Bug 879137, Part 3: Move PSMContentListener to its own source file, r=keeler
authorBrian Smith <bsmith@mozilla.com>
Sat, 22 Jun 2013 15:57:15 -0700
changeset 147682 f5591bedc40ed2075c95375a5594297fba1c23b1
parent 147681 cc9980cb3db22d7ca88710bbfa8de269d8853af7
child 147683 8cac85f8f5125eda0fa44845fa2acb742b0e4119
push id2697
push userbbajaj@mozilla.com
push dateMon, 05 Aug 2013 18:49:53 +0000
treeherdermozilla-beta@dfec938c7b63 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs879137
milestone24.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 879137, Part 3: Move PSMContentListener to its own source file, r=keeler
security/manager/ssl/src/CertVerifier.cpp
security/manager/ssl/src/PSMContentListener.cpp
security/manager/ssl/src/PSMContentListener.h
security/manager/ssl/src/SSLServerCertVerification.cpp
security/manager/ssl/src/TransportSecurityInfo.cpp
security/manager/ssl/src/moz.build
security/manager/ssl/src/nsNSSCallbacks.cpp
security/manager/ssl/src/nsNSSCertHelper.cpp
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSComponent.h
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/src/nsNSSModule.cpp
security/manager/ssl/src/nsPK11TokenDB.cpp
security/manager/ssl/src/nsSDR.cpp
security/manager/ssl/src/nsSmartCardMonitor.cpp
security/manager/ssl/src/nsUsageArrayHelper.cpp
--- a/security/manager/ssl/src/CertVerifier.cpp
+++ b/security/manager/ssl/src/CertVerifier.cpp
@@ -1,14 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "CertVerifier.h"
 #include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
 #include "cert.h"
 #include "secerr.h"
 
