bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r=fkiefer
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 31 May 2018 12:26:04 -0700
changeset 461945 f16a2472bcb54d35e3bb63fe7ea80053e0d9fcc9
parent 461944 838c0ab9cbdbe85b0f7997ec48289d0a7fc12360
child 461946 4146b1ddbb34d890b76e47584c93232171180fee
push idunknown
push userunknown
push dateunknown
reviewersfkiefer
bugs1465933
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1465933 - remove GetPIPNSSBundleString from nsINSSComponent r=fkiefer At this point, all uses of GetPIPNSSBundleString *should* be on the main thread, so we can just remove the nsINSSComponent version and rely on the nsNSSCertHelper instance. MozReview-Commit-ID: Lt7AgokGKRH
security/manager/ssl/nsCertTree.cpp
security/manager/ssl/nsCertTree.h
security/manager/ssl/nsKeygenHandler.cpp
security/manager/ssl/nsNSSCertificate.cpp
security/manager/ssl/nsNSSCertificateDB.cpp
security/manager/ssl/nsNSSComponent.cpp
security/manager/ssl/nsNSSComponent.h
--- a/security/manager/ssl/nsCertTree.cpp
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -12,17 +12,16 @@
 #include "nsISupportsPrimitives.h"
 #include "nsITreeColumns.h"
 #include "nsIX509CertDB.h"
 #include "nsIX509Cert.h"
 #include "nsIX509CertValidity.h"
 #include "nsNSSCertHelper.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCertificateDB.h"
-#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
 #include "nsNSSHelper.h"
 #include "nsReadableUtils.h"
 #include "nsTHashtable.h"
 #include "nsUnicharUtils.h"
 #include "nsXPCOMCID.h"
 #include "nsString.h"
 #include "pkix/pkixtypes.h"
 
@@ -154,19 +153,16 @@ NS_IMPL_ISUPPORTS(nsCertTree, nsICertTre
 
 nsCertTree::nsCertTree()
   : mTreeArray(nullptr)
   , mNumOrgs(0)
   , mNumRows(0)
   , mCompareCache(&gMapOps, sizeof(CompareCacheHashEntryPtr),
                   kInitialCacheLength)
 {
-  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-  mNSSComponent = do_GetService(kNSSComponentCID);
   mOverrideService = do_GetService("@mozilla.org/security/certoverride;1");
   // Might be a different service if someone is overriding the contract
   nsCOMPtr<nsICertOverrideService> origCertOverride =
     do_GetService(kCertOverrideCID);
   mOriginalOverrideService =
     static_cast<nsCertOverrideService*>(origCertOverride.get());
   mCellText = nullptr;
 }
@@ -681,17 +677,17 @@ if (count) {
   nsCOMPtr<nsIX509Cert> orgCert = nullptr;
   nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(j)->mAddonInfo;
   if (addonInfo) {
     orgCert = addonInfo->mCert;
   }
   for (int32_t i=0; i<mNumOrgs; i++) {
     nsString &orgNameRef = mTreeArray[i].orgName;
     if (!orgCert) {
-      mNSSComponent->GetPIPNSSBundleString("CertOrgUnknown", orgNameRef);
+      GetPIPNSSBundleString("CertOrgUnknown", orgNameRef);
     }
     else {
       orgCert->GetIssuerOrganization(orgNameRef);
       if (orgNameRef.IsEmpty())
         orgCert->GetCommonName(orgNameRef);
     }
     mTreeArray[i].open = true;
     mTreeArray[i].certIndex = j;
@@ -1052,17 +1048,17 @@ nsCertTree::GetCellText(int32_t row, nsI
     if (myString) {
       myString->GetData(_retval);
       return NS_OK;
     }
   }
 
