Final merge to back out bug 326628 (and followup bug 487980) due to regression bug 494899.

dom/base/nsDOMClassInfo.cpp

@@ -332,6 +332,7 @@
 #include "nsIDOMXULCommandDispatcher.h"
 #include "nsIDOMCrypto.h"
 #include "nsIDOMCRMFObject.h"
+#include "nsIDOMPkcs11.h"
 #include "nsIControllers.h"
 #include "nsISelection.h"
 #include "nsIBoxObject.h"
@@ -856,6 +857,8 @@ static nsDOMClassInfoData sClassInfoData[] = {
                            DOM_DEFAULT_SCRIPTABLE_FLAGS)
   NS_DEFINE_CLASSINFO_DATA(CRMFObject, nsDOMGenericSH,
                            DOM_DEFAULT_SCRIPTABLE_FLAGS)
+  NS_DEFINE_CLASSINFO_DATA(Pkcs11, nsDOMGenericSH,
+                           DOM_DEFAULT_SCRIPTABLE_FLAGS)
 
   // DOM Traversal classes
   NS_DEFINE_CLASSINFO_DATA(TreeWalker, nsDOMGenericSH,
@@ -2643,6 +2646,10 @@ nsDOMClassInfo::Init()
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMCRMFObject)
   DOM_CLASSINFO_MAP_END
 
+  DOM_CLASSINFO_MAP_BEGIN(Pkcs11, nsIDOMPkcs11)
+    DOM_CLASSINFO_MAP_ENTRY(nsIDOMPkcs11)
+  DOM_CLASSINFO_MAP_END
+
   DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(XMLStylesheetProcessingInstruction, nsIDOMProcessingInstruction)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMProcessingInstruction)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMLinkStyle)

dom/base/nsDOMClassInfoID.h

@@ -189,6 +189,7 @@ enum nsDOMClassInfoID {
   // Crypto classes
   eDOMClassInfo_Crypto_id,
   eDOMClassInfo_CRMFObject_id,
+  eDOMClassInfo_Pkcs11_id,
   
   // DOM Traversal classes
   eDOMClassInfo_TreeWalker_id,

dom/base/nsGlobalWindow.cpp

@@ -107,6 +107,7 @@
 #include "nsIDOMKeyEvent.h"
 #include "nsIDOMMessageEvent.h"
 #include "nsIDOMPopupBlockedEvent.h"
+#include "nsIDOMPkcs11.h"
 #include "nsIDOMOfflineResourceList.h"
 #include "nsIDOMGeoGeolocation.h"
 #include "nsDOMString.h"
@@ -348,6 +349,7 @@ static NS_DEFINE_CID(kXULControllersCID, NS_XULCONTROLLERS_CID);
 static const char sJSStackContractID[] = "@mozilla.org/js/xpc/ContextStack;1";
 
 static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID;
+static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID;
 
 static PRBool
 IsAboutBlank(nsIURI* aURI)
@@ -2958,6 +2960,20 @@ nsGlobalWindow::GetCrypto(nsIDOMCrypto** aCrypto)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsGlobalWindow::GetPkcs11(nsIDOMPkcs11** aPkcs11)
+{
+  FORWARD_TO_OUTER(GetPkcs11, (aPkcs11), NS_ERROR_NOT_INITIALIZED);
+
+  if (!mPkcs11) {
+    mPkcs11 = do_CreateInstance(kPkcs11ContractID);
+  }
+
+  NS_IF_ADDREF(*aPkcs11 = mPkcs11);
+
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsGlobalWindow::GetControllers(nsIControllers** aResult)
 {

dom/base/nsGlobalWindow.h

@@ -84,6 +84,7 @@
 #include "nsIEventListenerManager.h"
 #include "nsIDOMDocument.h"
 #include "nsIDOMCrypto.h"
+#include "nsIDOMPkcs11.h"
 #include "nsIPrincipal.h"
 #include "nsPluginArray.h"
 #include "nsMimeTypeArray.h"
@@ -707,6 +708,7 @@ protected:
   nsGlobalWindowObserver*       mObserver;
 
