-      bundle.getFormattedString("clientAuthNickAndSerial",
-                                [cert.displayName, cert.serialNumber]);
+    let nickAndSerial = bundle.getFormattedString("clientAuthNickAndSerial", [
+      cert.displayName,
+      cert.serialNumber,
+    ]);
     menuItemNode.setAttribute("value", i);
     menuItemNode.setAttribute("label", nickAndSerial); // This is displayed.
     selectElement.menupopup.appendChild(menuItemNode);
     if (i == 0) {
       selectElement.selectedItem = menuItemNode;
     }
   }
 
   setDetails();
   document.addEventListener("dialogaccept", doOK);
   document.addEventListener("dialogcancel", doCancel);
 
-  Services.obs.notifyObservers(document.getElementById("certAuthAsk"),
-                               "cert-dialog-loaded");
+  Services.obs.notifyObservers(
+    document.getElementById("certAuthAsk"),
+    "cert-dialog-loaded"
+  );
 }
 
 /**
  * Populates the details section with information concerning the selected cert.
  */
 function setDetails() {
   let index = parseInt(document.getElementById("nicknames").value);
   let cert = certArray.queryElementAt(index, Ci.nsIX509Cert);
 
   let detailLines = [
     bundle.getFormattedString("clientAuthIssuedTo", [cert.subjectName]),
     bundle.getFormattedString("clientAuthSerial", [cert.serialNumber]),
-    bundle.getFormattedString("clientAuthValidityPeriod",
-                              [cert.validity.notBeforeLocalTime,
-                               cert.validity.notAfterLocalTime]),
+    bundle.getFormattedString("clientAuthValidityPeriod", [
+      cert.validity.notBeforeLocalTime,
+      cert.validity.notAfterLocalTime,
+    ]),
   ];
   let keyUsages = cert.keyUsages;
   if (keyUsages) {
-    detailLines.push(bundle.getFormattedString("clientAuthKeyUsages",
-                                               [keyUsages]));
+    detailLines.push(
+      bundle.getFormattedString("clientAuthKeyUsages", [keyUsages])
+    );
   }
   let emailAddresses = cert.getEmailAddresses();
   if (emailAddresses.length > 0) {
     let joinedAddresses = emailAddresses.join(", ");
-    detailLines.push(bundle.getFormattedString("clientAuthEmailAddresses",
-                                               [joinedAddresses]));
+    detailLines.push(
+      bundle.getFormattedString("clientAuthEmailAddresses", [joinedAddresses])
+    );
   }
-  detailLines.push(bundle.getFormattedString("clientAuthIssuedBy",
-                                             [cert.issuerName]));
-  detailLines.push(bundle.getFormattedString("clientAuthStoredOn",
-                                             [cert.tokenName]));
+  detailLines.push(
+    bundle.getFormattedString("clientAuthIssuedBy", [cert.issuerName])
+  );
+  detailLines.push(
+    bundle.getFormattedString("clientAuthStoredOn", [cert.tokenName])
+  );
 
   document.getElementById("details").value = detailLines.join("\n");
 }
 
 function onCertSelected() {
   setDetails();
 }
 
--- a/security/manager/pki/resources/content/deletecert.js
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -46,17 +46,19 @@ function getLabelForCertTreeItem(certTre
   ];
   for (let attribute of attributes) {
     if (attribute) {
       element.setAttribute("value", attribute);
       return element;
     }
   }
 
-  document.l10n.setAttributes(element, "cert-with-serial", { serialNumber: cert.serialNumber});
+  document.l10n.setAttributes(element, "cert-with-serial", {
+    serialNumber: cert.serialNumber,
+  });
   return element;
 }
 
 /**
  * onload() handler.
  */
 function onLoad() {
   let typeFlag = window.arguments[0];
@@ -75,17 +77,20 @@ function onLoad() {
       break;
     case "others_tab":
       prefixForType = "delete-email-cert-";
       break;
     default:
       return;
   }
 
-  document.l10n.setAttributes(document.documentElement, prefixForType + "title");
+  document.l10n.setAttributes(
+    document.documentElement,
+    prefixForType + "title"
+  );
   document.l10n.setAttributes(confirm, prefixForType + "confirm");
   document.l10n.setAttributes(impact, prefixForType + "impact");
 
   document.addEventListener("dialogaccept", onDialogAccept);
   document.addEventListener("dialogcancel", onDialogCancel);
 
   let box = document.getElementById("certlist");
   let certTreeItems = window.arguments[1];
--- a/security/manager/pki/resources/content/device_manager.js
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -1,32 +1,36 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
 const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
-const { XPCOMUtils } = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
 
 var secmoddb;
 var skip_enable_buttons = false;
 
 /* Do the initial load of all PKCS# modules and list them. */
 function LoadModules() {
-  secmoddb = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(Ci.nsIPKCS11ModuleDB);
+  secmoddb = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
   RefreshDeviceList();
 }
 
 async function doPrompt(l10n_id) {
-  let [msg] = await document.l10n.formatValues([{id: l10n_id}]);
+  let [msg] = await document.l10n.formatValues([{ id: l10n_id }]);
   Services.prompt.alert(window, null, msg);
 }
 
 async function doConfirm(l10n_id) {
-  let [msg] = await document.l10n.formatValues([{id: l10n_id}]);
+  let [msg] = await document.l10n.formatValues([{ id: l10n_id }]);
   return Services.prompt.confirm(window, null, msg);
 }
 
 function RefreshDeviceList() {
   for (let module of secmoddb.listModules()) {
     let slots = module.listSlots();
     AddModule(module, slots);
   }
@@ -51,18 +55,18 @@ function SetFIPSButton() {
   }
 }
 
 /* Add a module to the tree.  slots is the array of slots in the module,
  * to be represented as children.
  */
 function AddModule(module, slots) {
   var tree = document.getElementById("device_list");
-  var item  = document.createXULElement("treeitem");
-  var row  = document.createXULElement("treerow");
+  var item = document.createXULElement("treeitem");
+  var row = document.createXULElement("treerow");
   var cell = document.createXULElement("treecell");
   cell.setAttribute("label", module.name);
   row.appendChild(cell);
   item.appendChild(row);
   var parent = document.createXULElement("treechildren");
   for (let slot of slots) {
     var child_item = document.createXULElement("treeitem");
     var child_row = document.createXULElement("treerow");
@@ -94,17 +98,18 @@ function getSelectedItem() {
   }
   let item = tree.view.getItemAtIndex(tree.currentIndex);
   selected_slot = null;
   selected_module = null;
   if (item) {
     let kind = item.getAttribute("pk11kind");
     if (kind == "slot") {
       selected_slot = item.slotObject;
-    } else { // (kind == "module")
+    } else {
+      // (kind == "module")
       selected_module = item.module;
     }
   }
 }
 
 function enableButtons() {
   if (skip_enable_buttons) {
     return;
@@ -118,43 +123,49 @@ function enableButtons() {
   if (selected_module) {
     unload_toggle = "false";
     showModuleInfo();
   } else if (selected_slot) {
     // here's the workaround - login functions are all with token,
     // so grab the token type
     var selected_token = selected_slot.getToken();
     if (selected_token != null) {
-      if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
+      if (selected_token.needsLogin() || !selected_token.needsUserInit) {
         pw_toggle = "false";
         if (selected_token.needsLogin()) {
           if (selected_token.isLoggedIn()) {
             logout_toggle = "false";
           } else {
             login_toggle = "false";
           }
         }
       }
 
-      if (!Services.policies.isAllowed("createMasterPassword") &&
-          selected_token.isInternalKeyToken &&
-          !selected_token.hasPassword) {
+      if (
+        !Services.policies.isAllowed("createMasterPassword") &&
+        selected_token.isInternalKeyToken &&
+        !selected_token.hasPassword
+      ) {
         pw_toggle = "true";
       }
     }
     showSlotInfo();
   }
-  document.getElementById("login_button")
-          .setAttribute("disabled", login_toggle);
-  document.getElementById("logout_button")
-          .setAttribute("disabled", logout_toggle);
-  document.getElementById("change_pw_button")
-          .setAttribute("disabled", pw_toggle);
-  document.getElementById("unload_button")
-          .setAttribute("disabled", unload_toggle);
+  document
+    .getElementById("login_button")
+    .setAttribute("disabled", login_toggle);
+  document
+    .getElementById("logout_button")
+    .setAttribute("disabled", logout_toggle);
+  document
+    .getElementById("change_pw_button")
+    .setAttribute("disabled", pw_toggle);
+  document
+    .getElementById("unload_button")
+    .setAttribute("disabled", unload_toggle);
 }
 
 // clear the display of information for the slot
 function ClearInfoList() {
   let infoList = document.getElementById("info_list");
   while (infoList.hasChildNodes()) {
     infoList.firstChild.remove();
   }
@@ -171,65 +182,100 @@ function ClearDeviceList() {
   // Remove the existing listed modules so that a refresh doesn't display the
   // module that just changed.
   let deviceList = document.getElementById("device_list");
   while (deviceList.hasChildNodes()) {
     deviceList.firstChild.remove();
   }
 }
 
-
 // show a list of info about a slot
 function showSlotInfo() {
   var present = true;
   ClearInfoList();
   switch (selected_slot.status) {
-   case Ci.nsIPKCS11Slot.SLOT_DISABLED:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-disabled"}, "tok_status");
-     present = false;
-     break;
-   case Ci.nsIPKCS11Slot.SLOT_NOT_PRESENT:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-not-present"}, "tok_status");
-     present = false;
-     break;
-   case Ci.nsIPKCS11Slot.SLOT_UNINITIALIZED:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-uninitialized"}, "tok_status");
-     break;
-   case Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-not-logged-in"}, "tok_status");
-     break;
-   case Ci.nsIPKCS11Slot.SLOT_LOGGED_IN:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-logged-in"}, "tok_status");
-     break;
-   case Ci.nsIPKCS11Slot.SLOT_READY:
-     AddInfoRow("devinfo-status", {l10nID: "devinfo-status-ready"}, "tok_status");
-     break;
-   default:
-     return;
+    case Ci.nsIPKCS11Slot.SLOT_DISABLED:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-disabled" },
+        "tok_status"
+      );
+      present = false;
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_NOT_PRESENT:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-not-present" },
+        "tok_status"
+      );
+      present = false;
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_UNINITIALIZED:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-uninitialized" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-not-logged-in" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_LOGGED_IN:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-logged-in" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_READY:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-ready" },
+        "tok_status"
+      );
+      break;
+    default:
+      return;
   }
-  AddInfoRow("devinfo-desc", {label: selected_slot.desc}, "slot_desc");
-  AddInfoRow("devinfo-man-id", {label: selected_slot.manID}, "slot_manID");
-  AddInfoRow("devinfo-hwversion", {label: selected_slot.HWVersion}, "slot_hwv");
-  AddInfoRow("devinfo-fwversion", {label: selected_slot.FWVersion}, "slot_fwv");
+  AddInfoRow("devinfo-desc", { label: selected_slot.desc }, "slot_desc");
+  AddInfoRow("devinfo-man-id", { label: selected_slot.manID }, "slot_manID");
+  AddInfoRow(
+    "devinfo-hwversion",
+    { label: selected_slot.HWVersion },
+    "slot_hwv"
+  );
+  AddInfoRow(
+    "devinfo-fwversion",
+    { label: selected_slot.FWVersion },
+    "slot_fwv"
+  );
   if (present) {
-     showTokenInfo();
+    showTokenInfo();
   }
 }
 
 function showModuleInfo() {
   ClearInfoList();
-  AddInfoRow("devinfo-modname", {label: selected_module.name}, "module_name");
-  AddInfoRow("devinfo-modpath", {label: selected_module.libName}, "module_path");
+  AddInfoRow("devinfo-modname", { label: selected_module.name }, "module_name");
+  AddInfoRow(
+    "devinfo-modpath",
+    { label: selected_module.libName },
+    "module_path"
+  );
 }
 
 // add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
 function AddInfoRow(l10nID, col2, cell_id) {
   var tree = document.getElementById("info_list");
-  var item  = document.createXULElement("treeitem");
-  var row  = document.createXULElement("treerow");
+  var item = document.createXULElement("treeitem");
+  var row = document.createXULElement("treerow");
   var cell1 = document.createXULElement("treecell");
   document.l10n.setAttributes(cell1, l10nID);
   cell1.setAttribute("crop", "never");
   row.appendChild(cell1);
   var cell2 = document.createXULElement("treecell");
   if (col2.l10nID) {
     document.l10n.setAttributes(cell2, col2.l10nID);
   } else {
@@ -269,32 +315,30 @@ function doLogout() {
   try {
     selected_token.logoutAndDropAuthenticatedResources();
     var tok_status = document.getElementById("tok_status");
     if (selected_token.isLoggedIn()) {
       document.l10n.setAttributes(tok_status, "devinfo-status-logged-in");
     } else {
       document.l10n.setAttributes(tok_status, "devinfo-status-not-logged-in");
     }
-  } catch (e) {
-  }
+  } catch (e) {}
   enableButtons();
 }
 
 // load a new device
 function doLoad() {
   window.open("load_device.xul", "loaddevice", "chrome,centerscreen,modal");
   ClearDeviceList();
   RefreshDeviceList();
 }
 
 async function deleteSelected() {
   getSelectedItem();
-  if (selected_module &&
-      (await doConfirm("del-module-warning"))) {
+  if (selected_module && (await doConfirm("del-module-warning"))) {
     try {
       secmoddb.deleteModule(selected_module.name);
     } catch (e) {
       doPrompt("del-module-error");
       return false;
     }
     selected_module = null;
     return true;
@@ -306,45 +350,68 @@ async function doUnload() {
   if (await deleteSelected()) {
     ClearDeviceList();
     RefreshDeviceList();
   }
 }
 
 function changePassword() {
   getSelectedItem();
-  let params = Cc["@mozilla.org/embedcomp/dialogparam;1"]
-                 .createInstance(Ci.nsIDialogParamBlock);
+  let params = Cc["@mozilla.org/embedcomp/dialogparam;1"].createInstance(
+    Ci.nsIDialogParamBlock
+  );
   let objects = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
   objects.appendElement(selected_slot.getToken());
   params.objects = objects;
-  window.openDialog("changepassword.xul", "", "chrome,centerscreen,modal",
-                    params);
+  window.openDialog(
+    "changepassword.xul",
+    "",
+    "chrome,centerscreen,modal",
+    params
+  );
   showSlotInfo();
   enableButtons();
 }
 
 // -------------------------------------   Old code
 
 function showTokenInfo() {
   var selected_token = selected_slot.getToken();
-  AddInfoRow("devinfo-label", {label: selected_token.tokenName}, "tok_label");
-  AddInfoRow("devinfo-man-id", {label: selected_token.tokenManID}, "tok_manID");
-  AddInfoRow("devinfo-serialnum", {label: selected_token.tokenSerialNumber}, "tok_sNum");
-  AddInfoRow("devinfo-hwversion", {label: selected_token.tokenHWVersion}, "tok_hwv");
-  AddInfoRow("devinfo-fwversion", {label: selected_token.tokenFWVersion}, "tok_fwv");
+  AddInfoRow("devinfo-label", { label: selected_token.tokenName }, "tok_label");
+  AddInfoRow(
+    "devinfo-man-id",
+    { label: selected_token.tokenManID },
+    "tok_manID"
+  );
+  AddInfoRow(
+    "devinfo-serialnum",
+    { label: selected_token.tokenSerialNumber },
+    "tok_sNum"
+  );
+  AddInfoRow(
+    "devinfo-hwversion",
+    { label: selected_token.tokenHWVersion },
+    "tok_hwv"
+  );
+  AddInfoRow(
+    "devinfo-fwversion",
+    { label: selected_token.tokenFWVersion },
+    "tok_fwv"
+  );
 }
 
 function toggleFIPS() {
   if (!secmoddb.isFIPSEnabled) {
     // A restriction of FIPS mode is, the password must be set
     // In FIPS mode the password must be non-empty.
     // This is different from what we allow in NON-Fips mode.
 
-    var tokendb = Cc["@mozilla.org/security/pk11tokendb;1"].getService(Ci.nsIPK11TokenDB);
+    var tokendb = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+      Ci.nsIPK11TokenDB
+    );
     var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
     if (!internal_token.hasPassword) {
       // Token has either no or an empty password.
       doPrompt("fips-nonempty-password-required");
       return;
     }
   }
 
--- a/security/manager/pki/resources/content/editcacert.js
+++ b/security/manager/pki/resources/content/editcacert.js
@@ -1,40 +1,49 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* import-globals-from pippki.js */
 "use strict";
 
-var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                .getService(Ci.nsIX509CertDB);
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 /**
  * Cert to edit the trust of.
  * @type nsIX509Cert
  */
 var gCert;
 
 /**
  * onload() handler.
  */
 function onLoad() {
   gCert = window.arguments[0];
 
   document.addEventListener("dialogaccept", onDialogAccept);
 
   let certMsg = document.getElementById("certmsg");
-  document.l10n.setAttributes(certMsg, "edit-trust-ca", { certName: gCert.commonName});
+  document.l10n.setAttributes(certMsg, "edit-trust-ca", {
+    certName: gCert.commonName,
+  });
 
   let sslCheckbox = document.getElementById("trustSSL");
-  sslCheckbox.checked = gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                              Ci.nsIX509CertDB.TRUSTED_SSL);
+  sslCheckbox.checked = gCertDB.isCertTrusted(
+    gCert,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_SSL
+  );
 
   let emailCheckbox = document.getElementById("trustEmail");
-  emailCheckbox.checked = gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                                Ci.nsIX509CertDB.TRUSTED_EMAIL);
+  emailCheckbox.checked = gCertDB.isCertTrusted(
+    gCert,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_EMAIL
+  );
 }
 
 /**
  * ondialogaccept() handler.
  */
 function onDialogAccept() {
   let sslCheckbox = document.getElementById("trustSSL");
   let emailCheckbox = document.getElementById("trustEmail");
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -7,29 +7,28 @@
 var gDialog;
 var gSecInfo;
 var gCert;
 var gChecking;
 var gBroken;
 var gNeedReset;
 var gSecHistogram;
 
-const {PrivateBrowsingUtils} = ChromeUtils.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
+const { PrivateBrowsingUtils } = ChromeUtils.import(
+  "resource://gre/modules/PrivateBrowsingUtils.jsm"
+);
 
 function initExceptionDialog() {
   gNeedReset = false;
   gDialog = document.documentElement;
   gSecHistogram = Services.telemetry.getHistogramById("SECURITY_UI");
   let warningText = document.getElementById("warningText");
   document.l10n.setAttributes(warningText, "add-exception-branded-warning");
   let confirmButton = gDialog.getButton("extra1");
-  let l10nUpdatedElements = [
-    confirmButton,
-    warningText,
-  ];
+  let l10nUpdatedElements = [confirmButton, warningText];
   confirmButton.disabled = true;
 
   var args = window.arguments;
   if (args && args[0]) {
     if (args[0].location) {
       // We were pre-seeded with a location.
       document.getElementById("locationTextBox").value = args[0].location;
       document.getElementById("checkCertButton").disabled = false;
@@ -66,17 +65,19 @@ function initExceptionDialog() {
     "statusLongDescription",
     "viewCertButton",
     "permanent",
   ]) {
     let element = document.getElementById(id);
     l10nUpdatedElements.push(element);
   }
 
-  document.l10n.translateElements(l10nUpdatedElements).then(() => window.sizeToContent());
+  document.l10n
+    .translateElements(l10nUpdatedElements)
+    .then(() => window.sizeToContent());
 
   document.addEventListener("dialogextra1", addException);
   document.addEventListener("dialogextra2", checkCert);
 }
 
 /**
  * Helper function for checkCert. Set as the onerror/onload callbacks for an
  * XMLHttpRequest. Sets gSecInfo, gCert, gBroken, and gChecking according to
@@ -84,23 +85,26 @@ function initExceptionDialog() {
  *
  * @param {XMLHttpRequest} req
  *        The XMLHttpRequest created and sent by checkCert.
  * @param {Event} evt
  *        The load or error event.
  */
 function grabCert(req, evt) {
   if (req.channel && req.channel.securityInfo) {
-    gSecInfo = req.channel.securityInfo
-                  .QueryInterface(Ci.nsITransportSecurityInfo);
+    gSecInfo = req.channel.securityInfo.QueryInterface(
+      Ci.nsITransportSecurityInfo
+    );
     gCert = gSecInfo ? gSecInfo.serverCert : null;
   }
   gBroken = evt.type == "error";
   gChecking = false;
-  document.l10n.translateElements(updateCertStatus()).then(() => window.sizeToContent());
+  document.l10n
+    .translateElements(updateCertStatus())
+    .then(() => window.sizeToContent());
 }
 
 /**
  * Attempt to download the certificate for the location specified, and populate
  * the Certificate Status section with the result.
  */
 async function checkCert() {
   gCert = null;
@@ -170,206 +174,228 @@ function resetDialog() {
   window.sizeToContent();
 }
 
 /**
  * Called by input textboxes to manage UI state
  */
 function handleTextChange() {
   var checkCertButton = document.getElementById("checkCertButton");
-  checkCertButton.disabled =
-                    !(document.getElementById("locationTextBox").value);
+  checkCertButton.disabled = !document.getElementById("locationTextBox").value;
   if (gNeedReset) {
     gNeedReset = false;
     resetDialog();
   }
 }
 
 function updateCertStatus() {
   var shortDesc, longDesc;
   var shortDesc2, longDesc2;
   var shortDesc3, longDesc3;
   var use2 = false;
   var use3 = false;
-  let bucketId = Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE;
+  let bucketId =
+    Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE;
   let l10nUpdatedElements = [];
   if (gCert) {
     if (gBroken) {
       var mms = "add-exception-domain-mismatch-short";
       var mml = "add-exception-domain-mismatch-long";
       var exs = "add-exception-expired-short";
       var exl = "add-exception-expired-long";
       var uts = "add-exception-unverified-or-bad-signature-short";
       var utl = "add-exception-unverified-or-bad-signature-long";
       var use1 = false;
       if (gSecInfo.isDomainMismatch) {
-        bucketId += Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN;
+        bucketId +=
+          Ci.nsISecurityUITelemetry
+            .WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN;
         use1 = true;
         shortDesc = mms;
-        longDesc  = mml;
+        longDesc = mml;
       }
       if (gSecInfo.isNotValidAtThisTime) {
-        bucketId += Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME;
+        bucketId +=
+          Ci.nsISecurityUITelemetry
+            .WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME;
         if (!use1) {
           use1 = true;
           shortDesc = exs;
-          longDesc  = exl;
+          longDesc = exl;
         } else {
           use2 = true;
           shortDesc2 = exs;
-          longDesc2  = exl;
+          longDesc2 = exl;
         }
       }
       if (gSecInfo.isUntrusted) {
         bucketId +=
-          Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
+          Ci.nsISecurityUITelemetry
+            .WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
         if (!use1) {
           use1 = true;
           shortDesc = uts;
-          longDesc  = utl;
+          longDesc = utl;
         } else if (!use2) {
           use2 = true;
           shortDesc2 = uts;
-          longDesc2  = utl;
+          longDesc2 = utl;
         } else {
           use3 = true;
           shortDesc3 = uts;
-          longDesc3  = utl;
+          longDesc3 = utl;
         }
       }
       gSecHistogram.add(bucketId);
 
       // In these cases, we do want to enable the "Add Exception" button
       gDialog.getButton("extra1").disabled = false;
 
       // If the Private Browsing service is available and the mode is active,
       // don't store permanent exceptions, since they would persist after
       // private browsing mode was disabled.
       var inPrivateBrowsing = inPrivateBrowsingMode();
       var pe = document.getElementById("permanent");
       pe.disabled = inPrivateBrowsing;
       pe.checked = !inPrivateBrowsing;
 
       let headerDescription = document.getElementById("headerDescription");
-      document.l10n.setAttributes(headerDescription, "add-exception-invalid-header");
+      document.l10n.setAttributes(
+        headerDescription,
+        "add-exception-invalid-header"
+      );
       l10nUpdatedElements.push(headerDescription);
     } else {
       shortDesc = "add-exception-valid-short";
-      longDesc  = "add-exception-valid-long";
+      longDesc = "add-exception-valid-long";
       gDialog.getButton("extra1").disabled = true;
       document.getElementById("permanent").disabled = true;
     }
 
     // We're done checking the certificate, so allow the user to check it again.
     document.getElementById("checkCertButton").disabled = false;
     document.getElementById("viewCertButton").disabled = false;
 
     // Notify observers about the availability of the certificate
     Services.obs.notifyObservers(null, "cert-exception-ui-ready");
   } else if (gChecking) {
     shortDesc = "add-exception-checking-short";
-    longDesc  = "add-exception-checking-long";
+    longDesc = "add-exception-checking-long";
     // We're checking the certificate, so we disable the Get Certificate
     // button to make sure that the user can't interrupt the process and
     // trigger another certificate fetch.
     document.getElementById("checkCertButton").disabled = true;
     document.getElementById("viewCertButton").disabled = true;
     gDialog.getButton("extra1").disabled = true;
     document.getElementById("permanent").disabled = true;
   } else {
     shortDesc = "add-exception-no-cert-short";
-    longDesc  = "add-exception-no-cert-long";
+    longDesc = "add-exception-no-cert-long";
     // We're done checking the certificate, so allow the user to check it again.
     document.getElementById("checkCertButton").disabled = false;
     document.getElementById("viewCertButton").disabled = true;
     gDialog.getButton("extra1").disabled = true;
     document.getElementById("permanent").disabled = true;
   }
   let statusDescription = document.getElementById("statusDescription");
   let statusLongDescription = document.getElementById("statusLongDescription");
   document.l10n.setAttributes(statusDescription, shortDesc);
   document.l10n.setAttributes(statusLongDescription, longDesc);
   l10nUpdatedElements.push(statusDescription);
   l10nUpdatedElements.push(statusLongDescription);
 
   if (use2) {
     let status2Description = document.getElementById("status2Description");
-    let status2LongDescription = document.getElementById("status2LongDescription");
+    let status2LongDescription = document.getElementById(
+      "status2LongDescription"
+    );
     document.l10n.setAttributes(status2Description, shortDesc2);
     document.l10n.setAttributes(status2LongDescription, longDesc2);
     l10nUpdatedElements.push(status2Description);
     l10nUpdatedElements.push(status2LongDescription);
   }
 
   if (use3) {
     let status3Description = document.getElementById("status3Description");
-    let status3LongDescription = document.getElementById("status3LongDescription");
+    let status3LongDescription = document.getElementById(
+      "status3LongDescription"
+    );
     document.l10n.setAttributes(status3Description, shortDesc3);
     document.l10n.setAttributes(status3LongDescription, longDesc3);
     l10nUpdatedElements.push(status3Description);
     l10nUpdatedElements.push(status3LongDescription);
   }
 
   gNeedReset = true;
   return l10nUpdatedElements;
 }
 
 /**
  * Handle user request to display certificate details
  */
 function viewCertButtonClick() {
-  gSecHistogram.add(Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT);
+  gSecHistogram.add(
+    Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT
+  );
   if (gCert) {
     viewCertHelper(this, gCert);
   }
 }
 
 /**
  * Handle user request to add an exception for the specified cert
  */
 function addException() {
   if (!gCert || !gSecInfo) {
     return;
   }
 
-  var overrideService = Cc["@mozilla.org/security/certoverride;1"]
-                          .getService(Ci.nsICertOverrideService);
+  var overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
+    Ci.nsICertOverrideService
+  );
   var flags = 0;
   let confirmBucketId =
-        Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
+    Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
   if (gSecInfo.isUntrusted) {
     flags |= overrideService.ERROR_UNTRUSTED;
     confirmBucketId +=
-        Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
+      Ci.nsISecurityUITelemetry
+        .WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
   }
   if (gSecInfo.isDomainMismatch) {
     flags |= overrideService.ERROR_MISMATCH;
     confirmBucketId +=
-           Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
+      Ci.nsISecurityUITelemetry
+        .WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
   }
   if (gSecInfo.isNotValidAtThisTime) {
     flags |= overrideService.ERROR_TIME;
     confirmBucketId +=
-           Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
+      Ci.nsISecurityUITelemetry
+        .WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
   }
 
   var permanentCheckbox = document.getElementById("permanent");
-  var shouldStorePermanently = permanentCheckbox.checked &&
-                               !inPrivateBrowsingMode();
+  var shouldStorePermanently =
+    permanentCheckbox.checked && !inPrivateBrowsingMode();
   if (!permanentCheckbox.checked) {
-    gSecHistogram.add(Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION);
+    gSecHistogram.add(
+      Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION
+    );
   }
 
   gSecHistogram.add(confirmBucketId);
   var uri = getURI();
   overrideService.rememberValidityOverride(
-    uri.asciiHost, uri.port,
+    uri.asciiHost,
+    uri.port,
     gCert,
     flags,
-    !shouldStorePermanently);
+    !shouldStorePermanently
+  );
 
   let args = window.arguments;
   if (args && args[0]) {
     args[0].exceptionAdded = true;
   }
 
   gDialog.acceptDialog();
 }
--- a/security/manager/pki/resources/content/load_device.js
+++ b/security/manager/pki/resources/content/load_device.js
@@ -8,17 +8,19 @@ document.addEventListener("dialogaccept"
 
 /**
  * @file Implements the functionality of load_device.xul: a dialog that allows
  *       a PKCS #11 module to be loaded into Firefox.
  */
 
 async function onBrowseBtnPress() {
   let fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
-  let [loadPK11ModuleFilePickerTitle] = await document.l10n.formatValues([{id: "load-pk11-module-file-picker-title"}]);
+  let [loadPK11ModuleFilePickerTitle] = await document.l10n.formatValues([
+    { id: "load-pk11-module-file-picker-title" },
+  ]);
   fp.init(window, loadPK11ModuleFilePickerTitle, Ci.nsIFilePicker.modeOpen);
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   fp.open(rv => {
     if (rv == Ci.nsIFilePicker.returnOK) {
       document.getElementById("device_path").value = fp.file.path;
     }
 
     // This notification gets sent solely for test purposes. It should not be
@@ -30,39 +32,43 @@ async function onBrowseBtnPress() {
 /**
  * ondialogaccept() handler.
  * @param {Object} event
  *        The event causing this handler function to be called.
  */
 function onDialogAccept(event) {
   let nameBox = document.getElementById("device_name");
   let pathBox = document.getElementById("device_path");
-  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
-                         .getService(Ci.nsIPKCS11ModuleDB);
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
 
   try {
     pkcs11ModuleDB.addModule(nameBox.value, pathBox.value, 0, 0);
   } catch (e) {
     addModuleFailure("add-module-failure");
     event.preventDefault();
   }
 }
 
 async function addModuleFailure(l10nID) {
-  let [AddModuleFailure] = await document.l10n.formatValues([{id: l10nID}]);
+  let [AddModuleFailure] = await document.l10n.formatValues([{ id: l10nID }]);
   alertPromptService(null, AddModuleFailure);
 }
 
 function validateModuleName() {
   let name = document.getElementById("device_name").value;
   let helpText = document.getElementById("helpText");
   helpText.value = "";
   let dialogNode = document.querySelector("dialog");
   dialogNode.removeAttribute("buttondisabledaccept");
   if (name == "") {
     document.l10n.setAttributes(helpText, "load-module-help-empty-module-name");
     dialogNode.setAttribute("buttondisabledaccept", true);
   }
   if (name == "Root Certs") {
-    document.l10n.setAttributes(helpText, "load-module-help-root-certs-module-name");
+    document.l10n.setAttributes(
+      helpText,
+      "load-module-help-root-certs-module-name"
+    );
     dialogNode.setAttribute("buttondisabledaccept", true);
   }
 }
--- a/security/manager/pki/resources/content/pippki.js
+++ b/security/manager/pki/resources/content/pippki.js
@@ -25,54 +25,63 @@ function setText(id, value) {
   element.appendChild(document.createTextNode(value));
 }
 
 function viewCertHelper(parent, cert) {
   if (!cert) {
     return;
   }
 
-  Services.ww.openWindow(parent, "chrome://pippki/content/certViewer.xul",
-                         "_blank", "centerscreen,chrome", cert);
+  Services.ww.openWindow(
+    parent,
+    "chrome://pippki/content/certViewer.xul",
+    "_blank",
+    "centerscreen,chrome",
+    cert
+  );
 }
 
 function getDERString(cert) {
   var derArray = cert.getRawDER();
   var derString = "";
   for (var i = 0; i < derArray.length; i++) {
     derString += String.fromCharCode(derArray[i]);
   }
   return derString;
 }
 
 function getPKCS7String(certArray) {
-  let certList = Cc["@mozilla.org/security/x509certlist;1"]
-                   .createInstance(Ci.nsIX509CertList);
+  let certList = Cc["@mozilla.org/security/x509certlist;1"].createInstance(
+    Ci.nsIX509CertList
+  );
   for (let cert of certArray) {
     certList.addCert(cert);
   }
   return certList.asPKCS7Blob();
 }
 
 function getPEMString(cert) {
   var derb64 = btoa(getDERString(cert));
   // Wrap the Base64 string into lines of 64 characters with CRLF line breaks
   // (as specified in RFC 1421).
   var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
-  return "-----BEGIN CERTIFICATE-----\r\n"
-         + wrapped
-         + "\r\n-----END CERTIFICATE-----\r\n";
+  return (
+    "-----BEGIN CERTIFICATE-----\r\n" +
+    wrapped +
+    "\r\n-----END CERTIFICATE-----\r\n"
+  );
 }
 
 function alertPromptService(title, message) {
   // XXX Bug 1425832 - Using Services.prompt here causes tests to report memory
   // leaks.
   // eslint-disable-next-line mozilla/use-services
-  var ps = Cc["@mozilla.org/embedcomp/prompt-service;1"].
-           getService(Ci.nsIPromptService);
+  var ps = Cc["@mozilla.org/embedcomp/prompt-service;1"].getService(
+    Ci.nsIPromptService
+  );
   ps.alert(window, title, message);
 }
 
 const DEFAULT_CERT_EXTENSION = "crt";
 
