Bug 1475647 - Remove nsISSLStatusProvider interface. r=baku,Gijs,jchen,jryans,keeler,mcmanus

- Access nsISSLStatus directly as a member of nsITransportSecurityInfo and nsISecureBrowserUI. This is part of a larger effort to consolidate nsISSLStatus and nsITransportSecurityInfo. - The TabParent implementation of GetSecInfo will always return null. - Removed unnecessary QueryInterface calls - Style adherence updates MozReview-Commit-ID: Dzy6t2zYljL --HG-- extra : rebase_source : 9c400bed3c9d29a186fc987c9bd0ffceb37bfd94
2018-07-13 11:48:55 -07:00 · 2018-07-13 11:48:55 -07:00 · 7641beb1f8
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@ -347,12 +347,8 @@ var gIdentityHandler = {
    // Firstly, populate the state properties required to display the UI. See
    // the documentation of the individual properties for details.
    this.setURI(uri);
-    this._sslStatus = gBrowser.securityUI
+    this._sslStatus = gBrowser.securityUI.secInfo &&
-                              .QueryInterface(Ci.nsISSLStatusProvider)
+                      gBrowser.securityUI.secInfo.SSLStatus;
                              .SSLStatus;
    if (this._sslStatus) {
      this._sslStatus.QueryInterface(Ci.nsISSLStatus);
    }
    // Then, update the user interface with the available data.
    this.refreshIdentityBlock();
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -2994,8 +2994,7 @@ var BrowserOnClick = {
        }
        securityInfo = getSecurityInfo(securityInfoAsString);
-        sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+        sslStatus = securityInfo.SSLStatus;
                                .SSLStatus;
        let params = { exceptionAdded: false,
                       sslStatus };
@ -3036,8 +3035,7 @@ var BrowserOnClick = {
        }
        securityInfo = getSecurityInfo(securityInfoAsString);
-        sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+        sslStatus = securityInfo.SSLStatus;
                                .SSLStatus;
        let errorInfo = getDetailedCertErrorInfo(location,
                                                 securityInfo);
        let validityInfo = {
--- a/browser/base/content/pageinfo/security.js
+++ b/browser/base/content/pageinfo/security.js
@ -27,7 +27,6 @@ var security = {
  },
  _getSecurityInfo() {
    const nsISSLStatusProvider = Ci.nsISSLStatusProvider;
    const nsISSLStatus = Ci.nsISSLStatus;
    // We don't have separate info for a frame, return null until further notice
@ -50,11 +49,9 @@ var security = {
      (ui.state & Ci.nsIWebProgressListener.STATE_IS_INSECURE);
    var isEV =
      (ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
-    ui.QueryInterface(nsISSLStatusProvider);
+    var status = ui.secInfo && ui.secInfo.SSLStatus;
    var status = ui.SSLStatus;
    if (!isInsecure && status) {
      status.QueryInterface(nsISSLStatus);
      var cert = status.serverCert;
      var issuerName = cert.issuerOrganization || cert.issuerName;
--- a/devtools/shared/security/auth.js
+++ b/devtools/shared/security/auth.js
@ -300,7 +300,7 @@ OOBCert.Client.prototype = {
    // Client verifies that Server's cert matches hash(ServerCert) from the
    // advertisement
    dumpv("Validate server cert hash");
-    const serverCert = socket.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+    const serverCert = socket.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
                           .SSLStatus.serverCert;
    const advertisedCert = cert;
    if (serverCert.sha256Fingerprint != advertisedCert.sha256) {
--- a/devtools/shared/security/socket.js
+++ b/devtools/shared/security/socket.js
@ -353,7 +353,7 @@ function _isInputAlive(input) {
 */
 function _storeCertOverride(s, host, port) {
  // eslint-disable-next-line no-shadow
-  const cert = s.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+  const cert = s.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
              .SSLStatus.serverCert;
  const overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
                     Ci.nsICertOverrideService.ERROR_MISMATCH;
--- a/devtools/shared/webconsole/network-helper.js
+++ b/devtools/shared/webconsole/network-helper.js