   if (NS_LITERAL_STRING("certcol").Equals(colID)) {
     if (!cert) {
-      rv = mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval);
+      rv = GetPIPNSSBundleString("CertNotStored", _retval);
     } else {
       rv = cert->GetDisplayName(_retval);
     }
   } else if (NS_LITERAL_STRING("tokencol").Equals(colID) && cert) {
     rv = cert->GetTokenName(_retval);
   } else if (NS_LITERAL_STRING("emailcol").Equals(colID) && cert) {
     rv = cert->GetEmailAddress(_retval);
   } else if (NS_LITERAL_STRING("issuedcol").Equals(colID) && cert) {
@@ -1088,17 +1084,17 @@ nsCertTree::GetCellText(int32_t row, nsI
       _retval = NS_ConvertUTF8toUTF16(hostPort);
     }
     else {
       _retval = NS_LITERAL_STRING("*");
     }
   } else if (NS_LITERAL_STRING("lifetimecol").Equals(colID)) {
     const char *stringID =
       (certdi->mIsTemporary) ? "CertExceptionTemporary" : "CertExceptionPermanent";
-    rv = mNSSComponent->GetPIPNSSBundleString(stringID, _retval);
+    rv = GetPIPNSSBundleString(stringID, _retval);
   } else {
     return NS_ERROR_FAILURE;
   }
   if (mCellText) {
     nsCOMPtr<nsISupportsString> text(do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv));
     NS_ENSURE_SUCCESS(rv, rv);
     text->SetData(_retval);
     mCellText->ReplaceElementAt(text, arrayIndex);
--- a/security/manager/ssl/nsCertTree.h
+++ b/security/manager/ssl/nsCertTree.h
@@ -120,17 +120,16 @@ private:
 
   nsTArray< RefPtr<nsCertTreeDispInfo> > mDispInfo;
   nsCOMPtr<nsITreeBoxObject>  mTree;
   nsCOMPtr<nsITreeSelection>  mSelection;
   treeArrayEl                *mTreeArray;
   int32_t                         mNumOrgs;
   int32_t                         mNumRows;
   PLDHashTable mCompareCache;
-  nsCOMPtr<nsINSSComponent> mNSSComponent;
   nsCOMPtr<nsICertOverrideService> mOverrideService;
   RefPtr<nsCertOverrideService> mOriginalOverrideService;
 
   treeArrayEl *GetThreadDescAtIndex(int32_t _index);
   already_AddRefed<nsIX509Cert>
     GetCertAtIndex(int32_t _index, int32_t *outAbsoluteCertOffset = nullptr);
   already_AddRefed<nsCertTreeDispInfo>
     GetDispInfoAtIndex(int32_t index, int32_t *outAbsoluteCertOffset = nullptr);
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -35,17 +35,16 @@
 #include "nsDependentString.h"
 #include "nsIContent.h"
 #include "nsIGenKeypairInfoDlg.h"
 #include "nsIServiceManager.h"
 #include "nsITokenDialogs.h"
 #include "nsKeygenHandlerContent.h"
 #include "nsKeygenThread.h"
 #include "nsMemory.h"
-#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
 #include "nsNSSHelper.h"
 #include "nsReadableUtils.h"
 #include "nsUnicharUtils.h"
 #include "nsXULAppAPI.h"
 #include "nspr.h"
 #include "secasn1.h"
 #include "secder.h"
 #include "secdert.h"
@@ -238,30 +237,21 @@ nsKeygenFormProcessor::Create(nsISupport
     rv = formProc->QueryInterface(aIID, aResult);
   }
   return rv;
 }
 
 nsresult
 nsKeygenFormProcessor::Init()
 {
-  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-  nsresult rv;
-
-  nsCOMPtr<nsINSSComponent> nssComponent;
-  nssComponent = do_GetService(kNSSComponentCID, &rv);
-  if (NS_FAILED(rv))
-    return rv;
-
   // Init possible key size choices.
-  nssComponent->GetPIPNSSBundleString("HighGrade", mSECKeySizeChoiceList[0].name);
+  GetPIPNSSBundleString("HighGrade", mSECKeySizeChoiceList[0].name);
   mSECKeySizeChoiceList[0].size = 2048;
 
-  nssComponent->GetPIPNSSBundleString("MediumGrade", mSECKeySizeChoiceList[1].name);
+  GetPIPNSSBundleString("MediumGrade", mSECKeySizeChoiceList[1].name);
   mSECKeySizeChoiceList[1].size = 1024;
 
   return NS_OK;
 }
 
 nsresult
 nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot)
 {
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -21,17 +21,16 @@
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIURI.h"
 #include "nsIX509Cert.h"
 #include "nsNSSASN1Object.h"
 #include "nsNSSCertHelper.h"
 #include "nsNSSCertValidity.h"
-#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
 #include "nsPK11TokenDB.h"
 #include "nsPKCS12Blob.h"
 #include "nsProxyRelease.h"
 #include "nsReadableUtils.h"
 #include "nsString.h"
 #include "nsThreadUtils.h"
 #include "nsUnicharUtils.h"
 #include "nspr.h"
@@ -59,18 +58,16 @@ extern LazyLogModule gPIPNSSLog;
 // in the list to mean not yet initialized.
 #define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
 