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/src/PSMContentListener.cpp
@@ -0,0 +1,320 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef MOZ_LOGGING
+#define FORCE_PR_LOG 1
+#endif
+
+#include "PSMContentListener.h"
+
+#include "nsIStreamListener.h"
+#include "nsIX509CertDB.h"
+
+#include "mozilla/Services.h"
+
+#include "nsCRT.h"
+#include "nsNetUtil.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+
+#include "prlog.h"
+
+#ifdef MOZ_LOGGING
+extern PRLogModuleInfo* gPIPNSSLog;
+#endif
+
+namespace mozilla { namespace psm {
+
+namespace {
+
+class PSMContentDownloader : public nsIStreamListener
+{
+public:
+  PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
+  PSMContentDownloader(uint32_t type);
+  virtual ~PSMContentDownloader();
+  void setSilentDownload(bool flag);
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
+
+  enum {UNKNOWN_TYPE = 0};
+  enum {X509_CA_CERT  = 1};
+  enum {X509_USER_CERT  = 2};
+  enum {X509_EMAIL_CERT  = 3};
+  enum {X509_SERVER_CERT  = 4};
+
+protected:
+  char* mByteData;
+  int32_t mBufferOffset;
+  int32_t mBufferSize;
+  uint32_t mType;
+  nsCOMPtr<nsIURI> mURI;
+};
+
+PSMContentDownloader::PSMContentDownloader(uint32_t type)
+  : mByteData(nullptr),
+    mType(type)
+{
+}
+
+PSMContentDownloader::~PSMContentDownloader()
+{
+  if (mByteData)
+    nsMemory::Free(mByteData);
+}
+
+NS_IMPL_ISUPPORTS2(PSMContentDownloader, nsIStreamListener, nsIRequestObserver)
+
+const int32_t kDefaultCertAllocLength = 2048;
+
+NS_IMETHODIMP
+PSMContentDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
+{
+  nsresult rv;
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStartRequest\n"));
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+  if (!channel) return NS_ERROR_FAILURE;
+
+  // Get the URI //
+  channel->GetURI(getter_AddRefs(mURI));
+
+  int64_t contentLength;
+  rv = channel->GetContentLength(&contentLength);
+  if (NS_FAILED(rv) || contentLength <= 0)
+    contentLength = kDefaultCertAllocLength;
+  if (contentLength > INT32_MAX)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  mBufferOffset = 0;
+  mBufferSize = 0;
+  mByteData = (char*) nsMemory::Alloc(contentLength);
+  if (!mByteData)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  mBufferSize = int32_t(contentLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloader::OnDataAvailable(nsIRequest* request,
+                                nsISupports* context,
+                                nsIInputStream *aIStream,
+                                uint64_t aSourceOffset,
+                                uint32_t aLength)
+{
+  if (!mByteData)
+    return NS_ERROR_OUT_OF_MEMORY;
+  
+  uint32_t amt;
+  nsresult err;
+  //Do a check to see if we need to allocate more memory.
+  if ((mBufferOffset + (int32_t)aLength) > mBufferSize) {
+      size_t newSize = (mBufferOffset + aLength) *2; // grow some more than needed
+      char *newBuffer;
+      newBuffer = (char*)nsMemory::Realloc(mByteData, newSize);
+      if (!newBuffer) {
+        return NS_ERROR_OUT_OF_MEMORY;
+      }
+      mByteData = newBuffer;
+      mBufferSize = newSize;
+  }
+  
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnDataAvailable\n"));
+  do {
+    err = aIStream->Read(mByteData+mBufferOffset,
+                         aLength, &amt);
+    if (NS_FAILED(err)) return err;
+    if (amt == 0) break;
+    
+    aLength -= amt;
+    mBufferOffset += amt;
+    
+  } while (aLength > 0);
+  
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloader::OnStopRequest(nsIRequest* request,
+                              nsISupports* context,
+                              nsresult aStatus)
+{
+  nsNSSShutDownPreventionLock locker;
+  //Check if the download succeeded - it might have failed due to
+  //network issues, etc.
+  if (NS_FAILED(aStatus)){
+    return aStatus;
+  }
+
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
+
+  nsCOMPtr<nsIX509CertDB> certdb;
+
+  nsresult rv;
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+
+  switch (mType) {
+  case PSMContentDownloader::X509_CA_CERT:
+  case PSMContentDownloader::X509_USER_CERT:
+  case PSMContentDownloader::X509_EMAIL_CERT:
+    certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+    break;
+
+  default:
+    break;
+  }
+
+  switch (mType) {
+  case PSMContentDownloader::X509_CA_CERT:
+    return certdb->ImportCertificates((uint8_t*)mByteData, mBufferOffset, mType, ctx); 
+  case PSMContentDownloader::X509_USER_CERT:
+    return certdb->ImportUserCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
+  case PSMContentDownloader::X509_EMAIL_CERT:
+    return certdb->ImportEmailCertificate((uint8_t*)mByteData, mBufferOffset, ctx); 