   nsCOMPtr<nsIDOMCrypto>        mCrypto;
+  nsCOMPtr<nsIDOMPkcs11>        mPkcs11;
 
   nsCOMPtr<nsIDOMStorage>      mLocalStorage;
 

dom/interfaces/base/Makefile.in

@@ -66,6 +66,7 @@ XPIDLSRCS =					\
 	nsIDOMMimeType.idl			\
 	nsIDOMMimeTypeArray.idl			\
 	nsIDOMNavigator.idl			\
+	nsIDOMPkcs11.idl			\
 	nsIDOMPlugin.idl			\
 	nsIDOMPluginArray.idl			\
 	nsIDOMScreen.idl			\

dom/interfaces/base/domstubs.idl

@@ -126,4 +126,5 @@ interface nsIDOMRange;
 // Crypto
 interface nsIDOMCRMFObject;
 interface nsIDOMCrypto;
+interface nsIDOMPkcs11;
 

dom/interfaces/base/nsIDOMPkcs11.idl

@@ -38,12 +38,12 @@
 
 #include "domstubs.idl"
 
-[scriptable, uuid(bd6dbe50-b902-435e-90a4-4a10b1122440)]
-interface nsIPKCS11 : nsISupports
+[scriptable, uuid(9fd42950-25e7-11d4-8a7d-006008c844c3)]
+interface nsIDOMPkcs11 : nsISupports
 {
-  void deleteModule(in DOMString moduleName);
-  void addModule(in DOMString moduleName,
-                 in DOMString libraryFullPath,
-                 in long cryptoMechanismFlags,
-                 in long cipherFlags);
+  long                      deletemodule(in DOMString moduleName);
+  long                      addmodule(in DOMString moduleName,
+                                      in DOMString libraryFullPath,
+                                      in long cryptoMechanismFlags,
+                                      in long cipherFlags);
 };

dom/interfaces/base/nsIDOMWindowInternal.idl

@@ -44,7 +44,7 @@ interface nsIControllers;
 interface nsIDOMLocation;
 interface nsIVariant;
 
-[scriptable, uuid(5c5ece60-d5f1-47fa-9afa-ee3b9c76b0e5)]
+[scriptable, uuid(3414EBC7-731F-4697-9F43-ACA6F5050875)]
 interface nsIDOMWindowInternal : nsIDOMWindow2
 {
   readonly attribute nsIDOMWindowInternal        window;
@@ -81,6 +81,7 @@ interface nsIDOMWindowInternal : nsIDOMWindow2
   readonly attribute nsIDOMBarProp               directories;
   readonly attribute boolean                     closed;
   readonly attribute nsIDOMCrypto                crypto;
+  readonly attribute nsIDOMPkcs11                pkcs11;
 
   // XXX Shouldn't this be in nsIDOMChromeWindow?
   /* [replaceable] controllers */

security/manager/locales/en-US/chrome/pipnss/pipnss.properties

@@ -316,6 +316,17 @@ PKCS12UnknownErrBackup=Failed to create the PKCS #12 backup file for unknown rea
 PKCS12UnknownErr=The PKCS #12 operation failed for unknown reasons.
 PKCS12InfoNoSmartcardBackup=It is not possible to back up certificates from a hardware security device such as a smart card.
 PKCS12DupData=The certificate and private key already exist on the security device.
+AddModulePrompt=Are you sure you want to install this security module?
+AddModuleName=Module Name: %S
+AddModulePath=Path: %S
+AddModuleSuccess=A new security module has been installed
+AddModuleFailure=Unable to add module
+AddModuleDup=Security Module already exists
+DelModuleBadName=Invalid module name.
+DelModuleWarning=Are you sure you want to delete this security module?
+DelModuleError=Unable to delete module
+DelModuleIntSuccess=Internal security module successfully deleted
+DelModuleExtSuccess=External security module successfully deleted
 ForcedBackup1=You should make a password-protected backup copy of your new security certificate and its associated private key.
 ForcedBackup2=If you ever lose access to your private key by forgetting your personal security password, or by experiencing file corruption, you can restore this private key and certificate from this backup copy.
 ForcedBackup3=To make a copy, click OK. If possible, you should save your backup copy on a floppy disk that you keep in a safe location.