 /**
  * Generates a filename for a cert suitable to set as the |defaultString|
  * attribute on an Ci.nsIFilePicker.
@@ -81,20 +90,21 @@ const DEFAULT_CERT_EXTENSION = "crt";
  *        The cert to generate a filename for.
  * @returns {String}
  *          Generated filename.
  */
 function certToFilename(cert) {
   let filename = cert.displayName;
 
   // Remove unneeded and/or unsafe characters.
-  filename = filename.replace(/\s/g, "")
-                     .replace(/\./g, "_")
-                     .replace(/\\/g, "")
-                     .replace(/\//g, "");
+  filename = filename
+    .replace(/\s/g, "")
+    .replace(/\./g, "_")
+    .replace(/\\/g, "")
+    .replace(/\//g, "");
 
   // Ci.nsIFilePicker.defaultExtension is more of a suggestion to some
   // implementations, so we include the extension in the file name as well. This
   // is what the documentation for Ci.nsIFilePicker.defaultString says we should do
   // anyways.
   return `${filename}.${DEFAULT_CERT_EXTENSION}`;
 }
 
@@ -105,42 +115,44 @@ async function exportToFile(parent, cert
 
   let results = await asyncDetermineUsages(cert);
   let chain = getBestChain(results);
   if (!chain) {
     chain = [cert];
   }
 
   let formats = {
-    "base64": "*.crt; *.pem",
+    base64: "*.crt; *.pem",
     "base64-chain": "*.crt; *.pem",
-    "der": "*.der",
-    "pkcs7": "*.p7c",
+    der: "*.der",
+    pkcs7: "*.p7c",
     "pkcs7-chain": "*.p7c",
   };
-  let [saveCertAs, ...formatLabels] =
-    await document.l10n.formatValues([
-      "save-cert-as",
-      ...Object.keys(formats).map(f => "cert-format-" + f),
-    ].map(id => ({id})));
+  let [saveCertAs, ...formatLabels] = await document.l10n.formatValues(
+    ["save-cert-as", ...Object.keys(formats).map(f => "cert-format-" + f)].map(
+      id => ({ id })
+    )
+  );
 
   var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
   fp.init(parent, saveCertAs, Ci.nsIFilePicker.modeSave);
   fp.defaultString = certToFilename(cert);
   fp.defaultExtension = DEFAULT_CERT_EXTENSION;
   for (let format of Object.values(formats)) {
     fp.appendFilter(formatLabels.shift(), format);
   }
   fp.appendFilters(Ci.nsIFilePicker.filterAll);
   let filePickerResult = await new Promise(resolve => {
     fp.open(resolve);
   });
 
-  if (filePickerResult != Ci.nsIFilePicker.returnOK &&
-      filePickerResult != Ci.nsIFilePicker.returnReplace) {
+  if (
+    filePickerResult != Ci.nsIFilePicker.returnOK &&
+    filePickerResult != Ci.nsIFilePicker.returnReplace
+  ) {
     return;
   }
 
   var content = "";
   switch (fp.filterIndex) {
     case 1:
       content = getPEMString(cert);
       for (let i = 1; i < chain.length; i++) {
@@ -170,21 +182,21 @@ async function exportToFile(parent, cert
   if (Cu.isInAutomation) {
     Services.obs.notifyObservers(null, "cert-export-finished");
   }
 }
 
 const PRErrorCodeSuccess = 0;
 
 // Certificate usages we care about in the certificate viewer.
-const certificateUsageSSLClient              = 0x0001;
-const certificateUsageSSLServer              = 0x0002;
-const certificateUsageSSLCA                  = 0x0008;
-const certificateUsageEmailSigner            = 0x0010;
-const certificateUsageEmailRecipient         = 0x0020;
+const certificateUsageSSLClient = 0x0001;
+const certificateUsageSSLServer = 0x0002;
+const certificateUsageSSLCA = 0x0008;
+const certificateUsageEmailSigner = 0x0010;
+const certificateUsageEmailRecipient = 0x0020;
 
 // A map from the name of a certificate usage to the value of the usage.
 // Useful for printing debugging information and for enumerating all supported
 // usages.
 const certificateUsages = {
   certificateUsageSSLClient,
   certificateUsageSSLServer,
   certificateUsageSSLCA,
@@ -200,28 +212,39 @@ const certificateUsages = {
  * @param {nsIX509Cert} cert
  *        The certificate to determine valid usages for.
  * @return {Promise}
  *        A promise that will resolve with the results of the verifications.
  */
 function asyncDetermineUsages(cert) {
   let promises = [];
   let now = Date.now() / 1000;
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                 .getService(Ci.nsIX509CertDB);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   Object.keys(certificateUsages).forEach(usageString => {
-    promises.push(new Promise((resolve, reject) => {
-      let usage = certificateUsages[usageString];
-      certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now,
-        (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => {
-          resolve({ usageString,
-                    errorCode: aPRErrorCode,
-                    chain: aVerifiedChain });
-        });
-    }));
+    promises.push(
+      new Promise((resolve, reject) => {
+        let usage = certificateUsages[usageString];
+        certdb.asyncVerifyCertAtTime(
+          cert,
+          usage,
+          0,
+          null,
+          now,
+          (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => {
+            resolve({
+              usageString,
+              errorCode: aPRErrorCode,
+              chain: aVerifiedChain,
+            });
+          }
+        );
+      })
+    );
   });
   return Promise.all(promises);
 }
 
 /**
  * Given a results array (see `displayUsages` in certViewer.js), returns the
  * "best" verified certificate chain. Since the primary use case is for TLS
  * server certificates in Firefox, such a verified chain will be returned if
@@ -231,19 +254,23 @@ function asyncDetermineUsages(cert) {
  * @param {Array} results
  *        An array of results from `asyncDetermineUsages`. See `displayUsages`.
  * @param {Number} usage
  *        A numerical value corresponding to a usage. See `certificateUsages`.
  * @returns {Array} An array of `nsIX509Cert` representing the verified
  *          certificate chain for the given usage, or null if there is none.
  */
 function getBestChain(results) {
-  let usages = [ certificateUsageSSLServer, certificateUsageSSLClient,
-                 certificateUsageEmailSigner, certificateUsageEmailRecipient,
-                 certificateUsageSSLCA ];
+  let usages = [
+    certificateUsageSSLServer,
+    certificateUsageSSLClient,
+    certificateUsageEmailSigner,
+    certificateUsageEmailRecipient,
+    certificateUsageSSLCA,
+  ];
   for (let usage of usages) {
     let chain = getChainForUsage(results, usage);
     if (chain) {
       return chain;
     }
   }
   return null;
 }
@@ -257,15 +284,17 @@ function getBestChain(results) {
  *        An array of results from `asyncDetermineUsages`. See `displayUsages`.
  * @param {Number} usage
  *        A numerical value corresponding to a usage. See `certificateUsages`.
  * @returns {Array} An array of `nsIX509Cert` representing the verified
  *          certificate chain for the given usage, or null if there is none.
  */
 function getChainForUsage(results, usage) {
   for (let result of results) {
-    if (certificateUsages[result.usageString] == usage &&
-        result.errorCode == PRErrorCodeSuccess) {
+    if (
+      certificateUsages[result.usageString] == usage &&
+      result.errorCode == PRErrorCodeSuccess
+    ) {
       return Array.from(result.chain.getEnumerator());
     }
   }
   return null;
 }
--- a/security/manager/pki/resources/content/protectedAuth.js
+++ b/security/manager/pki/resources/content/protectedAuth.js
@@ -1,17 +1,18 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* import-globals-from pippki.js */
 "use strict";
 
 function onLoad() {
-  let protectedAuthThread =
-    window.arguments[0].QueryInterface(Ci.nsIProtectedAuthThread);
+  let protectedAuthThread = window.arguments[0].QueryInterface(
+    Ci.nsIProtectedAuthThread
+  );
 
   if (!protectedAuthThread) {
     window.close();
     return;
   }
 
   try {
     let tokenName = protectedAuthThread.getTokenName();
--- a/security/manager/pki/resources/content/resetpassword.js
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -2,27 +2,31 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* import-globals-from pippki.js */
 "use strict";
 
 document.addEventListener("dialogaccept", resetPassword);
 
 function resetPassword() {
-  var pk11db = Cc["@mozilla.org/security/pk11tokendb;1"]
-                 .getService(Ci.nsIPK11TokenDB);
+  var pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
   var token = pk11db.getInternalKeyToken();
   token.reset();
 
   try {
     Services.logins.removeAllLogins();
-  } catch (e) {
-  }
+  } catch (e) {}
 
   var bundle = document.getElementById("pippki_bundle");
-  var promptService = Cc["@mozilla.org/embedcomp/prompt-service;1"].getService();
+  var promptService = Cc[
+    "@mozilla.org/embedcomp/prompt-service;1"
+  ].getService();
   promptService = promptService.QueryInterface(Ci.nsIPromptService);
   if (promptService && bundle) {
-    promptService.alert(window,
-                        bundle.getString("resetPasswordConfirmationTitle"),
-                        bundle.getString("resetPasswordConfirmationMessage"));
+    promptService.alert(
+      window,
+      bundle.getString("resetPasswordConfirmationTitle"),
+      bundle.getString("resetPasswordConfirmationMessage")
+    );
   }
 }
--- a/security/manager/pki/resources/content/setp12password.js
+++ b/security/manager/pki/resources/content/setp12password.js
@@ -85,18 +85,22 @@ function getPasswordStrength(password) {
   }
 
   let nonUpperAlphaChars = password.replace(/[A-Z]/g, "");
   let upperAlphaStrength = password.length - nonUpperAlphaChars.length;
   if (upperAlphaStrength > 3) {
     upperAlphaStrength = 3;
   }
 
-  let strength = (lengthStrength * 10) - 20 + (numericStrength * 10) +
-                 (symbolStrength * 15) + (upperAlphaStrength * 10);
+  let strength =
+    lengthStrength * 10 -
+    20 +
+    numericStrength * 10 +
+    symbolStrength * 15 +
+    upperAlphaStrength * 10;
   if (strength < 0) {
     strength = 0;
   }
   if (strength > 100) {
     strength = 100;
   }
 
   return strength;
@@ -113,10 +117,10 @@ function onPasswordInput(recalculatePass
 
   if (recalculatePasswordStrength) {
     document.getElementById("pwmeter").value = getPasswordStrength(pw1);
   }
 
   // Disable the accept button if the two passwords don't match, and enable it
   // if the passwords do match.
   let pw2 = document.getElementById("pw2").value;
-  document.documentElement.getButton("accept").disabled = (pw1 != pw2);
+  document.documentElement.getButton("accept").disabled = pw1 != pw2;
 }
--- a/security/manager/ssl/DER.jsm
+++ b/security/manager/ssl/DER.jsm
@@ -287,18 +287,34 @@ class DER {
    * @param {Number[]} tagList the list of potential next tags
    * @return {Number[]} the contents of the next TLV if the next tag is in
    *                    <tagList>
    */
   readTLVChoice(tagList) {
     let tag = this._peekByte();
     if (!tagList.includes(tag)) {
       throw new Error(
-        `unexpected tag: found ${tag} instead of one of ${tagList}`);
+        `unexpected tag: found ${tag} instead of one of ${tagList}`
+      );
     }
     return this._readExpectedTLV(tag);
   }
 }
 
-this.DER = { UNIVERSAL, CONSTRUCTED, CONTEXT_SPECIFIC, INTEGER, BIT_STRING,
-             NULL, OBJECT_IDENTIFIER, PrintableString, TeletexString, IA5String,
-             UTCTime, GeneralizedTime, UTF8String, SEQUENCE, SET, DER };
+this.DER = {
+  UNIVERSAL,
+  CONSTRUCTED,
+  CONTEXT_SPECIFIC,
+  INTEGER,
+  BIT_STRING,
+  NULL,
+  OBJECT_IDENTIFIER,
+  PrintableString,
+  TeletexString,
+  IA5String,
+  UTCTime,
+  GeneralizedTime,
+  UTF8String,
+  SEQUENCE,
+  SET,
+  DER,
+};
 this.EXPORTED_SYMBOLS = ["DER"];
--- a/security/manager/ssl/RemoteSecuritySettings.jsm
+++ b/security/manager/ssl/RemoteSecuritySettings.jsm
@@ -1,78 +1,105 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
-const EXPORTED_SYMBOLS = [
-  "RemoteSecuritySettings",
-];
+const EXPORTED_SYMBOLS = ["RemoteSecuritySettings"];
+
+const { RemoteSettings } = ChromeUtils.import(
+  "resource://services-settings/remote-settings.js"
+);
 
-const {RemoteSettings} = ChromeUtils.import("resource://services-settings/remote-settings.js");
-
-const {AppConstants} = ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
-const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
-const {XPCOMUtils} = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
-const {X509} = ChromeUtils.import("resource://gre/modules/psm/X509.jsm", null);
+const { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+const { X509 } = ChromeUtils.import(
+  "resource://gre/modules/psm/X509.jsm",
+  null
+);
 
-const INTERMEDIATES_BUCKET_PREF          = "security.remote_settings.intermediates.bucket";
-const INTERMEDIATES_CHECKED_SECONDS_PREF = "security.remote_settings.intermediates.checked";
-const INTERMEDIATES_COLLECTION_PREF      = "security.remote_settings.intermediates.collection";
-const INTERMEDIATES_DL_PER_POLL_PREF     = "security.remote_settings.intermediates.downloads_per_poll";
-const INTERMEDIATES_DL_PARALLEL_REQUESTS = "security.remote_settings.intermediates.parallel_downloads";
-const INTERMEDIATES_ENABLED_PREF         = "security.remote_settings.intermediates.enabled";
-const INTERMEDIATES_SIGNER_PREF          = "security.remote_settings.intermediates.signer";
-const LOGLEVEL_PREF                      = "browser.policies.loglevel";
+const INTERMEDIATES_BUCKET_PREF =
+  "security.remote_settings.intermediates.bucket";
+const INTERMEDIATES_CHECKED_SECONDS_PREF =
+  "security.remote_settings.intermediates.checked";
+const INTERMEDIATES_COLLECTION_PREF =
+  "security.remote_settings.intermediates.collection";
+const INTERMEDIATES_DL_PER_POLL_PREF =
+  "security.remote_settings.intermediates.downloads_per_poll";
+const INTERMEDIATES_DL_PARALLEL_REQUESTS =
+  "security.remote_settings.intermediates.parallel_downloads";
+const INTERMEDIATES_ENABLED_PREF =
+  "security.remote_settings.intermediates.enabled";
+const INTERMEDIATES_SIGNER_PREF =
+  "security.remote_settings.intermediates.signer";
+const LOGLEVEL_PREF = "browser.policies.loglevel";
 
-const ONECRL_BUCKET_PREF     = "services.settings.security.onecrl.bucket";
+const ONECRL_BUCKET_PREF = "services.settings.security.onecrl.bucket";
 const ONECRL_COLLECTION_PREF = "services.settings.security.onecrl.collection";
-const ONECRL_SIGNER_PREF     = "services.settings.security.onecrl.signer";
-const ONECRL_CHECKED_PREF    = "services.settings.security.onecrl.checked";
+const ONECRL_SIGNER_PREF = "services.settings.security.onecrl.signer";
+const ONECRL_CHECKED_PREF = "services.settings.security.onecrl.checked";
 
-const PINNING_ENABLED_PREF         = "services.blocklist.pinning.enabled";
-const PINNING_BUCKET_PREF          = "services.blocklist.pinning.bucket";
-const PINNING_COLLECTION_PREF      = "services.blocklist.pinning.collection";
+const PINNING_ENABLED_PREF = "services.blocklist.pinning.enabled";
+const PINNING_BUCKET_PREF = "services.blocklist.pinning.bucket";
+const PINNING_COLLECTION_PREF = "services.blocklist.pinning.collection";
 const PINNING_CHECKED_SECONDS_PREF = "services.blocklist.pinning.checked";
-const PINNING_SIGNER_PREF          = "services.blocklist.pinning.signer";
+const PINNING_SIGNER_PREF = "services.blocklist.pinning.signer";
 
 XPCOMUtils.defineLazyGlobalGetters(this, ["fetch"]);
 
 XPCOMUtils.defineLazyGetter(this, "gTextDecoder", () => new TextDecoder());
 
 XPCOMUtils.defineLazyGetter(this, "baseAttachmentsURL", async () => {
   const server = Services.prefs.getCharPref("services.settings.server");
   const serverInfo = await (await fetch(`${server}/`, {
     credentials: "omit",
   })).json();
-  const {capabilities: {attachments: {base_url}}} = serverInfo;
+  const {
+    capabilities: {
+      attachments: { base_url },
+    },
+  } = serverInfo;
   return base_url;
 });
 
 XPCOMUtils.defineLazyGetter(this, "log", () => {
   let { ConsoleAPI } = ChromeUtils.import("resource://gre/modules/Console.jsm");
   return new ConsoleAPI({
     prefix: "RemoteSecuritySettings.jsm",
     // tip: set maxLogLevel to "debug" and use log.debug() to create detailed
     // messages during development. See LOG_LEVELS in Console.jsm for details.
     maxLogLevel: "error",
     maxLogLevelPref: LOGLEVEL_PREF,
   });
 });
 
 function hexify(data) {
-  return Array.from(data, (c, i) => data.charCodeAt(i).toString(16).padStart(2, "0")).join("");
+  return Array.from(data, (c, i) =>
+    data
+      .charCodeAt(i)
+      .toString(16)
+      .padStart(2, "0")
+  ).join("");
 }
 
 // Hash a UTF-8 string into a hex string with SHA256
 function getHash(str) {
   // return the two-digit hexadecimal code for a byte
-  let hasher = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  let hasher = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
   hasher.init(Ci.nsICryptoHash.SHA256);
-  let stringStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(Ci.nsIStringInputStream);
+  let stringStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
   stringStream.data = str;
   hasher.updateFromStream(stringStream, -1);
 
   // convert the binary hash data to a hex string.
   return hexify(hasher.finish(false));
 }
 
 // Converts a JS string to an array of bytes consisting of the char code at each
@@ -95,17 +122,19 @@ function bytesToString(bytes) {
 
 class CRLiteState {
   constructor(subject, spkiHash, state) {
     this.subject = subject;
     this.spkiHash = spkiHash;
     this.state = state;
   }
 }
-CRLiteState.prototype.QueryInterface = ChromeUtils.generateQI([Ci.nsICRLiteState]);
+CRLiteState.prototype.QueryInterface = ChromeUtils.generateQI([
+  Ci.nsICRLiteState,
+]);
 
 class CertInfo {
   constructor(cert, subject) {
     this.cert = cert;
     this.subject = subject;
     this.trust = Ci.nsICertStorage.TRUST_INHERIT;
   }
 }
@@ -119,146 +148,184 @@ class RevocationState {
 
 class IssuerAndSerialRevocationState extends RevocationState {
   constructor(issuer, serial, state) {
     super(state);
     this.issuer = issuer;
     this.serial = serial;
   }
 }
-IssuerAndSerialRevocationState.prototype.QueryInterface =
-  ChromeUtils.generateQI([Ci.nsIIssuerAndSerialRevocationState]);
+IssuerAndSerialRevocationState.prototype.QueryInterface = ChromeUtils.generateQI(
+  [Ci.nsIIssuerAndSerialRevocationState]
+);
 
 class SubjectAndPubKeyRevocationState extends RevocationState {
   constructor(subject, pubKey, state) {
     super(state);
     this.subject = subject;
     this.pubKey = pubKey;
   }
 }
-SubjectAndPubKeyRevocationState.prototype.QueryInterface =
-  ChromeUtils.generateQI([Ci.nsISubjectAndPubKeyRevocationState]);
+SubjectAndPubKeyRevocationState.prototype.QueryInterface = ChromeUtils.generateQI(
+  [Ci.nsISubjectAndPubKeyRevocationState]
+);
 
 function setRevocations(certStorage, revocations) {
-  return new Promise((resolve) =>
+  return new Promise(resolve =>
     certStorage.setRevocations(revocations, resolve)
   );
 }
 
 /**
  * Revoke the appropriate certificates based on the records from the blocklist.
  *
  * @param {Object} data   Current records in the local db.
  */
-const updateCertBlocklist = AppConstants.MOZ_NEW_CERT_STORAGE ?
-  async function ({ data: { current, created, updated, deleted } }) {
-    const certList = Cc["@mozilla.org/security/certstorage;1"]
-      .getService(Ci.nsICertStorage);
-    let items = [];
+const updateCertBlocklist = AppConstants.MOZ_NEW_CERT_STORAGE
+  ? async function({ data: { current, created, updated, deleted } }) {
+      const certList = Cc["@mozilla.org/security/certstorage;1"].getService(
+        Ci.nsICertStorage
+      );
+      let items = [];
 
-    // See if we have prior revocation data (this can happen when we can't open
-    // the database and we have to re-create it (see bug 1546361)).
-    let hasPriorRevocationData = await new Promise((resolve) => {
-      certList.hasPriorData(Ci.nsICertStorage.DATA_TYPE_REVOCATION, (rv, hasPriorData) => {
-        if (rv == Cr.NS_OK) {
-          resolve(hasPriorData);
-        } else {
-          // If calling hasPriorData failed, assume we need to reload
-          // everything (even though it's unlikely doing so will succeed).
-          resolve(false);
-        }
+      // See if we have prior revocation data (this can happen when we can't open
+      // the database and we have to re-create it (see bug 1546361)).
+      let hasPriorRevocationData = await new Promise(resolve => {
+        certList.hasPriorData(
+          Ci.nsICertStorage.DATA_TYPE_REVOCATION,
+          (rv, hasPriorData) => {
+            if (rv == Cr.NS_OK) {
+              resolve(hasPriorData);
+            } else {
+              // If calling hasPriorData failed, assume we need to reload
+              // everything (even though it's unlikely doing so will succeed).
+              resolve(false);
+            }
+          }
+        );
       });
-    });
 
-    // If we don't have prior data, make it so we re-load everything.
-    if (!hasPriorRevocationData) {
-      deleted = [];
-      updated = [];
-      created = current;
-    }
+      // If we don't have prior data, make it so we re-load everything.
+      if (!hasPriorRevocationData) {
+        deleted = [];
+        updated = [];
+        created = current;
+      }
 
-    for (let item of deleted) {
-      if (item.issuerName && item.serialNumber) {
-        items.push(new IssuerAndSerialRevocationState(item.issuerName,
-          item.serialNumber, Ci.nsICertStorage.STATE_UNSET));
-      } else if (item.subject && item.pubKeyHash) {
-        items.push(new SubjectAndPubKeyRevocationState(item.subject,
-          item.pubKeyHash, Ci.nsICertStorage.STATE_UNSET));
-      }
-    }
-
-    const toAdd = created.concat(updated.map(u => u.new));
-
-    for (let item of toAdd) {
-      if (item.issuerName && item.serialNumber) {
-        items.push(new IssuerAndSerialRevocationState(item.issuerName,
-          item.serialNumber, Ci.nsICertStorage.STATE_ENFORCE));
-      } else if (item.subject && item.pubKeyHash) {
-        items.push(new SubjectAndPubKeyRevocationState(item.subject,
-          item.pubKeyHash, Ci.nsICertStorage.STATE_ENFORCE));
+      for (let item of deleted) {
+        if (item.issuerName && item.serialNumber) {
+          items.push(
+            new IssuerAndSerialRevocationState(
+              item.issuerName,
+              item.serialNumber,
+              Ci.nsICertStorage.STATE_UNSET
+            )
+          );
+        } else if (item.subject && item.pubKeyHash) {
+          items.push(
+            new SubjectAndPubKeyRevocationState(
+              item.subject,
+              item.pubKeyHash,
+              Ci.nsICertStorage.STATE_UNSET
+            )
+          );
+        }
       }
-    }
+
+      const toAdd = created.concat(updated.map(u => u.new));
 
-    try {
-      await setRevocations(certList, items);
-    } catch (e) {
-      Cu.reportError(e);
-    }
-  } : async function ({ data: { current: records } }) {
-    const certList = Cc["@mozilla.org/security/certblocklist;1"]
-      .getService(Ci.nsICertBlocklist);
-    for (let item of records) {
+      for (let item of toAdd) {
+        if (item.issuerName && item.serialNumber) {
+          items.push(
+            new IssuerAndSerialRevocationState(
+              item.issuerName,
+              item.serialNumber,
+              Ci.nsICertStorage.STATE_ENFORCE
+            )
+          );
+        } else if (item.subject && item.pubKeyHash) {
+          items.push(
+            new SubjectAndPubKeyRevocationState(
+              item.subject,
+              item.pubKeyHash,
+              Ci.nsICertStorage.STATE_ENFORCE
+            )
+          );
+        }
+      }
+
       try {
-        if (item.issuerName && item.serialNumber) {
-          certList.revokeCertByIssuerAndSerial(item.issuerName,
-            item.serialNumber);
-        } else if (item.subject && item.pubKeyHash) {
-          certList.revokeCertBySubjectAndPubKey(item.subject,
-            item.pubKeyHash);
-        }
+        await setRevocations(certList, items);
       } catch (e) {
-        // Prevent errors relating to individual blocklist entries from causing sync to fail.
         Cu.reportError(e);
       }
     }
-    certList.saveEntries();
-  };
+  : async function({ data: { current: records } }) {
+      const certList = Cc["@mozilla.org/security/certblocklist;1"].getService(
+        Ci.nsICertBlocklist
+      );
+      for (let item of records) {
+        try {
+          if (item.issuerName && item.serialNumber) {
+            certList.revokeCertByIssuerAndSerial(
+              item.issuerName,
+              item.serialNumber
+            );
+          } else if (item.subject && item.pubKeyHash) {
+            certList.revokeCertBySubjectAndPubKey(
+              item.subject,
+              item.pubKeyHash
+            );
+          }
+        } catch (e) {
+          // Prevent errors relating to individual blocklist entries from causing sync to fail.
+          Cu.reportError(e);
+        }
+      }
+      certList.saveEntries();
+    };
 
 /**
  * Modify the appropriate security pins based on records from the remote
  * collection.
  *
  * @param {Object} data   Current records in the local db.
  */
 async function updatePinningList({ data: { current: records } }) {
   if (!Services.prefs.getBoolPref(PINNING_ENABLED_PREF)) {
     return;
   }
 
-  const siteSecurityService = Cc["@mozilla.org/ssservice;1"]
-    .getService(Ci.nsISiteSecurityService);
+  const siteSecurityService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
 
   // clear the current preload list
   siteSecurityService.clearPreloads();
 
   // write each KeyPin entry to the preload list
   for (let item of records) {
     try {
       const { pinType, pins = [], versions } = item;
       if (versions.includes(Services.appinfo.version)) {
         if (pinType == "KeyPin" && pins.length) {
-          siteSecurityService.setKeyPins(item.hostName,
+          siteSecurityService.setKeyPins(
+            item.hostName,
             item.includeSubdomains,
             item.expires,
-            pins, true);
+            pins,
+            true
+          );
         }
         if (pinType == "STSPin") {
-          siteSecurityService.setHSTSPreload(item.hostName,
+          siteSecurityService.setHSTSPreload(
+            item.hostName,
             item.includeSubdomains,
-            item.expires);
+            item.expires
+          );
         }
       }
     } catch (e) {
       // Prevent errors relating to individual preload entries from causing sync to fail.
       Cu.reportError(e);
     }
   }
 }
@@ -266,28 +333,34 @@ async function updatePinningList({ data:
 var RemoteSecuritySettings = {
   /**
    * Initialize the clients (cheap instantiation) and setup their sync event.
    * This static method is called from BrowserGlue.jsm soon after startup.
    *
    * @returns {Object} intantiated clients for security remote settings.
    */
   init() {
-    const OneCRLBlocklistClient = RemoteSettings(Services.prefs.getCharPref(ONECRL_COLLECTION_PREF), {
-      bucketNamePref: ONECRL_BUCKET_PREF,
-      lastCheckTimePref: ONECRL_CHECKED_PREF,
-      signerName: Services.prefs.getCharPref(ONECRL_SIGNER_PREF),
-    });
+    const OneCRLBlocklistClient = RemoteSettings(
+      Services.prefs.getCharPref(ONECRL_COLLECTION_PREF),
+      {
+        bucketNamePref: ONECRL_BUCKET_PREF,
+        lastCheckTimePref: ONECRL_CHECKED_PREF,
+        signerName: Services.prefs.getCharPref(ONECRL_SIGNER_PREF),
+      }
+    );
     OneCRLBlocklistClient.on("sync", updateCertBlocklist);
 
-    const PinningBlocklistClient = RemoteSettings(Services.prefs.getCharPref(PINNING_COLLECTION_PREF), {
-      bucketNamePref: PINNING_BUCKET_PREF,
-      lastCheckTimePref: PINNING_CHECKED_SECONDS_PREF,
-      signerName: Services.prefs.getCharPref(PINNING_SIGNER_PREF),
-    });
+    const PinningBlocklistClient = RemoteSettings(
+      Services.prefs.getCharPref(PINNING_COLLECTION_PREF),
+      {
+        bucketNamePref: PINNING_BUCKET_PREF,
+        lastCheckTimePref: PINNING_CHECKED_SECONDS_PREF,
+        signerName: Services.prefs.getCharPref(PINNING_SIGNER_PREF),
+      }
+    );
     PinningBlocklistClient.on("sync", updatePinningList);
 
     let IntermediatePreloadsClient;
     if (AppConstants.MOZ_NEW_CERT_STORAGE) {
       IntermediatePreloadsClient = new IntermediatePreloads();
     }
 
     return {
@@ -295,114 +368,143 @@ var RemoteSecuritySettings = {
       PinningBlocklistClient,
       IntermediatePreloadsClient,
     };
   },
 };
 
 class IntermediatePreloads {
   constructor() {
-    this.client = RemoteSettings(Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF), {
-      bucketNamePref: INTERMEDIATES_BUCKET_PREF,
-      lastCheckTimePref: INTERMEDIATES_CHECKED_SECONDS_PREF,
-      signerName: Services.prefs.getCharPref(INTERMEDIATES_SIGNER_PREF),
-      localFields: ["cert_import_complete"],
-    });
+    this.client = RemoteSettings(
+      Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF),
+      {
+        bucketNamePref: INTERMEDIATES_BUCKET_PREF,
+        lastCheckTimePref: INTERMEDIATES_CHECKED_SECONDS_PREF,
+        signerName: Services.prefs.getCharPref(INTERMEDIATES_SIGNER_PREF),
+        localFields: ["cert_import_complete"],
+      }
+    );
 
     this.client.on("sync", this.onSync.bind(this));
-    Services.obs.addObserver(this.onObservePollEnd.bind(this),
-                              "remote-settings:changes-poll-end");
+    Services.obs.addObserver(
+      this.onObservePollEnd.bind(this),
+      "remote-settings:changes-poll-end"
+    );
 
     log.debug("Intermediate Preloading: constructor");
   }
 
   async updatePreloadedIntermediates() {
     // Bug 1429800: once the CertStateService has the correct interface, also
     // store the whitelist status and crlite enrollment status
 
     if (!Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)) {
       log.debug("Intermediate Preloading is disabled");
-      Services.obs.notifyObservers(null, "remote-security-settings:intermediates-updated", "disabled");
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:intermediates-updated",
+        "disabled"
+      );
       return;
     }
 