+  default:
+    rv = NS_ERROR_FAILURE;
+    break;
+  }
+  
+  return rv;
+}
+
+/* other mime types that we should handle sometime:
+   
+   application/x-pkcs7-mime
+   application/pkcs7-signature
+   application/pre-encrypted
+   
+*/
+
+uint32_t
+getPSMContentType(const char * aContentType)
+{ 
+  // Don't forget to update the registration of content listeners in nsNSSModule.cpp 
+  // for every supported content type.
+  
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
+    return PSMContentDownloader::X509_CA_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
+    return PSMContentDownloader::X509_SERVER_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
+    return PSMContentDownloader::X509_USER_CERT;
+  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
+    return PSMContentDownloader::X509_EMAIL_CERT;
+
+  return PSMContentDownloader::UNKNOWN_TYPE;
+}
+
+} // unnamed namespace
+
+NS_IMPL_ISUPPORTS2(PSMContentListener,
+                   nsIURIContentListener,
+                   nsISupportsWeakReference) 
+
+PSMContentListener::PSMContentListener()
+{
+  mLoadCookie = nullptr;
+  mParentContentListener = nullptr;
+}
+
+PSMContentListener::~PSMContentListener()
+{
+}
+
+nsresult
+PSMContentListener::init()
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::OnStartURIOpen(nsIURI *aURI, bool *aAbortOpen)
+{
+  //if we don't want to handle the URI, return true in
+  //*aAbortOpen
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::IsPreferred(const char * aContentType,
+                                 char ** aDesiredContentType,
+                                 bool * aCanHandleContent)
+{
+  return CanHandleContent(aContentType, true,
+                          aDesiredContentType, aCanHandleContent);
+}
+
+NS_IMETHODIMP
+PSMContentListener::CanHandleContent(const char * aContentType,
+                                      bool aIsContentPreferred,
+                                      char ** aDesiredContentType,
+                                      bool * aCanHandleContent)
+{
+  uint32_t type;
+  type = getPSMContentType(aContentType);
+  if (type == PSMContentDownloader::UNKNOWN_TYPE) {
+    *aCanHandleContent = false;
+  } else {
+    *aCanHandleContent = true;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::DoContent(const char * aContentType,
+                               bool aIsContentPreferred,
+                               nsIRequest * aRequest,
+                               nsIStreamListener ** aContentHandler,
+                               bool * aAbortProcess)
+{
+  PSMContentDownloader *downLoader;
+  uint32_t type;
+  type = getPSMContentType(aContentType);
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PSMContentListener::DoContent\n"));
+  if (type != PSMContentDownloader::UNKNOWN_TYPE) {
+    downLoader = new PSMContentDownloader(type);
+    if (downLoader) {
+      downLoader->QueryInterface(NS_GET_IID(nsIStreamListener), 
+                                            (void **)aContentHandler);
+      return NS_OK;
+    }
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
+{
+  *aLoadCookie = mLoadCookie;
+  NS_IF_ADDREF(*aLoadCookie);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetLoadCookie(nsISupports * aLoadCookie)
+{
+  mLoadCookie = aLoadCookie;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetParentContentListener(nsIURIContentListener ** aContentListener)
+{
+  *aContentListener = mParentContentListener;
+  NS_IF_ADDREF(*aContentListener);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentListener)
+{
+  mParentContentListener = aContentListener;
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/src/PSMContentListener.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_PSMCOntentListener_h_
+#define mozilla_psm_PSMCOntentListener_h_
+
+#include "nsCOMPtr.h"
+#include "nsIURIContentListener.h"
+#include "nsWeakReference.h"
+
+#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
+#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
+
+namespace mozilla { namespace psm {
+
+class PSMContentListener : public nsIURIContentListener,
+                            public nsSupportsWeakReference {
+public:
+  PSMContentListener();
+  virtual ~PSMContentListener();
+  nsresult init();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIURICONTENTLISTENER
+private:
+  nsCOMPtr<nsISupports> mLoadCookie;
+  nsCOMPtr<nsIURIContentListener> mParentContentListener;
+};
+
+} } // namespace mozilla::psm
+
+#endif // mozilla_psm_PSMCOntentListener_h
--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
@@ -104,16 +104,17 @@
 #include "nsRecentBadCerts.h"
 #include "nsNSSIOLayer.h"
 #include "nsNSSShutDown.h"
 