 NS_IMPL_ISUPPORTS(nsNSSCertificate,
                   nsIX509Cert,
                   nsISerializable,
                   nsIClassInfo)
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 /*static*/ nsNSSCertificate*
 nsNSSCertificate::Create(CERTCertificate* cert)
 {
   if (cert)
     return new nsNSSCertificate(cert);
   else
     return new nsNSSCertificate();
 }
@@ -190,48 +187,41 @@ nsNSSCertificate::MarkForPermDeletion()
 
   mPermDelete = true;
   return NS_OK;
 }
 
 /**
  * Appends a pipnss bundle string to the given string.
  *
- * @param nssComponent For accessing the string bundle.
  * @param bundleKey Key for the string to append.
  * @param currentText The text to append to, using commas as separators.
  */
 template<size_t N>
 void
-AppendBundleString(const NotNull<nsCOMPtr<nsINSSComponent>>& nssComponent,
-                   const char (&bundleKey)[N],
-        /*in/out*/ nsAString& currentText)
+AppendBundleStringCommaSeparated(const char (&bundleKey)[N],
+                      /*in/out*/ nsAString& currentText)
 {
   nsAutoString bundleString;
-  nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString);
+  nsresult rv = GetPIPNSSBundleString(bundleKey, bundleString);
   if (NS_FAILED(rv)) {
     return;
   }
 
   if (!currentText.IsEmpty()) {
     currentText.Append(',');
   }
   currentText.Append(bundleString);
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetKeyUsages(nsAString& text)
 {
   text.Truncate();
 
-  nsCOMPtr<nsINSSComponent> nssComponent = do_GetService(kNSSComponentCID);
-  if (!nssComponent) {
-    return NS_ERROR_FAILURE;
-  }
-
   if (!mCert) {
     return NS_ERROR_FAILURE;
   }
 
   if (!mCert->extensions) {
     return NS_OK;
   }
 
@@ -241,38 +231,36 @@ nsNSSCertificate::GetKeyUsages(nsAString
                                                             : NS_ERROR_FAILURE;
   }
 
   unsigned char keyUsage = 0;
   if (keyUsageItem.len) {
     keyUsage = keyUsageItem.data[0];
   }
 
-  NotNull<nsCOMPtr<nsINSSComponent>> wrappedNSSComponent =
-    WrapNotNull(nssComponent);
   if (keyUsage & KU_DIGITAL_SIGNATURE) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text);
+    AppendBundleStringCommaSeparated("CertDumpKUSign", text);
   }
   if (keyUsage & KU_NON_REPUDIATION) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text);
+    AppendBundleStringCommaSeparated("CertDumpKUNonRep", text);
   }
   if (keyUsage & KU_KEY_ENCIPHERMENT) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text);
+    AppendBundleStringCommaSeparated("CertDumpKUEnc", text);
   }
   if (keyUsage & KU_DATA_ENCIPHERMENT) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text);
+    AppendBundleStringCommaSeparated("CertDumpKUDEnc", text);
   }
   if (keyUsage & KU_KEY_AGREEMENT) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text);
+    AppendBundleStringCommaSeparated("CertDumpKUKA", text);
   }
   if (keyUsage & KU_KEY_CERT_SIGN) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text);
+    AppendBundleStringCommaSeparated("CertDumpKUCertSign", text);
   }
   if (keyUsage & KU_CRL_SIGN) {
-    AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSign", text);
+    AppendBundleStringCommaSeparated("CertDumpKUCRLSign", text);
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetDbKey(nsACString& aDbKey)
 {
@@ -376,22 +364,17 @@ nsNSSCertificate::GetDisplayName(nsAStri
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
 {
   if (mCert->emailAddr) {
     LossyUTF8ToUTF16(mCert->emailAddr, strlen(mCert->emailAddr), aEmailAddress);
   } else {
-    nsresult rv;
-    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-    if (NS_FAILED(rv) || !nssComponent) {
-      return NS_ERROR_FAILURE;
-    }
-    nssComponent->GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress);
+    GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress);
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses)
 {
   NS_ENSURE_ARG(aLength);
@@ -699,23 +682,20 @@ nsNSSCertificate::GetTokenName(nsAString
     // from the cert db), the source is wrong.  I believe this is a safe
     // way to work around this.
     if (mCert->slot) {
       char* token = PK11_GetTokenName(mCert->slot);
       if (token) {
         aTokenName = NS_ConvertUTF8toUTF16(token);
       }
     } else {
-      nsresult rv;
       nsAutoString tok;
-      nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-      if (NS_FAILED(rv)) return rv;
-      rv = nssComponent->GetPIPNSSBundleString("InternalToken", tok);
-      if (NS_SUCCEEDED(rv))
+      if (NS_SUCCEEDED(GetPIPNSSBundleString("InternalToken", tok))) {
         aTokenName = tok;
+      }
     }
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest)
 {
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -563,44 +563,37 @@ nsNSSCertificateDB::ImportCACerts(int nu
 