security/manager/ssl/public/Makefile.in

@@ -71,7 +71,6 @@ XPIDLSRCS = \
     nsIX509Cert3.idl \
     nsIX509CertDB2.idl \
     nsIX509CertList.idl \
-    nsIPKCS11.idl \
     nsIPKCS11Slot.idl \
     nsIPK11TokenDB.idl \
     nsICertPickDialogs.idl \

security/manager/ssl/src/nsCrypto.cpp

@@ -251,8 +251,9 @@ NS_IMPL_RELEASE(nsCRMFObject)
 
 // QueryInterface implementation for nsPkcs11
 NS_INTERFACE_MAP_BEGIN(nsPkcs11)
-  NS_INTERFACE_MAP_ENTRY(nsIPKCS11)
+  NS_INTERFACE_MAP_ENTRY(nsIDOMPkcs11)
   NS_INTERFACE_MAP_ENTRY(nsISupports)
+  NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Pkcs11)
 NS_INTERFACE_MAP_END
 
 NS_IMPL_ADDREF(nsPkcs11)
@@ -2944,18 +2945,33 @@ confirm_user(const PRUnichar *message)
 
 //Delete a PKCS11 module from the user's profile.
 NS_IMETHODIMP
-nsPkcs11::DeleteModule(const nsAString& aModuleName)
+nsPkcs11::Deletemodule(const nsAString& aModuleName, PRInt32* aReturn)
 {
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
   nsString errorMessage;
 
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if (NS_FAILED(rv))
-    return rv;
-
   if (aModuleName.IsEmpty()) {
-    return NS_ERROR_ILLEGAL_VALUE;
+    *aReturn = JS_ERR_BAD_MODULE_NAME;
+    nssComponent->GetPIPNSSBundleString("DelModuleBadName", errorMessage);
+    alertUser(errorMessage.get());
+    return NS_OK;
+  }
+  nsString final;
+  nsAutoString temp;
+  //Make sure the user knows we're trying to do this.
+  nssComponent->GetPIPNSSBundleString("DelModuleWarning", final);
+  final.Append(NS_LITERAL_STRING("\n").get());
+  PRUnichar *tempUni = ToNewUnicode(aModuleName);
+  const PRUnichar *formatStrings[1] = { tempUni };
+  rv = nssComponent->PIPBundleFormatStringFromName("AddModuleName",
+                                                   formatStrings, 1, temp);
+  nsMemory::Free(tempUni);
+  final.Append(temp);
+  if (!confirm_user(final.get())) {
+    *aReturn = JS_ERR_USER_CANCEL_ACTION;
+    return NS_OK;
   }
   
   char *modName = ToNewCString(aModuleName);
@@ -2967,25 +2983,69 @@ nsPkcs11::DeleteModule(const nsAString& aModuleName)
       nssComponent->ShutdownSmartCardThread(module);
       SECMOD_DestroyModule(module);
     }
-    rv = NS_OK;
+    if (modType == SECMOD_EXTERNAL) {
+      nssComponent->GetPIPNSSBundleString("DelModuleExtSuccess", errorMessage);
+      *aReturn = JS_OK_DEL_EXTERNAL_MOD;
+    } else {
+      nssComponent->GetPIPNSSBundleString("DelModuleIntSuccess", errorMessage);
+      *aReturn = JS_OK_DEL_INTERNAL_MOD;
+    }
   } else {
-    rv = NS_ERROR_FAILURE;
+    *aReturn = JS_ERR_DEL_MOD;
+    nssComponent->GetPIPNSSBundleString("DelModuleError", errorMessage);
   }
-  NS_Free(modName);
-  return rv;
+  alertUser(errorMessage.get());
+  return NS_OK;
 }
 