@ -600,7 +600,6 @@ var NetworkHelper = {
     */
    securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
    securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
    const wpl = Ci.nsIWebProgressListener;
    const NSSErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
--- a/devtools/shared/webconsole/test/unit/test_security-info-parser.js
+++ b/devtools/shared/webconsole/test/unit/test_security-info-parser.js
@ -33,8 +33,7 @@ const MockCertificate = {
 };
 const MockSecurityInfo = {
-  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
+  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
                                          Ci.nsISSLStatusProvider]),
  securityState: wpl.STATE_IS_SECURE,
  errorCode: 0,
  SSLStatus: {
--- a/devtools/shared/webconsole/test/unit/test_security-info-state.js
+++ b/devtools/shared/webconsole/test/unit/test_security-info-state.js
@ -19,8 +19,7 @@ Object.defineProperty(this, "NetworkHelper", {
 const wpl = Ci.nsIWebProgressListener;
 const MockSecurityInfo = {
-  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
+  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
                                          Ci.nsISSLStatusProvider]),
  securityState: wpl.STATE_IS_BROKEN,
  errorCode: 0,
  SSLStatus: {
--- a/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js
+++ b/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js
@ -20,8 +20,7 @@ Object.defineProperty(this, "NetworkHelper", {
 const wpl = Ci.nsIWebProgressListener;
 const MockSecurityInfo = {
-  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
+  QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
                                          Ci.nsISSLStatusProvider]),
  securityState: wpl.STATE_IS_SECURE,
  errorCode: 0,
  SSLStatus: {
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@ -59,6 +59,7 @@
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsILoadInfo.h"
 #include "nsIPromptFactory.h"
 #include "nsITransportSecurityInfo.h"
 #include "nsIURI.h"
 #include "nsIWindowWatcher.h"
 #include "nsIWebBrowserChrome.h"
@ -893,6 +894,15 @@ TabParent::GetState(uint32_t *aState)
  return NS_OK;
 }
 NS_IMETHODIMP
 TabParent::GetSecInfo(nsITransportSecurityInfo** _result)
 {
  NS_ENSURE_ARG_POINTER(_result);
  NS_WARNING("TransportSecurityInfo not valid here");
  *_result = nullptr;
  return NS_OK;
 }
 NS_IMETHODIMP
 TabParent::SetDocShell(nsIDocShell *aDocShell)
 {
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@ -5687,9 +5687,8 @@ var IdentityHandler = {
   * (if available). Return the data needed to update the UI.
   */
  checkIdentity: function checkIdentity(aState, aBrowser) {
-    this._lastStatus = aBrowser.securityUI
+    this._lastStatus = aBrowser.securityUI.secInfo &&
-                               .QueryInterface(Ci.nsISSLStatusProvider)
+                       aBrowser.securityUI.secInfo.SSLStatus;
                               .SSLStatus;
    // Don't pass in the actual location object, since it can cause us to
    // hold on to the window object too long.  Just pass in the fields we
--- a/mobile/android/chrome/content/content.js
+++ b/mobile/android/chrome/content/content.js
@ -360,8 +360,7 @@ var AboutCertErrorListener = {
    let securityInfo = docShell.failedChannel && docShell.failedChannel.securityInfo;
    securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
                .QueryInterface(Ci.nsISerializable);
-    let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+    let sslStatus = securityInfo.SSLStatus;
                                                .SSLStatus;
    this._setTechDetails(sslStatus, securityInfo, ownerDoc.location.href);
  },
 };
--- a/mobile/android/modules/geckoview/GeckoViewProgress.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewProgress.jsm
@ -159,8 +159,7 @@ var IdentityHandler = {
      result.host = uri.host;
    }
-    let status = aBrowser.securityUI.QueryInterface(Ci.nsISSLStatusProvider)
+    let status = aBrowser.securityUI.secInfo.SSLStatus;
                         .SSLStatus.QueryInterface(Ci.nsISSLStatus);
    let cert = status.serverCert;
    result.organization = cert.organization;
--- a/netwerk/base/nsISecureBrowserUI.idl