     // Download attachments that are awaiting download, up to a max.
-    const maxDownloadsPerRun = Services.prefs.getIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 100);
-    const parallelDownloads = Services.prefs.getIntPref(INTERMEDIATES_DL_PARALLEL_REQUESTS, 8);
+    const maxDownloadsPerRun = Services.prefs.getIntPref(
+      INTERMEDIATES_DL_PER_POLL_PREF,
+      100
+    );
+    const parallelDownloads = Services.prefs.getIntPref(
+      INTERMEDIATES_DL_PARALLEL_REQUESTS,
+      8
+    );
 
     // Bug 1519256: Move this to a separate method that's on a separate timer
     // with a higher frequency (so we can attempt to download outstanding
     // certs more than once daily)
 
     // See if we have prior cert data (this can happen when we can't open the database and we
     // have to re-create it (see bug 1546361)).
-    const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(Ci.nsICertStorage);
-    let hasPriorCertData = await new Promise((resolve) => {
-      certStorage.hasPriorData(Ci.nsICertStorage.DATA_TYPE_CERTIFICATE, (rv, hasPriorData) => {
-        if (rv == Cr.NS_OK) {
-          resolve(hasPriorData);
-        } else {
-          // If calling hasPriorData failed, assume we need to reload everything (even though
-          // it's unlikely doing so will succeed).
-          resolve(false);
+    const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    let hasPriorCertData = await new Promise(resolve => {
+      certStorage.hasPriorData(
+        Ci.nsICertStorage.DATA_TYPE_CERTIFICATE,
+        (rv, hasPriorData) => {
+          if (rv == Cr.NS_OK) {
+            resolve(hasPriorData);
+          } else {
+            // If calling hasPriorData failed, assume we need to reload everything (even though
+            // it's unlikely doing so will succeed).
+            resolve(false);
+          }
         }
-      });
+      );
     });
     const col = await this.client.openCollection();
     // If we don't have prior data, make it so we re-load everything.
     if (!hasPriorCertData) {
       const { data: current } = await col.list({ order: "" }); // no sort needed.
       const toReset = current.filter(record => record.cert_import_complete);
       await col.db.execute(transaction => {
-        toReset.forEach((record) => {
+        toReset.forEach(record => {
           transaction.update({ ...record, cert_import_complete: false });
         });
       });
     }
     const { data: current } = await col.list({ order: "" }); // no sort needed.
     const waiting = current.filter(record => !record.cert_import_complete);
 
     log.debug(`There are ${waiting.length} intermediates awaiting download.`);
     if (waiting.length == 0) {
       // Nothing to do.
-      Services.obs.notifyObservers(null, "remote-security-settings:intermediates-updated", "success");
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:intermediates-updated",
+        "success"
+      );
       return;
     }
 
     let toDownload = waiting.slice(0, maxDownloadsPerRun);
     let recordsCertsAndSubjects = [];
     for (let i = 0; i < toDownload.length; i += parallelDownloads) {
       const chunk = toDownload.slice(i, i + parallelDownloads);
-      const downloaded = await Promise.all(chunk.map(record => this.maybeDownloadAttachment(record)));
+      const downloaded = await Promise.all(
+        chunk.map(record => this.maybeDownloadAttachment(record))
+      );
       recordsCertsAndSubjects = recordsCertsAndSubjects.concat(downloaded);
     }
 
     let certInfos = [];
     let recordsToUpdate = [];
-    for (let {record, cert, subject} of recordsCertsAndSubjects) {
+    for (let { record, cert, subject } of recordsCertsAndSubjects) {
       if (cert && subject) {
         certInfos.push(new CertInfo(cert, subject));
         recordsToUpdate.push(record);
       }
     }
-    let result = await new Promise((resolve) => {
+    let result = await new Promise(resolve => {
       certStorage.addCerts(certInfos, resolve);
-    }).catch((err) => err);
+    }).catch(err => err);
     if (result != Cr.NS_OK) {
       Cu.reportError(`certStorage.addCerts failed: ${result}`);
       return;
     }
     await col.db.execute(transaction => {
-      recordsToUpdate.forEach((record) => {
+      recordsToUpdate.forEach(record => {
         transaction.update({ ...record, cert_import_complete: true });
       });
     });
 
-    Services.obs.notifyObservers(null, "remote-security-settings:intermediates-updated",
-                                  "success");
+    Services.obs.notifyObservers(
+      null,
+      "remote-security-settings:intermediates-updated",
+      "success"
+    );
   }
 
   async onObservePollEnd(subject, topic, data) {
     log.debug(`onObservePollEnd ${subject} ${topic}`);
 
     try {
       await this.updatePreloadedIntermediates();
     } catch (err) {
@@ -414,85 +516,106 @@ class IntermediatePreloads {
   async onSync({ data: { current, created, updated, deleted } }) {
     if (!Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)) {
       log.debug("Intermediate Preloading is disabled");
       return;
     }
 
     log.debug(`Removing ${deleted.length} Intermediate certificates`);
     await this.removeCerts(deleted);
-    let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(Ci.nsICertStorage);
-    let hasPriorCRLiteData = await new Promise((resolve) => {
-      certStorage.hasPriorData(Ci.nsICertStorage.DATA_TYPE_CRLITE, (rv, hasPriorData) => {
-        if (rv == Cr.NS_OK) {
-          resolve(hasPriorData);
-        } else {
-          resolve(false);
+    let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    let hasPriorCRLiteData = await new Promise(resolve => {
+      certStorage.hasPriorData(
+        Ci.nsICertStorage.DATA_TYPE_CRLITE,
+        (rv, hasPriorData) => {
+          if (rv == Cr.NS_OK) {
+            resolve(hasPriorData);
+          } else {
+            resolve(false);
+          }
         }
-      });
+      );
     });
     if (!hasPriorCRLiteData) {
       deleted = [];
       updated = [];
       created = current;
     }
     const toAdd = created.concat(updated.map(u => u.new));
     let entries = [];
     for (let entry of deleted) {
-      entries.push(new CRLiteState(entry.subjectDN, entry.pubKeyHash,
-        Ci.nsICertStorage.STATE_UNSET));
+      entries.push(
+        new CRLiteState(
+          entry.subjectDN,
+          entry.pubKeyHash,
+          Ci.nsICertStorage.STATE_UNSET
+        )
+      );
     }
     for (let entry of toAdd) {
-      entries.push(new CRLiteState(entry.subjectDN, entry.pubKeyHash,
-        entry.crlite_enrolled ? Ci.nsICertStorage.STATE_ENFORCE
-          : Ci.nsICertStorage.STATE_UNSET));
+      entries.push(
+        new CRLiteState(
+          entry.subjectDN,
+          entry.pubKeyHash,
+          entry.crlite_enrolled
+            ? Ci.nsICertStorage.STATE_ENFORCE
+            : Ci.nsICertStorage.STATE_UNSET
+        )
+      );
     }
-    await new Promise((resolve) => certStorage.setCRLiteState(entries, resolve));
+    await new Promise(resolve => certStorage.setCRLiteState(entries, resolve));
   }
 
   /**
    * Downloads the attachment data of the given record. Does not retry,
    * leaving that to the caller.
    * @param  {AttachmentRecord} record The data to obtain
    * @return {Promise}          resolves to a Uint8Array on success
    */
   async _downloadAttachmentBytes(record) {
-    const {attachment: {location}} = record;
+    const {
+      attachment: { location },
+    } = record;
     const remoteFilePath = (await baseAttachmentsURL) + location;
     const headers = new Headers();
     headers.set("Accept-Encoding", "gzip");
 
     return fetch(remoteFilePath, {
       headers,
       credentials: "omit",
-    }).then(resp => {
-      log.debug(`Download fetch completed: ${resp.ok} ${resp.status}`);
-      if (!resp.ok) {
-        Cu.reportError(`Failed to fetch ${remoteFilePath}: ${resp.status}`);
-        return Promise.reject();
-      }
-      return resp.arrayBuffer();
     })
-    .then(buffer => new Uint8Array(buffer));
+      .then(resp => {
+        log.debug(`Download fetch completed: ${resp.ok} ${resp.status}`);
+        if (!resp.ok) {
+          Cu.reportError(`Failed to fetch ${remoteFilePath}: ${resp.status}`);
+          return Promise.reject();
+        }
+        return resp.arrayBuffer();
+      })
+      .then(buffer => new Uint8Array(buffer));
   }
 
   /**
    * Attempts to download the attachment, assuming it's not been processed
    * already. Does not retry, and always resolves (e.g., does not reject upon
    * failure.) Errors are reported via Cu.reportError.
    * @param  {AttachmentRecord} record defines which data to obtain
    * @return {Promise}          a Promise that will resolve to an object with the properties
    *                            record, cert, and subject. record is the original record.
    *                            cert is the base64-encoded bytes of the downloaded certificate (if
    *                            downloading was successful), and null otherwise.
    *                            subject is the base64-encoded bytes of the subject distinguished
    *                            name of the same.
    */
   async maybeDownloadAttachment(record) {
-    const {attachment: {hash, size}} = record;
+    const {
+      attachment: { hash, size },
+    } = record;
     let result = { record, cert: null, subject: null };
 
     let attachmentData;
     try {
       attachmentData = await this._downloadAttachmentBytes(record);
     } catch (err) {
       Cu.reportError(`Failed to download attachment: ${err}`);
       return result;
@@ -501,57 +624,67 @@ class IntermediatePreloads {
     if (!attachmentData || attachmentData.length == 0) {
       // Bug 1519273 - Log telemetry for these rejections
       log.debug(`Empty attachment. Hash=${hash}`);
       return result;
     }
 
     // check the length
     if (attachmentData.length !== size) {
-      log.debug(`Unexpected attachment length. Hash=${hash} Lengths ${attachmentData.length} != ${size}`);
+      log.debug(
+        `Unexpected attachment length. Hash=${hash} Lengths ${
+          attachmentData.length
+        } != ${size}`
+      );
       return result;
     }
 
     // check the hash
     let dataAsString = gTextDecoder.decode(attachmentData);
     let calculatedHash = getHash(dataAsString);
     if (calculatedHash !== hash) {
-      log.warn(`Invalid hash. CalculatedHash=${calculatedHash}, Hash=${hash}, data=${dataAsString}`);
+      log.warn(
+        `Invalid hash. CalculatedHash=${calculatedHash}, Hash=${hash}, data=${dataAsString}`
+      );
       return result;
     }
     log.debug(`downloaded cert with hash=${hash}, size=${size}`);
 
     let certBase64;
     let subjectBase64;
     try {
       // split off the header and footer
       certBase64 = dataAsString.split("-----")[2].replace(/\s/g, "");
       // get an array of bytes so we can use X509.jsm
       let certBytes = stringToBytes(atob(certBase64));
       let cert = new X509.Certificate();
       cert.parse(certBytes);
       // get the DER-encoded subject and get a base64-encoded string from it
       // TODO(bug 1542028): add getters for _der and _bytes
-      subjectBase64 = btoa(bytesToString(cert.tbsCertificate.subject._der._bytes));
+      subjectBase64 = btoa(
+        bytesToString(cert.tbsCertificate.subject._der._bytes)
+      );
     } catch (err) {
       Cu.reportError(`Failed to decode cert: ${err}`);
       return result;
     }
     result.cert = certBase64;
     result.subject = subjectBase64;
     return result;
   }
 
   async maybeSync(expectedTimestamp, options) {
     return this.client.maybeSync(expectedTimestamp, options);
   }
 
   async removeCerts(recordsToRemove) {
-    let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(Ci.nsICertStorage);
+    let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
     let hashes = recordsToRemove.map(record => record.derHash);
-    let result = await new Promise((resolve) => {
-        certStorage.removeCertsByHashes(hashes, resolve);
-    }).catch((err) => err);
+    let result = await new Promise(resolve => {
+      certStorage.removeCertsByHashes(hashes, resolve);
+    }).catch(err => err);
     if (result != Cr.NS_OK) {
       Cu.reportError(`Failed to remove some intermediate certificates`);
     }
   }
 }
--- a/security/manager/ssl/X509.jsm
+++ b/security/manager/ssl/X509.jsm
@@ -61,17 +61,17 @@ class OID {
     this._values.push(value2);
     bytes.shift();
     let accumulator = 0;
     // Lint TODO: prevent overflow here
     while (bytes.length > 0) {
       let value = bytes.shift();
       accumulator *= 128;
       if (value > 128) {
-        accumulator += (value - 128);
+        accumulator += value - 128;
       } else {
         accumulator += value;
         this._values.push(accumulator);
         accumulator = 0;
       }
     }
   }
 }
@@ -407,20 +407,24 @@ class AttributeTypeAndValue extends Deco
   }
 
   parseOverride() {
     let contents = readSEQUENCEAndMakeDER(this._der);
     this._type = readOID(contents);
     // We don't support universalString or bmpString.
     // IA5String is supported because it is valid if `type == id-emailaddress`.
     // Lint TODO: validate that the type of string is valid given `type`.
-    this._value.parse(contents.readTLVChoice([ DER.UTF8String,
-                                               DER.PrintableString,
-                                               DER.TeletexString,
-                                               DER.IA5String ]));
+    this._value.parse(
+      contents.readTLVChoice([
+        DER.UTF8String,
+        DER.PrintableString,
+        DER.TeletexString,
+        DER.IA5String,
+      ])
+    );
     contents.assertAtEnd();
     this._der.assertAtEnd();
   }
 }
 
 // DirectoryString ::= CHOICE {
 //       teletexString           TeletexString (SIZE (1..MAX)),
 //       printableString         PrintableString (SIZE (1..MAX)),
@@ -529,29 +533,29 @@ class Time extends DecodedDER {
     let minute = min1 * 10 + min2;
     if (minute > 59) {
       throw new Error(ERROR_TIME_NOT_VALID);
     }
 
     let s1 = this._validateDigit(contents.readByte());
     let s2 = this._validateDigit(contents.readByte());
     let second = s1 * 10 + s2;
-    if (second > 60) { // leap-seconds mean this can be as much as 60
+    if (second > 60) {
+      // leap-seconds mean this can be as much as 60
       throw new Error(ERROR_TIME_NOT_VALID);
     }
 
     let z = contents.readByte();
     if (z != "Z".charCodeAt(0)) {
       throw new Error(ERROR_TIME_NOT_VALID);
     }
     // Lint TODO: verify that the Time doesn't specify a nonsensical
     // month/day/etc.
     // months are zero-indexed in JS
-    this._time = new Date(Date.UTC(year, month - 1, day, hour, minute,
-                                   second));
+    this._time = new Date(Date.UTC(year, month - 1, day, hour, minute, second));
 
     contents.assertAtEnd();
     this._der.assertAtEnd();
   }
 
   /**
    * Takes a byte that is supposed to be in the ASCII range for "0" to "9".
    * Validates the range and then converts it to the range 0 to 9.
@@ -581,20 +585,22 @@ class Validity extends DecodedDER {
   }
 
   get notAfter() {
     return this._notAfter;
   }
 
   parseOverride() {
     let contents = readSEQUENCEAndMakeDER(this._der);
-    this._notBefore.parse(contents.readTLVChoice(
-      [DER.UTCTime, DER.GeneralizedTime]));
-    this._notAfter.parse(contents.readTLVChoice(
-      [DER.UTCTime, DER.GeneralizedTime]));
+    this._notBefore.parse(
+      contents.readTLVChoice([DER.UTCTime, DER.GeneralizedTime])
+    );
+    this._notAfter.parse(
+      contents.readTLVChoice([DER.UTCTime, DER.GeneralizedTime])
+    );
     contents.assertAtEnd();
     this._der.assertAtEnd();
   }
 }
 
 // SubjectPublicKeyInfo  ::=  SEQUENCE  {
 //      algorithm            AlgorithmIdentifier,
 //      subjectPublicKey     BIT STRING  }
--- a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
@@ -1,15 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
-var FakeTransportSecurityInfo = function() {
-};
+var FakeTransportSecurityInfo = function() {};
 
 FakeTransportSecurityInfo.prototype = {
   serverCert: null,
   cipherName: null,
   keyLength: 2048,
   isDomainMismatch: false,
   isNotValidAtThisTime: false,
   isUntrusted: false,
@@ -17,81 +16,100 @@ FakeTransportSecurityInfo.prototype = {
   getInterface(aIID) {
     return this.QueryInterface(aIID);
   },
   QueryInterface: ChromeUtils.generateQI(["nsITransportSecurityInfo"]),
 };
 
 function whenNewWindowLoaded(aOptions, aCallback) {
   let win = OpenBrowserWindow(aOptions);
-  win.addEventListener("load", function() {
-    aCallback(win);
-  }, {once: true});
+  win.addEventListener(
+    "load",
+    function() {
+      aCallback(win);
+    },
+    { once: true }
+  );
 }
 
 // This is a template to help porting global private browsing tests
 // to per-window private browsing tests
 function test() {
   // initialization
   waitForExplicitFinish();
   let windowsToClose = [];
   let testURI = "about:blank";
   let uri;
-  let gSSService = Cc["@mozilla.org/ssservice;1"].
-                   getService(Ci.nsISiteSecurityService);
+  let gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
 
   function privacyFlags(aIsPrivateMode) {
     return aIsPrivateMode ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
   }
 
   function doTest(aIsPrivateMode, aWindow, aCallback) {
-    BrowserTestUtils.browserLoaded(aWindow.gBrowser.selectedBrowser).then(() => {
-      let secInfo = new FakeTransportSecurityInfo();
-      uri = aWindow.Services.io.newURI("https://localhost/img.png");
-      gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                               "max-age=1000", secInfo, privacyFlags(aIsPrivateMode),
-                               Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST);
-      ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                                privacyFlags(aIsPrivateMode)),
-                                "checking sts host");
+    BrowserTestUtils.browserLoaded(aWindow.gBrowser.selectedBrowser).then(
+      () => {
+        let secInfo = new FakeTransportSecurityInfo();
+        uri = aWindow.Services.io.newURI("https://localhost/img.png");
+        gSSService.processHeader(
+          Ci.nsISiteSecurityService.HEADER_HSTS,
+          uri,
+          "max-age=1000",
+          secInfo,
+          privacyFlags(aIsPrivateMode),
+          Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+        );
+        ok(
+          gSSService.isSecureURI(
+            Ci.nsISiteSecurityService.HEADER_HSTS,
+            uri,
+            privacyFlags(aIsPrivateMode)
+          ),
+          "checking sts host"
+        );
 
-      aCallback();
-    });
+        aCallback();
+      }
+    );
 
     BrowserTestUtils.loadURI(aWindow.gBrowser.selectedBrowser, testURI);
   }
 
   function testOnWindow(aOptions, aCallback) {
     whenNewWindowLoaded(aOptions, function(aWin) {
       windowsToClose.push(aWin);
       // execute should only be called when need, like when you are opening
       // web pages on the test. If calling executeSoon() is not necesary, then
       // call whenNewWindowLoaded() instead of testOnWindow() on your test.
-      executeSoon(function() { aCallback(aWin); });
+      executeSoon(function() {
+        aCallback(aWin);
+      });
     });
   }
 
-   // this function is called after calling finish() on the test.
+  // this function is called after calling finish() on the test.
   registerCleanupFunction(function() {
     windowsToClose.forEach(function(aWin) {
       aWin.close();
     });
     uri = Services.io.newURI("http://localhost");
     gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
   });
 
   // test first when on private mode
-  testOnWindow({private: true}, function(aWin) {
+  testOnWindow({ private: true }, function(aWin) {
     doTest(true, aWin, function() {
       // test when not on private mode
       testOnWindow({}, function(aWin) {
         doTest(false, aWin, function() {
           // test again when on private mode
-          testOnWindow({private: true}, function(aWin) {
-            doTest(true, aWin, function () {
+          testOnWindow({ private: true }, function(aWin) {
+            doTest(true, aWin, function() {
               finish();
             });
           });
         });
       });
     });
   });
 }
--- a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -3,145 +3,170 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
 // Repeatedly opens the certificate viewer dialog with various certificates and
 // determines that the viewer correctly identifies either what usages those
 // certificates are valid for or what errors prevented the certificates from
 // being verified.
 
-var { AppConstants } = ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
+var { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
 var { OS } = ChromeUtils.import("resource://gre/modules/osfile.jsm");
 
 add_task(async function testCAandTitle() {
   let cert = await readCertificate("ca.pem", "CTu,CTu,CTu");
   let win = await displayCertificate(cert);
-  checkUsages(win, [{id: "verify-ssl-ca", args: null}]);
+  checkUsages(win, [{ id: "verify-ssl-ca", args: null }]);
   checkDetailsPane(win, ["ca"]);
 
   // There's no real need to test the title for every cert, so we just test it
   // once here.
-  Assert.deepEqual(win.document.l10n.getAttributes(win.document.documentElement),
-                {args: { certName: "ca"}, id: "cert-viewer-title"},
-               "Actual and expected title should match");
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(win.document.documentElement),
+    { args: { certName: "ca" }, id: "cert-viewer-title" },
+    "Actual and expected title should match"
+  );
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testSSLEndEntity() {
   let cert = await readCertificate("ssl-ee.pem", ",,");
   let win = await displayCertificate(cert);
-  checkUsages(win, [{id: "verify-ssl-server", args: null}, {id: "verify-ssl-client", args: null}]);
+  checkUsages(win, [
+    { id: "verify-ssl-server", args: null },
+    { id: "verify-ssl-client", args: null },
+  ]);
   checkDetailsPane(win, ["ca", "ssl-ee"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testEmailEndEntity() {
   let cert = await readCertificate("email-ee.pem", ",,");
   let win = await displayCertificate(cert);
-  checkUsages(win, [{id: "verify-email-recip", args: null}, {id: "verify-email-signer", args: null}]);
+  checkUsages(win, [
+    { id: "verify-email-recip", args: null },
+    { id: "verify-email-signer", args: null },
+  ]);
   checkDetailsPane(win, ["ca", "email-ee"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testCodeSignEndEntity() {
   let cert = await readCertificate("code-ee.pem", ",,");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified-unknown", args: null});
+  checkError(win, { id: "cert-not-verified-unknown", args: null });
   checkDetailsPane(win, ["code-ee"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testExpired() {
   let cert = await readCertificate("expired-ca.pem", ",,");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified-cert-expired", args: null});
+  checkError(win, { id: "cert-not-verified-cert-expired", args: null });
   checkDetailsPane(win, ["expired-ca"]);
   await BrowserTestUtils.closeWindow(win);
 
   // These tasks may run in any order, so we run this additional testcase in the
   // same task.
   let eeCert = await readCertificate("ee-from-expired-ca.pem", ",,");
   let eeWin = await displayCertificate(eeCert);
-  checkError(eeWin, {id: "cert-not-verified-ca-invalid", args: null});
+  checkError(eeWin, { id: "cert-not-verified-ca-invalid", args: null });
   checkDetailsPane(eeWin, ["ee-from-expired-ca"]);
   await BrowserTestUtils.closeWindow(eeWin);
 });
 
 add_task(async function testUnknownIssuer() {
   let cert = await readCertificate("unknown-issuer.pem", ",,");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified-issuer-unknown", args: null});
+  checkError(win, { id: "cert-not-verified-issuer-unknown", args: null });
   checkDetailsPane(win, ["unknown-issuer"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testInsecureAlgo() {
   let cert = await readCertificate("md5-ee.pem", ",,");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified_algorithm-disabled", args: null});
+  checkError(win, { id: "cert-not-verified_algorithm-disabled", args: null });
   checkDetailsPane(win, ["md5-ee"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testUntrusted() {
   let cert = await readCertificate("untrusted-ca.pem", "p,p,p");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified-cert-not-trusted", args: null});
+  checkError(win, { id: "cert-not-verified-cert-not-trusted", args: null });
   checkDetailsPane(win, ["untrusted-ca"]);
   await BrowserTestUtils.closeWindow(win);
 
   // These tasks may run in any order, so we run this additional testcase in the
   // same task.
   let eeCert = await readCertificate("ee-from-untrusted-ca.pem", ",,");
   let eeWin = await displayCertificate(eeCert);
-  checkError(eeWin, {id: "cert-not-verified-issuer-not-trusted", args: null});
+  checkError(eeWin, { id: "cert-not-verified-issuer-not-trusted", args: null });
   checkDetailsPane(eeWin, ["ee-from-untrusted-ca"]);
   await BrowserTestUtils.closeWindow(eeWin);
 });
 
 add_task(async function testRevoked() {
   // Note that there's currently no way to un-do this. This should only be a
   // problem if another test re-uses a certificate with this same key (perhaps
   // likely) and subject (less likely).
   if (AppConstants.MOZ_NEW_CERT_STORAGE) {
-    let certBlocklist = Cc["@mozilla.org/security/certstorage;1"]
-                          .getService(Ci.nsICertStorage);
-    let result = await new Promise((resolve) =>
-      certBlocklist.setRevocations([{
-        QueryInterface: ChromeUtils.generateQI([Ci.nsISubjectAndPubKeyRevocationState]),
-        subject: "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
-        pubKey: "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=", // hash of the shared key
-        state: Ci.nsICertStorage.STATE_ENFORCE, // yes, we want this to be revoked
-      }], resolve));
+    let certBlocklist = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    let result = await new Promise(resolve =>
+      certBlocklist.setRevocations(
+        [
+          {
+            QueryInterface: ChromeUtils.generateQI([
+              Ci.nsISubjectAndPubKeyRevocationState,
+            ]),
+            subject: "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
+            pubKey: "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=", // hash of the shared key
+            state: Ci.nsICertStorage.STATE_ENFORCE, // yes, we want this to be revoked
+          },
+        ],
+        resolve
+      )
+    );
     Assert.equal(result, Cr.NS_OK, "setting revocation state should succeed");
   } else {
-    let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"]
-                          .getService(Ci.nsICertBlocklist);
+    let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"].getService(
+      Ci.nsICertBlocklist
+    );
     certBlocklist.revokeCertBySubjectAndPubKey(
       "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
-      "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
+      "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="
+    ); // hash of the shared key
   }
   let cert = await readCertificate("revoked.pem", ",,");
   let win = await displayCertificate(cert);
   // As of bug 1312827, OneCRL only applies to TLS web server certificates, so
   // this certificate will actually verify successfully for every end-entity
   // usage except TLS web server.
-  checkUsages(win, [{id: "verify-email-recip", args: null}, {id: "verify-email-signer", args: null}, {id: "verify-ssl-client", args: null}]);
+  checkUsages(win, [
+    { id: "verify-email-recip", args: null },
+    { id: "verify-email-signer", args: null },
+    { id: "verify-ssl-client", args: null },
+  ]);
   checkDetailsPane(win, ["ca", "revoked"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testInvalid() {
   // This certificate has a keyUsage extension asserting cRLSign and
   // keyCertSign, but it doesn't have a basicConstraints extension. This
   // shouldn't be valid for any usage. Sadly, we give a pretty lame error
   // message in this case.
   let cert = await readCertificate("invalid.pem", ",,");
   let win = await displayCertificate(cert);
-  checkError(win, {id: "cert-not-verified-unknown", args: null});
+  checkError(win, { id: "cert-not-verified-unknown", args: null });
   checkDetailsPane(win, ["invalid"]);
   await BrowserTestUtils.closeWindow(win);
 });
 
 add_task(async function testLongOID() {
   // This certificate has a certificatePolicies extension with a policy with a
   // very long OID. This tests that we don't crash when looking at it.
   let cert = await readCertificate("longOID.pem", ",,");
@@ -157,39 +182,51 @@ add_task(async function testLongOID() {
  *
  * @param {nsIX509Cert} certificate
  *        The certificate to view and determine usages for.
  * @return {Promise}
  *         A promise that will resolve with a handle on the opened certificate
  *         viewer window when the usages have been determined.
  */
 function displayCertificate(certificate) {
-  let win = window.openDialog("chrome://pippki/content/certViewer.xul", "",
-                              "", certificate);
-  return TestUtils.topicObserved("ViewCertDetails:CertUsagesDone",
-                                 (subject, data) => subject == win)
-  .then(([subject, data]) => subject, error => { throw error; });
+  let win = window.openDialog(
+    "chrome://pippki/content/certViewer.xul",
+    "",
+    "",
+    certificate
+  );
+  return TestUtils.topicObserved(
+    "ViewCertDetails:CertUsagesDone",
+    (subject, data) => subject == win
+  ).then(
+    ([subject, data]) => subject,
+    error => {
+      throw error;
+    }
+  );
 }
 
 /**
  * Given a certificate viewer window, finds the usages the certificate is valid
  * for.
  *
  * @param {window} win
  *        The certificate viewer window.
  * @return {Object[]}
  *         An array of objects including the L10n Ids of strings describing
  *         the usages the certificate is valid for.
  */
 function getUsages(win) {
   let determinedUsages = [];
   let verifyInfoBox = win.document.getElementById("verify_info_box");
   Array.from(verifyInfoBox.children).forEach(child => {
-    if (child.getAttribute("hidden") != "true" &&
-        child.getAttribute("id") != "verified") {
+    if (
+      child.getAttribute("hidden") != "true" &&
+      child.getAttribute("id") != "verified"
+    ) {
       determinedUsages.push(win.document.l10n.getAttributes(child));
     }
   });
   return determinedUsages.sort(compareL10Ids);
 }
 
 /**
  * Given a certificate viewer window, returns the error string describing a
@@ -214,64 +251,84 @@ function getError(win) {
  * certificate has validated for those usages.
  *
  * @param {window} win
  *        The certificate viewer window.
  * @param {Object[]} usagesL10nIds
  *        An array of object with l10n ids of expected usage descriptions.
  */
 function checkUsages(win, usagesL10nIds) {
-  Assert.deepEqual(getError(win),
-               { id: "cert-verified", args: null },
-               "should have successful verification message");
+  Assert.deepEqual(
+    getError(win),
+    { id: "cert-verified", args: null },
+    "should have successful verification message"
+  );
   let determinedUsages = getUsages(win);
   usagesL10nIds.sort(compareL10Ids);
-  Assert.deepEqual(determinedUsages.length, usagesL10nIds.length,
-               "number of usages as determined by cert viewer should be equal");
+  Assert.deepEqual(
+    determinedUsages.length,
+    usagesL10nIds.length,
+    "number of usages as determined by cert viewer should be equal"
+  );
   while (usagesL10nIds.length > 0) {
-    Assert.deepEqual(determinedUsages.pop(), usagesL10nIds.pop(),
-                 "usages as determined by cert viewer should be equal");
+    Assert.deepEqual(
+      determinedUsages.pop(),
+      usagesL10nIds.pop(),
+      "usages as determined by cert viewer should be equal"
+    );
   }
 }
 
 /**
  * Given a certificate viewer window and l10n id of an expected error, verifies that the
  * window is actually showing that error.
  *
  * @param {window} win
  *        The certificate viewer window.
  * @param {Object} errorL10nId
  *        The object with l10n id of expected error message.
  */
 function checkError(win, errorL10nId) {
   let determinedUsages = getUsages(win);
-  Assert.equal(determinedUsages.length, 0,
-               "should not have any successful usages in error case");
-  Assert.deepEqual(getError(win), errorL10nId,
-               "determined error should be the same as expected error");
+  Assert.equal(
+    determinedUsages.length,
+    0,
+    "should not have any successful usages in error case"
+  );
+  Assert.deepEqual(
+    getError(win),
+    errorL10nId,
+    "determined error should be the same as expected error"
+  );
 }
 
 /**
  * Given a certificate viewer window and an expected list of certificate names,
  * verifies that the certificate details pane of the viewer shows the expected
  * certificates in the expected order.
  *
  * @param {window} win
  *        The certificate viewer window.
  * @param {String[]} names
  *        An array of expected certificate names.
  */
 function checkDetailsPane(win, names) {
   let tree = win.document.getElementById("treesetDump");
   let nodes = tree.querySelectorAll("treecell");
-  Assert.equal(nodes.length, names.length,
-               "details pane: should have the expected number of cert names");
+  Assert.equal(
+    nodes.length,
+    names.length,
+    "details pane: should have the expected number of cert names"
+  );
   for (let i = 0; i < names.length; i++) {
-    Assert.equal(nodes[i].getAttribute("label"), names[i],
-                 "details pain: should have expected cert name");
+    Assert.equal(
+      nodes[i].getAttribute("label"),
+      names[i],
+      "details pain: should have expected cert name"
+    );
   }
 }
 
 /**
  * Given two objects with l10n id, compare them by l10n id for sorting.
  *
  * @param {Objects} ida,idb
  *        The objects with l10n id.
@@ -282,9 +339,8 @@ function checkDetailsPane(win, names) {
 function compareL10Ids(ida, idb) {
   if (ida.id < idb.id) {
     return -1;
   } else if (ida.id > idb.id) {
     return 1;
   }
   return 0;
 }
-
--- a/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
@@ -20,13 +20,16 @@ function onUnload() {
 // This test opens and then closes the certificate manager to test that it
 // does not leak. The test harness keeps track of and reports leaks, so
 // there are no actual checks here.
 function test() {
   waitForExplicitFinish();
 
   // This test relies on the test timing out in order to indicate failure so
   // let's add a dummy pass.
-  ok(true, "Each test requires at least one pass, fail or todo so here is a pass.");
+  ok(
+    true,
+    "Each test requires at least one pass, fail or todo so here is a pass."
+  );
 
   gBugWindow = window.openDialog("chrome://pippki/content/certManager.xul");
   gBugWindow.addEventListener("load", onLoad);
 }
--- a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
@@ -2,18 +2,19 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests various scenarios connecting to a server that requires client cert
 // authentication. Also tests that nsIClientAuthDialogs.chooseCertificate
 // is called at the appropriate times and with the correct arguments.
 