 //Add a new PKCS11 module to the user's profile.
 NS_IMETHODIMP
-nsPkcs11::AddModule(const nsAString& aModuleName, 
+nsPkcs11::Addmodule(const nsAString& aModuleName, 
                     const nsAString& aLibraryFullPath, 
                     PRInt32 aCryptoMechanismFlags, 
-                    PRInt32 aCipherFlags)
+                    PRInt32 aCipherFlags, PRInt32* aReturn)
 {
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  nsString final;
+  nsAutoString temp;
 
+  rv = nssComponent->GetPIPNSSBundleString("AddModulePrompt", final);
+  if (NS_FAILED(rv))
+    return rv;
+
+  final.Append(NS_LITERAL_STRING("\n").get());
+  
+  PRUnichar *tempUni = ToNewUnicode(aModuleName); 
+  const PRUnichar *formatStrings[1] = { tempUni };
+  rv = nssComponent->PIPBundleFormatStringFromName("AddModuleName",
+                                                   formatStrings, 1, temp);
+  nsMemory::Free(tempUni);
+
+  if (NS_FAILED(rv))
+    return rv;
+
+  final.Append(temp);
+  final.Append(NS_LITERAL_STRING("\n").get());
+
+  tempUni = ToNewUnicode(aLibraryFullPath);
+  formatStrings[0] = tempUni;
+  rv = nssComponent->PIPBundleFormatStringFromName("AddModulePath",
+                                                   formatStrings, 1, temp);
+  nsMemory::Free(tempUni);
+  if (NS_FAILED(rv))
+    return rv;
+
+  final.Append(temp);
+  final.Append(NS_LITERAL_STRING("\n").get());
+ 
+  if (!confirm_user(final.get())) {
+    // The user has canceled. So let's return now.
+    *aReturn = JS_ERR_USER_CANCEL_ACTION;
+    return NS_OK;
+  }
+  
   char *moduleName = ToNewCString(aModuleName);
   char *fullPath   = ToNewCString(aLibraryFullPath);
   PRUint32 mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags);
@@ -3007,12 +3067,22 @@ nsPkcs11::AddModule(const nsAString& aModuleName,
   // what the return value for SEDMOD_AddNewModule is
   switch (srv) {
   case SECSuccess:
-    return NS_OK;
+    nssComponent->GetPIPNSSBundleString("AddModuleSuccess", final);
+    *aReturn = JS_OK_ADD_MOD;
+    break;
   case SECFailure:
+    nssComponent->GetPIPNSSBundleString("AddModuleFailure", final);
+    *aReturn = JS_ERR_ADD_MOD;
+    break;
   case -2:
+    nssComponent->GetPIPNSSBundleString("AddModuleDup", final);
+    *aReturn = JS_ERR_ADD_DUPLICATE_MOD;
+    break;
+  default:
+    NS_ASSERTION(0,"Bogus return value, this should never happen");
     return NS_ERROR_FAILURE;
   }
-  NS_ASSERTION(0,"Bogus return value, this should never happen");
-  return NS_ERROR_FAILURE;
+  alertUser(final.get());
+  return NS_OK;
 }
 

security/manager/ssl/src/nsCrypto.h

@@ -41,7 +41,7 @@
 #include "nsCOMPtr.h"
 #include "nsIDOMCRMFObject.h"
 #include "nsIDOMCrypto.h"
-#include "nsIPKCS11.h"
+#include "nsIDOMPkcs11.h"
 #include "nsIRunnable.h"
 #include "nsString.h"
 #include "jsapi.h"
@@ -95,14 +95,14 @@ private:
   PRBool mEnableSmartCardEvents;
 };
 
-class nsPkcs11 : public nsIPKCS11
+class nsPkcs11 : public nsIDOMPkcs11
 {
 public:
   nsPkcs11();
   virtual ~nsPkcs11();
 
   NS_DECL_ISUPPORTS
-  NS_DECL_NSIPKCS11
+  NS_DECL_NSIDOMPKCS11
 
 };