   return ImportCertsIntoPermanentStorage(temporaryCerts);
 }
 
 void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor *ctx,
                                                  const char *stringID,
                                                  nsIX509Cert *certToShow)
 {
-  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
   if (!NS_IsMainThread()) {
     NS_ERROR("nsNSSCertificateDB::DisplayCertificateAlert called off the main thread");
     return;
   }
 
   nsCOMPtr<nsIInterfaceRequestor> my_ctx = ctx;
   if (!my_ctx) {
     my_ctx = new PipUIContext();
   }
 
   // This shall be replaced by embedding ovverridable prompts
   // as discussed in bug 310446, and should make use of certToShow.
 
-  nsresult rv;
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if (NS_SUCCEEDED(rv)) {
-    nsAutoString tmpMessage;
-    nssComponent->GetPIPNSSBundleString(stringID, tmpMessage);
+  nsAutoString tmpMessage;
+  GetPIPNSSBundleString(stringID, tmpMessage);
+  nsCOMPtr<nsIPrompt> prompt(do_GetInterface(my_ctx));
+  if (!prompt) {
+    return;
+  }
 
-    nsCOMPtr<nsIPrompt> prompt (do_GetInterface(my_ctx));
-    if (!prompt) {
-      return;
-    }
-
-    prompt->Alert(nullptr, tmpMessage.get());
-  }
+  prompt->Alert(nullptr, tmpMessage.get());
 }
 
 NS_IMETHODIMP
 nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length,
                                           nsIInterfaceRequestor* ctx)
 {
   if (!NS_IsMainThread()) {
     NS_ERROR("nsNSSCertificateDB::ImportUserCertificate called off the main thread");
@@ -940,46 +933,39 @@ nsNSSCertificateDB::ConstructX509(const 
   return NS_OK;
 }
 
 void
 nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
                                          nsIInterfaceRequestor* ctx,
                                          nsCString &nickname)
 {
-  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
   nickname.Truncate();
 
-  nsresult rv;
   CK_OBJECT_HANDLE keyHandle;
 
   if (NS_FAILED(BlockUntilLoadableRootsLoaded())) {
     return;
   }
 
   CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if (NS_FAILED(rv))
-    return;
-
   nsAutoCString username;
   UniquePORTString tempCN(CERT_GetCommonName(&cert->subject));
   if (tempCN) {
     username = tempCN.get();
   }
 
   nsAutoCString caname;
   UniquePORTString tempIssuerOrg(CERT_GetOrgName(&cert->issuer));
   if (tempIssuerOrg) {
     caname = tempIssuerOrg.get();
   }
 
   nsAutoString tmpNickFmt;
-  nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt);
+  GetPIPNSSBundleString("nick_template", tmpNickFmt);
   NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
 
   nsAutoCString baseName;
   baseName.AppendPrintf(nickFmt.get(), username.get(), caname.get());
   if (baseName.IsEmpty()) {
     return;
   }
 
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -220,29 +220,16 @@ nsNSSComponent::~nsNSSComponent()
   ShutdownNSS();
   SharedSSLState::GlobalCleanup();
   RememberCertErrorsTable::Cleanup();
   --mInstanceCount;
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor finished\n"));
 }
 
-NS_IMETHODIMP
-nsNSSComponent::GetPIPNSSBundleString(const char* name, nsAString& outString)
-{
-  MutexAutoLock lock(mMutex);
-
-  outString.Truncate();
-  if (mPIPNSSBundle && name) {
-    return mPIPNSSBundle->GetStringFromName(name, outString);
-  }
-
-  return NS_ERROR_FAILURE;
-}
-
 #ifdef XP_WIN
 static bool
 GetUserSid(nsAString& sidString)
 {
   // UNLEN is the maximum user name length (see Lmcons.h). +1 for the null
   // terminator.
   WCHAR lpAccountName[UNLEN + 1];
   DWORD lcAccountName = sizeof(lpAccountName) / sizeof(lpAccountName[0]);
@@ -1286,30 +1273,16 @@ nsNSSComponent::ConfigureInternalPKCS11T
                        NS_ConvertUTF16toUTF8(slotDescription).get(),
                        NS_ConvertUTF16toUTF8(privateSlotDescription).get(),
                        NS_ConvertUTF16toUTF8(fips140SlotDescription).get(),
                        NS_ConvertUTF16toUTF8(fips140TokenDescription).get(),
                        0, 0);
   return NS_OK;
 }
 