-const { MockRegistrar } =
-  ChromeUtils.import("resource://testing-common/MockRegistrar.jsm");
+const { MockRegistrar } = ChromeUtils.import(
+  "resource://testing-common/MockRegistrar.jsm"
+);
 
 const DialogState = {
   // Assert that chooseCertificate() is never called.
   ASSERT_NOT_CALLED: "ASSERT_NOT_CALLED",
   // Return that the user selected the first given cert.
   RETURN_CERT_SELECTED: "RETURN_CERT_SELECTED",
   // Return that the user canceled.
   RETURN_CERT_NOT_SELECTED: "RETURN_CERT_NOT_SELECTED",
@@ -48,59 +49,85 @@ const gClientAuthDialogs = {
   get chooseCertificateCalled() {
     return this._chooseCertificateCalled;
   },
 
   set chooseCertificateCalled(value) {
     this._chooseCertificateCalled = value;
   },
 
-  chooseCertificate(ctx, hostname, port, organization, issuerOrg, certList,
-                    selectedIndex) {
+  chooseCertificate(
+    ctx,
+    hostname,
+    port,
+    organization,
+    issuerOrg,
+    certList,
+    selectedIndex
+  ) {
     this.chooseCertificateCalled = true;
-    Assert.notEqual(this.state, DialogState.ASSERT_NOT_CALLED,
-                    "chooseCertificate() should be called only when expected");
+    Assert.notEqual(
+      this.state,
+      DialogState.ASSERT_NOT_CALLED,
+      "chooseCertificate() should be called only when expected"
+    );
 
     let caud = ctx.QueryInterface(Ci.nsIClientAuthUserDecision);
-    Assert.notEqual(caud, null,
-                    "nsIClientAuthUserDecision should be queryable from the " +
-                    "given context");
+    Assert.notEqual(
+      caud,
+      null,
+      "nsIClientAuthUserDecision should be queryable from the " +
+        "given context"
+    );
     caud.rememberClientAuthCertificate = this.rememberClientAuthCertificate;
 
-    Assert.equal(hostname, "requireclientcert.example.com",
-                 "Hostname should be 'requireclientcert.example.com'");
+    Assert.equal(
+      hostname,
+      "requireclientcert.example.com",
+      "Hostname should be 'requireclientcert.example.com'"
+    );
     Assert.equal(port, 443, "Port should be 443");
-    Assert.equal(organization, "",
-                 "Server cert Organization should be empty/not present");
-    Assert.equal(issuerOrg, "Mozilla Testing",
-                 "Server cert issuer Organization should be 'Mozilla Testing'");
+    Assert.equal(
+      organization,
+      "",
+      "Server cert Organization should be empty/not present"
+    );
+    Assert.equal(
+      issuerOrg,
+      "Mozilla Testing",
+      "Server cert issuer Organization should be 'Mozilla Testing'"
+    );
 
     // For mochitests, only the cert at build/pgo/certs/mochitest.client should
     // be selectable, so we do some brief checks to confirm this.
     Assert.notEqual(certList, null, "Cert list should not be null");
     Assert.equal(certList.length, 1, "Only 1 certificate should be available");
     let cert = certList.queryElementAt(0, Ci.nsIX509Cert);
     Assert.notEqual(cert, null, "Cert list should contain an nsIX509Cert");
-    Assert.equal(cert.commonName, "Mochitest client",
-                 "Cert CN should be 'Mochitest client'");
+    Assert.equal(
+      cert.commonName,
+      "Mochitest client",
+      "Cert CN should be 'Mochitest client'"
+    );
 
     if (this.state == DialogState.RETURN_CERT_SELECTED) {
       selectedIndex.value = 0;
       return true;
     }
     return false;
   },
 
   QueryInterface: ChromeUtils.generateQI([Ci.nsIClientAuthDialogs]),
 };
 
 add_task(async function setup() {
-  let clientAuthDialogsCID =
-    MockRegistrar.register("@mozilla.org/nsClientAuthDialogs;1",
-                           gClientAuthDialogs);
+  let clientAuthDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsClientAuthDialogs;1",
+    gClientAuthDialogs
+  );
   registerCleanupFunction(() => {
     MockRegistrar.unregister(clientAuthDialogsCID);
   });
 });
 
 /**
  * Test helper for the tests below.
  *
@@ -110,49 +137,56 @@ add_task(async function setup() {
  *        If the connection is expected to load successfully, the URL that
  *        should load. If the connection is expected to fail and result in an
  *        error page, |undefined|.
  * @param {Object} options
  *        Optional options object to pass on to the window that gets opened.
  */
 async function testHelper(prefValue, expectedURL, options = undefined) {
   gClientAuthDialogs.chooseCertificateCalled = false;
-  await SpecialPowers.pushPrefEnv({"set": [
-    ["security.default_personal_cert", prefValue],
-  ]});
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.default_personal_cert", prefValue]],
+  });
 
   let win = await BrowserTestUtils.openNewBrowserWindow(options);
 
-  await BrowserTestUtils.loadURI(win.gBrowser.selectedBrowser,
-                                 "https://requireclientcert.example.com:443");
+  await BrowserTestUtils.loadURI(
+    win.gBrowser.selectedBrowser,
+    "https://requireclientcert.example.com:443"
+  );
 
   // |loadedURL| will be a string URL if browserLoaded() wins the race, or
   // |undefined| if waitForErrorPage() wins the race.
   let loadedURL = await Promise.race([
     BrowserTestUtils.browserLoaded(win.gBrowser.selectedBrowser),
     BrowserTestUtils.waitForErrorPage(win.gBrowser.selectedBrowser),
   ]);
   Assert.equal(expectedURL, loadedURL, "Expected and actual URLs should match");
-  Assert.equal(gClientAuthDialogs.chooseCertificateCalled,
-               prefValue == "Ask Every Time",
-               "chooseCertificate should have been called if we were expecting it to be called");
+  Assert.equal(
+    gClientAuthDialogs.chooseCertificateCalled,
+    prefValue == "Ask Every Time",
+    "chooseCertificate should have been called if we were expecting it to be called"
+  );
 
   await win.close();
 
   // This clears the TLS session cache so we don't use a previously-established
   // ticket to connect and bypass selecting a client auth certificate in
   // subsequent tests.
   sdr.logout();
 }
 
 // Test that if a certificate is chosen automatically the connection succeeds,
 // and that nsIClientAuthDialogs.chooseCertificate() is never called.
 add_task(async function testCertChosenAutomatically() {
   gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED;
-  await testHelper("Select Automatically", "https://requireclientcert.example.com/");
+  await testHelper(
+    "Select Automatically",
+    "https://requireclientcert.example.com/"
+  );
   // This clears all saved client auth certificate state so we don't influence
   // subsequent tests.
   sdr.logoutAndTeardown();
 });
 
 // Test that if the user doesn't choose a certificate, the connection fails and
 // an error page is displayed.
 add_task(async function testCertNotChosenByUser() {
@@ -174,17 +208,21 @@ add_task(async function testCertChosenBy
 // window, and visits that site again, they are re-asked for a certificate (i.e.
 // any state from the previous private session should be gone). Similarly, after
 // closing that private window, if the user opens a non-private window, they
 // again should be asked to choose a certificate (i.e. private state should not
 // be remembered/used in non-private contexts).
 add_task(async function testClearPrivateBrowsingState() {
   gClientAuthDialogs.rememberClientAuthCertificate = true;
   gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
-  await testHelper("Ask Every Time", "https://requireclientcert.example.com/", {private: true});
-  await testHelper("Ask Every Time", "https://requireclientcert.example.com/", {private: true});
+  await testHelper("Ask Every Time", "https://requireclientcert.example.com/", {
+    private: true,
+  });
+  await testHelper("Ask Every Time", "https://requireclientcert.example.com/", {
+    private: true,
+  });
   await testHelper("Ask Every Time", "https://requireclientcert.example.com/");
   // NB: we don't `sdr.logoutAndTeardown()` in between the two calls to
   // `testHelper` because that would clear all client auth certificate state and
   // obscure what we're testing (that Firefox properly clears the relevant state
   // when the last private window closes).
   sdr.logoutAndTeardown();
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
@@ -6,18 +6,19 @@
 // Tests that the client authentication certificate chooser correctly displays
 // provided information and correctly returns user input.
 
 const TEST_HOSTNAME = "Test Hostname";
 const TEST_ORG = "Test Org";
 const TEST_ISSUER_ORG = "Test Issuer Org";
 const TEST_PORT = 123;
 
-var certDB = Cc["@mozilla.org/security/x509certdb;1"]
-               .getService(Ci.nsIX509CertDB);
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 /**
  * Test certificate (i.e. build/pgo/certs/mochitest.client).
  * @type nsIX509Cert
  */
 var cert;
 
 /**
  * Opens the client auth cert chooser dialog.
@@ -28,58 +29,111 @@ var cert;
  *          an array consisting of:
  *            1. The window of the opened dialog.
  *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
  */
 function openClientAuthDialog(cert) {
   let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
   certList.appendElement(cert);
 
-  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
-                     .createInstance(Ci.nsIWritablePropertyBag2);
-  let win = window.openDialog("chrome://pippki/content/clientauthask.xul", "",
-                              "", TEST_HOSTNAME, TEST_ORG, TEST_ISSUER_ORG,
-                              TEST_PORT, certList, returnVals);
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/clientauthask.xul",
+    "",
+    "",
+    TEST_HOSTNAME,
+    TEST_ORG,
+    TEST_ISSUER_ORG,
+    TEST_PORT,
+    certList,
+    returnVals
+  );
   return new Promise((resolve, reject) => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve([win, returnVals]));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve([win, returnVals]));
+      },
+      { once: true }
+    );
   });
 }
 
 /**
  * Checks that the contents of the given cert chooser dialog match the details
  * of build/pgo/certs/mochitest.client.
  *
  * @param {window} win The cert chooser window.
  * @param {String} notBefore
  *        The notBeforeLocalTime attribute of mochitest.client.
  * @param {String} notAfter
  *        The notAfterLocalTime attribute of mochitest.client.
  */
 function checkDialogContents(win, notBefore, notAfter) {
-  is(win.document.getElementById("hostname").textContent, `${TEST_HOSTNAME}:${TEST_PORT}`,
-     "Actual and expected hostname and port should be equal");
-  is(win.document.getElementById("organization").textContent, `Organization: “${TEST_ORG}”`,
-     "Actual and expected organization should be equal");
-  is(win.document.getElementById("issuer").textContent, `Issued Under: “${TEST_ISSUER_ORG}”`,
-     "Actual and expected issuer organization should be equal");
+  is(
+    win.document.getElementById("hostname").textContent,
+    `${TEST_HOSTNAME}:${TEST_PORT}`,
+    "Actual and expected hostname and port should be equal"
+  );
+  is(
+    win.document.getElementById("organization").textContent,
+    `Organization: “${TEST_ORG}”`,
+    "Actual and expected organization should be equal"
+  );
+  is(
+    win.document.getElementById("issuer").textContent,
+    `Issued Under: “${TEST_ISSUER_ORG}”`,
+    "Actual and expected issuer organization should be equal"
+  );
+
+  is(
+    win.document.getElementById("nicknames").label,
+    "Mochitest client [03]",
+    "Actual and expected selected cert nickname and serial should be equal"
+  );
+  is(
+    win.document.getElementById("nicknames").itemCount,
+    1,
+    "correct number of items"
+  );
 
-  is(win.document.getElementById("nicknames").label, "Mochitest client [03]",
-     "Actual and expected selected cert nickname and serial should be equal");
-  is(win.document.getElementById("nicknames").itemCount, 1, "correct number of items");
-
-  let [subject, serialNum, validity, issuer, tokenName] =
-    win.document.getElementById("details").value.split("\n");
-  is(subject, "Issued to: CN=Mochitest client", "Actual and expected subject should be equal");
-  is(serialNum, "Serial number: 03", "Actual and expected serial number should be equal");
-  is(validity, `Valid from ${notBefore} to ${notAfter}`, "Actual and expected validity should be equal");
-  is(issuer, "Issued by: OU=Profile Guided Optimization,O=Mozilla Testing,CN=Temporary Certificate Authority",
-     "Actual and expected issuer should be equal");
-  is(tokenName, "Stored on: Software Security Device", "Actual and expected token name should be equal");
+  let [
+    subject,
+    serialNum,
+    validity,
+    issuer,
+    tokenName,
+  ] = win.document.getElementById("details").value.split("\n");
+  is(
+    subject,
+    "Issued to: CN=Mochitest client",
+    "Actual and expected subject should be equal"
+  );
+  is(
+    serialNum,
+    "Serial number: 03",
+    "Actual and expected serial number should be equal"
+  );
+  is(
+    validity,
+    `Valid from ${notBefore} to ${notAfter}`,
+    "Actual and expected validity should be equal"
+  );
+  is(
+    issuer,
+    "Issued by: OU=Profile Guided Optimization,O=Mozilla Testing,CN=Temporary Certificate Authority",
+    "Actual and expected issuer should be equal"
+  );
+  is(
+    tokenName,
+    "Stored on: Software Security Device",
+    "Actual and expected token name should be equal"
+  );
 }
 
 function findCertByCommonName(commonName) {
   for (let cert of certDB.getCerts().getEnumerator()) {
     if (cert.commonName == commonName) {
       return cert;
     }
   }
@@ -90,40 +144,56 @@ add_task(async function setup() {
   cert = findCertByCommonName("Mochitest client");
   isnot(cert, null, "Should be able to find the test client cert");
 });
 
 // Test that the contents of the dialog correspond to the details of the
 // provided cert.
 add_task(async function testContents() {
   let [win] = await openClientAuthDialog(cert);
-  checkDialogContents(win, cert.validity.notBeforeLocalTime,
-                      cert.validity.notAfterLocalTime);
+  checkDialogContents(
+    win,
+    cert.validity.notBeforeLocalTime,
+    cert.validity.notAfterLocalTime
+  );
   await BrowserTestUtils.closeWindow(win);
 });
 
 // Test that the right values are returned when the dialog is accepted.
 add_task(async function testAcceptDialogReturnValues() {
   let [win, retVals] = await openClientAuthDialog(cert);
   win.document.getElementById("rememberBox").checked = true;
   info("Accepting dialog");
   win.document.getElementById("certAuthAsk").acceptDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  ok(retVals.get("certChosen"), "Return value should signal user chose a certificate");
-  is(retVals.get("selectedIndex"), 0, "0 should be returned as the selected index");
-  ok(retVals.get("rememberSelection"),
-     "Return value should signal 'Remember this decision' checkbox was checked");
+  ok(
+    retVals.get("certChosen"),
+    "Return value should signal user chose a certificate"
+  );
+  is(
+    retVals.get("selectedIndex"),
+    0,
+    "0 should be returned as the selected index"
+  );
+  ok(
+    retVals.get("rememberSelection"),
+    "Return value should signal 'Remember this decision' checkbox was checked"
+  );
 });
 
 // Test that the right values are returned when the dialog is canceled.
 add_task(async function testCancelDialogReturnValues() {
   let [win, retVals] = await openClientAuthDialog(cert);
   win.document.getElementById("rememberBox").checked = false;
   info("Canceling dialog");
   win.document.getElementById("certAuthAsk").cancelDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  ok(!retVals.get("certChosen"),
-     "Return value should signal user did not choose a certificate");
-  ok(!retVals.get("rememberSelection"),
-     "Return value should signal 'Remember this decision' checkbox was unchecked");
+  ok(
+    !retVals.get("certChosen"),
+    "Return value should signal user did not choose a certificate"
+  );
+  ok(
+    !retVals.get("rememberSelection"),
+    "Return value should signal 'Remember this decision' checkbox was unchecked"
+  );
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
@@ -30,34 +30,46 @@ const FAKE_HOST_PORT = "Fake host and po
  *           The serial number we expect the UI to display if it exists.
  */
 
 /**
  * A list of test cases representing certs that get "deleted".
  * @type TestCase[]
  */
 const TEST_CASES = [
-  { certFilename: null,
+  {
+    certFilename: null,
     expectedDisplayString: FAKE_HOST_PORT,
-    expectedSerialNumber: null},
-  { certFilename: "has-cn.pem",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-cn.pem",
     expectedDisplayString: "Foo",
-    expectedSerialNumber: null},
-  { certFilename: "has-ou.pem",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-ou.pem",
     expectedDisplayString: "Bar",
-    expectedSerialNumber: null},
-  { certFilename: "has-o.pem",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-o.pem",
     expectedDisplayString: "Baz",
-    expectedSerialNumber: null},
-  { certFilename: "has-non-empty-subject.pem",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-non-empty-subject.pem",
     expectedDisplayString: "C=US",
-    expectedSerialNumber: null},
-  { certFilename: "has-empty-subject.pem",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-empty-subject.pem",
     expectedDisplayString: "Certificate with serial number: 0A",
-    expectedSerialNumber: "0A"},
+    expectedSerialNumber: "0A",
+  },
 ];
 
 /**
  * Opens the cert delete confirmation dialog.
  *
  * @param {String} tabID
  *        The ID of the cert category tab the certs to delete belong to.
  * @returns {Promise}
@@ -65,22 +77,32 @@ const TEST_CASES = [
  *          an array consisting of:
  *            1. The window of the opened dialog.
  *            2. The return value object passed to the dialog.
  */
 function openDeleteCertConfirmDialog(tabID) {
   let retVals = {
     deleteConfirmed: false,
   };
-  let win = window.openDialog("chrome://pippki/content/deletecert.xul", "", "",
-                              tabID, gCertArray, retVals);
+  let win = window.openDialog(
+    "chrome://pippki/content/deletecert.xul",
+    "",
+    "",
+    tabID,
+    gCertArray,
+    retVals
+  );
   return new Promise((resolve, reject) => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve([win, retVals]));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve([win, retVals]));
+      },
+      { once: true }
+    );
   });
 }
 
 add_task(async function setup() {
   for (let testCase of TEST_CASES) {
     let cert = null;
     if (testCase.certFilename) {
       cert = await readCertificate(testCase.certFilename, ",,");
@@ -101,102 +123,148 @@ add_task(async function setup() {
  *        ID of the cert category tab the certs to delete belong to.
  * @param {String} expectedTitleL10nId
  *        The L10nId of title the dialog is expected to have.
  * @param {String} expectedConfirmL10nId
  *        The l10n id of confirmation message the dialog expected to show.
  * @param {String} expectedImpactL10nId
  *        The l10n id of impact the dialog expected to show.
  */
-async function testHelper(tabID, expectedTitleL10nId, expectedConfirmL10nId, expectedImpactL10nId) {
+async function testHelper(
+  tabID,
+  expectedTitleL10nId,
+  expectedConfirmL10nId,
+  expectedImpactL10nId
+) {
   let [win] = await openDeleteCertConfirmDialog(tabID);
   let certList = win.document.getElementById("certlist");
 
-  Assert.deepEqual(win.document.l10n.getAttributes(win.document.documentElement), expectedTitleL10nId,
-               `Actual and expected titles should match for ${tabID}`);
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(win.document.documentElement),
+    expectedTitleL10nId,
+    `Actual and expected titles should match for ${tabID}`
+  );
   let confirm = win.document.getElementById("confirm");
-  Assert.deepEqual(win.document.l10n.getAttributes(confirm),
-               expectedConfirmL10nId,
-               `Actual and expected confirm message should match for ${tabID}`);
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(confirm),
+    expectedConfirmL10nId,
+    `Actual and expected confirm message should match for ${tabID}`
+  );
   let impact = win.document.getElementById("impact");
-  Assert.deepEqual(win.document.l10n.getAttributes(impact),
-               expectedImpactL10nId,
-               `Actual and expected impact should match for ${tabID}`);
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(impact),
+    expectedImpactL10nId,
+    `Actual and expected impact should match for ${tabID}`
+  );
 
-  Assert.equal(certList.itemCount, TEST_CASES.length,
-               `No. of certs displayed should match for ${tabID}`);
+  Assert.equal(
+    certList.itemCount,
+    TEST_CASES.length,
+    `No. of certs displayed should match for ${tabID}`
+  );
   for (let i = 0; i < certList.itemCount; i++) {
     let item = certList.getItemAtIndex(i);
     if (TEST_CASES[i].expectedSerialNumber == null) {
-      Assert.equal(item.label,
-                 TEST_CASES[i].expectedDisplayString,
-                 "Actual and expected display string should match for " +
-                 `index ${i} for ${tabID}`);
+      Assert.equal(
+        item.label,
+        TEST_CASES[i].expectedDisplayString,
+        "Actual and expected display string should match for " +
+          `index ${i} for ${tabID}`
+      );
     } else {
-    Assert.deepEqual(win.document.l10n.getAttributes(item.children[0]),
-                 {id: "cert-with-serial", args: { serialNumber: TEST_CASES[i].expectedSerialNumber }},
-                 "Actual and expected display string should match for " +
-                 `index ${i} for ${tabID}`);
+      Assert.deepEqual(
+        win.document.l10n.getAttributes(item.children[0]),
+        {
+          id: "cert-with-serial",
+          args: { serialNumber: TEST_CASES[i].expectedSerialNumber },
+        },
+        "Actual and expected display string should match for " +
+          `index ${i} for ${tabID}`
+      );
     }
   }
 
   await BrowserTestUtils.closeWindow(win);
 }
 
 // Test deleting certs from the "Your Certificates" tab.
 add_task(async function testDeletePersonalCerts() {
-  const expectedTitleL10nId = {id: "delete-user-cert-title", args: null};
-  const expectedConfirmL10nId = {id: "delete-user-cert-confirm", args: null};
-  const expectedImpactL10nId = {id: "delete-user-cert-impact", args: null};
-  await testHelper("mine_tab", expectedTitleL10nId, expectedConfirmL10nId,
-                    expectedImpactL10nId);
+  const expectedTitleL10nId = { id: "delete-user-cert-title", args: null };
+  const expectedConfirmL10nId = { id: "delete-user-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-user-cert-impact", args: null };
+  await testHelper(
+    "mine_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
 });
 
 // Test deleting certs from the "People" tab.
 add_task(async function testDeleteOtherPeopleCerts() {
-  const expectedTitleL10nId = {id: "delete-email-cert-title", args: null};
+  const expectedTitleL10nId = { id: "delete-email-cert-title", args: null };
   // ’ doesn't seem to work when embedded in the following literals, which is
   // why escape codes are used instead.
-  const expectedConfirmL10nId = {id: "delete-email-cert-confirm", args: null};
-  const expectedImpactL10nId = {id: "delete-email-cert-impact", args: null};
-  await testHelper("others_tab", expectedTitleL10nId, expectedConfirmL10nId,
-                    expectedImpactL10nId);
+  const expectedConfirmL10nId = { id: "delete-email-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-email-cert-impact", args: null };
+  await testHelper(
+    "others_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
 });
 
 // Test deleting certs from the "Servers" tab.
 add_task(async function testDeleteServerCerts() {
-  const expectedTitleL10nId = {id: "delete-ssl-cert-title", args: null};
-  const expectedConfirmL10nId = {id: "delete-ssl-cert-confirm", args: null};
-  const expectedImpactL10nId = {id: "delete-ssl-cert-impact", args: null};
-  await testHelper("websites_tab", expectedTitleL10nId, expectedConfirmL10nId,
-                    expectedImpactL10nId);
+  const expectedTitleL10nId = { id: "delete-ssl-cert-title", args: null };
+  const expectedConfirmL10nId = { id: "delete-ssl-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-ssl-cert-impact", args: null };
+  await testHelper(
+    "websites_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
 });
 
 // Test deleting certs from the "Authorities" tab.
 add_task(async function testDeleteCACerts() {
-  const expectedTitleL10nId = {id: "delete-ca-cert-title", args: null};
-  const expectedConfirmL10nId = {id: "delete-ca-cert-confirm", args: null};
-  const expectedImpactL10nId = {id: "delete-ca-cert-impact", args: null};
-  await testHelper("ca_tab", expectedTitleL10nId, expectedConfirmL10nId,
-                    expectedImpactL10nId);
+  const expectedTitleL10nId = { id: "delete-ca-cert-title", args: null };
+  const expectedConfirmL10nId = { id: "delete-ca-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-ca-cert-impact", args: null };
+  await testHelper(
+    "ca_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
 });
 
 // Test that the right values are returned when the dialog is accepted.
 add_task(async function testAcceptDialogReturnValues() {
-  let [win, retVals] = await openDeleteCertConfirmDialog("ca_tab" /* arbitrary */);
+  let [win, retVals] = await openDeleteCertConfirmDialog(
+    "ca_tab" /* arbitrary */
+  );
   info("Accepting dialog");
   win.document.getElementById("deleteCertificate").acceptDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(retVals.deleteConfirmed,
-            "Return value should signal user accepted");
+  Assert.ok(
+    retVals.deleteConfirmed,
+    "Return value should signal user accepted"
+  );
 });
 
 // Test that the right values are returned when the dialog is canceled.
 add_task(async function testCancelDialogReturnValues() {
-  let [win, retVals] = await openDeleteCertConfirmDialog("ca_tab" /* arbitrary */);
+  let [win, retVals] = await openDeleteCertConfirmDialog(
+    "ca_tab" /* arbitrary */
+  );
   info("Canceling dialog");
   win.document.getElementById("deleteCertificate").cancelDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(!retVals.deleteConfirmed,
-            "Return value should signal user did not accept");
+  Assert.ok(
+    !retVals.deleteConfirmed,
+    "Return value should signal user did not accept"
+  );
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
@@ -1,17 +1,18 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests that the cert download/import UI correctly identifies the cert being
 // downloaded, and allows the trust of the cert to be specified.
 
-const { MockRegistrar } =
-  ChromeUtils.import("resource://testing-common/MockRegistrar.jsm");
+const { MockRegistrar } = ChromeUtils.import(
+  "resource://testing-common/MockRegistrar.jsm"
+);
 
 /**
  * @typedef {TestCase}
  * @type Object
  * @property {String} certFilename
  *           Filename of the cert for this test case.
  * @property {String} expectedDisplayString
  *           The string we expect the UI to display to represent the given cert.
@@ -19,91 +20,114 @@ const { MockRegistrar } =
  *           Handle to the cert once read in setup().
  */
 
 /**
  * A list of test cases representing certs that get "downloaded".
  * @type TestCase[]
  */
 const TEST_CASES = [
-  { certFilename: "has-cn.pem",
-    expectedDisplayString: "Foo",
-    cert: null },
-  { certFilename: "has-empty-subject.pem",
+  { certFilename: "has-cn.pem", expectedDisplayString: "Foo", cert: null },
+  {
+    certFilename: "has-empty-subject.pem",
     expectedDisplayString: "Certificate Authority (unnamed)",
-    cert: null },
+    cert: null,
+  },
 ];
 
 /**
  * Opens the cert download dialog.
  *
  * @param {nsIX509Cert} cert
  *        The cert to pass to the dialog for display.
  * @returns {Promise}
  *          A promise that resolves when the dialog has finished loading, with
  *          an array consisting of:
  *            1. The window of the opened dialog.
  *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
  */
 function openCertDownloadDialog(cert) {
-  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
-                     .createInstance(Ci.nsIWritablePropertyBag2);
-  let win = window.openDialog("chrome://pippki/content/downloadcert.xul", "",
-                              "", cert, returnVals);
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/downloadcert.xul",
+    "",
+    "",
+    cert,
+    returnVals
+  );
   return new Promise((resolve, reject) => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve([win, returnVals]));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve([win, returnVals]));
+      },
+      { once: true }
+    );
   });
 }
 
 add_task(async function setup() {
   for (let testCase of TEST_CASES) {
     testCase.cert = await readCertificate(testCase.certFilename, ",,");
-    Assert.notEqual(testCase.cert, null,
-                    `'${testCase.certFilename}' should have been read`);
+    Assert.notEqual(
+      testCase.cert,
+      null,
+      `'${testCase.certFilename}' should have been read`
+    );
   }
 });
 
 // Test that the trust header message corresponds to the provided cert, and that
 // the View Cert button launches the cert viewer for the provided cert.
 add_task(async function testTrustHeaderAndViewCertButton() {
   for (let testCase of TEST_CASES) {
     let [win] = await openCertDownloadDialog(testCase.cert);
     let expectedTrustHeaderString =
       `Do you want to trust \u201C${testCase.expectedDisplayString}\u201D ` +
       "for the following purposes?";
-    Assert.equal(win.document.getElementById("trustHeader").textContent,
-                 expectedTrustHeaderString,
-                 "Actual and expected trust header text should match for " +
-                 `${testCase.certFilename}`);
+    Assert.equal(
+      win.document.getElementById("trustHeader").textContent,
+      expectedTrustHeaderString,
+      "Actual and expected trust header text should match for " +
+        `${testCase.certFilename}`
+    );
 
     await BrowserTestUtils.closeWindow(win);
   }
 });
 
 // Test that the right values are returned when the dialog is accepted.
 add_task(async function testAcceptDialogReturnValues() {
   let [win, retVals] = await openCertDownloadDialog(TEST_CASES[0].cert);
   win.document.getElementById("trustSSL").checked = true;
   win.document.getElementById("trustEmail").checked = false;
   info("Accepting dialog");
   win.document.getElementById("download_cert").acceptDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(retVals.get("importConfirmed"),
-            "Return value should signal user chose to import the cert");
-  Assert.ok(retVals.get("trustForSSL"),
-            "Return value should signal SSL trust checkbox was checked");
-  Assert.ok(!retVals.get("trustForEmail"),
-            "Return value should signal E-mail trust checkbox was unchecked");
+  Assert.ok(
+    retVals.get("importConfirmed"),
+    "Return value should signal user chose to import the cert"
+  );
+  Assert.ok(
+    retVals.get("trustForSSL"),
+    "Return value should signal SSL trust checkbox was checked"
+  );
+  Assert.ok(
+    !retVals.get("trustForEmail"),
+    "Return value should signal E-mail trust checkbox was unchecked"
+  );
 });
 
 // Test that the right values are returned when the dialog is canceled.
 add_task(async function testCancelDialogReturnValues() {
   let [win, retVals] = await openCertDownloadDialog(TEST_CASES[0].cert);
   info("Canceling dialog");
   win.document.getElementById("download_cert").cancelDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(!retVals.get("importConfirmed"),
-            "Return value should signal user chose not to import the cert");
+  Assert.ok(
+    !retVals.get("importConfirmed"),
+    "Return value should signal user chose not to import the cert"
+  );
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
@@ -1,102 +1,140 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests that the UI for editing the trust of a CA certificate correctly
 // reflects trust in the cert DB, and correctly updates trust in the cert DB
 // when requested.
 