+++ b/netwerk/base/nsISecureBrowserUI.idl
@ -8,6 +8,7 @@
 interface mozIDOMWindowProxy;
 interface nsIDocShell;
 interface nsITransportSecurityInfo;
 [scriptable, uuid(718c662a-f810-4a80-a6c9-0b1810ecade2)]
 interface nsISecureBrowserUI : nsISupports
@ -16,6 +17,7 @@ interface nsISecureBrowserUI : nsISupports
    void setDocShell(in nsIDocShell docShell);
    readonly attribute unsigned long state;
    readonly attribute nsITransportSecurityInfo secInfo;
 };
 %{C++
--- a/netwerk/protocol/http/AlternateServices.cpp
+++ b/netwerk/protocol/http/AlternateServices.cpp
@ -15,8 +15,6 @@
 #include "nsThreadUtils.h"
 #include "nsHttpTransaction.h"
 #include "NullHttpTransaction.h"
 #include "nsISSLStatusProvider.h"
 #include "nsISSLStatus.h"
 #include "nsISSLSocketControl.h"
 #include "nsIWellKnownOpportunisticUtils.h"
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@ -27,8 +27,6 @@
 #include "nsHttpConnection.h"
 #include "nsIRequestContext.h"
 #include "nsISSLSocketControl.h"
 #include "nsISSLStatus.h"
 #include "nsISSLStatusProvider.h"
 #include "nsISupportsPriority.h"
 #include "nsStandardURL.h"
 #include "nsURLHelper.h"
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -69,7 +69,6 @@
 #include "nsIScriptError.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsISSLStatus.h"
 #include "nsISSLStatusProvider.h"
 #include "nsITransportSecurityInfo.h"
 #include "nsIWebProgressListener.h"
 #include "LoadContextInfo.h"
@ -1896,11 +1895,11 @@ nsHttpChannel::ProcessSecurityHeaders()
    uint32_t flags =
      NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
-    // Get the SSLStatus
+    // Get the TransportSecurityInfo
-    nsCOMPtr<nsISSLStatusProvider> sslprov = do_QueryInterface(mSecurityInfo);
+    nsCOMPtr<nsITransportSecurityInfo> transSecInfo = do_QueryInterface(mSecurityInfo);
-    NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE);
+    NS_ENSURE_TRUE(transSecInfo, NS_ERROR_FAILURE);
    nsCOMPtr<nsISSLStatus> sslStatus;
-    rv = sslprov->GetSSLStatus(getter_AddRefs(sslStatus));
+    rv = transSecInfo->GetSSLStatus(getter_AddRefs(sslStatus));
    NS_ENSURE_SUCCESS(rv, rv);
    NS_ENSURE_TRUE(sslStatus, NS_ERROR_FAILURE);
@ -2031,17 +2030,15 @@ nsHttpChannel::ProcessSSLInformation()
        !IsHTTPS() || mPrivateBrowsing)
        return;
-    nsCOMPtr<nsISSLStatusProvider> statusProvider =
+    nsCOMPtr<nsITransportSecurityInfo> securityInfo =
        do_QueryInterface(mSecurityInfo);
-    if (!statusProvider)
+    if (!securityInfo)
        return;
    nsCOMPtr<nsISSLStatus> sslstat;
-    statusProvider->GetSSLStatus(getter_AddRefs(sslstat));
+    securityInfo->GetSSLStatus(getter_AddRefs(sslstat));
    if (!sslstat)
        return;
    nsCOMPtr<nsITransportSecurityInfo> securityInfo =
        do_QueryInterface(mSecurityInfo);
    uint32_t state;
    if (securityInfo &&
        NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) &&
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@ -24,7 +24,7 @@
 #include "nsIChannel.h"
 #include "nsIX509Cert.h"
 #include "nsISSLStatus.h"
-#include "nsISSLStatusProvider.h"
+#include "nsITransportSecurityInfo.h"
 #endif
 #include "mozilla/Attributes.h"
 #include "mozilla/Base64.h"
@ -335,12 +335,12 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
        if (NS_FAILED(rv))
            return rv;
-        nsCOMPtr<nsISSLStatusProvider> statusProvider =
+        nsCOMPtr<nsITransportSecurityInfo> secInfo =
            do_QueryInterface(security);
-        if (mUseNative && statusProvider) {
+        if (mUseNative && secInfo) {
            nsCOMPtr<nsISSLStatus> status;
-            rv = statusProvider->GetSSLStatus(getter_AddRefs(status));
+            rv = secInfo->GetSSLStatus(getter_AddRefs(status));
            if (NS_FAILED(rv))
                return rv;
--- a/netwerk/socket/nsITransportSecurityInfo.idl
+++ b/netwerk/socket/nsITransportSecurityInfo.idl
@ -6,6 +6,7 @@
 #include "nsISupports.idl"
 interface nsISSLStatus;
 interface nsIX509CertList;
 [builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
@ -21,5 +22,7 @@ interface nsITransportSecurityInfo : nsISupports {
     * If verification succeeded, this will be null.