 #include "mozilla/Assertions.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/Telemetry.h"
 #include "nsIThreadPool.h"
+#include "nsNetUtil.h"
 #include "nsXPCOMCIDInternal.h"
 #include "nsComponentManagerUtils.h"
 #include "nsServiceManagerUtils.h"
 #include "nsIConsoleService.h"
 #include "PSMRunnable.h"
 #include "SharedSSLState.h"
 
 #include "ssl.h"
--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -12,16 +12,18 @@
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
 #include "nsICertOverrideService.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsNSSCertHelper.h"
 #include "nsIProgrammingLanguage.h"
 #include "nsIArray.h"
+#include "nsComponentManagerUtils.h"
+#include "nsServiceManagerUtils.h"
 #include "PSMRunnable.h"
 #include "ScopedNSSTypes.h"
 
 #include "secerr.h"
 
 //#define DEBUG_SSL_VERBOSE //Enable this define to get minimal 
                             //reports when doing SSL read/write
                             
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -61,16 +61,17 @@ CPP_SOURCES += [
     'nsRecentBadCerts.cpp',
     'nsSDR.cpp',
     'NSSErrorsService.cpp',
     'nsSSLSocketProvider.cpp',
     'nsSSLStatus.cpp',
     'nsStreamCipher.cpp',
     'nsTLSSocketProvider.cpp',
     'nsUsageArrayHelper.cpp',
+	'PSMContentListener.cpp',
     'PSMRunnable.cpp',
     'SharedSSLState.cpp',
     'SSLServerCertVerification.cpp',
     'TransportSecurityInfo.cpp',
 ]
 
 if not CONFIG['MOZ_DISABLE_CRYPTOLEGACY']:
     CPP_SOURCES += [
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -18,16 +18,17 @@
 #include "nsThreadUtils.h"
 #include "nsIPrompt.h"
 #include "nsProxyRelease.h"
 #include "PSMRunnable.h"
 #include "ScopedNSSTypes.h"
 #include "nsIConsoleService.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsCRT.h"
+#include "nsNetUtil.h"
 #include "SharedSSLState.h"
 
 #include "ssl.h"
 #include "sslproto.h"
 #include "ocsp.h"
 #include "nssb64.h"
 
 using namespace mozilla;
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -5,22 +5,24 @@
 #include "prerror.h"
 #include "prprf.h"
 
 #include "ScopedNSSTypes.h"
 #include "nsNSSCertHelper.h"
 #include "nsCOMPtr.h"
 #include "nsNSSCertificate.h"
 #include "secder.h"
+#include "nsComponentManagerUtils.h"
 #include "nsNSSCertValidity.h"
 #include "nsNSSASN1Object.h"
 #include "nsNSSComponent.h"
 #include "nsNSSCertTrust.h"
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
+#include "nsServiceManagerUtils.h"
 #include <algorithm>
 
 using namespace mozilla;
  
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 
 /* Object Identifier constants */
 #define CONST_OID static const unsigned char
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -8,17 +8,16 @@
 #define FORCE_PR_LOG 1
 #endif
 
 #include "nsNSSComponent.h"
 
 #include "CertVerifier.h"
 #include "nsCertVerificationThread.h"
 #include "nsAppDirectoryServiceDefs.h"
-#include "nsCURILoader.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsICertOverrideService.h"
 #include "nsIPrefService.h"
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 #include "nsIDOMNode.h"
 #include "nsIDOMEvent.h"
 #include "nsIDOMDocument.h"
@@ -30,17 +29,16 @@
 #include "nsIDOMCryptoLegacy.h"
 #include "nsIPrincipal.h"
 #else
 #include "nsIDOMCrypto.h"
 #endif
 
 #include "nsCRT.h"
 #include "nsNTLMAuthModule.h"
-
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsCertificatePrincipal.h"
 #include "nsIBufEntropyCollector.h"
 #include "nsITokenPasswordDialogs.h"
 #include "nsNSSShutDown.h"
 #include "GeneratedEvents.h"
 #include "SharedSSLState.h"
@@ -1953,269 +1951,8 @@ setPassword(PK11SlotInfo *slot, nsIInter
     NS_RELEASE(dialogs);
     if (NS_FAILED(rv)) goto loser;
 