-var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                .getService(Ci.nsIX509CertDB);
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 /**
  * The cert we're editing the trust of.
  * @type nsIX509Cert
  */
 var gCert;
 
 /**
  * Opens the cert trust editing dialog.
  *
  * @returns {Promise}
  *          A promise that resolves when the dialog has finished loading with
  *          the window of the opened dialog.
  */
 function openEditCertTrustDialog() {
-  let win = window.openDialog("chrome://pippki/content/editcacert.xul", "", "",
-                              gCert);
+  let win = window.openDialog(
+    "chrome://pippki/content/editcacert.xul",
+    "",
+    "",
+    gCert
+  );
   return new Promise((resolve, reject) => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve(win));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve(win));
+      },
+      { once: true }
+    );
   });
 }
 
 add_task(async function setup() {
   // Initially trust ca.pem for SSL but not e-mail.
   gCert = await readCertificate("ca.pem", "CT,,");
-  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                  Ci.nsIX509CertDB.TRUSTED_SSL),
-            "Sanity check: ca.pem should be trusted for SSL");
-  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                   Ci.nsIX509CertDB.TRUSTED_EMAIL),
-            "Sanity check: ca.pem should not be trusted for e-mail");
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Sanity check: ca.pem should be trusted for SSL"
+  );
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Sanity check: ca.pem should not be trusted for e-mail"
+  );
 });
 
 // Tests the following:
 // 1. The checkboxes correctly reflect the trust set in setup().
 // 2. Accepting the dialog after flipping some of the checkboxes results in the
 //    correct trust being set in the cert DB.
 add_task(async function testAcceptDialog() {
   let win = await openEditCertTrustDialog();
 
   let sslCheckbox = win.document.getElementById("trustSSL");
   let emailCheckbox = win.document.getElementById("trustEmail");
-  Assert.ok(sslCheckbox.checked,
-            "Cert should be trusted for SSL in UI");
-  Assert.ok(!emailCheckbox.checked,
-            "Cert should not be trusted for e-mail in UI");
+  Assert.ok(sslCheckbox.checked, "Cert should be trusted for SSL in UI");
+  Assert.ok(
+    !emailCheckbox.checked,
+    "Cert should not be trusted for e-mail in UI"
+  );
 
   sslCheckbox.checked = false;
   emailCheckbox.checked = true;
 
   info("Accepting dialog");
   win.document.getElementById("editCaCert").acceptDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                   Ci.nsIX509CertDB.TRUSTED_SSL),
-            "Cert should no longer be trusted for SSL");
-  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
-            "Cert should now be trusted for e-mail");
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Cert should no longer be trusted for SSL"
+  );
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Cert should now be trusted for e-mail"
+  );
 });
 
 // Tests the following:
 // 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
 // 2. Canceling the dialog even after flipping the checkboxes doesn't result in
 //    a change of trust in the cert DB.
 add_task(async function testCancelDialog() {
   let win = await openEditCertTrustDialog();
 
   let sslCheckbox = win.document.getElementById("trustSSL");
   let emailCheckbox = win.document.getElementById("trustEmail");
-  Assert.ok(!sslCheckbox.checked,
-            "Cert should not be trusted for SSL in UI");
-  Assert.ok(emailCheckbox.checked,
-            "Cert should be trusted for e-mail in UI");
+  Assert.ok(!sslCheckbox.checked, "Cert should not be trusted for SSL in UI");
+  Assert.ok(emailCheckbox.checked, "Cert should be trusted for e-mail in UI");
 
   sslCheckbox.checked = true;
   emailCheckbox.checked = false;
 
   info("Canceling dialog");
   win.document.getElementById("editCaCert").cancelDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                  Ci.nsIX509CertDB.TRUSTED_SSL),
-            "Cert should still not be trusted for SSL");
-  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
-                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
-            "Cert should still be trusted for e-mail");
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Cert should still not be trusted for SSL"
+  );
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Cert should still be trusted for e-mail"
+  );
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
@@ -19,74 +19,84 @@
  *           The expected strength of the password in the range [0, 100].
  */
 
 /**
  * A list of test cases representing various inputs to the password textboxes.
  * @type TestCase[]
  */
 const TEST_CASES = [
-  { name: "empty",
-    password1: "",
-    password2: "",
-    strength: "0" },
-  { name: "match-weak",
-    password1: "foo",
-    password2: "foo",
-    strength: "10" },
-  { name: "match-medium",
+  { name: "empty", password1: "", password2: "", strength: "0" },
+  { name: "match-weak", password1: "foo", password2: "foo", strength: "10" },
+  {
+    name: "match-medium",
     password1: "foo123",
     password2: "foo123",
-    strength: "60" },
-  { name: "match-strong",
+    strength: "60",
+  },
+  {
+    name: "match-strong",
     password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
     password2: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
-    strength: "100" },
-  { name: "mismatch-weak",
-    password1: "foo",
-    password2: "bar",
-    strength: "10" },
-  { name: "mismatch-medium",
+    strength: "100",
+  },
+  { name: "mismatch-weak", password1: "foo", password2: "bar", strength: "10" },
+  {
+    name: "mismatch-medium",
     password1: "foo123",
     password2: "bar",
-    strength: "60" },
-  { name: "mismatch-strong",
+    strength: "60",
+  },
+  {
+    name: "mismatch-strong",
     password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
     password2: "bar",
-    strength: "100" },
+    strength: "100",
+  },
 ];
 
 /**
  * Opens the dialog shown to set the password on a PKCS #12 file being exported.
  *
  * @returns {Promise}
  *          A promise that resolves when the dialog has finished loading, with
  *          an array consisting of:
  *            1. The window of the opened dialog.
  *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
  */
 function openSetP12PasswordDialog() {
-  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
-                     .createInstance(Ci.nsIWritablePropertyBag2);
-  let win = window.openDialog("chrome://pippki/content/setp12password.xul", "",
-                              "", returnVals);
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/setp12password.xul",
+    "",
+    "",
+    returnVals
+  );
   return new Promise((resolve, reject) => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve([win, returnVals]));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve([win, returnVals]));
+      },
+      { once: true }
+    );
   });
 }
 
 // Tests that the first password textbox is the element that is initially
 // focused.
 add_task(async function testFocus() {
   let [win] = await openSetP12PasswordDialog();
-  Assert.equal(win.document.activeElement,
-               win.document.getElementById("pw1"),
-               "First password textbox should have focus");
+  Assert.equal(
+    win.document.activeElement,
+    win.document.getElementById("pw1"),
+    "First password textbox should have focus"
+  );
   await BrowserTestUtils.closeWindow(win);
 });
 
 // Tests that the password strength algorithm used is reasonable, and that the
 // Accept button is only enabled if the two passwords match.
 add_task(async function testPasswordStrengthAndEquality() {
   let [win] = await openSetP12PasswordDialog();
   let password1Textbox = win.document.getElementById("pw1");
@@ -96,46 +106,57 @@ add_task(async function testPasswordStre
   for (let testCase of TEST_CASES) {
     password1Textbox.value = testCase.password1;
     password2Textbox.value = testCase.password2;
     // Setting the value of the password textboxes via |.value| apparently
     // doesn't cause the oninput handlers to be called, so we do it here.
     password1Textbox.oninput();
     password2Textbox.oninput();
 
-    Assert.equal(win.document.documentElement.getButton("accept").disabled,
-                 password1Textbox.value != password2Textbox.value,
-                 "Actual and expected accept button disable state should " +
-                 `match for ${testCase.name}`);
-    Assert.equal(strengthProgressBar.value, testCase.strength,
-                 "Actual and expected strength value should match for" +
-                 `${testCase.name}`);
+    Assert.equal(
+      win.document.documentElement.getButton("accept").disabled,
+      password1Textbox.value != password2Textbox.value,
+      "Actual and expected accept button disable state should " +
+        `match for ${testCase.name}`
+    );
+    Assert.equal(
+      strengthProgressBar.value,
+      testCase.strength,
+      "Actual and expected strength value should match for" + `${testCase.name}`
+    );
   }
 
   await BrowserTestUtils.closeWindow(win);
 });
 
 // Test that the right values are returned when the dialog is accepted.
 add_task(async function testAcceptDialogReturnValues() {
   let [win, retVals] = await openSetP12PasswordDialog();
   const password = "fooBAR 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三";
   win.document.getElementById("pw1").value = password;
   win.document.getElementById("pw2").value = password;
   info("Accepting dialog");
   win.document.getElementById("setp12password").acceptDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(retVals.get("confirmedPassword"),
-            "Return value should signal user confirmed a password");
-  Assert.equal(retVals.get("password"), password,
-               "Actual and expected password should match");
+  Assert.ok(
+    retVals.get("confirmedPassword"),
+    "Return value should signal user confirmed a password"
+  );
+  Assert.equal(
+    retVals.get("password"),
+    password,
+    "Actual and expected password should match"
+  );
 });
 
 // Test that the right values are returned when the dialog is canceled.
 add_task(async function testCancelDialogReturnValues() {
   let [win, retVals] = await openSetP12PasswordDialog();
   info("Canceling dialog");
   win.document.getElementById("setp12password").cancelDialog();
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.ok(!retVals.get("confirmedPassword"),
-            "Return value should signal user didn't confirm a password");
+  Assert.ok(
+    !retVals.get("confirmedPassword"),
+    "Return value should signal user didn't confirm a password"
+  );
 });
--- a/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
@@ -1,33 +1,42 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests the dialog used for loading PKCS #11 modules.
 
-const { MockRegistrar } =
-  ChromeUtils.import("resource://testing-common/MockRegistrar.jsm");
+const { MockRegistrar } = ChromeUtils.import(
+  "resource://testing-common/MockRegistrar.jsm"
+);
 
 const gMockPKCS11ModuleDB = {
   addModuleCallCount: 0,
   expectedLibPath: "",
   expectedModuleName: "",
   throwOnAddModule: false,
 
   addModule(moduleName, libraryFullPath, cryptoMechanismFlags, cipherFlags) {
     this.addModuleCallCount++;
-    Assert.equal(moduleName, this.expectedModuleName,
-                 "addModule: Name given should be what's in the name textbox");
-    Assert.equal(libraryFullPath, this.expectedLibPath,
-                 "addModule: Path given should be what's in the path textbox");
-    Assert.equal(cryptoMechanismFlags, 0,
-                 "addModule: No crypto mechanism flags should be passed");
-    Assert.equal(cipherFlags, 0,
-                 "addModule: No cipher flags should be passed");
+    Assert.equal(
+      moduleName,
+      this.expectedModuleName,
+      "addModule: Name given should be what's in the name textbox"
+    );
+    Assert.equal(
+      libraryFullPath,
+      this.expectedLibPath,
+      "addModule: Path given should be what's in the path textbox"
+    );
+    Assert.equal(
+      cryptoMechanismFlags,
+      0,
+      "addModule: No crypto mechanism flags should be passed"
+    );
+    Assert.equal(cipherFlags, 0, "addModule: No cipher flags should be passed");
 
     if (this.throwOnAddModule) {
       throw new Error(`addModule: Throwing exception`);
     }
   },
 
   deleteModule(moduleName) {
     Assert.ok(false, `deleteModule: should not be called`);
@@ -62,32 +71,40 @@ const gMockPKCS11ModuleDB = {
 
 const gMockPromptService = {
   alertCallCount: 0,
   expectedText: "",
   expectedWindow: null,
 
   alert(parent, dialogTitle, text) {
     this.alertCallCount++;
-    Assert.equal(parent, this.expectedWindow,
-                 "alert: Parent should be expected window");
+    Assert.equal(
+      parent,
+      this.expectedWindow,
+      "alert: Parent should be expected window"
+    );
     Assert.equal(dialogTitle, null, "alert: Title should be null");
-    Assert.equal(text, this.expectedText,
-                 "alert: Actual and expected text should match");
+    Assert.equal(
+      text,
+      this.expectedText,
+      "alert: Actual and expected text should match"
+    );
   },
 
   QueryInterface: ChromeUtils.generateQI([Ci.nsIPromptService]),
 };
 
-var gMockPKCS11CID =
-  MockRegistrar.register("@mozilla.org/security/pkcs11moduledb;1",
-                         gMockPKCS11ModuleDB);
-var gMockPromptServiceCID =
-  MockRegistrar.register("@mozilla.org/embedcomp/prompt-service;1",
-                         gMockPromptService);
+var gMockPKCS11CID = MockRegistrar.register(
+  "@mozilla.org/security/pkcs11moduledb;1",
+  gMockPKCS11ModuleDB
+);
+var gMockPromptServiceCID = MockRegistrar.register(
+  "@mozilla.org/embedcomp/prompt-service;1",
+  gMockPromptService
+);
 
 var gMockFilePicker = SpecialPowers.MockFilePicker;
 gMockFilePicker.init(window);
 
 var gTempFile = Services.dirsvc.get("TmpD", Ci.nsIFile);
 gTempFile.append("browser_loadPKCS11Module_ui-fakeModule");
 
 registerCleanupFunction(() => {
@@ -104,21 +121,29 @@ function resetCallCounts() {
 /**
  * Opens the dialog shown to load a PKCS #11 module.
  *
  * @returns {Promise}
  *          A promise that resolves when the dialog has finished loading, with
  *          the window of the opened dialog.
  */
 function openLoadModuleDialog() {
-  let win = window.openDialog("chrome://pippki/content/load_device.xul", "", "");
+  let win = window.openDialog(
+    "chrome://pippki/content/load_device.xul",
+    "",
+    ""
+  );
   return new Promise(resolve => {
-    win.addEventListener("load", function() {
-      executeSoon(() => resolve(win));
-    }, {once: true});
+    win.addEventListener(
+      "load",
+      function() {
+        executeSoon(() => resolve(win));
+      },
+      { once: true }
+    );
   });
 }
 
 /**
  * Presses the browse button and simulates interacting with the file picker that
  * should be triggered.
  *
  * @param {window} win
@@ -148,23 +173,29 @@ async function browseToTempFile(win, can
 add_task(async function testBrowseButton() {
   let win = await openLoadModuleDialog();
   let pathBox = win.document.getElementById("device_path");
   let originalPathBoxValue = "expected path if picker is canceled";
   pathBox.value = originalPathBoxValue;
 
   // Test what happens if the file picker is canceled.
   await browseToTempFile(win, true);
-  Assert.equal(pathBox.value, originalPathBoxValue,
-               "Path shown should be unchanged due to canceled picker");
+  Assert.equal(
+    pathBox.value,
+    originalPathBoxValue,
+    "Path shown should be unchanged due to canceled picker"
+  );
 
   // Test what happens if the file picker is not canceled.
   await browseToTempFile(win, false);
-  Assert.equal(pathBox.value, gTempFile.path,
-               "Path shown should be same as the one chosen in the file picker");
+  Assert.equal(
+    pathBox.value,
+    gTempFile.path,
+    "Path shown should be same as the one chosen in the file picker"
+  );
 
   await BrowserTestUtils.closeWindow(win);
 });
 
 function testAddModuleHelper(win, throwOnAddModule) {
   resetCallCounts();
   gMockPKCS11ModuleDB.expectedLibPath = gTempFile.path;
   gMockPKCS11ModuleDB.expectedModuleName = "test module";
@@ -180,20 +211,26 @@ function testAddModuleHelper(win, throwO
 }
 
 add_task(async function testAddModuleSuccess() {
   let win = await openLoadModuleDialog();
 
   testAddModuleHelper(win, false);
   await BrowserTestUtils.windowClosed(win);
 
-  Assert.equal(gMockPKCS11ModuleDB.addModuleCallCount, 1,
-               "addModule() should have been called once");
-  Assert.equal(gMockPromptService.alertCallCount, 0,
-               "alert() should never have been called");
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    1,
+    "addModule() should have been called once"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    0,
+    "alert() should never have been called"
+  );
 });
 
 add_task(async function testAddModuleFailure() {
   let win = await openLoadModuleDialog();
   gMockPromptService.expectedText = "Unable to add module";
   gMockPromptService.expectedWindow = win;
 
   // The exception we throw in addModule is first reported as an uncaught
@@ -202,51 +239,67 @@ add_task(async function testAddModuleFai
   expectUncaughtException(true);
 
   testAddModuleHelper(win, true);
   expectUncaughtException(false);
   // If adding a module fails, the dialog will not close. As such, we have to
   // close the window ourselves.
   await BrowserTestUtils.closeWindow(win);
 
-  Assert.equal(gMockPKCS11ModuleDB.addModuleCallCount, 1,
-               "addModule() should have been called once");
-  Assert.equal(gMockPromptService.alertCallCount, 1,
-               "alert() should have been called once");
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    1,
+    "addModule() should have been called once"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    1,
+    "alert() should have been called once"
+  );
 });
 
 add_task(async function testCancel() {
   let win = await openLoadModuleDialog();
   resetCallCounts();
 
   info("Canceling dialog");
   win.document.getElementById("loaddevice").cancelDialog();
 
-  Assert.equal(gMockPKCS11ModuleDB.addModuleCallCount, 0,
-               "addModule() should never have been called");
-  Assert.equal(gMockPromptService.alertCallCount, 0,
-               "alert() should never have been called");
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    0,
+    "addModule() should never have been called"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    0,
+    "alert() should never have been called"
+  );
 
   await BrowserTestUtils.windowClosed(win);
 });
 
 async function testModuleNameHelper(moduleName, acceptButtonShouldBeDisabled) {
   let win = await openLoadModuleDialog();
   resetCallCounts();
 
   info(`Setting Module Name to '${moduleName}'`);
   let moduleNameBox = win.document.getElementById("device_name");
   moduleNameBox.value = moduleName;
   // this makes this not a great test, but it's the easiest way to simulate this
   moduleNameBox.onchange();
 
   let dialogNode = win.document.querySelector("dialog");
-  Assert.equal(dialogNode.getAttribute("buttondisabledaccept"),
-               acceptButtonShouldBeDisabled ? "true" : "", // it's a string
-               `dialog accept button should ${acceptButtonShouldBeDisabled ? "" : "not "}be disabled`);
+  Assert.equal(
+    dialogNode.getAttribute("buttondisabledaccept"),
+    acceptButtonShouldBeDisabled ? "true" : "", // it's a string
+    `dialog accept button should ${
+      acceptButtonShouldBeDisabled ? "" : "not "
+    }be disabled`
+  );
 
   return BrowserTestUtils.closeWindow(win);
 }
 
 add_task(async function testEmptyModuleName() {
   await testModuleNameHelper("", true);
 });
 
--- a/security/manager/ssl/tests/mochitest/browser/head.js
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -1,14 +1,15 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 "use strict";
 
-var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                .getService(Ci.nsIX509CertDB);
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 /**
  * List of certs imported via readCertificate(). Certs in this list are
  * automatically deleted from the cert DB when a test including this head file
  * finishes.
  * @type nsIX509Cert[]
  */
 var gImportedCerts = [];
@@ -16,19 +17,20 @@ var gImportedCerts = [];
 registerCleanupFunction(() => {
   for (let cert of gImportedCerts) {
     gCertDB.deleteCertificate(cert);
   }
 });
 
 // This function serves the same purpose as the one defined in head_psm.js.
 function pemToBase64(pem) {
-  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
-            .replace(/-----END CERTIFICATE-----/, "")
-            .replace(/[\r\n]/g, "");
+  return pem
+    .replace(/-----BEGIN CERTIFICATE-----/, "")
+    .replace(/-----END CERTIFICATE-----/, "")
+    .replace(/[\r\n]/g, "");
 }
 
 /**
  * Given the filename of a certificate, returns a promise that will resolve with
  * a handle to the certificate when that certificate has been read and imported
  * with the given trust settings.
  *
  * Certs imported via this function will automatically be deleted from the cert
@@ -38,20 +40,26 @@ function pemToBase64(pem) {
  *        The filename of the certificate (assumed to be in the same directory).
  * @param {String} trustString
  *        A string describing how the certificate should be trusted (see
  *        `certutil -A --help`).
  * @return {Promise}
  *         A promise that will resolve with a handle to the certificate.
  */
 function readCertificate(filename, trustString) {
-  return OS.File.read(getTestFilePath(filename)).then(data => {
-    let decoder = new TextDecoder();
-    let pem = decoder.decode(data);
-    let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                   .getService(Ci.nsIX509CertDB);
-    let base64 = pemToBase64(pem);
-    certdb.addCertFromBase64(base64, trustString);
-    let cert = certdb.constructX509FromBase64(base64);
-    gImportedCerts.push(cert);
-    return cert;
-  }, error => { throw error; });
+  return OS.File.read(getTestFilePath(filename)).then(
+    data => {
+      let decoder = new TextDecoder();
+      let pem = decoder.decode(data);
+      let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+        Ci.nsIX509CertDB
+      );
+      let base64 = pemToBase64(pem);
+      certdb.addCertFromBase64(base64, trustString);
+      let cert = certdb.constructX509FromBase64(base64);
+      gImportedCerts.push(cert);
+      return cert;
+    },
+    error => {
+      throw error;
+    }
+  );
 }
--- a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -1,8 +1,11 @@
 /* import-globals-from mixedContentTest.js */
 "use strict";
 
 document.open();
 // eslint-disable-next-line no-unsanitized/method
 document.write("This is insecure XSS script " + document.cookie);
-isSecurityState("broken", "security broken after document write from unsecure script");
+isSecurityState(
+  "broken",
+  "security broken after document write from unsecure script"
+);
 finish();
--- a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -23,17 +23,16 @@ var openTwoWindows = false;
 // of images or other content before the test starts; this is actually
 // a 'redirect' to a different test page.
 var testPage = "";
 // Assign a function to this variable to have a clean up at the end
 var testCleanUp = null;
 // Contains mixed active content that needs to load to run the test
 var hasMixedActiveContent = false;
 
-
 // Internal variables
 var _windowCount = 0;
 
 window.onload = function onLoad() {
   if (location.search == "?runtest") {
     try {
       if (history.length == 1) {
         // Each test that includes this helper file is supposed to define
@@ -46,31 +45,33 @@ window.onload = function onLoad() {
       }
     } catch (ex) {
       ok(false, "Exception thrown during test: " + ex);
       finish();
     }
   } else {
     window.addEventListener("message", onMessageReceived);
 
-    let secureTestLocation = loadAsInsecure ? "http://example.com"
-                                            : "https://example.com";
+    let secureTestLocation = loadAsInsecure
+      ? "http://example.com"
+      : "https://example.com";
     secureTestLocation += location.pathname;
     if (testPage != "") {
       let array = secureTestLocation.split("/");
       array.pop();
       array.push(testPage);
       secureTestLocation = array.join("/");
     }
     secureTestLocation += "?runtest";
 
     if (hasMixedActiveContent) {
       SpecialPowers.pushPrefEnv(
-        {"set": [["security.mixed_content.block_active_content", false]]},
-        null);
+        { set: [["security.mixed_content.block_active_content", false]] },
+        null
+      );
     }
     if (openTwoWindows) {
       _windowCount = 2;
       window.open(secureTestLocation, "_new1", "");
       window.open(secureTestLocation, "_new2", "");
     } else {
       _windowCount = 1;
       window.open(secureTestLocation);
@@ -103,19 +104,21 @@ function onMessageReceived(event) {
 
 function postMsg(message) {
   opener.postMessage(message, "http://mochi.test:8888");
 }
 
 function finish() {
   if (history.length == 1 && !bypassNavigationTest) {
     window.setTimeout(() => {
-      window.location.assign(navigateToInsecure ?
-        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
-        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
+      window.location.assign(
+        navigateToInsecure
+          ? "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+          : "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+      );
     }, 0);
   } else {
     postMsg("done");
     window.close();
   }
 }
 
 function ok(a, message) {
@@ -136,46 +139,63 @@ function is(a, b, message) {
 
 function isSecurityState(expectedState, message, test) {
   if (!test) {
     test = ok;
   }
 
   let ui = SpecialPowers.wrap(window).docShell.securityUI;
 
-  let isInsecure = !ui ||
-    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE);
-  let isBroken = ui &&
-    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN);
-  let isEV = ui &&
-    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
+  let isInsecure =
+    !ui || ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE;
+  let isBroken =
+    ui && ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN;
+  let isEV =
+    ui &&
+    ui.state &
+      SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL;
 
   let gotState = "secure";
   if (isInsecure) {
     gotState = "insecure";
   } else if (isBroken) {
     gotState = "broken";
   } else if (isEV) {
     gotState = "EV";
   }
 
-  test(gotState == expectedState, (message || "") + ", expected " + expectedState + " got " + gotState);
+  test(
+    gotState == expectedState,
+    (message || "") + ", expected " + expectedState + " got " + gotState
+  );
 
   switch (expectedState) {
     case "insecure":
-      test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
+      test(
+        isInsecure && !isBroken && !isEV,
+        "for 'insecure' excpected flags [1,0,0], " + (message || "")
+      );
       break;
     case "broken":
-      test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected  flags [0,1,0], " + (message || ""));
+      test(
+        ui && !isInsecure && isBroken && !isEV,
+        "for 'broken' expected  flags [0,1,0], " + (message || "")
+      );
       break;
     case "secure":
-      test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
+      test(
+        ui && !isInsecure && !isBroken && !isEV,
+        "for 'secure' expected flags [0,0,0], " + (message || "")
+      );
       break;
     case "EV":
-      test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
+      test(
+        ui && !isInsecure && !isBroken && isEV,
+        "for 'EV' expected flags [0,0,1], " + (message || "")
+      );
       break;
     default:
       throw new Error("Invalid isSecurityState state");
   }
 }
 
 function waitForSecurityState(expectedState, callback) {
   let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -1,99 +1,111 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 "use strict";
 
-const { AppConstants } =
-  ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
+const { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
 const { ctypes } = ChromeUtils.import("resource://gre/modules/ctypes.jsm");
-const { FileUtils } = ChromeUtils.import("resource://gre/modules/FileUtils.jsm");
+const { FileUtils } = ChromeUtils.import(
+  "resource://gre/modules/FileUtils.jsm"
+);
 const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
-const { MockRegistrar } =
-  ChromeUtils.import("resource://testing-common/MockRegistrar.jsm");
+const { MockRegistrar } = ChromeUtils.import(
+  "resource://testing-common/MockRegistrar.jsm"
+);
 const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
 const { Promise } = ChromeUtils.import("resource://gre/modules/Promise.jsm");
 const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
-const { XPCOMUtils } = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
 
-const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"]
-                       .getService(Ci.nsIDebug2).isDebugBuild;
+const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"].getService(Ci.nsIDebug2)
+  .isDebugBuild;
 
 // The test EV roots are only enabled in debug builds as a security measure.
 const gEVExpected = isDebugBuild;
 
 const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
 const PRELOAD_STATE_FILE_NAME = "SecurityPreloadState.txt";
 
 const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
 const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
 const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
 
 // This isn't really a valid PRErrorCode, but is useful for signalling that
 // a test is expected to succeed.
 const PRErrorCodeSuccess = 0;
 
 // Sort in numerical order
-const SEC_ERROR_INVALID_TIME                            = SEC_ERROR_BASE + 8;
-const SEC_ERROR_BAD_DER                                 = SEC_ERROR_BASE + 9;
-const SEC_ERROR_BAD_SIGNATURE                           = SEC_ERROR_BASE + 10;
-const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
-const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
-const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
-const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
-const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
-const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
-const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE + 36;
-const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE + 41;
-const SEC_ERROR_PKCS7_BAD_SIGNATURE                     = SEC_ERROR_BASE + 47;
-const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE + 90;
-const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE + 91;
-const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112;
-const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117;
-const SEC_ERROR_OCSP_MALFORMED_REQUEST                  = SEC_ERROR_BASE + 120;
-const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121;
-const SEC_ERROR_OCSP_TRY_SERVER_LATER                   = SEC_ERROR_BASE + 122;
-const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG                  = SEC_ERROR_BASE + 123;
-const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST               = SEC_ERROR_BASE + 124;
-const SEC_ERROR_OCSP_UNKNOWN_CERT                       = SEC_ERROR_BASE + 126;
-const SEC_ERROR_OCSP_MALFORMED_RESPONSE                 = SEC_ERROR_BASE + 129;
-const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE              = SEC_ERROR_BASE + 130;
-const SEC_ERROR_OCSP_OLD_RESPONSE                       = SEC_ERROR_BASE + 132;
-const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE              = SEC_ERROR_BASE + 141;
-const SEC_ERROR_OCSP_INVALID_SIGNING_CERT               = SEC_ERROR_BASE + 144;
-const SEC_ERROR_POLICY_VALIDATION_FAILED                = SEC_ERROR_BASE + 160;
-const SEC_ERROR_OCSP_BAD_SIGNATURE                      = SEC_ERROR_BASE + 157;
-const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
+const SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = SEC_ERROR_BASE + 41;
+const SEC_ERROR_PKCS7_BAD_SIGNATURE = SEC_ERROR_BASE + 47;
+const SEC_ERROR_INADEQUATE_KEY_USAGE = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION = SEC_ERROR_BASE + 117;
+const SEC_ERROR_OCSP_MALFORMED_REQUEST = SEC_ERROR_BASE + 120;
+const SEC_ERROR_OCSP_SERVER_ERROR = SEC_ERROR_BASE + 121;
+const SEC_ERROR_OCSP_TRY_SERVER_LATER = SEC_ERROR_BASE + 122;
+const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = SEC_ERROR_BASE + 123;
+const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = SEC_ERROR_BASE + 124;
+const SEC_ERROR_OCSP_UNKNOWN_CERT = SEC_ERROR_BASE + 126;
+const SEC_ERROR_OCSP_MALFORMED_RESPONSE = SEC_ERROR_BASE + 129;
+const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = SEC_ERROR_BASE + 130;
+const SEC_ERROR_OCSP_OLD_RESPONSE = SEC_ERROR_BASE + 132;
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = SEC_ERROR_BASE + 141;
+const SEC_ERROR_OCSP_INVALID_SIGNING_CERT = SEC_ERROR_BASE + 144;
+const SEC_ERROR_POLICY_VALIDATION_FAILED = SEC_ERROR_BASE + 160;
+const SEC_ERROR_OCSP_BAD_SIGNATURE = SEC_ERROR_BASE + 157;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176;
 
-const SSL_ERROR_NO_CYPHER_OVERLAP                       = SSL_ERROR_BASE + 2;
-const SSL_ERROR_BAD_CERT_DOMAIN                         = SSL_ERROR_BASE + 12;
-const SSL_ERROR_BAD_CERT_ALERT                          = SSL_ERROR_BASE + 17;
-const SSL_ERROR_WEAK_SERVER_CERT_KEY                    = SSL_ERROR_BASE + 132;
+const SSL_ERROR_NO_CYPHER_OVERLAP = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT = SSL_ERROR_BASE + 17;
+const SSL_ERROR_WEAK_SERVER_CERT_KEY = SSL_ERROR_BASE + 132;
 