     */
    readonly attribute nsIX509CertList failedCertChain;
    readonly attribute nsISSLStatus SSLStatus;
 };
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@ -26,7 +26,9 @@ function initExceptionDialog() {
  gNsISecTel = Ci.nsISecurityUITelemetry;
  var brandName = gBundleBrand.getString("brandShortName");
-  setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName]));
+  setText("warningText",
          gPKIBundle.getFormattedString("addExceptionBrandedWarning2",
                                        [brandName]));
  gDialog.getButton("extra1").disabled = true;
  var args = window.arguments;
@ -75,7 +77,7 @@ function initExceptionDialog() {
 function grabCert(req, evt) {
  if (req.channel && req.channel.securityInfo) {
    gSSLStatus = req.channel.securityInfo
-                    .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+                    .QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
    gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert
                       : null;
  }
@ -159,7 +161,8 @@ function resetDialog() {
 */
 function handleTextChange() {
  var checkCertButton = document.getElementById("checkCertButton");
-  checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
+  checkCertButton.disabled =
                    !(document.getElementById("locationTextBox").value);
  if (gNeedReset) {
    gNeedReset = false;
    resetDialog();
@ -201,7 +204,8 @@ function updateCertStatus() {
        }
      }
      if (gSSLStatus.isUntrusted) {
-        bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
+        bucketId +=
          gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
        if (!use1) {
          use1 = true;
          shortDesc = uts;
@ -229,7 +233,8 @@ function updateCertStatus() {
      pe.disabled = inPrivateBrowsing;
      pe.checked = !inPrivateBrowsing;
-      setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader"));
+      setText("headerDescription",
              gPKIBundle.getString("addExceptionInvalidHeader"));
    } else {
      shortDesc = "addExceptionValidShort";
      longDesc  = "addExceptionValidLong";
@ -301,22 +306,27 @@ function addException() {
  var overrideService = Cc["@mozilla.org/security/certoverride;1"]
                          .getService(Ci.nsICertOverrideService);
  var flags = 0;
-  let confirmBucketId = gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
+  let confirmBucketId =
        gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
  if (gSSLStatus.isUntrusted) {
    flags |= overrideService.ERROR_UNTRUSTED;
-    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
+    confirmBucketId +=
        gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
  }
  if (gSSLStatus.isDomainMismatch) {
    flags |= overrideService.ERROR_MISMATCH;
-    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
+    confirmBucketId +=
           gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
  }
  if (gSSLStatus.isNotValidAtThisTime) {
    flags |= overrideService.ERROR_TIME;
-    confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
+    confirmBucketId +=
           gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
  }
  var permanentCheckbox = document.getElementById("permanent");
-  var shouldStorePermanently = permanentCheckbox.checked && !inPrivateBrowsingMode();
+  var shouldStorePermanently = permanentCheckbox.checked &&
                               !inPrivateBrowsingMode();
  if (!permanentCheckbox.checked) {
    gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION);
  }
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@ -51,7 +51,6 @@ TransportSecurityInfo::TransportSecurityInfo()
 NS_IMPL_ISUPPORTS(TransportSecurityInfo,