     if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
   }
  loser:
   return rv;
 }
-
-
-PSMContentDownloader::PSMContentDownloader(uint32_t type)
-  : mByteData(nullptr),
-    mType(type)
-{
-}
-
-PSMContentDownloader::~PSMContentDownloader()
-{
-  if (mByteData)
-    nsMemory::Free(mByteData);
-}
-
-NS_IMPL_ISUPPORTS2(PSMContentDownloader, nsIStreamListener, nsIRequestObserver)
-
-const int32_t kDefaultCertAllocLength = 2048;
-
-NS_IMETHODIMP
-PSMContentDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
-{
-  nsresult rv;
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStartRequest\n"));
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
-  if (!channel) return NS_ERROR_FAILURE;
-
-  // Get the URI //
-  channel->GetURI(getter_AddRefs(mURI));
-
-  int64_t contentLength;
-  rv = channel->GetContentLength(&contentLength);
-  if (NS_FAILED(rv) || contentLength <= 0)
-    contentLength = kDefaultCertAllocLength;
-  if (contentLength > INT32_MAX)
-    return NS_ERROR_OUT_OF_MEMORY;
-  
-  mBufferOffset = 0;
-  mBufferSize = 0;
-  mByteData = (char*) nsMemory::Alloc(contentLength);
-  if (!mByteData)
-    return NS_ERROR_OUT_OF_MEMORY;
-  
-  mBufferSize = int32_t(contentLength);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentDownloader::OnDataAvailable(nsIRequest* request,
-                                nsISupports* context,
-                                nsIInputStream *aIStream,
-                                uint64_t aSourceOffset,
-                                uint32_t aLength)
-{
-  if (!mByteData)
-    return NS_ERROR_OUT_OF_MEMORY;
-  
-  uint32_t amt;
-  nsresult err;
-  //Do a check to see if we need to allocate more memory.
-  if ((mBufferOffset + (int32_t)aLength) > mBufferSize) {
-      size_t newSize = (mBufferOffset + aLength) *2; // grow some more than needed
-      char *newBuffer;
-      newBuffer = (char*)nsMemory::Realloc(mByteData, newSize);
-      if (!newBuffer) {
-        return NS_ERROR_OUT_OF_MEMORY;
-      }
-      mByteData = newBuffer;
-      mBufferSize = newSize;
-  }
-  
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnDataAvailable\n"));
-  do {
-    err = aIStream->Read(mByteData+mBufferOffset,
-                         aLength, &amt);
-    if (NS_FAILED(err)) return err;
-    if (amt == 0) break;
-    
-    aLength -= amt;
-    mBufferOffset += amt;
-    
-  } while (aLength > 0);
-  
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentDownloader::OnStopRequest(nsIRequest* request,
-                              nsISupports* context,
-                              nsresult aStatus)
-{
-  nsNSSShutDownPreventionLock locker;
-  //Check if the download succeeded - it might have failed due to
-  //network issues, etc.
-  if (NS_FAILED(aStatus)){
-    return aStatus;
-  }
-
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
-
-  nsCOMPtr<nsIX509CertDB> certdb;
-
-  nsresult rv;
-  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
-
-  switch (mType) {
-  case PSMContentDownloader::X509_CA_CERT:
-  case PSMContentDownloader::X509_USER_CERT:
-  case PSMContentDownloader::X509_EMAIL_CERT:
-    certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
-    break;
-
-  default:
-    break;
-  }
-
-  switch (mType) {
-  case PSMContentDownloader::X509_CA_CERT:
-    return certdb->ImportCertificates((uint8_t*)mByteData, mBufferOffset, mType, ctx); 
-  case PSMContentDownloader::X509_USER_CERT:
-    return certdb->ImportUserCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
-  case PSMContentDownloader::X509_EMAIL_CERT:
-    return certdb->ImportEmailCertificate((uint8_t*)mByteData, mBufferOffset, ctx); 
-  default:
-    rv = NS_ERROR_FAILURE;
-    break;
-  }
-  
-  return rv;
-}
-