-const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE            = MOZILLA_PKIX_ERROR_BASE + 0;
-const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY     = MOZILLA_PKIX_ERROR_BASE + 1;
-const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE            = MOZILLA_PKIX_ERROR_BASE + 2;
-const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA             = MOZILLA_PKIX_ERROR_BASE + 3;
-const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE      = MOZILLA_PKIX_ERROR_BASE + 5;
-const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6;
-const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
-const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING   = MOZILLA_PKIX_ERROR_BASE + 10;
-const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME              = MOZILLA_PKIX_ERROR_BASE + 12;
-const MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED = MOZILLA_PKIX_ERROR_BASE + 13;
-const MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT               = MOZILLA_PKIX_ERROR_BASE + 14;
-const MOZILLA_PKIX_ERROR_MITM_DETECTED                  = MOZILLA_PKIX_ERROR_BASE + 15;
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY =
+  MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE =
+  MOZILLA_PKIX_ERROR_BASE + 5;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE =
+  MOZILLA_PKIX_ERROR_BASE + 6;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING =
+  MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING =
+  MOZILLA_PKIX_ERROR_BASE + 10;
+const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME = MOZILLA_PKIX_ERROR_BASE + 12;
+const MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED =
+  MOZILLA_PKIX_ERROR_BASE + 13;
+const MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT = MOZILLA_PKIX_ERROR_BASE + 14;
+const MOZILLA_PKIX_ERROR_MITM_DETECTED = MOZILLA_PKIX_ERROR_BASE + 15;
 
 // Supported Certificate Usages
-const certificateUsageSSLClient              = 0x0001;
-const certificateUsageSSLServer              = 0x0002;
-const certificateUsageSSLCA                  = 0x0008;
-const certificateUsageEmailSigner            = 0x0010;
-const certificateUsageEmailRecipient         = 0x0020;
+const certificateUsageSSLClient = 0x0001;
+const certificateUsageSSLServer = 0x0002;
+const certificateUsageSSLCA = 0x0008;
+const certificateUsageEmailSigner = 0x0010;
+const certificateUsageEmailRecipient = 0x0020;
 
 // A map from the name of a certificate usage to the value of the usage.
 // Useful for printing debugging information and for enumerating all supported
 // usages.
 const allCertificateUsages = {
   certificateUsageSSLClient,
   certificateUsageSSLServer,
   certificateUsageSSLCA,
@@ -117,51 +129,53 @@ function stringToArray(s) {
 function arrayToString(a) {
   let s = "";
   for (let b of a) {
     s += String.fromCharCode(b);
   }
   return s;
 }
 
-
-
 // Commonly certificates are represented as PEM. The format is roughly as
 // follows:
 //
 // -----BEGIN CERTIFICATE-----
 // [some lines of base64, each typically 64 characters long]
 // -----END CERTIFICATE-----
 //
 // However, nsIX509CertDB.constructX509FromBase64 and related functions do not
 // handle input of this form. Instead, they require a single string of base64
 // with no newlines or BEGIN/END headers. This is a helper function to convert
 // PEM to the format that nsIX509CertDB requires.
 function pemToBase64(pem) {
-  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
-            .replace(/-----END CERTIFICATE-----/, "")
-            .replace(/[\r\n]/g, "");
+  return pem
+    .replace(/-----BEGIN CERTIFICATE-----/, "")
+    .replace(/-----END CERTIFICATE-----/, "")
+    .replace(/[\r\n]/g, "");
 }
 
 function build_cert_chain(certNames, testDirectory = "bad_certs") {
-  let certList = Cc["@mozilla.org/security/x509certlist;1"]
-                   .createInstance(Ci.nsIX509CertList);
+  let certList = Cc["@mozilla.org/security/x509certlist;1"].createInstance(
+    Ci.nsIX509CertList
+  );
   certNames.forEach(function(certName) {
     let cert = constructCertFromFile(`${testDirectory}/${certName}.pem`);
     certList.addCert(cert);
   });
   return certList;
 }
 
 function readFile(file) {
-  let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
-                  .createInstance(Ci.nsIFileInputStream);
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
   fstream.init(file, -1, 0, 0);
   let available = fstream.available();
-  let data = available > 0 ? NetUtil.readInputStreamToString(fstream, available) : "";
+  let data =
+    available > 0 ? NetUtil.readInputStreamToString(fstream, available) : "";
   fstream.close();
   return data;
 }
 
 function addCertFromFile(certdb, filename, trustString) {
   let certFile = do_get_file(filename, false);
   let certBytes = readFile(certFile);
   try {
@@ -169,159 +183,210 @@ function addCertFromFile(certdb, filenam
   } catch (e) {}
   // It might be PEM instead of DER.
   return certdb.addCertFromBase64(pemToBase64(certBytes), trustString);
 }
 
 function constructCertFromFile(filename) {
   let certFile = do_get_file(filename, false);
   let certBytes = readFile(certFile);
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                 .getService(Ci.nsIX509CertDB);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   try {
     return certdb.constructX509(certBytes);
   } catch (e) {}
   // It might be PEM instead of DER.
   return certdb.constructX509FromBase64(pemToBase64(certBytes));
 }
 
 function setCertTrust(cert, trustString) {
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   certdb.setCertTrustFromString(cert, trustString);
 }
 
 function getXPCOMStatusFromNSS(statusNSS) {
-  let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
-                           .getService(Ci.nsINSSErrorsService);
+  let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"].getService(
+    Ci.nsINSSErrorsService
+  );
   return nssErrorsService.getXPCOMFromNSSError(statusNSS);
 }
 
 // Helper for checkCertErrorGenericAtTime
 class CertVerificationExpectedErrorResult {
   constructor(certName, expectedError, expectedEVStatus, resolve) {
     this.certName = certName;
     this.expectedError = expectedError;
     this.expectedEVStatus = expectedEVStatus;
     this.resolve = resolve;
   }
 
   verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
-    equal(aPRErrorCode, this.expectedError,
-          `verifying ${this.certName}: should get error ${this.expectedError}`);
+    equal(
+      aPRErrorCode,
+      this.expectedError,
+      `verifying ${this.certName}: should get error ${this.expectedError}`
+    );
     if (this.expectedEVStatus != undefined) {
-      equal(aHasEVPolicy, this.expectedEVStatus,
-            `verifying ${this.certName}: ` +
-            `should ${this.expectedEVStatus ? "be" : "not be"} EV`);
+      equal(
+        aHasEVPolicy,
+        this.expectedEVStatus,
+        `verifying ${this.certName}: ` +
+          `should ${this.expectedEVStatus ? "be" : "not be"} EV`
+      );
     }
     this.resolve();
   }
 }
 
 // certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
 // In particular, hostname is optional.
-function checkCertErrorGenericAtTime(certdb, cert, expectedError, usage, time,
-                                     /* optional */ isEVExpected,
-                                     /* optional */ hostname) {
+function checkCertErrorGenericAtTime(
+  certdb,
+  cert,
+  expectedError,
+  usage,
+  time,
+  /* optional */ isEVExpected,
+  /* optional */ hostname
+) {
   return new Promise((resolve, reject) => {
-      let result = new CertVerificationExpectedErrorResult(
-        cert.commonName, expectedError, isEVExpected, resolve);
-      certdb.asyncVerifyCertAtTime(cert, usage, NO_FLAGS, hostname, time,
-                                   result);
+    let result = new CertVerificationExpectedErrorResult(
+      cert.commonName,
+      expectedError,
+      isEVExpected,
+      resolve
+    );
+    certdb.asyncVerifyCertAtTime(cert, usage, NO_FLAGS, hostname, time, result);
   });
 }
 
 // certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
 // In particular, hostname is optional.
-function checkCertErrorGeneric(certdb, cert, expectedError, usage,
-                                     /* optional */ isEVExpected,
-                                     /* optional */ hostname) {
-  let now = (new Date()).getTime() / 1000;
-  return checkCertErrorGenericAtTime(certdb, cert, expectedError, usage, now,
-                                     isEVExpected, hostname);
+function checkCertErrorGeneric(
+  certdb,
+  cert,
+  expectedError,
+  usage,
+  /* optional */ isEVExpected,
+  /* optional */ hostname
+) {
+  let now = new Date().getTime() / 1000;
+  return checkCertErrorGenericAtTime(
+    certdb,
+    cert,
+    expectedError,
+    usage,
+    now,
+    isEVExpected,
+    hostname
+  );
 }
 
 function checkEVStatus(certDB, cert, usage, isEVExpected) {
-  return checkCertErrorGeneric(certDB, cert, PRErrorCodeSuccess, usage,
-                               isEVExpected);
+  return checkCertErrorGeneric(
+    certDB,
+    cert,
+    PRErrorCodeSuccess,
+    usage,
+    isEVExpected
+  );
 }
 
-function _getLibraryFunctionWithNoArguments(functionName, libraryName,
-                                            returnType) {
+function _getLibraryFunctionWithNoArguments(
+  functionName,
+  libraryName,
+  returnType
+) {
   // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
   let path = ctypes.libraryName(libraryName);
 
   // XXX really want to be able to pass specific dlopen flags here.
   let nsslib;
   try {
     nsslib = ctypes.open(path);
   } catch (e) {
     // In case opening the library without a full path fails,
     // try again with a full path.
     let file = Services.dirsvc.get("GreBinD", Ci.nsIFile);
     file.append(path);
     nsslib = ctypes.open(file.path);
   }
 
   let SECStatus = ctypes.int;
-  let func = nsslib.declare(functionName, ctypes.default_abi,
-                            returnType || SECStatus);
+  let func = nsslib.declare(
+    functionName,
+    ctypes.default_abi,
+    returnType || SECStatus
+  );
   return func;
 }
 
 function clearOCSPCache() {
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                 .getService(Ci.nsIX509CertDB);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   certdb.clearOCSPCache();
 }
 
 function clearSessionCache() {
   let SSL_ClearSessionCache = null;
   try {
-    SSL_ClearSessionCache =
-      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "ssl3",
-                                         ctypes.void_t);
+    SSL_ClearSessionCache = _getLibraryFunctionWithNoArguments(
+      "SSL_ClearSessionCache",
+      "ssl3",
+      ctypes.void_t
+    );
   } catch (e) {
     // On Windows, this is actually in the nss3 library.
-    SSL_ClearSessionCache =
-      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "nss3",
-                                         ctypes.void_t);
+    SSL_ClearSessionCache = _getLibraryFunctionWithNoArguments(
+      "SSL_ClearSessionCache",
+      "nss3",
+      ctypes.void_t
+    );
   }
   if (!SSL_ClearSessionCache) {
     throw new Error("couldn't get SSL_ClearSessionCache");
   }
   SSL_ClearSessionCache();
 }
 
 function getSSLStatistics() {
-  let SSL3Statistics = new ctypes.StructType("SSL3Statistics",
-                           [ { "sch_sid_cache_hits": ctypes.long },
-                             { "sch_sid_cache_misses": ctypes.long },
-                             { "sch_sid_cache_not_ok": ctypes.long },
-                             { "hsh_sid_cache_hits": ctypes.long },
-                             { "hsh_sid_cache_misses": ctypes.long },
-                             { "hsh_sid_cache_not_ok": ctypes.long },
-                             { "hch_sid_cache_hits": ctypes.long },
-                             { "hch_sid_cache_misses": ctypes.long },
-                             { "hch_sid_cache_not_ok": ctypes.long },
-                             { "sch_sid_stateless_resumes": ctypes.long },
-                             { "hsh_sid_stateless_resumes": ctypes.long },
-                             { "hch_sid_stateless_resumes": ctypes.long },
-                             { "hch_sid_ticket_parse_failures": ctypes.long }]);
+  let SSL3Statistics = new ctypes.StructType("SSL3Statistics", [
+    { sch_sid_cache_hits: ctypes.long },
+    { sch_sid_cache_misses: ctypes.long },
+    { sch_sid_cache_not_ok: ctypes.long },
+    { hsh_sid_cache_hits: ctypes.long },
+    { hsh_sid_cache_misses: ctypes.long },
+    { hsh_sid_cache_not_ok: ctypes.long },
+    { hch_sid_cache_hits: ctypes.long },
+    { hch_sid_cache_misses: ctypes.long },
+    { hch_sid_cache_not_ok: ctypes.long },
+    { sch_sid_stateless_resumes: ctypes.long },
+    { hsh_sid_stateless_resumes: ctypes.long },
+    { hch_sid_stateless_resumes: ctypes.long },
+    { hch_sid_ticket_parse_failures: ctypes.long },
+  ]);
   let SSL3StatisticsPtr = new ctypes.PointerType(SSL3Statistics);
   let SSL_GetStatistics = null;
   try {
-    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
-                                                           "ssl3",
-                                                           SSL3StatisticsPtr);
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments(
+      "SSL_GetStatistics",
+      "ssl3",
+      SSL3StatisticsPtr
+    );
   } catch (e) {
     // On Windows, this is actually in the nss3 library.
-    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
-                                                           "nss3",
-                                                           SSL3StatisticsPtr);
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments(
+      "SSL_GetStatistics",
+      "nss3",
+      SSL3StatisticsPtr
+    );
   }
   if (!SSL_GetStatistics) {
     throw new Error("Failed to get SSL statistics");
   }
   return SSL_GetStatistics();
 }
 
 // Set up a TLS testing environment that has a TLS server running and
@@ -397,84 +462,94 @@ function add_tls_server_setup(serverBinN
  * @param {Function} aAfterStreamOpen
  *   A callback function that is called with the nsISocketTransport once the
  *   output stream is ready.
  * @param {OriginAttributes} aOriginAttributes (optional)
  *   The origin attributes that the socket transport will have. This parameter
  *   affects OCSP because OCSP cache is double-keyed by origin attributes' first
  *   party domain.
  */
-function add_connection_test(aHost, aExpectedResult,
-                             aBeforeConnect, aWithSecurityInfo,
-                             aAfterStreamOpen,
-                             /* optional */ aOriginAttributes) {
+function add_connection_test(
+  aHost,
+  aExpectedResult,
+  aBeforeConnect,
+  aWithSecurityInfo,
+  aAfterStreamOpen,
+  /* optional */ aOriginAttributes
+) {
   const REMOTE_PORT = 8443;
 
   function Connection(host) {
     this.host = host;
     this.thread = Services.tm.currentThread;
     this.defer = Promise.defer();
-    let sts = Cc["@mozilla.org/network/socket-transport-service;1"]
-                .getService(Ci.nsISocketTransportService);
+    let sts = Cc["@mozilla.org/network/socket-transport-service;1"].getService(
+      Ci.nsISocketTransportService
+    );
     this.transport = sts.createTransport(["ssl"], host, REMOTE_PORT, null);
     // See bug 1129771 - attempting to connect to [::1] when the server is
     // listening on 127.0.0.1 causes frequent failures on OS X 10.10.
     this.transport.connectionFlags |= Ci.nsISocketTransport.DISABLE_IPV6;
     this.transport.setEventSink(this, this.thread);
     if (aOriginAttributes) {
       this.transport.originAttributes = aOriginAttributes;
     }
     this.inputStream = null;
     this.outputStream = null;
     this.connected = false;
   }
 
   Connection.prototype = {
     // nsITransportEventSink
     onTransportStatus(aTransport, aStatus, aProgress, aProgressMax) {
-      if (!this.connected && aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+      if (
+        !this.connected &&
+        aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO
+      ) {
         this.connected = true;
         this.outputStream.asyncWait(this, 0, 0, this.thread);
       }
     },
 
     // nsIInputStreamCallback
     onInputStreamReady(aStream) {
       try {
         // this will throw if the stream has been closed by an error
         let str = NetUtil.readInputStreamToString(aStream, aStream.available());
-        Assert.equal(str, "0",
-                     "Should have received ASCII '0' from server");
+        Assert.equal(str, "0", "Should have received ASCII '0' from server");
         this.inputStream.close();
         this.outputStream.close();
         this.result = Cr.NS_OK;
       } catch (e) {
         this.result = e.result;
       }
       this.defer.resolve(this);
     },
 
     // nsIOutputStreamCallback
     onOutputStreamReady(aStream) {
       if (aAfterStreamOpen) {
         aAfterStreamOpen(this.transport);
       }
-      let sslSocketControl = this.transport.securityInfo
-                               .QueryInterface(Ci.nsISSLSocketControl);
+      let sslSocketControl = this.transport.securityInfo.QueryInterface(
+        Ci.nsISSLSocketControl
+      );
       sslSocketControl.proxyStartSSL();
       this.outputStream.write("0", 1);
-      let inStream = this.transport.openInputStream(0, 0, 0)
-                       .QueryInterface(Ci.nsIAsyncInputStream);
+      let inStream = this.transport
+        .openInputStream(0, 0, 0)
+        .QueryInterface(Ci.nsIAsyncInputStream);
       this.inputStream = inStream;
       this.inputStream.asyncWait(this, 0, 0, this.thread);
     },
 
     go() {
-      this.outputStream = this.transport.openOutputStream(0, 0, 0)
-                            .QueryInterface(Ci.nsIAsyncOutputStream);
+      this.outputStream = this.transport
+        .openOutputStream(0, 0, 0)
+        .QueryInterface(Ci.nsIAsyncOutputStream);
       return this.defer.promise;
     },
   };
 
   /* Returns a promise to connect to host that resolves to the result of that
    * connection */
   function connectTo(host) {
     Services.prefs.setCharPref("network.dns.localDomains", host);
@@ -483,24 +558,31 @@ function add_connection_test(aHost, aExp
   }
 
   add_test(function() {
     if (aBeforeConnect) {
       aBeforeConnect();
     }
     connectTo(aHost).then(function(conn) {
       info("handling " + aHost);
-      let expectedNSResult = aExpectedResult == PRErrorCodeSuccess
-                           ? Cr.NS_OK
-                           : getXPCOMStatusFromNSS(aExpectedResult);
-      Assert.equal(conn.result, expectedNSResult,
-                   "Actual and expected connection result should match");
+      let expectedNSResult =
+        aExpectedResult == PRErrorCodeSuccess
+          ? Cr.NS_OK
+          : getXPCOMStatusFromNSS(aExpectedResult);
+      Assert.equal(
+        conn.result,
+        expectedNSResult,
+        "Actual and expected connection result should match"
+      );
       if (aWithSecurityInfo) {
-        aWithSecurityInfo(conn.transport.securityInfo
-                              .QueryInterface(Ci.nsITransportSecurityInfo));
+        aWithSecurityInfo(
+          conn.transport.securityInfo.QueryInterface(
+            Ci.nsITransportSecurityInfo
+          )
+        );
       }
       run_next_test();
     });
   });
 }
 
 function _getBinaryUtil(binaryUtilName) {
   let utilBin = Services.dirsvc.get("GreD", Ci.nsIFile);
@@ -527,56 +609,60 @@ function _getBinaryUtil(binaryUtilName) 
     utilBin.append(binaryUtilName);
   }
   Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`);
   return utilBin;
 }
 
 // Do not call this directly; use add_tls_server_setup
 function _setupTLSServerTest(serverBinName, certsPath, addDefaultRoot) {
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   // The trusted CA that is typically used for "good" certificates.
   if (addDefaultRoot) {
     addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u");
   }
 
   const CALLBACK_PORT = 8444;
 
-  let envSvc = Cc["@mozilla.org/process/environment;1"]
-                 .getService(Ci.nsIEnvironment);
+  let envSvc = Cc["@mozilla.org/process/environment;1"].getService(
+    Ci.nsIEnvironment
+  );
   let greBinDir = Services.dirsvc.get("GreBinD", Ci.nsIFile);
   envSvc.set("DYLD_LIBRARY_PATH", greBinDir.path);
   // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
   // does not return this path on Android, so hard code it here.
   envSvc.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
   envSvc.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3");
   envSvc.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT);
 
   let httpServer = new HttpServer();
-  httpServer.registerPathHandler("/",
-      function handleServerCallback(aRequest, aResponse) {
-        aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
-        aResponse.setHeader("Content-Type", "text/plain");
-        let responseBody = "OK!";
-        aResponse.bodyOutputStream.write(responseBody, responseBody.length);
-        executeSoon(function() {
-          httpServer.stop(run_next_test);
-        });
-      });
+  httpServer.registerPathHandler("/", function handleServerCallback(
+    aRequest,
+    aResponse
+  ) {
+    aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "text/plain");
+    let responseBody = "OK!";
+    aResponse.bodyOutputStream.write(responseBody, responseBody.length);
+    executeSoon(function() {
+      httpServer.stop(run_next_test);
+    });
+  });
   httpServer.start(CALLBACK_PORT);
 
   let serverBin = _getBinaryUtil(serverBinName);
   let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
   process.init(serverBin);
   let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
   certDir.append(`${certsPath}`);
   Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
   // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
-  process.run(false, [ "sql:" + certDir.path, Services.appinfo.processID ], 2);
+  process.run(false, ["sql:" + certDir.path, Services.appinfo.processID], 2);
 
   registerCleanupFunction(function() {
     process.kill();
   });
 }
 
 // Returns an Array of OCSP responses for a given ocspRespArray and a location
 // for a nssDB where the certs and public keys are prepopulated.
@@ -595,18 +681,19 @@ function generateOCSPResponses(ocspRespA
     argArray.push("sql:" + nssDBlocation);
     argArray.push(ocspRespArray[i][0]); // ocsRespType;
     argArray.push(ocspRespArray[i][1]); // nick;
     argArray.push(ocspRespArray[i][2]); // extranickname
     argArray.push(ocspRespArray[i][3]); // thisUpdate skew
     argArray.push(filename);
     info("argArray = " + argArray);
 
-    let process = Cc["@mozilla.org/process/util;1"]
-                    .createInstance(Ci.nsIProcess);
+    let process = Cc["@mozilla.org/process/util;1"].createInstance(
+      Ci.nsIProcess
+    );
     process.init(ocspGenBin);
     process.run(true, argArray, argArray.length);
     Assert.equal(0, process.exitValue, "Process exit value should be 0");
     let ocspFile = do_get_file(i.toString() + ".ocsp", false);
     retArray.push(readFile(ocspFile));
     ocspFile.remove(false);
   }
   return retArray;
@@ -646,86 +733,115 @@ function getFailingHttpServer(serverPort
 // expectedBasePaths is an optional array that is used to indicate
 //   what is the expected base path of the OCSP request.
 // expectedMethods is an optional array of methods ("GET" or "POST") indicating
 //   by which HTTP method the server is expected to be queried.
 // expectedResponseTypes is an optional array of OCSP response types to use (see
 //   GenerateOCSPResponse.cpp).
 // responseHeaderPairs is an optional array of HTTP header (name, value) pairs
 //   to set in each response.
-function startOCSPResponder(serverPort, identity, nssDBLocation,
-                            expectedCertNames, expectedBasePaths,
-                            expectedMethods, expectedResponseTypes,
-                            responseHeaderPairs = []) {
-  let ocspResponseGenerationArgs = expectedCertNames.map(
-    function(expectedNick) {
-      let responseType = "good";
-      if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
-        responseType = expectedResponseTypes.shift();
-      }
-      return [responseType, expectedNick, "unused", 0];
+function startOCSPResponder(
+  serverPort,
+  identity,
+  nssDBLocation,
+  expectedCertNames,
+  expectedBasePaths,
+  expectedMethods,
+  expectedResponseTypes,
+  responseHeaderPairs = []
+) {
+  let ocspResponseGenerationArgs = expectedCertNames.map(function(
+    expectedNick
+  ) {
+    let responseType = "good";
+    if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
+      responseType = expectedResponseTypes.shift();
     }
+    return [responseType, expectedNick, "unused", 0];
+  });
+  let ocspResponses = generateOCSPResponses(
+    ocspResponseGenerationArgs,
+    nssDBLocation
   );
-  let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs,
-                                            nssDBLocation);
   let httpServer = new HttpServer();
-  httpServer.registerPrefixHandler("/",
-    function handleServerCallback(aRequest, aResponse) {
-      info("got request for: " + aRequest.path);
-      let basePath = aRequest.path.slice(1).split("/")[0];
-      if (expectedBasePaths.length >= 1) {
-        Assert.equal(basePath, expectedBasePaths.shift(),
-                     "Actual and expected base path should match");
-      }
-      Assert.ok(expectedCertNames.length >= 1,
-                "expectedCertNames should contain >= 1 entries");
-      if (expectedMethods && expectedMethods.length >= 1) {
-        Assert.equal(aRequest.method, expectedMethods.shift(),
-                     "Actual and expected fetch method should match");
-      }
-      aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
-      aResponse.setHeader("Content-Type", "application/ocsp-response");
-      for (let headerPair of responseHeaderPairs) {
-        aResponse.setHeader(headerPair[0], headerPair[1]);
-      }
-      aResponse.write(ocspResponses.shift());
-    });
+  httpServer.registerPrefixHandler("/", function handleServerCallback(
+    aRequest,
+    aResponse
+  ) {
+    info("got request for: " + aRequest.path);
+    let basePath = aRequest.path.slice(1).split("/")[0];
+    if (expectedBasePaths.length >= 1) {
+      Assert.equal(
+        basePath,
+        expectedBasePaths.shift(),
+        "Actual and expected base path should match"
+      );
+    }
+    Assert.ok(
+      expectedCertNames.length >= 1,
+      "expectedCertNames should contain >= 1 entries"
+    );
+    if (expectedMethods && expectedMethods.length >= 1) {
+      Assert.equal(
+        aRequest.method,
+        expectedMethods.shift(),
+        "Actual and expected fetch method should match"
+      );
+    }
+    aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "application/ocsp-response");
+    for (let headerPair of responseHeaderPairs) {
+      aResponse.setHeader(headerPair[0], headerPair[1]);
+    }
+    aResponse.write(ocspResponses.shift());
+  });
   httpServer.identity.setPrimary("http", identity, serverPort);
   httpServer.start(serverPort);
   return {
     stop(callback) {
       // make sure we consumed each expected response
-      Assert.equal(ocspResponses.length, 0,
-                   "Should have 0 remaining expected OCSP responses");
+      Assert.equal(
+        ocspResponses.length,
+        0,
+        "Should have 0 remaining expected OCSP responses"
+      );
       if (expectedMethods) {
-        Assert.equal(expectedMethods.length, 0,
-                     "Should have 0 remaining expected fetch methods");
+        Assert.equal(
+          expectedMethods.length,
+          0,
+          "Should have 0 remaining expected fetch methods"
+        );
       }
       if (expectedBasePaths) {
-        Assert.equal(expectedBasePaths.length, 0,
-                     "Should have 0 remaining expected base paths");
+        Assert.equal(
+          expectedBasePaths.length,
+          0,
+          "Should have 0 remaining expected base paths"
+        );
       }
       if (expectedResponseTypes) {
-        Assert.equal(expectedResponseTypes.length, 0,
-                     "Should have 0 remaining expected response types");
+        Assert.equal(
+          expectedResponseTypes.length,
+          0,
+          "Should have 0 remaining expected response types"
+        );
       }
       httpServer.stop(callback);
     },
   };
 }
 
 // Given an OCSP responder (see startOCSPResponder), returns a promise that
 // resolves when the responder has successfully stopped.
 function stopOCSPResponder(responder) {
   return new Promise((resolve, reject) => {
     responder.stop(resolve);
   });
 }
 
-
 // A prototype for a fake, error-free secInfo
 var FakeTransportSecurityInfo = function(certificate) {
   this.serverCert = certificate;
 };
 
 FakeTransportSecurityInfo.prototype = {
   serverCert: null,
   cipherName: null,
@@ -741,97 +857,153 @@ FakeTransportSecurityInfo.prototype = {
 };
 
 // Utility functions for adding tests relating to certificate error overrides
 
 // Helper function for add_cert_override_test. Probably doesn't need to be
 // called directly.
 function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
   let bits =
-    (aSecurityInfo.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
-    (aSecurityInfo.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
-    (aSecurityInfo.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+    (aSecurityInfo.isUntrusted
+      ? Ci.nsICertOverrideService.ERROR_UNTRUSTED
+      : 0) |
+    (aSecurityInfo.isDomainMismatch
+      ? Ci.nsICertOverrideService.ERROR_MISMATCH
+      : 0) |
+    (aSecurityInfo.isNotValidAtThisTime
+      ? Ci.nsICertOverrideService.ERROR_TIME
+      : 0);
 
-  Assert.equal(bits, aExpectedBits,
-               "Actual and expected override bits should match");
+  Assert.equal(
+    bits,
+    aExpectedBits,
+    "Actual and expected override bits should match"
+  );
   let cert = aSecurityInfo.serverCert;
-  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
-                              .getService(Ci.nsICertOverrideService);
-  certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
-                                               true);
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(
+    aHost,
+    8443,
+    cert,
+    aExpectedBits,
+    true
+  );
 }
 
 // Given a host, expected error bits (see nsICertOverrideService.idl), and an
 // expected error code, tests that an initial connection to the host fails
 // with the expected errors and that adding an override results in a subsequent
 // connection succeeding.
-function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
-                                aExpectedSecInfo = undefined) {
-  add_connection_test(aHost, aExpectedError, null,
-                      add_cert_override.bind(this, aHost, aExpectedBits));
+function add_cert_override_test(
+  aHost,
+  aExpectedBits,
+  aExpectedError,
+  aExpectedSecInfo = undefined
+) {
+  add_connection_test(
+    aHost,
+    aExpectedError,
+    null,
+    add_cert_override.bind(this, aHost, aExpectedBits)
+  );
   add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
-    Assert.ok(aSecurityInfo.securityState &
-              Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
-              "Cert override flag should be set on the security state");
+    Assert.ok(
+      aSecurityInfo.securityState &
+        Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+      "Cert override flag should be set on the security state"
+    );
     if (aExpectedSecInfo) {
       if (aExpectedSecInfo.failedCertChain) {
-        ok(aExpectedSecInfo.failedCertChain.equals(aSecurityInfo.failedCertChain));
+        ok(
+          aExpectedSecInfo.failedCertChain.equals(aSecurityInfo.failedCertChain)
+        );
       }
     }
   });
 }
 
 // Helper function for add_prevented_cert_override_test. This is much like
 // add_cert_override except it may not be the case that the connection has an
 // SecInfo set on it. In this case, the error was not overridable anyway, so
 // we consider it a success.
 function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
   if (aSecurityInfo.serverCert) {
     let bits =
-      (aSecurityInfo.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
-      (aSecurityInfo.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
-      (aSecurityInfo.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
-    Assert.equal(bits, aExpectedBits,
-                 "Actual and expected override bits should match");
+      (aSecurityInfo.isUntrusted
+        ? Ci.nsICertOverrideService.ERROR_UNTRUSTED
+        : 0) |
+      (aSecurityInfo.isDomainMismatch
+        ? Ci.nsICertOverrideService.ERROR_MISMATCH
+        : 0) |
+      (aSecurityInfo.isNotValidAtThisTime
+        ? Ci.nsICertOverrideService.ERROR_TIME
+        : 0);
+    Assert.equal(
+      bits,
+      aExpectedBits,
+      "Actual and expected override bits should match"
+    );
     let cert = aSecurityInfo.serverCert;
-    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
-                                .getService(Ci.nsICertOverrideService);
-    certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
-                                                 true);
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.rememberValidityOverride(
+      aHost,
+      8443,
+      cert,
+      aExpectedBits,
+      true
+    );
   }
 }
 
 // Given a host, expected error bits (see nsICertOverrideService.idl), and
 // an expected error code, tests that an initial connection to the host fails
 // with the expected errors and that adding an override does not result in a
 // subsequent connection succeeding (i.e. the same error code is encountered).
 // The idea here is that for HSTS hosts or hosts with key pins, no error is
 // overridable, even if an entry is added to the override service.
-function add_prevented_cert_override_test(aHost, aExpectedBits, aExpectedError) {
-  add_connection_test(aHost, aExpectedError, null,
-                      attempt_adding_cert_override.bind(this, aHost, aExpectedBits));
+function add_prevented_cert_override_test(
+  aHost,
+  aExpectedBits,
+  aExpectedError
+) {
+  add_connection_test(
+    aHost,
+    aExpectedError,
+    null,
+    attempt_adding_cert_override.bind(this, aHost, aExpectedBits)
+  );
   add_connection_test(aHost, aExpectedError);
 }
 