                  nsITransportSecurityInfo,
                  nsIInterfaceRequestor,
                  nsISSLStatusProvider,
                  nsIAssociatedContentSecurity,
                  nsISerializable,
                  nsIClassInfo)
@ -365,7 +364,7 @@ TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
  return NS_OK;
 }
-nsresult
+NS_IMETHODIMP
 TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result)
 {
  NS_ENSURE_ARG_POINTER(_result);
--- a/security/manager/ssl/TransportSecurityInfo.h
+++ b/security/manager/ssl/TransportSecurityInfo.h
@ -16,7 +16,6 @@
 #include "nsDataHashtable.h"
 #include "nsIAssociatedContentSecurity.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsISSLStatusProvider.h"
 #include "nsITransportSecurityInfo.h"
 #include "nsSSLStatus.h"
 #include "nsString.h"
@ -26,7 +25,6 @@ namespace mozilla { namespace psm {
 class TransportSecurityInfo : public nsITransportSecurityInfo
                            , public nsIInterfaceRequestor
                            , public nsISSLStatusProvider
                            , public nsIAssociatedContentSecurity
                            , public nsISerializable
                            , public nsIClassInfo
@ -39,7 +37,6 @@ public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSITRANSPORTSECURITYINFO
  NS_DECL_NSIINTERFACEREQUESTOR
  NS_DECL_NSISSLSTATUSPROVIDER
  NS_DECL_NSIASSOCIATEDCONTENTSECURITY
  NS_DECL_NSISERIALIZABLE
  NS_DECL_NSICLASSINFO
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@ -36,7 +36,6 @@ XPIDL_SOURCES += [
    'nsISecurityUITelemetry.idl',
    'nsISiteSecurityService.idl',
    'nsISSLStatus.idl',
    'nsISSLStatusProvider.idl',
    'nsITokenDialogs.idl',
    'nsITokenPasswordDialogs.idl',
    'nsIX509Cert.idl',
--- a/security/manager/ssl/nsISSLStatusProvider.idl
+++ b/security/manager/ssl/nsISSLStatusProvider.idl
@ -1,13 +0,0 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nsISupports.idl"
 interface nsISSLStatus;
 [scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)]
 interface nsISSLStatusProvider : nsISupports {
  readonly attribute nsISSLStatus SSLStatus;
 };
--- a/security/manager/ssl/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
@ -89,8 +89,7 @@ nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
 NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
                  nsISecureBrowserUI,
                  nsIWebProgressListener,
-                  nsISupportsWeakReference,
+                  nsISupportsWeakReference)
                  nsISSLStatusProvider)
 NS_IMETHODIMP
 nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow)
@ -374,23 +373,21 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest,
          ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n",
           this, mNewToplevelSecurityState));
-  nsCOMPtr<nsISSLStatusProvider> sp(do_QueryInterface(info));
+  nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
-  if (sp) {
+  if (psmInfo) {
    // Ignore result
    updateStatus = true;
-    (void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
+    (void) psmInfo->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
    if (temp_SSLStatus) {
      bool aTemp;
      if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
        mNewToplevelIsEV = aTemp;
      }
    }
    mSecInfo = psmInfo;
  }
  mNewToplevelSecurityStateKnown = true;
  if (updateStatus) {
    mSSLStatus = temp_SSLStatus;
  }
  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
         ("SecureUI:%p: remember securityInfo %p\n", this,
          info));
@ -1014,7 +1011,7 @@ nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
    // If we have no security, we also shouldn't have any SSL status.