-/* other mime types that we should handle sometime:
-   
-   application/x-pkcs7-mime
-   application/pkcs7-signature
-   application/pre-encrypted
-   
-*/
-
-uint32_t
-getPSMContentType(const char * aContentType)
-{ 
-  // Don't forget to update the registration of content listeners in nsNSSModule.cpp 
-  // for every supported content type.
-  
-  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
-    return PSMContentDownloader::X509_CA_CERT;
-  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
-    return PSMContentDownloader::X509_SERVER_CERT;
-  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
-    return PSMContentDownloader::X509_USER_CERT;
-  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
-    return PSMContentDownloader::X509_EMAIL_CERT;
-
-  return PSMContentDownloader::UNKNOWN_TYPE;
-}
-
-
-NS_IMPL_ISUPPORTS2(PSMContentListener,
-                   nsIURIContentListener,
-                   nsISupportsWeakReference) 
-
-PSMContentListener::PSMContentListener()
-{
-  mLoadCookie = nullptr;
-  mParentContentListener = nullptr;
-}
-
-PSMContentListener::~PSMContentListener()
-{
-}
-
-nsresult
-PSMContentListener::init()
-{
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::OnStartURIOpen(nsIURI *aURI, bool *aAbortOpen)
-{
-  //if we don't want to handle the URI, return true in
-  //*aAbortOpen
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::IsPreferred(const char * aContentType,
-                                 char ** aDesiredContentType,
-                                 bool * aCanHandleContent)
-{
-  return CanHandleContent(aContentType, true,
-                          aDesiredContentType, aCanHandleContent);
-}
-
-NS_IMETHODIMP
-PSMContentListener::CanHandleContent(const char * aContentType,
-                                      bool aIsContentPreferred,
-                                      char ** aDesiredContentType,
-                                      bool * aCanHandleContent)
-{
-  uint32_t type;
-  type = getPSMContentType(aContentType);
-  if (type == PSMContentDownloader::UNKNOWN_TYPE) {
-    *aCanHandleContent = false;
-  } else {
-    *aCanHandleContent = true;
-  }
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::DoContent(const char * aContentType,
-                               bool aIsContentPreferred,
-                               nsIRequest * aRequest,
-                               nsIStreamListener ** aContentHandler,
-                               bool * aAbortProcess)
-{
-  PSMContentDownloader *downLoader;
-  uint32_t type;
-  type = getPSMContentType(aContentType);
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PSMContentListener::DoContent\n"));
-  if (type != PSMContentDownloader::UNKNOWN_TYPE) {
-    downLoader = new PSMContentDownloader(type);
-    if (downLoader) {
-      downLoader->QueryInterface(NS_GET_IID(nsIStreamListener), 
-                                            (void **)aContentHandler);
-      return NS_OK;
-    }
-  }
-  return NS_ERROR_FAILURE;
-}
-
-NS_IMETHODIMP
-PSMContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
-{
-  *aLoadCookie = mLoadCookie;
-  NS_IF_ADDREF(*aLoadCookie);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::SetLoadCookie(nsISupports * aLoadCookie)
-{
-  mLoadCookie = aLoadCookie;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::GetParentContentListener(nsIURIContentListener ** aContentListener)
-{
-  *aContentListener = mParentContentListener;
-  NS_IF_ADDREF(*aContentListener);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentListener)
-{
-  mParentContentListener = aContentListener;
-  return NS_OK;
-}
--- a/security/manager/ssl/src/nsNSSComponent.h
+++ b/security/manager/ssl/src/nsNSSComponent.h
@@ -6,29 +6,25 @@
 