-nsresult
-nsNSSComponent::InitializePIPNSSBundle()
-{
-  MutexAutoLock lock(mMutex);
-  nsCOMPtr<nsIStringBundleService> bundleService(
-    do_GetService(NS_STRINGBUNDLE_CONTRACTID));
-  if (!bundleService) {
-    return NS_ERROR_FAILURE;
-  }
-
-  return bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties",
-                                     getter_AddRefs(mPIPNSSBundle));
-}
-
 // Table of pref names and SSL cipher ID
 typedef struct {
   const char* pref;
   long id;
   bool enabledByDefault;
 } CipherPref;
 
 // Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp
@@ -2198,23 +2171,17 @@ nsNSSComponent::Init()
 
   MOZ_ASSERT(XRE_IsParentProcess());
   if (!XRE_IsParentProcess()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
 
-  nsresult rv = InitializePIPNSSBundle();
-  if (NS_FAILED(rv)) {
-    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n"));
-    return rv;
-  }
-
-  rv = InitializeNSS();
+  nsresult rv = InitializeNSS();
   if (NS_FAILED(rv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error,
             ("nsNSSComponent::InitializeNSS() failed\n"));
     return rv;
   }
 
   RememberCertErrorsTable::Init();
 
--- a/security/manager/ssl/nsNSSComponent.h
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -10,17 +10,16 @@
 #include "ScopedNSSTypes.h"
 #include "SharedCertVerifier.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/Monitor.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
 #include "nsIObserver.h"
-#include "nsIStringBundle.h"
 #include "nsNSSCallbacks.h"
 #include "prerror.h"
 #include "sslt.h"
 
 #ifdef XP_WIN
 #include "windows.h" // this needs to be before the following includes
 #include "wincrypt.h"
 #endif // XP_WIN
@@ -50,19 +49,16 @@ MOZ_MUST_USE
 
 extern bool EnsureNSSInitializedChromeOrContent();
 
 class NS_NO_VTABLE nsINSSComponent : public nsISupports
 {
 public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
 
-  NS_IMETHOD GetPIPNSSBundleString(const char* name,
-                                   nsAString& outString) = 0;
-
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
 #ifdef DEBUG
   NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0;
 #endif
 
   NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0;
 
@@ -103,18 +99,16 @@ public:
 
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSIOBSERVER
 
   nsresult Init();
 
   static nsresult GetNewPrompter(nsIPrompt** result);
 
-  NS_IMETHOD GetPIPNSSBundleString(const char* name,
-                                   nsAString& outString) override;
   NS_IMETHOD LogoutAuthenticatedPK11() override;
 
 #ifdef DEBUG
   NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override;
 #endif
 
   NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override;
 
@@ -148,17 +142,16 @@ protected:
 
 private:
   nsresult InitializeNSS();
   void ShutdownNSS();
 
   void setValidationOptions(bool isInitialSetting,
                             const mozilla::MutexAutoLock& proofOfLock);
   nsresult setEnabledTLSVersions();
-  nsresult InitializePIPNSSBundle();
   nsresult ConfigureInternalPKCS11Token();
   nsresult RegisterObservers();
 
   void MaybeEnableFamilySafetyCompatibility();
   void MaybeImportEnterpriseRoots();
 #ifdef XP_WIN
   void ImportEnterpriseRootsForLocation(
     DWORD locationFlag, const mozilla::MutexAutoLock& proofOfLock);
@@ -174,17 +167,16 @@ private:
   mozilla::Monitor mLoadableRootsLoadedMonitor;
   bool mLoadableRootsLoaded;
   nsresult mLoadableRootsLoadedResult;
 
   // mMutex protects all members that are accessed from more than one thread.
   mozilla::Mutex mMutex;
 
   // The following members are accessed from more than one thread:
-  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
   bool mNSSInitialized;
 #ifdef DEBUG
   nsString mTestBuiltInRootHash;
 #endif
   nsString mContentSigningRootHash;
   RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
   nsString mMitmCanaryIssuer;
   bool mMitmDetecionEnabled;