Bug 970614 - Remove code wrapped in #if 0 ... #endif blocks in PSM. r=keeler
authorRaymond Etornam Agbeame(:retornam) <mozbugs.retornam@gmail.com>
Mon, 24 Feb 2014 09:41:55 -0500
changeset 170533 27a5c0d1a55a2dbbe6f2d249818636c3d4e93c8f
parent 170532 6a4434e47a7b3fb86229a24c699bce2edb023f8a
child 170534 72591882de2622c3fa544652c06577f31eeb11fd
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewerskeeler
bugs970614
milestone30.0a1
Bug 970614 - Remove code wrapped in #if 0 ... #endif blocks in PSM. r=keeler
security/manager/ssl/src/nsCMSSecureMessage.cpp
security/manager/ssl/src/nsNSSCertificateDB.cpp
security/manager/ssl/src/nsPKCS12Blob.cpp
security/manager/ssl/src/nsPKCS12Blob.h
--- a/security/manager/ssl/src/nsCMSSecureMessage.cpp
+++ b/security/manager/ssl/src/nsCMSSecureMessage.cpp
@@ -162,20 +162,16 @@ SendMessage(const char *msg, const char 
 
   cert = CERT_DecodeCertFromPackage((char *)certDER, derLen);
   if (!cert) {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't decode cert from package\n"));
     rv = NS_ERROR_FAILURE;
     goto done;
   }
 
-#if 0
-  cert->dbhandle = CERT_GetDefaultCertDB();  /* work-around */
-#endif
-
   /* Step 2.  Get a signature cert */
 
   /* Step 3. Build inner (signature) content */
 
   /* Step 4. Build outer (enveloped) content */
   env = NSS_CMSEnvelopedData_Create(cmsMsg, SEC_OID_DES_EDE3_CBC, 0);
   if (!env) {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't create envelope data\n"));
--- a/security/manager/ssl/src/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateDB.cpp
@@ -88,24 +88,16 @@ nsNSSCertificateDB::FindCertByNickname(n
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   insanity::pkix::ScopedCERTCertificate cert;
   char *asciiname = nullptr;
   NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
   asciiname = const_cast<char*>(aUtf8Nickname.get());
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
-#if 0
-  // what it should be, but for now...
-  if (aToken) {
-    cert = PK11_FindCertFromNickname(asciiname, nullptr);
-  } else {
-    cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
-  }
-#endif
   cert = PK11_FindCertFromNickname(asciiname, nullptr);
   if (!cert) {
     cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
   }
   if (cert) {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
     nsCOMPtr<nsIX509Cert> pCert = nsNSSCertificate::Create(cert.get());
     if (pCert) {
@@ -182,26 +174,17 @@ nsNSSCertificateDB::FindCertNicknames(ns
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   nsresult rv = NS_ERROR_FAILURE;
   /*
    * obtain the cert list from NSS
    */
   insanity::pkix::ScopedCERTCertList certList;
-  PK11CertListType pk11type;
-#if 0
-  // this would seem right, but it didn't work...
-  // oh, I know why - bonks out on internal slot certs
-  if (aType == nsIX509Cert::USER_CERT)
-    pk11type = PK11CertListUser;
-  else 
-#endif
-    pk11type = PK11CertListUnique;
-  certList = PK11_ListCerts(pk11type, nullptr);
+  certList = PK11_ListCerts(PK11CertListUnique, nullptr);
   if (!certList)
     goto cleanup;
   /*
    * get list of cert names from list of certs
    * XXX also cull the list (NSS only distinguishes based on user/non-user
    */
   getCertNames(certList.get(), aType, _count, _certNames, locker);
   rv = NS_OK;
--- a/security/manager/ssl/src/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/src/nsPKCS12Blob.cpp
@@ -232,56 +232,16 @@ finish:
     PK11_FreeSlot(slot);
   // finish the decoder
   if (dcx)
     SEC_PKCS12DecoderFinish(dcx);
   SECITEM_ZfreeItem(&unicodePw, false);
   return NS_OK;
 }
 