 #ifndef _nsNSSComponent_h_
 #define _nsNSSComponent_h_
 
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
 #include "nsISignatureVerifier.h"
-#include "nsIURIContentListener.h"
-#include "nsIStreamListener.h"
 #include "nsIEntropyCollector.h"
 #include "nsIStringBundle.h"
 #include "nsIPrefBranch.h"
 #include "nsIObserver.h"
 #include "nsIObserverService.h"
-#include "nsWeakReference.h"
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 #include "nsIDOMEventTarget.h"
 #endif
 #include "nsINSSErrorsService.h"
-#include "nsNetUtil.h"
 #include "nsNSSCallbacks.h"
 #include "ScopedNSSTypes.h"
 #include "nsNSSHelper.h"
 #include "nsClientAuthRemember.h"
 #include "prerror.h"
 
 class nsIPrompt;
 class SmartCardThreadList;
@@ -48,60 +44,28 @@ class CertVerifier;
 //Define an interface that we can use to look up from the
 //callbacks passed to NSS.
 
 #define NS_INSSCOMPONENT_IID_STR "6ffbb526-205b-49c5-ae3f-5959c084075e"
 #define NS_INSSCOMPONENT_IID \
   { 0x6ffbb526, 0x205b, 0x49c5, \
     { 0xae, 0x3f, 0x59, 0x59, 0xc0, 0x84, 0x7, 0x5e } }
 
-#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
-#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
-
 enum EnsureNSSOperator
 {
   nssLoadingComponent = 0,
   nssInitSucceeded = 1,
   nssInitFailed = 2,
   nssShutdown = 3,
   nssEnsure = 100,
   nssEnsureOnChromeOnly = 101
 };
 
 extern bool EnsureNSSInitialized(EnsureNSSOperator op);
 
-//--------------------------------------------
-// Now we need a content listener to register 
-//--------------------------------------------
-class PSMContentDownloader : public nsIStreamListener
-{
-public:
-  PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
-  PSMContentDownloader(uint32_t type);
-  virtual ~PSMContentDownloader();
-  void setSilentDownload(bool flag);
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIREQUESTOBSERVER
-  NS_DECL_NSISTREAMLISTENER
-
-  enum {UNKNOWN_TYPE = 0};
-  enum {X509_CA_CERT  = 1};
-  enum {X509_USER_CERT  = 2};
-  enum {X509_EMAIL_CERT  = 3};
-  enum {X509_SERVER_CERT  = 4};
-
-protected:
-  char* mByteData;
-  int32_t mBufferOffset;
-  int32_t mBufferSize;
-  uint32_t mType;
-  nsCOMPtr<nsIURI> mURI;
-};
-
 class nsNSSComponent;
 
 class NS_NO_VTABLE nsINSSComponent : public nsISupports {
  public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
 
   NS_IMETHOD ShowAlertFromStringBundle(const char * messageID) = 0;
 
@@ -259,30 +223,16 @@ private:
 
   static PRStatus IdentityInfoInit(void);
   PRCallOnceType mIdentityInfoCallOnce;
 
 public:
   static bool globalConstFlagUsePKIXVerification;
 };
 
-class PSMContentListener : public nsIURIContentListener,
-                            public nsSupportsWeakReference {
-public:
-  PSMContentListener();
-  virtual ~PSMContentListener();
-  nsresult init();
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIURICONTENTLISTENER
-private:
-  nsCOMPtr<nsISupports> mLoadCookie;
-  nsCOMPtr<nsIURIContentListener> mParentContentListener;
-};
-
 class nsNSSErrors
 {
 public:
   static const char *getDefaultErrorStringName(PRErrorCode err);
   static const char *getOverrideErrorStringName(PRErrorCode aErrorCode);
   static nsresult getErrorMessageFromCode(PRErrorCode err,
                                           nsINSSComponent *component,
                                           nsString &returnedMessage);
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -11,16 +11,17 @@
 
 #include "prlog.h"
 #include "prnetdb.h"
 #include "nsIPrefService.h"
 #include "nsIClientAuthDialogs.h"
 #include "nsClientAuthRemember.h"
 #include "nsISSLErrorListener.h"
 
+#include "nsNetUtil.h"
 #include "nsPrintfCString.h"
 #include "SSLServerCertVerification.h"
 #include "nsNSSCertHelper.h"
 #include "nsNSSCleaner.h"
 