 // Helper for asyncTestCertificateUsages.
 class CertVerificationResult {
   constructor(certName, usageString, successExpected, resolve) {
     this.certName = certName;
     this.usageString = usageString;
     this.successExpected = successExpected;
     this.resolve = resolve;
   }
 
   verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
     if (this.successExpected) {
-      equal(aPRErrorCode, PRErrorCodeSuccess,
-            `verifying ${this.certName} for ${this.usageString} should succeed`);
+      equal(
+        aPRErrorCode,
+        PRErrorCodeSuccess,
+        `verifying ${this.certName} for ${this.usageString} should succeed`
+      );
     } else {
-      notEqual(aPRErrorCode, PRErrorCodeSuccess,
-               `verifying ${this.certName} for ${this.usageString} should fail`);
+      notEqual(
+        aPRErrorCode,
+        PRErrorCodeSuccess,
+        `verifying ${this.certName} for ${this.usageString} should fail`
+      );
     }
     this.resolve();
   }
 }
 
 /**
  * Asynchronously attempts to verify the given certificate for all supported
  * usages (see allCertificateUsages). Verifies that the results match the
@@ -846,24 +1018,28 @@ class CertVerificationResult {
  * @param {Number[]} expectedUsages
  *   A list of usages (as their integer values) that are expected to verify
  *   successfully.
  * @return {Promise}
  *   A promise that will resolve with no value when all asynchronous operations
  *   have completed.
  */
 function asyncTestCertificateUsages(certdb, cert, expectedUsages) {
-  let now = (new Date()).getTime() / 1000;
+  let now = new Date().getTime() / 1000;
   let promises = [];
   Object.keys(allCertificateUsages).forEach(usageString => {
     let promise = new Promise((resolve, reject) => {
       let usage = allCertificateUsages[usageString];
       let successExpected = expectedUsages.includes(usage);
-      let result = new CertVerificationResult(cert.commonName, usageString,
-                                              successExpected, resolve);
+      let result = new CertVerificationResult(
+        cert.commonName,
+        usageString,
+        successExpected,
+        resolve
+      );
       let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY;
       certdb.asyncVerifyCertAtTime(cert, usage, flags, null, now, result);
     });
     promises.push(promise);
   });
   return Promise.all(promises);
 }
 
@@ -879,39 +1055,44 @@ function asyncTestCertificateUsages(cert
  *                  module gets reported.
  */
 function loadPKCS11TestModule(expectModuleUnloadToFail) {
   let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
   libraryFile.append("pkcs11testmodule");
   libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
   ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
 
-  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
-                         .getService(Ci.nsIPKCS11ModuleDB);
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
   registerCleanupFunction(() => {
     try {
       pkcs11ModuleDB.deleteModule("PKCS11 Test Module");
     } catch (e) {
-      Assert.ok(expectModuleUnloadToFail,
-                `Module unload should suceed only when expected: ${e}`);
+      Assert.ok(
+        expectModuleUnloadToFail,
+        `Module unload should suceed only when expected: ${e}`
+      );
     }
   });
   pkcs11ModuleDB.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
 }
 
 /**
  * @param {String} data
  * @returns {String}
  */
 function hexify(data) {
   // |slice(-2)| chomps off the last two characters of a string.
   // Therefore, if the Unicode value is < 0x10, we have a single-character hex
   // string when we want one that's two characters, and unconditionally
   // prepending a "0" solves the problem.
-  return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
+  return Array.from(data, (c, i) =>
+    ("0" + data.charCodeAt(i).toString(16)).slice(-2)
+  ).join("");
 }
 
 /**
  * @param {String[]} lines
  *        Lines to write. Each line automatically has "\n" appended to it when
  *        being written.
  * @param {nsIFileOutputStream} outputStream
  */
--- a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
+++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
@@ -1,33 +1,66 @@
 /* import-globals-from head_psm.js */
 "use strict";
 
 function run_test() {
-  let SSService = Cc["@mozilla.org/ssservice;1"]
-                    .getService(Ci.nsISiteSecurityService);
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
 
-  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            Services.io.newURI("https://expired.example.com"),
-                            0));
-  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                           Services.io.newURI("https://notexpired.example.com"),
-                           0));
-  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                           Services.io.newURI("https://includesubdomains.preloaded.test"),
-                           0));
-  ok(!SSService.isSecureURI(
-       Ci.nsISiteSecurityService.HEADER_HSTS,
-       Services.io.newURI("https://sub.includesubdomains.preloaded.test"), 0));
-  ok(SSService.isSecureURI(
-       Ci.nsISiteSecurityService.HEADER_HSTS,
-       Services.io.newURI("https://incsubdomain.example.com"), 0));
-  ok(SSService.isSecureURI(
-       Ci.nsISiteSecurityService.HEADER_HSTS,
-       Services.io.newURI("https://sub.incsubdomain.example.com"), 0));
-  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            Services.io.newURI("https://includesubdomains2.preloaded.test"),
-                            0));
-  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            Services.io.newURI("https://sub.includesubdomains2.preloaded.test"),
-                            0));
+  ok(
+    !SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://expired.example.com"),
+      0
+    )
+  );
+  ok(
+    SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://notexpired.example.com"),
+      0
+    )
+  );
+  ok(
+    SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://includesubdomains.preloaded.test"),
+      0
+    )
+  );
+  ok(
+    !SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://sub.includesubdomains.preloaded.test"),
+      0
+    )
+  );
+  ok(
+    SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://incsubdomain.example.com"),
+      0
+    )
+  );
+  ok(
+    SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://sub.incsubdomain.example.com"),
+      0
+    )
+  );
+  ok(
+    !SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://includesubdomains2.preloaded.test"),
+      0
+    )
+  );
+  ok(
+    !SSService.isSecureURI(
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Services.io.newURI("https://sub.includesubdomains2.preloaded.test"),
+      0
+    )
+  );
   do_test_finished();
 }
--- a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -4,18 +4,19 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
 // Tests that adding a certificate already present in the certificate database
 // with different trust bits than those stored in the database does not result
 // in the new trust bits being ignored.
 
 do_get_profile();
-var certDB = Cc["@mozilla.org/security/x509certdb;1"]
-               .getService(Ci.nsIX509CertDB);
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 function load_cert(cert, trust) {
   let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
   return addCertFromFile(certDB, file, trust);
 }
 
 function getDERString(cert) {
   let derString = "";
@@ -23,22 +24,31 @@ function getDERString(cert) {
     derString += String.fromCharCode(rawByte);
   }
   return derString;
 }
 
 add_task(async function() {
   load_cert("ca", "CTu,CTu,CTu");
   let int_cert = load_cert("int-limited-depth", "CTu,CTu,CTu");
-  let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
+  let file =
+    "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
   let cert_pem = readFile(do_get_file(file));
   let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
-  await checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
-                              certificateUsageSSLServer);
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
   // Change the already existing intermediate certificate's trust using
   // addCertFromBase64().
   notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
   let base64_cert = btoa(getDERString(int_cert));
   let returnedEE = certDB.addCertFromBase64(base64_cert, "p,p,p");
   notEqual(returnedEE, null, "addCertFromBase64 should return a certificate");
-  await checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,
-                              certificateUsageSSLServer);
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLServer
+  );
 });
--- a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
@@ -11,34 +11,44 @@
 // compatibility concerns, the platform can be configured to fall back for
 // certificates that are valid before 23 August 2016. Note that for certificates
 // issued by an imported root, the platform will fall back if necessary,
 // regardless of the value of the preference.
 
 "use strict";
 
 do_get_profile(); // must be called before getting nsIX509CertDB
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 function certFromFile(certName) {
   return constructCertFromFile(`test_baseline_requirements/${certName}.pem`);
 }
 
 function loadCertWithTrust(certName, trustString) {
-  addCertFromFile(gCertDB, `test_baseline_requirements/${certName}.pem`,
-                  trustString);
+  addCertFromFile(
+    gCertDB,
+    `test_baseline_requirements/${certName}.pem`,
+    trustString
+  );
 }
 
 function checkCertOn25August2016(cert, expectedResult) {
   // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
   const VALIDATION_TIME = 1472083200;
-  return checkCertErrorGenericAtTime(gCertDB, cert, expectedResult,
-                                     certificateUsageSSLServer, VALIDATION_TIME,
-                                     false, "example.com");
+  return checkCertErrorGenericAtTime(
+    gCertDB,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer,
+    VALIDATION_TIME,
+    false,
+    "example.com"
+  );
 }
 
 add_task(async function() {
   registerCleanupFunction(() => {
     Services.prefs.clearUserPref("security.pki.name_matching_mode");
     Services.prefs.clearUserPref("security.test.built_in_root_hash");
     Services.prefs.clearUserPref("privacy.reduceTimerPrecision");
   });
@@ -50,142 +60,236 @@ add_task(async function() {
   // When verifying a certificate, if the trust anchor is not a built-in root,
   // name matching will fall back to using the subject common name if necessary
   // (i.e. if there is no subject alternative name extension or it does not
   // contain any dNSName or iPAddress entries). Thus, since imported roots are
   // not in general treated as built-ins, these should all successfully verify
   // regardless of the value of the pref.
   Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
   info("current mode: always fall back, root not built-in");
-  await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-older"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-older"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-older"),
+    PRErrorCodeSuccess
+  );
 
   Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
-  info("current mode: fall back for notBefore < August 23, 2016, root " +
-       "not built-in");
-  await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-older"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                PRErrorCodeSuccess);
+  info(
+    "current mode: fall back for notBefore < August 23, 2016, root " +
+      "not built-in"
+  );
+  await checkCertOn25August2016(
+    certFromFile("no-san-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-older"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-older"),
+    PRErrorCodeSuccess
+  );
 
   Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
-  info("current mode: fall back for notBefore < August 23, 2015, root " +
-       "not built-in");
-  await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-older"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                PRErrorCodeSuccess);
+  info(
+    "current mode: fall back for notBefore < August 23, 2015, root " +
+      "not built-in"
+  );
+  await checkCertOn25August2016(
+    certFromFile("no-san-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-older"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-older"),
+    PRErrorCodeSuccess
+  );
 
   Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
   info("current mode: never fall back, root not built-in");
-  await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("no-san-older"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                PRErrorCodeSuccess);
-  await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
+  await checkCertOn25August2016(
+    certFromFile("no-san-older"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-older"),
+    PRErrorCodeSuccess
+  );
 
   // In debug builds, we can treat an imported root as a built-in, and thus we
   // can actually test the different values of the pref.
   if (isDebugBuild) {
     let root = certFromFile("ca");
-    Services.prefs.setCharPref("security.test.built_in_root_hash",
-                               root.sha256Fingerprint);
+    Services.prefs.setCharPref(
+      "security.test.built_in_root_hash",
+      root.sha256Fingerprint
+    );
 
     // Always fall back if necessary.
     Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
     info("current mode: always fall back, root built-in");
-    await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("no-san-old"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("no-san-older"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                  PRErrorCodeSuccess);
+    await checkCertOn25August2016(
+      certFromFile("no-san-recent"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-old"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-older"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-recent"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-old"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-older"),
+      PRErrorCodeSuccess
+    );
 
     // Only fall back if notBefore < 23 August 2016
     Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
-    info("current mode: fall back for notBefore < August 23, 2016, root " +
-         "built-in");
-    await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("no-san-old"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("no-san-older"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                  PRErrorCodeSuccess);
+    info(
+      "current mode: fall back for notBefore < August 23, 2016, root " +
+        "built-in"
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-old"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-older"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-old"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-older"),
+      PRErrorCodeSuccess
+    );
 
     // Only fall back if notBefore < 23 August 2015
     Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
-    info("current mode: fall back for notBefore < August 23, 2015, root " +
-         "built-in");
-    await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("no-san-old"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("no-san-older"),
-                                  PRErrorCodeSuccess);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                  PRErrorCodeSuccess);
+    info(
+      "current mode: fall back for notBefore < August 23, 2015, root " +
+        "built-in"
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-old"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-older"),
+      PRErrorCodeSuccess
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-old"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-older"),
+      PRErrorCodeSuccess
+    );
 
     // Never fall back.
     Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
     info("current mode: never fall back, root built-in");
-    await checkCertOn25August2016(certFromFile("no-san-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("no-san-old"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("no-san-older"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
-    await checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
-                                  SSL_ERROR_BAD_CERT_DOMAIN);
+    await checkCertOn25August2016(
+      certFromFile("no-san-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-old"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("no-san-older"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-recent"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-old"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
+    await checkCertOn25August2016(
+      certFromFile("san-contains-no-hostnames-older"),
+      SSL_ERROR_BAD_CERT_DOMAIN
+    );
   }
 });
--- a/security/manager/ssl/tests/unit/test_blocklist_onecrl.js
+++ b/security/manager/ssl/tests/unit/test_blocklist_onecrl.js
@@ -1,76 +1,112 @@
 "use strict";
 
 do_get_profile();
 
 const { Utils } = ChromeUtils.import("resource://services-settings/Utils.jsm");
-const { RemoteSettings } = ChromeUtils.import("resource://services-settings/remote-settings.js");
-const { RemoteSecuritySettings } = ChromeUtils.import("resource://gre/modules/psm/RemoteSecuritySettings.jsm");
+const { RemoteSettings } = ChromeUtils.import(
+  "resource://services-settings/remote-settings.js"
+);
+const { RemoteSecuritySettings } = ChromeUtils.import(
+  "resource://gre/modules/psm/RemoteSecuritySettings.jsm"
+);
 const { OneCRLBlocklistClient } = RemoteSecuritySettings.init();
 
 const global = this;
 
 add_task(async function test_uses_a_custom_signer() {
-  Assert.notEqual(OneCRLBlocklistClient.signerName, RemoteSettings("not-specified").signerName);
+  Assert.notEqual(
+    OneCRLBlocklistClient.signerName,
+    RemoteSettings("not-specified").signerName
+  );
 });
 
 add_task(async function test_has_initial_dump() {
-  Assert.ok(await Utils.hasLocalDump(OneCRLBlocklistClient.bucketName, OneCRLBlocklistClient.collectionName));
+  Assert.ok(
+    await Utils.hasLocalDump(
+      OneCRLBlocklistClient.bucketName,
+      OneCRLBlocklistClient.collectionName
+    )
+  );
 });
 
 add_task(async function test_default_jexl_filter_is_used() {
-  Assert.deepEqual(OneCRLBlocklistClient.filterFunc, RemoteSettings("not-specified").filterFunc);
+  Assert.deepEqual(
+    OneCRLBlocklistClient.filterFunc,
+    RemoteSettings("not-specified").filterFunc
+  );
 });
 
-add_task({
-skip_if: () => !AppConstants.MOZ_NEW_CERT_STORAGE,
-}, async function test_revocations_are_updated_on_sync_with_cert_storage() {
-  const certList = Cc["@mozilla.org/security/certstorage;1"]
-    .getService(Ci.nsICertStorage);
-  const has_revocations = () => new Promise((resolve) => {
-    certList.hasPriorData(Ci.nsICertStorage.DATA_TYPE_REVOCATION, (rv, hasPriorData) => {
-      if (rv == Cr.NS_OK) {
-        return resolve(hasPriorData);
-      }
-      return resolve(false);
+add_task(
+  {
+    skip_if: () => !AppConstants.MOZ_NEW_CERT_STORAGE,
+  },
+  async function test_revocations_are_updated_on_sync_with_cert_storage() {
+    const certList = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    const has_revocations = () =>
+      new Promise(resolve => {
+        certList.hasPriorData(
+          Ci.nsICertStorage.DATA_TYPE_REVOCATION,
+          (rv, hasPriorData) => {
+            if (rv == Cr.NS_OK) {
+              return resolve(hasPriorData);
+            }
+            return resolve(false);
+          }
+        );
+      });
+
+    Assert.ok(!(await has_revocations()));
+
+    await OneCRLBlocklistClient.emit("sync", {
+      data: {
+        current: [],
+        created: [
+          {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+          },
+        ],
+        updated: [],
+        deleted: [],
+      },
     });
-  });
-
-  Assert.ok(!(await has_revocations()));
-
-  await OneCRLBlocklistClient.emit("sync", { data: {
-    current: [],
-    created: [{
-      issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
-      serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
-    }],
-    updated: [],
-    deleted: [],
-  }});
 
-  Assert.ok(await has_revocations());
-});
+    Assert.ok(await has_revocations());
+  }
+);
 
-add_task({
-  skip_if: () => AppConstants.MOZ_NEW_CERT_STORAGE,
-}, async function test_revocations_are_updated_on_sync() {
-  const profile = do_get_profile();
-  const revocations = profile.clone();
-  revocations.append("revocations.txt");
-  const before = revocations.exists() ? revocations.lastModifiedTime : null;
+add_task(
+  {
+    skip_if: () => AppConstants.MOZ_NEW_CERT_STORAGE,
+  },
+  async function test_revocations_are_updated_on_sync() {
+    const profile = do_get_profile();
+    const revocations = profile.clone();
+    revocations.append("revocations.txt");
+    const before = revocations.exists() ? revocations.lastModifiedTime : null;
 
-  await OneCRLBlocklistClient.emit("sync", { data: {
-    current: [{
-      issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
-      serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
-    }],
-    deleted: [],
-    updated: [],
-    created: [{
-      issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
-      serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
-    }],
-  }});
+    await OneCRLBlocklistClient.emit("sync", {
+      data: {
+        current: [
+          {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+          },
+        ],
+        deleted: [],
+        updated: [],
+        created: [
+          {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+          },
+        ],
+      },
+    });
 
-  const after = revocations.lastModifiedTime;
-  Assert.notEqual(before, after, "revocation file was modified.");
-});
+    const after = revocations.lastModifiedTime;
+    Assert.notEqual(before, after, "revocation file was modified.");
+  }
+);
--- a/security/manager/ssl/tests/unit/test_blocklist_pinning.js
+++ b/security/manager/ssl/tests/unit/test_blocklist_pinning.js
@@ -1,167 +1,276 @@
 "use strict";
 
 const { Utils } = ChromeUtils.import("resource://services-settings/Utils.jsm");
-const { RemoteSettings } = ChromeUtils.import("resource://services-settings/remote-settings.js");
-const { RemoteSecuritySettings } = ChromeUtils.import("resource://gre/modules/psm/RemoteSecuritySettings.jsm");
+const { RemoteSettings } = ChromeUtils.import(
+  "resource://services-settings/remote-settings.js"
+);
+const { RemoteSecuritySettings } = ChromeUtils.import(
+  "resource://gre/modules/psm/RemoteSecuritySettings.jsm"
+);
 
-const sss = Cc["@mozilla.org/ssservice;1"]
-  .getService(Ci.nsISiteSecurityService);
+const sss = Cc["@mozilla.org/ssservice;1"].getService(
+  Ci.nsISiteSecurityService
+);
 
 const { PinningBlocklistClient } = RemoteSecuritySettings.init();
 
-
 add_task(async function test_uses_a_custom_signer() {
-  Assert.notEqual(PinningBlocklistClient.signerName, RemoteSettings("not-specified").signerName);
+  Assert.notEqual(
+    PinningBlocklistClient.signerName,
+    RemoteSettings("not-specified").signerName
+  );
 });
 
 add_task(async function test_pinning_has_initial_dump() {
   if (AppConstants.platform == "android") {
     // Skip test: we don't ship pinning dumps on Android (see package-manifest).
     return;
   }
-  Assert.ok(await Utils.hasLocalDump(PinningBlocklistClient.bucketName, PinningBlocklistClient.collectionName));
+  Assert.ok(
+    await Utils.hasLocalDump(
+      PinningBlocklistClient.bucketName,
+      PinningBlocklistClient.collectionName
+    )
+  );
 });
 
 add_task(async function test_default_jexl_filter_is_used() {
-  Assert.deepEqual(PinningBlocklistClient.filterFunc, RemoteSettings("not-specified").filterFunc);
+  Assert.deepEqual(
+    PinningBlocklistClient.filterFunc,
+    RemoteSettings("not-specified").filterFunc
+  );
 });
 
 add_task(async function test_no_pins_by_default() {
   // ensure our pins are all missing before we start
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-                      Services.io.newURI("https://one.example.com"), 0));
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-                      Services.io.newURI("https://two.example.com"), 0));
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-                      Services.io.newURI("https://three.example.com"), 0));
-  ok(!sss.isSecureURI(sss.HEADER_HSTS,
-                      Services.io.newURI("https://four.example.com"), 0));
-  ok(!sss.isSecureURI(sss.HEADER_HSTS,
-                      Services.io.newURI("https://five.example.com"), 0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://one.example.com"),
+      0
+    )
+  );
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://two.example.com"),
+      0
+    )
+  );
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://three.example.com"),
+      0
+    )
+  );
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://four.example.com"),
+      0
+    )
+  );
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://five.example.com"),
+      0
+    )
+  );
 });
 
 add_task(async function test_simple_pin_domain() {
-  const current = [{
-    "pinType": "KeyPin",
-    "hostName": "one.example.com",
-    "includeSubdomains": false,
-    "expires": new Date().getTime() + 1000000,
-    "pins": ["cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
-      "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="],
-    "versions": [Services.appinfo.version],
-  }];
-  await PinningBlocklistClient.emit("sync", { data: { current }});
+  const current = [
+    {
+      pinType: "KeyPin",
+      hostName: "one.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      pins: [
+        "cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
+        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=",
+      ],
+      versions: [Services.appinfo.version],
+    },
+  ];
+  await PinningBlocklistClient.emit("sync", { data: { current } });
 
   // check that a pin exists for one.example.com
-  ok(sss.isSecureURI(sss.HEADER_HPKP,
-                     Services.io.newURI("https://one.example.com"), 0));
+  ok(
+    sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://one.example.com"),
+      0
+    )
+  );
 });
 
 add_task(async function test_existing_entries_are_erased() {
   const current = [];
   await PinningBlocklistClient.emit("sync", { data: { current } });
 
   // check that no pin exists for one.example.com
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-    Services.io.newURI("https://one.example.com"), 0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://one.example.com"),
+      0
+    )
+  );
 });
 
 add_task(async function test_multiple_entries() {
-  const current = [{
-      "pinType": "KeyPin",
-      "hostName": "two.example.com",
-      "includeSubdomains": false,
-      "expires": new Date().getTime() + 1000000,
-      "pins": ["cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
-        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="],
-      "versions": [Services.appinfo.version],
-    }, {
-      "pinType": "KeyPin",
-      "hostName": "three.example.com",
-      "includeSubdomains": false,
-      "expires": new Date().getTime() + 1000000,
-      "pins": ["cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
-        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="],
-      "versions": [Services.appinfo.version, "some other version that won't match"],
-    }, {
-      "pinType": "KeyPin",
-      "hostName": "four.example.com",
-      "includeSubdomains": false,
-      "expires": new Date().getTime() + 1000000,
-      "pins": ["cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
-        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="],
-      "versions": ["some version that won't match"],
-    }, {
-      "pinType": "STSPin",
-      "hostName": "five.example.com",
-      "includeSubdomains": false,
-      "expires": new Date().getTime() + 1000000,
-      "versions": [Services.appinfo.version, "some version that won't match"],
+  const current = [
+    {
+      pinType: "KeyPin",
+      hostName: "two.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      pins: [
+        "cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
+        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=",
+      ],
+      versions: [Services.appinfo.version],
+    },
+    {
+      pinType: "KeyPin",
+      hostName: "three.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      pins: [
+        "cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
+        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=",
+      ],
+      versions: [
+        Services.appinfo.version,
+        "some other version that won't match",
+      ],
+    },
+    {
+      pinType: "KeyPin",
+      hostName: "four.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      pins: [
+        "cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=",
+        "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=",
+      ],
+      versions: ["some version that won't match"],
+    },
+    {
+      pinType: "STSPin",
+      hostName: "five.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      versions: [Services.appinfo.version, "some version that won't match"],
     },
   ];
-  await PinningBlocklistClient.emit("sync", { data: { current }});
+  await PinningBlocklistClient.emit("sync", { data: { current } });
 
   // check that a pin exists for two.example.com and three.example.com
-  ok(sss.isSecureURI(sss.HEADER_HPKP,
-                     Services.io.newURI("https://two.example.com"), 0));
-  ok(sss.isSecureURI(sss.HEADER_HPKP,
-                     Services.io.newURI("https://three.example.com"), 0));
+  ok(
+    sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://two.example.com"),
+      0
+    )
+  );
+  ok(
+    sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://three.example.com"),
+      0
+    )
+  );
   // check that a pin does not exist for four.example.com - it's in the
   // collection but the version should not match
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-                      Services.io.newURI("https://four.example.com"), 0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://four.example.com"),
+      0
+    )
+  );
   // Check that the HSTS preload added to the collection works...
-  ok(sss.isSecureURI(sss.HEADER_HSTS,
-    Services.io.newURI("https://five.example.com"), 0));
+  ok(
+    sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://five.example.com"),
+      0
+    )
+  );
   // // ...and that includeSubdomains is honored
-  ok(!sss.isSecureURI(sss.HEADER_HSTS,
-                      Services.io.newURI("https://subdomain.five.example.com"),
-                      0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://subdomain.five.example.com"),
+      0
+    )
+  );
 
   // Overwrite existing entries.
   current[current.length - 1].includeSubdomains = true;
   await PinningBlocklistClient.emit("sync", { data: { current } });
   // The STS entry for five.example.com now has includeSubdomains set;
   // ensure that the new includeSubdomains value is honored.
-  ok(sss.isSecureURI(sss.HEADER_HSTS,
-    Services.io.newURI("https://subdomain.five.example.com"),
-    0));
+  ok(
+    sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://subdomain.five.example.com"),
+      0
+    )
+  );
 });
 
 add_task(async function test_bad_entries() {
-  const current = [{
-      "irrelevant": "this entry looks nothing whatsoever like a pin preload",
-      "pinType": "KeyPin",
-    }, {
-      "irrelevant": "this entry has data of the wrong type",
-      "pinType": "KeyPin",
-      "hostName": 3,
-      "includeSubdomains": "nonsense",
-      "expires": "more nonsense",
-      "pins": [1, 2, 3, 4],
-    }, {
-      "irrelevant": "this entry is missing the actual pins",
-      "pinType": "KeyPin",
-      "hostName": "missingpins.example.com",
-      "includeSubdomains": false,
-      "expires": new Date().getTime() + 1000000,
-      "versions": [Services.appinfo.version],
-    }, {
-      "pinType": "STSPin",
-      "hostName": "five.example.com",
-      "includeSubdomains": true,
-      "expires": new Date().getTime() + 1000000,
+  const current = [
+    {
+      irrelevant: "this entry looks nothing whatsoever like a pin preload",
+      pinType: "KeyPin",
+    },
+    {
+      irrelevant: "this entry has data of the wrong type",
+      pinType: "KeyPin",
+      hostName: 3,
+      includeSubdomains: "nonsense",
+      expires: "more nonsense",
+      pins: [1, 2, 3, 4],
+    },
+    {
+      irrelevant: "this entry is missing the actual pins",
+      pinType: "KeyPin",
+      hostName: "missingpins.example.com",
+      includeSubdomains: false,
+      expires: new Date().getTime() + 1000000,
+      versions: [Services.appinfo.version],
+    },
+    {
+      pinType: "STSPin",
+      hostName: "five.example.com",
+      includeSubdomains: true,
+      expires: new Date().getTime() + 1000000,
     }, // missing versions.
   ];
   // The event listener will catch any error, and won't throw.
   // See https://bugzilla.mozilla.org/show_bug.cgi?id=1554939
-  await PinningBlocklistClient.emit("sync", { data: { current }});
+  await PinningBlocklistClient.emit("sync", { data: { current } });
 
-  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-    Services.io.newURI("https://missingpins.example.com"), 0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HPKP,
+      Services.io.newURI("https://missingpins.example.com"),
+      0
+    )
+  );
 
   // Check that the HSTS preload overwrites existing entries...
   // Version field is missing.
-  ok(!sss.isSecureURI(sss.HEADER_HSTS,
-                      Services.io.newURI("https://five.example.com"), 0));
+  ok(
+    !sss.isSecureURI(
+      sss.HEADER_HSTS,
+      Services.io.newURI("https://five.example.com"),
+      0
+    )
+  );
 });
--- a/security/manager/ssl/tests/unit/test_broken_fips.js
+++ b/security/manager/ssl/tests/unit/test_broken_fips.js
@@ -17,25 +17,31 @@ function run_test() {
   let keyDBName = "key3.db";
   let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
   keyDBFile.copyTo(profile, keyDBName);
 
   let secmodDBName = "secmod.db";
   let secmodDBFile = do_get_file(`test_broken_fips/${secmodDBName}`);
   secmodDBFile.copyTo(profile, secmodDBName);
 
-  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
-                   .getService(Ci.nsIPKCS11ModuleDB);
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
   ok(!moduleDB.isFIPSEnabled, "FIPS should not be enabled");
 
-  let sdr = Cc["@mozilla.org/security/sdr;1"]
-              .getService(Ci.nsISecretDecoderRing);
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
 
-  const encrypted = "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d";
+  const encrypted =
+    "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d";
   const expectedResult = "password";
   let decrypted = sdr.decryptString(encrypted);
-  equal(decrypted, expectedResult,
-        "decrypted ciphertext should match expected plaintext");
+  equal(
+    decrypted,
+    expectedResult,
+    "decrypted ciphertext should match expected plaintext"
+  );
 
   let secmodDBFileFIPS = do_get_profile();
   secmodDBFileFIPS.append(`${secmodDBName}.fips`);
   ok(secmodDBFileFIPS.exists(), "backed-up PKCS#11 module db should now exist");
 }
--- a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
+++ b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
@@ -3,18 +3,19 @@
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests exporting a certificate and key as a PKCS#12 blob and importing it
 // again with a new password set.
 
 do_get_profile();
 
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
 const CERT_COMMON_NAME = "test_cert_from_windows";
 const TEST_CERT_PASSWORD = "黒い";
 const TEST_OUTPUT_PASSWORD = "other password";
 
 function findCertByCommonName(commonName) {
   for (let cert of gCertDB.getCerts().getEnumerator()) {
--- a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_master_password.js
+++ b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_master_password.js
@@ -3,18 +3,19 @@
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests exporting a certificate and key as a PKCS#12 blob if the user has a
 // master password set.
 
 do_get_profile();
 
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
 const CERT_COMMON_NAME = "test_cert_from_windows";
 const TEST_CERT_PASSWORD = "黒い";
 
 var gPrompt = {
   password: "password",
   clickOk: true,
@@ -25,19 +26,21 @@ var gPrompt = {
   // where in the context of the arrow function, |this != gPrompt| due to
   // how objects get wrapped when going across xpcom boundaries.
   alert(title, text) {
     info(`alert('${text}')`);
     ok(false, "not expecting alert() to be called");
   },
 
   promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
-    equal(text,
-          "Please enter your master password.",
-          "password prompt text should be as expected");
+    equal(
+      text,
+      "Please enter your master password.",
+      "password prompt text should be as expected"
+    );
     equal(checkMsg, null, "checkMsg should be null");
     password.value = this.password;
     return this.clickOk;
   },
 };
 
 const gPromptFactory = {
   QueryInterface: ChromeUtils.generateQI([Ci.nsIPromptFactory]),
@@ -49,26 +52,29 @@ function findCertByCommonName(commonName
     if (cert.commonName == commonName) {
       return cert;
     }
   }
   return null;
 }
 
 function run_test() {
-  let promptFactoryCID =
-    MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory);
+  let promptFactoryCID = MockRegistrar.register(
+    "@mozilla.org/prompter;1",
+    gPromptFactory
+  );
 
   registerCleanupFunction(() => {
     MockRegistrar.unregister(promptFactoryCID);
   });
 