    if (newSecurityState == lis_no_security) {
-      mSSLStatus = nullptr;
+      mSecInfo = nullptr;
    }
  }
@ -1166,9 +1163,8 @@ nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress,
  return NS_OK;
 }
 // nsISSLStatusProvider methods
 NS_IMETHODIMP
-nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
+nsSecureBrowserUIImpl::GetSecInfo(nsITransportSecurityInfo** _result)
 {
  NS_ENSURE_ARG_POINTER(_result);
  MOZ_ASSERT(NS_IsMainThread());
@ -1187,7 +1183,7 @@ nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
      return NS_OK;
  }
-  *_result = mSSLStatus;
+  *_result = mSecInfo;
  NS_IF_ADDREF(*_result);
  return NS_OK;
--- a/security/manager/ssl/nsSecureBrowserUIImpl.h
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.h
@ -10,14 +10,13 @@
 #include "mozilla/ReentrancyGuard.h"
 #include "nsCOMPtr.h"
 #include "nsINetUtil.h"
 #include "nsISSLStatusProvider.h"
 #include "nsISecureBrowserUI.h"
 #include "nsISecurityEventSink.h"
 #include "nsIURI.h"
 #include "nsIWebProgressListener.h"
 #include "nsWeakReference.h"
-class nsISSLStatus;
+class nsITransportSecurityInfo;
 class nsIChannel;
 #define NS_SECURE_BROWSER_UI_CID \
@ -26,8 +25,7 @@ class nsIChannel;
 class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
                              public nsIWebProgressListener,
-                              public nsSupportsWeakReference,
+                              public nsSupportsWeakReference
                              public nsISSLStatusProvider
 {
  friend class mozilla::ReentrancyGuard;
@ -37,7 +35,6 @@ public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSIWEBPROGRESSLISTENER
  NS_DECL_NSISECUREBROWSERUI
  NS_DECL_NSISSLSTATUSPROVIDER
 protected:
  virtual ~nsSecureBrowserUIImpl() {};
@ -87,7 +84,7 @@ protected:
  void ObtainEventSink(nsIChannel *channel,
                       nsCOMPtr<nsISecurityEventSink> &sink);
-  nsCOMPtr<nsISSLStatus> mSSLStatus;
+  nsCOMPtr<nsITransportSecurityInfo> mSecInfo;
  nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
  PLDHashTable mTransferringRequests;
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@ -720,8 +720,7 @@ FakeSSLStatus.prototype = {
 // Helper function for add_cert_override_test. Probably doesn't need to be
 // called directly.
 function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
-  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+  let sslstatus = aSecurityInfo.SSLStatus;
                               .SSLStatus;
  let bits =
    (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
    (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
@ -749,8 +748,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
              Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
              "Cert override flag should be set on the security state");
    if (aExpectedSSLStatus) {
-      let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+      let sslstatus = aSecurityInfo.SSLStatus;
                                  .SSLStatus;
      if (aExpectedSSLStatus.failedCertChain) {
        ok(aExpectedSSLStatus.failedCertChain.equals(sslstatus.failedCertChain));
      }
@ -763,8 +761,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
 // SSLStatus set on it. In this case, the error was not overridable anyway, so
 // we consider it a success.
 function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
-  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+  let sslstatus = aSecurityInfo.SSLStatus;
                               .SSLStatus;
  if (sslstatus) {
    let bits =
      (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
--- a/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
@ -10,8 +10,7 @@
 // Helper function for add_read_only_cert_override_test. Probably doesn't need
 // to be called directly.
 function add_read_only_cert_override(aHost, aExpectedBits, aSecurityInfo) {
-  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+  let sslstatus = aSecurityInfo.SSLStatus;
                               .SSLStatus;
  let bits =
    (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
    (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
--- a/security/manager/ssl/tests/unit/test_ct.js
+++ b/security/manager/ssl/tests/unit/test_ct.js
@ -11,8 +11,7 @@ const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
 function expectCT(value) {
  return (securityInfo) => {
-    let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+    let sslStatus = securityInfo.SSLStatus;
                                .SSLStatus;
    Assert.equal(sslStatus.certificateTransparencyStatus, value,
                 "actual and expected CT status should match");
  };
--- a/security/manager/ssl/tests/unit/test_session_resumption.js
+++ b/security/manager/ssl/tests/unit/test_session_resumption.js
@ -41,9 +41,7 @@ function add_resume_non_ev_with_override_test() {
      ok(transportSecurityInfo.securityState &
         Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
         "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag");
-      let sslStatus = transportSecurityInfo
+      let sslStatus = transportSecurityInfo.SSLStatus;
                        .QueryInterface(Ci.nsISSLStatusProvider)
                        .SSLStatus;
      ok(!sslStatus.succeededCertChain,
         "ev-test.example.com should not have succeededCertChain set");
      ok(!sslStatus.isDomainMismatch,
@ -68,9 +66,7 @@ function add_one_ev_test() {
      ok(!(transportSecurityInfo.securityState &
           Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
         "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag");
-      let sslStatus = transportSecurityInfo
+      let sslStatus = transportSecurityInfo.SSLStatus;
                        .QueryInterface(Ci.nsISSLStatusProvider)
                        .SSLStatus;
      ok(sslStatus.succeededCertChain,
         "ev-test.example.com should have succeededCertChain set");
      ok(!sslStatus.isDomainMismatch,
@ -130,9 +126,7 @@ function add_one_non_ev_test() {
      ok(!(transportSecurityInfo.securityState &
           Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
         `${GOOD_DOMAIN} should not have STATE_CERT_USER_OVERRIDDEN flag`);
-      let sslStatus = transportSecurityInfo
+      let sslStatus = transportSecurityInfo.SSLStatus;
                        .QueryInterface(Ci.nsISSLStatusProvider)
                        .SSLStatus;
      ok(sslStatus.succeededCertChain,
         `${GOOD_DOMAIN} should have succeededCertChain set`);
      ok(!sslStatus.isDomainMismatch,
--- a/security/manager/ssl/tests/unit/test_ssl_status.js
+++ b/security/manager/ssl/tests/unit/test_ssl_status.js
@ -20,8 +20,8 @@ function run_test() {
  // succeededCertChain should be set as expected)
  add_connection_test(
    "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
-    function withSecurityInfo(aSSLStatus) {
+    function withSecurityInfo(aSecInfo) {
-      let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+      let sslstatus = aSecInfo.SSLStatus;
      equal(sslstatus.failedCertChain, null,
            "failedCertChain for a successful connection should be null");
      ok(sslstatus.succeededCertChain.equals(build_cert_chain(["default-ee", "test-ca"])),
@ -33,8 +33,8 @@ function run_test() {
  // succeededCertChain should be null)
  add_connection_test(
    "expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE, null,
-    function withSecurityInfo(aSSLStatus) {
+    function withSecurityInfo(aSecInfo) {
-      let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+      let sslstatus = aSecInfo.SSLStatus;
      equal(sslstatus.succeededCertChain, null,
            "succeededCertChain for a failed connection should be null");
      ok(sslstatus.failedCertChain.equals(build_cert_chain(["expired-ee", "test-ca"])),
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@ -111,8 +111,8 @@ function processStsHeader(host, header, status, securityInfo) {
  if (header != null && securityInfo != null) {
    try {
      let uri = Services.io.newURI("https://" + host.name);
-      let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+      let sslStatus = securityInfo.
-                                  .SSLStatus;
+                       QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
      gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
                               uri, header, sslStatus, 0,
                               Ci.nsISiteSecurityService.SOURCE_PRELOAD_LIST,
--- a/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py
+++ b/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py
@ -40,8 +40,7 @@ class Security(BaseLib):
        """
        cert = self.marionette.execute_script("""
          var securityUI = arguments[0].linkedBrowser.securityUI;
-          var status = securityUI.QueryInterface(Components.interfaces.nsISSLStatusProvider)
+          var status = securityUI.secInfo && securityUI.secInfo.SSLStatus;
                                 .SSLStatus;
          return status ? status.serverCert : null;
        """, script_args=[tab_element])
--- a/toolkit/content/browser-child.js
+++ b/toolkit/content/browser-child.js
@ -215,7 +215,7 @@ var WebProgressListener = {
    let objects = this._setupObjects(aWebProgress, aRequest);
    json.state = aState;
-    json.status = SecurityUI.getSSLStatusAsString();
+    json.secInfo = SecurityUI.getSecInfoAsString();
    json.matchedList = null;
    if (aRequest && aRequest instanceof Ci.nsIClassifiedChannel) {
@ -374,15 +374,17 @@ var WebNavigation =  {
 WebNavigation.init();
 var SecurityUI = {
-  getSSLStatusAsString() {
+  getSecInfoAsString() {
-    let status = docShell.securityUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+    let secInfo = docShell.securityUI.secInfo;