 #ifndef NSS_NO_LIBPKIX
 #include "nsIDocShell.h"
 #include "nsIDocShellTreeItem.h"
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -22,33 +22,36 @@
 #include "nsCMS.h"
 #ifdef MOZ_XUL
 #include "nsCertTree.h"
 #endif
 #include "nsCrypto.h"
 #include "nsCryptoHash.h"
 //For the NS_CRYPTO_CONTRACTID define
 #include "nsDOMCID.h"
-
+#include "nsNetCID.h"
 #include "nsCMSSecureMessage.h"
 #include "nsCertPicker.h"
 #include "nsCURILoader.h"
 #include "nsICategoryManager.h"
 #include "nsNTLMAuthModule.h"
 #include "nsStreamCipher.h"
 #include "nsKeyModule.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsRandomGenerator.h"
 #include "nsSSLStatus.h"
 #include "TransportSecurityInfo.h"
 #include "NSSErrorsService.h"
 #include "nsNSSVersion.h"
 
 #include "nsXULAppAPI.h"
+
+#include "PSMContentListener.h"
+
 #define NS_IS_PROCESS_DEFAULT                                                 \
     (GeckoProcessType_Default == XRE_GetProcessType())
 
 #define NS_NSS_INSTANTIATE(ensureOperator, _InstanceClass)                    \
     PR_BEGIN_MACRO                                                            \
         _InstanceClass * inst;                                                \
         inst = new _InstanceClass();                                          \
         NS_ADDREF(inst);                                                      \
--- a/security/manager/ssl/src/nsPK11TokenDB.cpp
+++ b/security/manager/ssl/src/nsPK11TokenDB.cpp
@@ -5,16 +5,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nsISupports.h"
 #include "nsISupportsArray.h"
 #include "nsIPK11TokenDB.h"
 #include "prerror.h"
 #include "secerr.h"
 #include "nsReadableUtils.h"
 #include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
 
 #include "nsPK11TokenDB.h"
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
--- a/security/manager/ssl/src/nsSDR.cpp
+++ b/security/manager/ssl/src/nsSDR.cpp
@@ -3,26 +3,28 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "stdlib.h"
 #include "plstr.h"
 #include "plbase64.h"
 
+#include "mozilla/Services.h"
 #include "nsMemory.h"
 #include "nsString.h"
 #include "nsCOMPtr.h"
 #include "nsThreadUtils.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIServiceManager.h"
 #include "nsITokenPasswordDialogs.h"
 
 #include "nsISecretDecoderRing.h"
+#include "nsCRT.h"
 #include "nsSDR.h"
 #include "nsNSSComponent.h"
 #include "nsNSSShutDown.h"
 #include "ScopedNSSTypes.h"
 
 #include "pk11func.h"
 #include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
 
--- a/security/manager/ssl/src/nsSmartCardMonitor.cpp
+++ b/security/manager/ssl/src/nsSmartCardMonitor.cpp
@@ -2,16 +2,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nspr.h"
 
 #include "pk11func.h"
 #include "nsNSSComponent.h"
 #include "nsSmartCardMonitor.h"
 #include "nsIDOMSmartCardEvent.h"
+#include "nsServiceManagerUtils.h"
 #include "mozilla/unused.h"
 
 using namespace mozilla;
 
 //
 // The SmartCard monitoring thread should start up for each module we load
 // that has removable tokens. This code calls an NSS function which waits
 // until there is a change in the token state. NSS uses the 
--- a/security/manager/ssl/src/nsUsageArrayHelper.cpp
+++ b/security/manager/ssl/src/nsUsageArrayHelper.cpp
@@ -6,16 +6,17 @@
 
 #include "mozilla/Assertions.h"
 #include "nsCOMPtr.h"
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
 #include "nsComponentManagerUtils.h"
 #include "nsReadableUtils.h"
 #include "nsNSSCertificate.h"
+#include "nsServiceManagerUtils.h"
 
 #include "nspr.h"
 #include "secerr.h"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
 #ifdef PR_LOGGING