   // Set a master password.
-  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
-                  .getService(Ci.nsIPK11TokenDB);
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
   let token = tokenDB.getInternalKeyToken();
   token.initPassword("password");
   token.logoutSimple();
 
   // Import the certificate and key so we have something to export.
   let cert = findCertByCommonName(CERT_COMMON_NAME);
   equal(cert, null, "cert should not be found before import");
   let certFile = do_get_file(PKCS12_FILE);
@@ -96,12 +102,16 @@ function run_test() {
 
   // Attempt to export the certificate and key, but this time cancel the
   // password request dialog. The export operation should also be canceled.
   gPrompt.clickOk = false;
   let output2 = do_get_tempdir();
   output2.append("output2.p12");
   ok(!output2.exists(), "output2 shouldn't exist before exporting PKCS12 file");
   errorCode = gCertDB.exportPKCS12File(output, [cert], TEST_CERT_PASSWORD);
-  equal(errorCode, Ci.nsIX509CertDB.ERROR_PKCS12_BACKUP_FAILED, "cert should not export");
+  equal(
+    errorCode,
+    Ci.nsIX509CertDB.ERROR_PKCS12_BACKUP_FAILED,
+    "cert should not export"
+  );
 
   ok(!output2.exists(), "output2 shouldn't exist after failing to export");
 }
--- a/security/manager/ssl/tests/unit/test_certDB_import.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -2,30 +2,34 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests the various nsIX509CertDB import methods.
 
 do_get_profile();
 
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 const CA_CERT_COMMON_NAME = "importedCA";
 const TEST_EMAIL_ADDRESS = "test@example.com";
 
 let gCACertImportDialogCount = 0;
 
 // Mock implementation of nsICertificateDialogs.
 const gCertificateDialogs = {
   confirmDownloadCACert: (ctx, cert, trust) => {
     gCACertImportDialogCount++;
-    equal(cert.commonName, CA_CERT_COMMON_NAME,
-          "CA cert to import should have the correct CN");
+    equal(
+      cert.commonName,
+      CA_CERT_COMMON_NAME,
+      "CA cert to import should have the correct CN"
+    );
     trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
     return true;
   },
   setPKCS12FilePassword: (ctx, password) => {
     // This is only relevant to exporting.
     ok(false, "setPKCS12FilePassword() should not have been called");
   },
   getPKCS12FilePassword: (ctx, password) => {
@@ -78,60 +82,107 @@ function findCertByCommonName(commonName
 }
 
 function findCertByEmailAddress(emailAddress) {
   return commonFindCertBy("emailAddress", emailAddress);
 }
 
 function testImportCACert() {
   // Sanity check the CA cert is missing.
-  equal(findCertByCommonName(CA_CERT_COMMON_NAME), null,
-        "CA cert should not be in the database before import");
+  equal(
+    findCertByCommonName(CA_CERT_COMMON_NAME),
+    null,
+    "CA cert should not be in the database before import"
+  );
 
   // Import and check for success.
   let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
-  gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT,
-                             gInterfaceRequestor);
-  equal(gCACertImportDialogCount, 1,
-        "Confirmation dialog for the CA cert should only be shown once");
+  gCertDB.importCertificates(
+    caArray,
+    caArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gInterfaceRequestor
+  );
+  equal(
+    gCACertImportDialogCount,
+    1,
+    "Confirmation dialog for the CA cert should only be shown once"
+  );
 
   let caCert = findCertByCommonName(CA_CERT_COMMON_NAME);
   notEqual(caCert, null, "CA cert should now be found in the database");
-  ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT,
-                           Ci.nsIX509CertDB.TRUSTED_EMAIL),
-     "CA cert should be trusted for e-mail");
+  ok(
+    gCertDB.isCertTrusted(
+      caCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "CA cert should be trusted for e-mail"
+  );
 }
 
 function testImportEmptyCertPackage() {
   // Because this is an empty cert package, nothing will be imported. We know it succeeded if no errors are thrown.
-  let byteArray = [ 0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, 0x05, 0xa0, 0x02, 0x30, 0x00 ];
-  gCertDB.importCertificates(byteArray, byteArray.length, Ci.nsIX509Cert.CA_CERT,
-                             gInterfaceRequestor);
+  let byteArray = [
+    0x30,
+    0x0f,
+    0x06,
+    0x09,
+    0x60,
+    0x86,
+    0x48,
+    0x01,
+    0x86,
+    0xf8,
+    0x42,
+    0x02,
+    0x05,
+    0xa0,
+    0x02,
+    0x30,
+    0x00,
+  ];
+  gCertDB.importCertificates(
+    byteArray,
+    byteArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gInterfaceRequestor
+  );
 }
 
 function run_test() {
-  let certificateDialogsCID =
-    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
-                           gCertificateDialogs);
+  let certificateDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsCertificateDialogs;1",
+    gCertificateDialogs
+  );
   registerCleanupFunction(() => {
     MockRegistrar.unregister(certificateDialogsCID);
   });
 
   // Sanity check the e-mail cert is missing.
-  equal(findCertByEmailAddress(TEST_EMAIL_ADDRESS), null,
-         "E-mail cert should not be in the database before import");
+  equal(
+    findCertByEmailAddress(TEST_EMAIL_ADDRESS),
+    null,
+    "E-mail cert should not be in the database before import"
+  );
 
   // Import the CA cert so that the e-mail import succeeds.
   testImportCACert();
   testImportEmptyCertPackage();
 
   // Import the e-mail cert and check for success.
   let emailArray = getCertAsByteArray("test_certDB_import/emailEE.pem");
-  gCertDB.importEmailCertificate(emailArray, emailArray.length,
-                                 gInterfaceRequestor);
+  gCertDB.importEmailCertificate(
+    emailArray,
+    emailArray.length,
+    gInterfaceRequestor
+  );
   let emailCert = findCertByEmailAddress(TEST_EMAIL_ADDRESS);
   notEqual(emailCert, null, "E-mail cert should now be found in the database");
-  let bundle =
-    Services.strings.createBundle("chrome://pipnss/locale/pipnss.properties");
-  equal(emailCert.tokenName,
-        bundle.GetStringFromName("PrivateTokenDescription"),
-        "cert's tokenName should be the expected localized value");
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+  equal(
+    emailCert.tokenName,
+    bundle.GetStringFromName("PrivateTokenDescription"),
+    "cert's tokenName should be the expected localized value"
+  );
 }
--- a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
@@ -2,22 +2,23 @@
 // Any copyright is dedicated to the Public Domain.
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests import PKCS12 file by nsIX509CertDB.
 
 do_get_profile();
 
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
 const PKCS12_FILE_EMPTY_PASS =
-        "test_certDB_import/cert_from_windows_emptypass.pfx";
+  "test_certDB_import/cert_from_windows_emptypass.pfx";
 const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx";
 const CERT_COMMON_NAME = "test_cert_from_windows";
 const TEST_CERT_PASSWORD = "黒い";
 
 // Has getPKCS12FilePassword been called since we last reset this?
 let gGetPKCS12FilePasswordCalled = false;
 let gCurrentTestcase = null;
 
@@ -84,28 +85,33 @@ function doesCertExist(commonName) {
   }
 
   return false;
 }
 
 function runOneTestcase(testcase) {
   info(`running ${testcase.name}`);
   if (testcase.checkCertExist) {
-    ok(!doesCertExist(CERT_COMMON_NAME),
-       "cert should not be in the database before import");
+    ok(
+      !doesCertExist(CERT_COMMON_NAME),
+      "cert should not be in the database before import"
+    );
   }
 
   // Import and check for failure.
   let certFile = do_get_file(testcase.filename);
   ok(certFile, `${testcase.filename} should exist`);
   gGetPKCS12FilePasswordCalled = false;
   gCurrentTestcase = testcase;
   let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse);
   equal(errorCode, testcase.errorCode, `verifying error code`);
-  equal(doesCertExist(CERT_COMMON_NAME), testcase.successExpected,
-        `cert should${testcase.successExpected ? "" : " not"} be found now`);
+  equal(
+    doesCertExist(CERT_COMMON_NAME),
+    testcase.successExpected,
+    `cert should${testcase.successExpected ? "" : " not"} be found now`
+  );
 }
 
 function run_test() {
   for (let testcase of gTestcases) {
     runOneTestcase(testcase);
   }
 }
--- a/security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js
@@ -3,29 +3,33 @@
 // http://creativecommons.org/publicdomain/zero/1.0/
 "use strict";
 
 // Tests that a CA certificate can still be imported if the user has a master
 // password set.
 
 do_get_profile();
 
-const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
 
 const CA_CERT_COMMON_NAME = "importedCA";
 
 let gCACertImportDialogCount = 0;
 
 // Mock implementation of nsICertificateDialogs.
 const gCertificateDialogs = {
   confirmDownloadCACert: (ctx, cert, trust) => {
     gCACertImportDialogCount++;
-    equal(cert.commonName, CA_CERT_COMMON_NAME,
-          "CA cert to import should have the correct CN");
+    equal(
+      cert.commonName,
+      CA_CERT_COMMON_NAME,
+      "CA cert to import should have the correct CN"
+    );
     trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
     return true;
   },
   setPKCS12FilePassword: (ctx, password) => {
     // This is only relevant to exporting.
     ok(false, "setPKCS12FilePassword() should not have been called");
   },
   getPKCS12FilePassword: (ctx, password) => {
@@ -40,22 +44,25 @@ var gMockPrompter = {
   passwordToTry: "password",
   numPrompts: 0,
 
   // This intentionally does not use arrow function syntax to avoid an issue
   // where in the context of the arrow function, |this != gMockPrompter| due to
   // how objects get wrapped when going across xpcom boundaries.
   promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
     this.numPrompts++;
-    if (this.numPrompts > 1) { // don't keep retrying a bad password
+    if (this.numPrompts > 1) {
+      // don't keep retrying a bad password
       return false;
     }
-    equal(text,
-          "Please enter your master password.",
-          "password prompt text should be as expected");
+    equal(
+      text,
+      "Please enter your master password.",
+      "password prompt text should be as expected"
+    );
     equal(checkMsg, null, "checkMsg should be null");
     ok(this.passwordToTry, "passwordToTry should be non-null");
     password.value = this.passwordToTry;
     return true;
   },
 
   QueryInterface: ChromeUtils.generateQI([Ci.nsIPrompt]),
 
@@ -86,39 +93,56 @@ function findCertByCommonName(commonName
     if (cert.commonName == commonName) {
       return cert;
     }
   }
   return null;
 }
 
 function run_test() {
-  let certificateDialogsCID =
-    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
-                           gCertificateDialogs);
+  let certificateDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsCertificateDialogs;1",
+    gCertificateDialogs
+  );
   registerCleanupFunction(() => {
     MockRegistrar.unregister(certificateDialogsCID);
   });
 
   // Set a master password.
-  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
-                  .getService(Ci.nsIPK11TokenDB);
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
   let token = tokenDB.getInternalKeyToken();
   token.initPassword("password");
   token.logoutSimple();
 
   // Sanity check the CA cert is missing.
-  equal(findCertByCommonName(CA_CERT_COMMON_NAME), null,
-        "CA cert should not be in the database before import");
+  equal(
+    findCertByCommonName(CA_CERT_COMMON_NAME),
+    null,
+    "CA cert should not be in the database before import"
+  );
 
   // Import and check for success.
   let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
-  gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT,
-                             gMockPrompter);
-  equal(gCACertImportDialogCount, 1,
-        "Confirmation dialog for the CA cert should only be shown once");
+  gCertDB.importCertificates(
+    caArray,
+    caArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gMockPrompter
+  );
+  equal(
+    gCACertImportDialogCount,
+    1,
+    "Confirmation dialog for the CA cert should only be shown once"
+  );
 
   let caCert = findCertByCommonName(CA_CERT_COMMON_NAME);
   notEqual(caCert, null, "CA cert should now be found in the database");
-  ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT,
-                           Ci.nsIX509CertDB.TRUSTED_EMAIL),
-     "CA cert should be trusted for e-mail");
+  ok(
+    gCertDB.isCertTrusted(
+      caCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "CA cert should be trusted for e-mail"
+  );
 }
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -5,62 +5,77 @@
 
 "use strict";
 
 function test_cert_equals() {
   let certA = constructCertFromFile("bad_certs/default-ee.pem");
   let certB = constructCertFromFile("bad_certs/default-ee.pem");
   let certC = constructCertFromFile("bad_certs/expired-ee.pem");
 
-  ok(certA != certB,
-     "Cert objects constructed from the same file should not be equal" +
-     " according to the equality operators");
-  ok(certA.equals(certB),
-     "equals() on cert objects constructed from the same cert file should" +
-     " return true");
-  ok(!certA.equals(certC),
-     "equals() on cert objects constructed from files for different certs" +
-     " should return false");
+  ok(
+    certA != certB,
+    "Cert objects constructed from the same file should not be equal" +
+      " according to the equality operators"
+  );
+  ok(
+    certA.equals(certB),
+    "equals() on cert objects constructed from the same cert file should" +
+      " return true"
+  );
+  ok(
+    !certA.equals(certC),
+    "equals() on cert objects constructed from files for different certs" +
+      " should return false"
+  );
 }
 
 function test_bad_cert_list_serialization() {
   // Normally the serialization of an nsIX509CertList consists of some header
   // junk (IIDs and whatnot), 4 bytes representing how many nsIX509Cert follow,
   // and then the serialization of each nsIX509Cert. This serialization consists
   // of the header junk for an nsIX509CertList with 1 "nsIX509Cert", but then
   // instead of an nsIX509Cert, the subsequent bytes represent the serialization
   // of another nsIX509CertList (with 0 nsIX509Cert). This test ensures that
   // nsIX509CertList safely handles this unexpected input when deserializing.
   const badCertListSerialization =
     "lZ+xZWUXSH+rm9iRO+UxlwAAAAAAAAAAwAAAAAAAAEYAAAABlZ+xZWUXSH+rm9iRO+UxlwAAAAAA" +
     "AAAAwAAAAAAAAEYAAAAA";
-  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                    .getService(Ci.nsISerializationHelper);
-  throws(() => serHelper.deserializeObject(badCertListSerialization),
-         /NS_ERROR_UNEXPECTED/,
-         "deserializing a bogus nsIX509CertList should throw NS_ERROR_UNEXPECTED");
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
+    Ci.nsISerializationHelper
+  );
+  throws(
+    () => serHelper.deserializeObject(badCertListSerialization),
+    /NS_ERROR_UNEXPECTED/,
+    "deserializing a bogus nsIX509CertList should throw NS_ERROR_UNEXPECTED"
+  );
 }
 
 function test_cert_list_serialization() {
   let certList = build_cert_chain(["default-ee", "expired-ee"]);
 
-  throws(() => certList.addCert(null), /NS_ERROR_ILLEGAL_VALUE/,
-         "trying to add a null cert to an nsIX509CertList should throw");
+  throws(
+    () => certList.addCert(null),
+    /NS_ERROR_ILLEGAL_VALUE/,
+    "trying to add a null cert to an nsIX509CertList should throw"
+  );
 
   // Serialize the cert list to a string
-  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                    .getService(Ci.nsISerializationHelper);
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
+    Ci.nsISerializationHelper
+  );
   certList.QueryInterface(Ci.nsISerializable);
   let serialized = serHelper.serializeToString(certList);
 
   // Deserialize from the string and compare to the original object
   let deserialized = serHelper.deserializeObject(serialized);
   deserialized.QueryInterface(Ci.nsIX509CertList);
-  ok(certList.equals(deserialized),
-     "Deserialized cert list should equal the original");
+  ok(
+    certList.equals(deserialized),
+    "Deserialized cert list should equal the original"
+  );
 }
 
 // We hard-code the following certificates for the pkcs7 export tests so that we
 // don't have to change the test data when the certificates change each year.
 // Luckily these tests don't depend on the certificates being valid, so it's ok
 // to let them expire.
 const gDefaultEEPEM = `-----BEGIN CERTIFICATE-----
 MIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQEL
@@ -165,20 +180,22 @@ AILNZM9yT9ylMpjyi0tXaDORzpHiJ8vEoVKk98bC
 Bxe9qigT8rQwKprXq5RvgIZ32QLn/yMPiCp/e6zBdsx77TkfmnSnxvPi+0nlA+eM
 8JYN0UST4vWD4vPPX9GgZDVoGQTiF3hUivJ5R8sHb/ozcSukMKQQ22+AIU7w6wyA
 IbCAG7Pab4k2XFAeEnUZsl9fCym5jsPN9Pnv9rlBi6h8shHw1R2ROXjgxubjiMr3
 B456vFTJImLJjyA1iTSlr/+VXGUYg6Z0/HYnsO00+8xUKM71dPxGAfIFNaSscpyk
 rGFLvocT/kym6r8galxCJUo=
 -----END CERTIFICATE-----`;
 
 function build_cert_list_from_pem_list(pemList) {
-  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
-                 .getService(Ci.nsIX509CertDB);
-  let certList = Cc["@mozilla.org/security/x509certlist;1"]
-                   .createInstance(Ci.nsIX509CertList);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let certList = Cc["@mozilla.org/security/x509certlist;1"].createInstance(
+    Ci.nsIX509CertList
+  );
   for (let pem of pemList) {
     let cert = certdb.constructX509FromBase64(pemToBase64(pem));
     certList.addCert(cert);
   }
   return certList;
 }
 
 function test_cert_pkcs7_export() {
@@ -216,20 +233,26 @@ function test_cert_pkcs7_export() {
     "dWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnB" +
     "pbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi" +
     "8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvl" +
     "aobK2YRb4OGMxySIKuQ80N0XlO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0sw" +
     "x/+oUxCfLb0VIl/kdUqLkbGYrAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j" +
     "3rXoimcdo6X3TK1SN2/64fGMyG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t" +
     "/UgqDsnTWq5wUc5IJKwoHT41sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9W" +
     "tZYAvwT78a2xpHp5XNglj16IjWEukvJuU1WMQAAAAAAAAA=";
-  let certListDefaultEE = build_cert_list_from_pem_list([gDefaultEEPEM, gTestCAPEM]);
+  let certListDefaultEE = build_cert_list_from_pem_list([
+    gDefaultEEPEM,
+    gTestCAPEM,
+  ]);
   let pkcs7DefaultEE = certListDefaultEE.asPKCS7Blob();
-  equal(btoa(pkcs7DefaultEE), expectedPKCS7ForDefaultEE,
-        "PKCS7 export should work as expected for default-ee chain");
+  equal(
+    btoa(pkcs7DefaultEE),
+    expectedPKCS7ForDefaultEE,
+    "PKCS7 export should work as expected for default-ee chain"
+  );
 
   // This was generated by running BadCertServer locally on the bad_certs
   // directory and visiting:
   // https://unknownissuer.example.com:8443/
   // and then viewing the certificate presented (in the add certificate
   // exception dialog) and exporting it.
   const expectedPKCS7ForUnknownIssuer =
     "MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCCA60wggOpMIICkaADAgE" +
@@ -246,20 +269,25 @@ function test_cert_pkcs7_export() {
     "Wlucy5waW5uaW5nLmV4YW1wbGUuY29tgit1bmtub3duaXNzdWVyLnRlc3QtbW9kZS5waW5u" +
     "aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x" +
     "vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAsCcmMEn4w5zuQxHOYRJhlFLEpq" +
     "TsDUrrvEFdbNaYre3dZe979EuNX9GFvJM3bSHZmNJVy4POA1gL9En/Pdd3lD1AQaiLWXLzg" +
     "d5p4fD/eRRIfG8ncmds+7aWT3pTnLu1cRV9sRVlinHhSzvZ+5RE9auJWV0gsfaWCsSD6Ipl" +
     "Ztj/BxO9+7WP9+UyQYQ6lzUfK2WZH1+QIOerMV9ya/sSHdfUGJIE4h6YadQfE43CW2FITrw" +
     "gi0TmXdzzYbyhAaa97qvQ32Hu3qikiMfWSgVYxyT+nMMDTUWZZ7LgBJ2WaMTw1IkCXXOwXw" +
     "SIs5l4jWu+6txfBU53Q6WT39BPmHBOSTEAAAAAAAAA";
-  let certListUnknownIssuer = build_cert_list_from_pem_list([gUnknownIssuerPEM]);
+  let certListUnknownIssuer = build_cert_list_from_pem_list([
+    gUnknownIssuerPEM,
+  ]);
   let pkcs7UnknownIssuer = certListUnknownIssuer.asPKCS7Blob();
-  equal(btoa(pkcs7UnknownIssuer), expectedPKCS7ForUnknownIssuer,
-        "PKCS7 export should work as expected for unknown issuer");
+  equal(
+    btoa(pkcs7UnknownIssuer),
+    expectedPKCS7ForUnknownIssuer,
+    "PKCS7 export should work as expected for unknown issuer"
+  );
 
   // This was generated by running OCSPStaplingServer locally on the ocsp_certs
   // directory and visiting:
   // https://ocsp-stapling-with-intermediate.example.com:8443/
   // and then viewing the certificate chain presented (in the page info dialog)
   // and exporting it.
   // (NB: test-ca must be imported and trusted for the connection to succeed)
   const expectedPKCS7WithIntermediate =
@@ -302,40 +330,59 @@ function test_cert_pkcs7_export() {
     "q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWzBZMCMGA1U" +
     "dEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKw" +
     "YBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQADggEBACjTj" +
     "eEzgaJS2hco5AHa/QLycXhjLOl/6LQuXFAIVmSIti72ki5C7XojdNstBEHCEILSaXtOokEB" +
     "uvLMgtOisJA/wDVZBrWS3pxvfSMLJctxacMD9Qs97Gf1xibojRjIsWWeRxXMwYsVz4vJZMA" +
     "8Rbmsxq67mI46n/ovmsEXQz1uDnJdIY0O/yCTclz6iklsENOsC4oM0uklISniuqi80WeKvO" +
     "UlYNL5JwCxYe2gtysfqCdBE+wRXVYVCdivceQBqRhCiT3GzkCKQFLqaDPj9wUG2zxtIZK5f" +
     "Fy2Q3ZKztjmXdiZNgoLE/Pqt61V+uGL+KyUfhbfP0em7dmrIAI7otsxAAAAAAAAAA==";
-  let certListWithIntermediate = build_cert_list_from_pem_list(
-    [gOCSPEEWithIntermediatePEM, gTestIntPEM, gTestCAPEM]);
+  let certListWithIntermediate = build_cert_list_from_pem_list([
+    gOCSPEEWithIntermediatePEM,
+    gTestIntPEM,
+    gTestCAPEM,
+  ]);
   let pkcs7WithIntermediate = certListWithIntermediate.asPKCS7Blob();
-  equal(btoa(pkcs7WithIntermediate), expectedPKCS7WithIntermediate,
-        "PKCS7 export should work as expected for chain with intermediate");
+  equal(
+    btoa(pkcs7WithIntermediate),
+    expectedPKCS7WithIntermediate,
+    "PKCS7 export should work as expected for chain with intermediate"
+  );
 }
 
 function test_security_info_serialization(securityInfo, expectedErrorCode) {
   // Serialize the securityInfo to a string
-  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                    .getService(Ci.nsISerializationHelper);
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
+    Ci.nsISerializationHelper
+  );
   let serialized = serHelper.serializeToString(securityInfo);
 
   // Deserialize from the string and compare to the original object
   let deserialized = serHelper.deserializeObject(serialized);
   deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
-  equal(securityInfo.securityState, deserialized.securityState,
-        "Original and deserialized security state should match");
-  equal(securityInfo.errorMessage, deserialized.errorMessage,
-        "Original and deserialized error message should match");
-  equal(securityInfo.errorCode, expectedErrorCode,
-        "Original and expected error code should match");
-  equal(deserialized.errorCode, expectedErrorCode,
-        "Deserialized and expected error code should match");
+  equal(
+    securityInfo.securityState,
+    deserialized.securityState,
+    "Original and deserialized security state should match"
+  );
+  equal(
+    securityInfo.errorMessage,
+    deserialized.errorMessage,
+    "Original and deserialized error message should match"
+  );
+  equal(
+    securityInfo.errorCode,
+    expectedErrorCode,
+    "Original and expected error code should match"
+  );
+  equal(
+    deserialized.errorCode,
+    expectedErrorCode,
+    "Deserialized and expected error code should match"
+  );
 }
 
 function run_test() {
   do_get_profile();
   add_tls_server_setup("BadCertServer", "bad_certs");
 
   // Test nsIX509Cert.equals
   add_test(function() {
@@ -357,73 +404,102 @@ function run_test() {
   add_test(function() {
     test_cert_pkcs7_export();
     run_next_test();
   });
 
   // Test successful connection (failedCertChain should be null)
   add_connection_test(
     // re-use pinning certs (keeler)
-    "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess,
+    null,
     function withSecurityInfo(aTransportSecurityInfo) {
       aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
       test_security_info_serialization(aTransportSecurityInfo, 0);
-      equal(aTransportSecurityInfo.failedCertChain, null,
-            "failedCertChain for a successful connection should be null");
+      equal(
+        aTransportSecurityInfo.failedCertChain,
+        null,
+        "failedCertChain for a successful connection should be null"
+      );
     }
   );
 
   // Test overrideable connection failure (failedCertChain should be non-null)
   add_connection_test(
     "expired.example.com",
     SEC_ERROR_EXPIRED_CERTIFICATE,
     null,
     function withSecurityInfo(securityInfo) {
       securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-      test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE);
-      notEqual(securityInfo.failedCertChain, null,
-               "failedCertChain should not be null for an overrideable" +
-               " connection failure");
+      test_security_info_serialization(
+        securityInfo,
+        SEC_ERROR_EXPIRED_CERTIFICATE
+      );
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for an overrideable" +
+          " connection failure"
+      );
       let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
-      ok(originalCertChain.equals(securityInfo.failedCertChain),
-         "failedCertChain should equal the original cert chain for an" +
-         " overrideable connection failure");
+      ok(
+        originalCertChain.equals(securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for an" +
+          " overrideable connection failure"
+      );
     }
   );
 
   // Test overrideable connection failure (failedCertChain should be non-null)
   add_connection_test(
     "unknownissuer.example.com",
     SEC_ERROR_UNKNOWN_ISSUER,
     null,
     function withSecurityInfo(securityInfo) {
       securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
       test_security_info_serialization(securityInfo, SEC_ERROR_UNKNOWN_ISSUER);
-      notEqual(securityInfo.failedCertChain, null,
-               "failedCertChain should not be null for an overrideable" +
-               " connection failure");
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for an overrideable" +
+          " connection failure"
+      );
       let originalCertChain = build_cert_chain(["unknownissuer"]);
-      ok(originalCertChain.equals(securityInfo.failedCertChain),
-         "failedCertChain should equal the original cert chain for an" +
-         " overrideable connection failure");
+      ok(
+        originalCertChain.equals(securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for an" +
+          " overrideable connection failure"
+      );
     }
   );
 
   // Test non-overrideable error (failedCertChain should be non-null)
   add_connection_test(
     "inadequatekeyusage.example.com",
     SEC_ERROR_INADEQUATE_KEY_USAGE,
     null,
     function withSecurityInfo(securityInfo) {
       securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-      test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE);
-      notEqual(securityInfo.failedCertChain, null,
-               "failedCertChain should not be null for a non-overrideable" +
-               " connection failure");
-      let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]);
-      ok(originalCertChain.equals(securityInfo.failedCertChain),
-         "failedCertChain should equal the original cert chain for a" +
-         " non-overrideable connection failure");
+      test_security_info_serialization(
+        securityInfo,
+        SEC_ERROR_INADEQUATE_KEY_USAGE
+      );
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for a non-overrideable" +
+          " connection failure"
+      );
+      let originalCertChain = build_cert_chain([
+        "inadequatekeyusage-ee",
+        "test-ca",
+      ]);
+      ok(
+        originalCertChain.equals(securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for a" +
+          " non-overrideable connection failure"
+      );
     }
   );
 
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_cert_dbKey.js
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@@ -29,37 +29,42 @@ function encodeCommonNameAsBytes(commonN
   //          0C (UTF8String) <length of common name>
   //             <common name bytes>
   // To make things simple, it would be nice to have the length of each
   // component be less than 128 bytes (so we can have single-byte lengths).
   // For this to hold, the maximum length of the contents of the outermost
   // SEQUENCE must be 127. Everything not in the contents of the common name
   // will take up 11 bytes, so the value of the common name itself can be at
   // most 116 bytes.
-  ok(commonName.length <= 116,
-     "test assumption: common name can't be longer than 116 bytes (makes " +
-     "DER encoding easier)");
-  let commonNameOIDBytes = [ 0x06, 0x03, 0x55, 0x04, 0x03 ];
-  let commonNameBytes = [ 0x0C, commonName.length ];
+  ok(
+    commonName.length <= 116,
+    "test assumption: common name can't be longer than 116 bytes (makes " +
+      "DER encoding easier)"
+  );
+  let commonNameOIDBytes = [0x06, 0x03, 0x55, 0x04, 0x03];
+  let commonNameBytes = [0x0c, commonName.length];
   for (let i = 0; i < commonName.length; i++) {
     commonNameBytes.push(commonName.charCodeAt(i));
   }
   let bytes = commonNameOIDBytes.concat(commonNameBytes);
   bytes.unshift(bytes.length);
   bytes.unshift(0x30); // SEQUENCE
   bytes.unshift(bytes.length);
   bytes.unshift(0x31); // SET
   bytes.unshift(bytes.length);
   bytes.unshift(0x30); // SEQUENCE
   return bytes;
 }
 
 function testInvalidDBKey(certDB, dbKey) {
-  throws(() => certDB.findCertByDBKey(dbKey), /NS_ERROR_ILLEGAL_INPUT/,
-         `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`);
+  throws(
+    () => certDB.findCertByDBKey(dbKey),
+    /NS_ERROR_ILLEGAL_INPUT/,
+    `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`
+  );
 }
 
 function testDBKeyForNonexistentCert(certDB, dbKey) {
   let cert = certDB.findCertByDBKey(dbKey);
   ok(!cert, "shouldn't find cert for given dbKey");
 }
 
 function byteArrayToByteString(bytes) {
@@ -67,80 +72,192 @@ function byteArrayToByteString(bytes) {
   for (let b of bytes) {
     byteString += String.fromCharCode(b);
   }
   return byteString;
 }
 
 function run_test() {
   do_get_profile();
-  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
-                 .getService(Ci.nsIX509CertDB);
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
   let cert = constructCertFromFile("bad_certs/test-ca.pem");
-  equal(cert.issuerName, "CN=" + cert.issuerCommonName,
-        "test assumption: this certificate's issuer distinguished name " +
-        "consists only of a common name");
+  equal(
+    cert.issuerName,
+    "CN=" + cert.issuerCommonName,
+    "test assumption: this certificate's issuer distinguished name " +
+      "consists only of a common name"
+  );
   let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName);
-  ok(issuerBytes.length < 256,
-     "test assumption: length of encoded issuer is less than 256 bytes");
+  ok(
+    issuerBytes.length < 256,
+    "test assumption: length of encoded issuer is less than 256 bytes"
+  );
   let serialNumberBytes = hexStringToBytes(cert.serialNumber);
-  ok(serialNumberBytes.length < 256,
-     "test assumption: length of encoded serial number is less than 256 bytes");
-  let dbKeyHeader = [ 0, 0, 0, 0, 0, 0, 0, 0,
-                      0, 0, 0, serialNumberBytes.length,
-                      0, 0, 0, issuerBytes.length ];
+  ok(
+    serialNumberBytes.length < 256,
+    "test assumption: length of encoded serial number is less than 256 bytes"
+  );
+  let dbKeyHeader = [
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    serialNumberBytes.length,
+    0,
+    0,
+    0,
+    issuerBytes.length,
+  ];
   let expectedDbKeyBytes = dbKeyHeader.concat(serialNumberBytes, issuerBytes);
   let expectedDbKey = btoa(byteArrayToByteString(expectedDbKeyBytes));
-  equal(cert.dbKey, expectedDbKey,
-        "actual and expected dbKey values should match");
+  equal(
<