-    if (status) {
+    if (secInfo) {
-      let helper = Cc["@mozilla.org/network/serialization-helper;1"]
+      if (secInfo) {
-                      .getService(Ci.nsISerializationHelper);
+        let helper = Cc["@mozilla.org/network/serialization-helper;1"]
                        .getService(Ci.nsISerializationHelper);
-      status.QueryInterface(Ci.nsISerializable);
+        secInfo.QueryInterface(Ci.nsISerializable);
-      return helper.serializeToString(status);
+        return helper.serializeToString(secInfo);
      }
    }
    return null;
--- a/toolkit/modules/CertUtils.jsm
+++ b/toolkit/modules/CertUtils.jsm
@ -143,7 +143,7 @@ function checkCert(aChannel, aAllowNonBuiltInCerts, aCerts) {
    return;
  }
-  let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+  let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
                          .SSLStatus;
  let cert = sslStatus.serverCert;
--- a/toolkit/modules/RemoteSecurityUI.jsm
+++ b/toolkit/modules/RemoteSecurityUI.jsm
@ -8,22 +8,20 @@ var EXPORTED_SYMBOLS = ["RemoteSecurityUI"];
 ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
 function RemoteSecurityUI() {
-    this._SSLStatus = null;
+    this._secInfo = null;
    this._state = 0;
 }
 RemoteSecurityUI.prototype = {
-  QueryInterface: ChromeUtils.generateQI([Ci.nsISSLStatusProvider, Ci.nsISecureBrowserUI]),
+  QueryInterface: ChromeUtils.generateQI([Ci.nsISecureBrowserUI]),
  // nsISSLStatusProvider
  get SSLStatus() { return this._SSLStatus; },
  // nsISecureBrowserUI
  get state() { return this._state; },
  get tooltipText() { return ""; },
  get secInfo() { return this._secInfo; },
-  _update(aStatus, aState) {
+  _update(aSecInfo, aState) {
-    this._SSLStatus = aStatus;
+    this._secInfo = aSecInfo;
    this._state = aState;
  }
 };
--- a/toolkit/modules/RemoteWebProgress.jsm
+++ b/toolkit/modules/RemoteWebProgress.jsm
@ -110,14 +110,14 @@ RemoteWebProgressManager.prototype = {
      this._progressListeners.filter(l => l.listener != aListener);
  },
-  _fixSSLStatusAndState(aStatus, aState) {
+  _fixSecInfoAndState(aSecInfo, aState) {
    let deserialized = null;
-    if (aStatus) {
+    if (aSecInfo) {
      let helper = Cc["@mozilla.org/network/serialization-helper;1"]
                    .getService(Ci.nsISerializationHelper);
-      deserialized = helper.deserializeObject(aStatus);
+      deserialized = helper.deserializeObject(aSecInfo);
-      deserialized.QueryInterface(Ci.nsISSLStatus);
+      deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
    }
    return [deserialized, aState];
@ -241,14 +241,14 @@ RemoteWebProgressManager.prototype = {
      break;
    case "Content:SecurityChange":
-      let [status, state] = this._fixSSLStatusAndState(json.status, json.state);
+      let [secInfo, state] = this._fixSecInfoAndState(json.secInfo, json.state);
      if (isTopLevel) {
        // Invoking this getter triggers the generation of the underlying object,
        // which we need to access with ._securityUI, because .securityUI returns
        // a wrapper that makes _update inaccessible.
        void this._browser.securityUI;
-        this._browser._securityUI._update(status, state);
+        this._browser._securityUI._update(secInfo, state);
      }
      this._callProgressListeners(
--- a/toolkit/modules/addons/SecurityInfo.jsm
+++ b/toolkit/modules/addons/SecurityInfo.jsm
@ -94,7 +94,6 @@ const SecurityInfo = {
    }
    securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
    securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
    const SSLStatus = securityInfo.SSLStatus;
    if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) {
--- a/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul
+++ b/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul
@ -87,7 +87,7 @@ function testXHRLoad(aEvent) {
     "attributes array passed to checkCert has an element that has an " +
     "issuerName that is not the same as the certificate's");
-  var cert = channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
+  var cert = channel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo).
             SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
  certs = [ { issuerName: cert.issuerName,
--- a/toolkit/mozapps/update/nsUpdateService.js
+++ b/toolkit/mozapps/update/nsUpdateService.js
@ -3116,7 +3116,7 @@ Checker.prototype = {
    // Set MitM pref.
    try {
      var sslStatus = request.channel.QueryInterface(Ci.nsIRequest)
-                        .securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                        .securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
                        .SSLStatus.QueryInterface(Ci.nsISSLStatus);
      if (sslStatus && sslStatus.serverCert && sslStatus.serverCert.issuerName) {
        Services.prefs.setStringPref("security.pki.mitm_canary_issuer",