-#if 0
-// nsPKCS12Blob::LoadCerts
-//
-// Given an array of certificate nicknames, load the corresponding
-// certificates into a local array.
-nsresult
-nsPKCS12Blob::LoadCerts(const char16_t **certNames, int numCerts)
-{
-  nsresult rv;
-  char namecpy[256];
-  /* Create the local array if needed */
-  if (!mCertArray) {
-    rv = NS_NewISupportsArray(getter_AddRefs(mCertArray));
-    if (NS_FAILED(rv)) {
-      if (!handleError())
-        return NS_ERROR_OUT_OF_MEMORY;
-    }
-  }
-  /* Add the certs */
-  for (int i=0; i<numCerts; i++) {
-    strcpy(namecpy, NS_ConvertUTF16toUTF8(certNames[i]));
-    CERTCertificate *nssCert = PK11_FindCertFromNickname(namecpy, nullptr);
-    if (!nssCert) {
-      if (!handleError())
-        return NS_ERROR_FAILURE;
-      else continue; /* user may request to keep going */
-    }
-    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(nssCert);
-    CERT_DestroyCertificate(nssCert);
-    if (!cert) {
-      if (!handleError())
-        return NS_ERROR_OUT_OF_MEMORY;
-    } else {
-      mCertArray->AppendElement(cert);
-    }
-  }
-  return NS_OK;
-}
-#endif
-
 static bool
 isExtractable(SECKEYPrivateKey *privKey)
 {
   SECItem value;
   bool    isExtractable = false;
   SECStatus rv;
 
   rv=PK11_ReadRawAttribute(PK11_TypePrivKey, privKey, CKA_EXTRACTABLE, &value);
@@ -339,28 +299,17 @@ nsPKCS12Blob::ExportToFile(nsIFile *file
   ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
   if (!ecx) {
     srv = SECFailure;
     goto finish;
   }
   // add password integrity
   srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
   if (srv) goto finish;
-#if 0
-  // count the number of certs to export
-  nrv = mCertArray->Count(&numCerts);
-  if (NS_FAILED(nrv)) goto finish;
-  // loop over the certs
   for (i=0; i<numCerts; i++) {
-    nsCOMPtr<nsIX509Cert> cert;
-    nrv = mCertArray->GetElementAt(i, getter_AddRefs(cert));
-    if (NS_FAILED(nrv)) goto finish;
-#endif
-  for (i=0; i<numCerts; i++) {
-//    nsNSSCertificate *cert = reinterpret_cast<nsNSSCertificate *>(certs[i]);
     nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
     // get it as a CERTCertificate XXX
     insanity::pkix::ScopedCERTCertificate nssCert(cert->GetCert());
     if (!nssCert) {
       rv = NS_ERROR_FAILURE;
       goto finish;
     }
     // We can only successfully export certs that are on 
@@ -797,25 +746,16 @@ nsPKCS12Blob::handleError(int myerr)
     // The following errors have the potential to be "handled", by asking
     // the user (via a dialog) whether s/he wishes to continue
     case 0: break;
     case SEC_ERROR_PKCS12_CERT_COLLISION:
       /* pop a dialog saying the cert is already in the database */
       /* ask to keep going?  what happens if one collision but others ok? */
       // The following errors cannot be "handled", notify the user (via an alert)
       // that the operation failed.
-#if 0
-      // XXX a boy can dream...
-      //     but the PKCS12 lib never throws this error
-      //     but then again, how would it?  anyway, convey the info below
-    case SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT:
-      msgID = "PKCS12PasswordInvalid";
-      break;
-#endif
-
     case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break;
 
     case SEC_ERROR_BAD_DER:
     case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
     case SEC_ERROR_PKCS12_INVALID_MAC:
       msgID = "PKCS12DecodeErr";
       break;
 
--- a/security/manager/ssl/src/nsPKCS12Blob.h
+++ b/security/manager/ssl/src/nsPKCS12Blob.h
@@ -34,20 +34,16 @@ public:
 
   // Set the token to use (default is internal)
   nsresult SetToken(nsIPK11Token *token);
 
   // PKCS#12 Import
   nsresult ImportFromFile(nsIFile *file);
 
   // PKCS#12 Export
-#if 0
-  //nsresult LoadCerts(const char16_t **certNames, int numCerts);
-  nsresult LoadCerts(nsIX509Cert **certs, int numCerts);
-#endif
   nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
 
 private:
 
   nsCOMPtr<nsIPK11Token>          mToken;
   nsCOMPtr<nsIMutableArray>       mCertArray;
   nsCOMPtr<nsIInterfaceRequestor> mUIContext;