# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at
http://mozilla.org/MPL/2.0/.
DIRS += ["ipcclientcerts"]
DIRS += ["builtins"]
TEST_DIRS += ["tests"]
XPIDL_SOURCES += [
"nsICertificateDialogs.idl",
"nsICertOverrideService.idl",
"nsICertStorage.idl",
"nsICertTree.idl",
"nsIClientAuthDialogService.idl",
"nsIClientAuthRememberService.idl",
"nsIContentSignatureVerifier.idl",
"nsICryptoHash.idl",
"nsIDataStorage.idl",
"nsINSSComponent.idl",
"nsINSSErrorsService.idl",
"nsINSSVersion.idl",
"nsIOSKeyStore.idl",
"nsIOSReauthenticator.idl",
"nsIPK11Token.idl",
"nsIPK11TokenDB.idl",
"nsIPKCS11Module.idl",
"nsIPKCS11ModuleDB.idl",
"nsIPKCS11Slot.idl",
"nsIPublicKeyPinningService.idl",
"nsISecretDecoderRing.idl",
"nsISecurityUITelemetry.idl",
"nsISiteSecurityService.idl",
"nsITLSSocketControl.idl",
"nsITokenPasswordDialogs.idl",
"nsITransportSecurityInfo.idl",
"nsIX509Cert.idl",
"nsIX509CertDB.idl",
"nsIX509CertValidity.idl",
]
XPIDL_MODULE = "pipnss"
XPCOM_MANIFESTS += [
"components.conf",
]
EXTRA_JS_MODULES.psm += [
"ClientAuthDialogService.sys.mjs",
"DER.sys.mjs",
"RemoteSecuritySettings.sys.mjs",
"X509.sys.mjs",
]
EXPORTS += [
"CommonSocketControl.h",
"CryptoTask.h",
"EnterpriseRoots.h",
"nsClientAuthRemember.h",
"nsNSSCallbacks.h",
"nsNSSCertificate.h",
"nsNSSComponent.h",
"nsNSSHelper.h",
"nsRandomGenerator.h",
"nsSecureBrowserUI.h",
"nsSecurityHeaderParser.h",
"NSSErrorsService.h",
"nsSSLSocketProvider.h",
"nsTLSSocketProvider.h",
"RootCertificateTelemetryUtils.h",
"ScopedNSSTypes.h",
"SharedCertVerifier.h",
"SSLServerCertVerification.h",
"TransportSecurityInfo.h",
]
EXPORTS.mozilla += [
"crypto_hash/crypto_hash_sha2.h",
"PublicSSL.h",
]
EXPORTS.mozilla.psm += [
"IPCClientCertsChild.h",
"IPCClientCertsParent.h",
"SelectTLSClientAuthCertChild.h",
"SelectTLSClientAuthCertParent.h",
"TransportSecurityInfo.h",
"VerifySSLServerCertChild.h",
"VerifySSLServerCertParent.h",
]
UNIFIED_SOURCES += [
"AppSignatureVerification.cpp",
"AppTrustDomain.cpp",
"CertStorageMemoryReporting.cpp",
"CommonSocketControl.cpp",
"ContentSignatureVerifier.cpp",
"CryptoTask.cpp",
"DataStorageManager.cpp",
"EnterpriseRoots.cpp",
"IPCClientCertsChild.cpp",
"IPCClientCertsParent.cpp",
"md4.c",
"nsCertOverrideService.cpp",
"nsCertTree.cpp",
"nsClientAuthRemember.cpp",
"nsNSSCallbacks.cpp",
"nsNSSCertHelper.cpp",
"nsNSSCertificate.cpp",
"nsNSSCertificateDB.cpp",
"nsNSSCertTrust.cpp",
"nsNSSComponent.cpp",
"nsNSSIOLayer.cpp",
"nsNSSModule.cpp",
"nsNSSVersion.cpp",
"nsNTLMAuthModule.cpp",
"nsPK11TokenDB.cpp",
"nsPKCS11Slot.cpp",
"nsPKCS12Blob.cpp",
"nsRandomGenerator.cpp",
"nsSecureBrowserUI.cpp",
"nsSecurityHeaderParser.cpp",
"NSSErrorsService.cpp",
"nsSiteSecurityService.cpp",
"NSSKeyStore.cpp",
"nsSSLSocketProvider.cpp",
"NSSSocketControl.cpp",
"nsTLSSocketProvider.cpp",
"OSKeyStore.cpp",
"PKCS11ModuleDB.cpp",
"PSMRunnable.cpp",
"PublicKeyPinningService.cpp",
"RootCertificateTelemetryUtils.cpp",
"SecretDecoderRing.cpp",
"SSLServerCertVerification.cpp",
"TLSClientAuthCertSelection.cpp",
"TransportSecurityInfo.cpp",
"VerifySSLServerCertChild.cpp",
"VerifySSLServerCertParent.cpp",
"X509CertValidity.cpp",
]
if CONFIG["OS_ARCH"] == "WINNT":
# On Windows this file includes ntsecapi.h, which contains definitions that
# conflict with headers included in remaining source files. We compile this
# one independently to prevent that interferance.
SOURCES += [
"OSReauthenticator.cpp",
]
else:
UNIFIED_SOURCES += [
"OSReauthenticator.cpp",
]
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
UNIFIED_SOURCES += [
"LibSecret.cpp",
]
CFLAGS += CONFIG["GLIB_CFLAGS"]
CXXFLAGS += CONFIG["GLIB_CFLAGS"]
CFLAGS += CONFIG["MOZ_GTK3_CFLAGS"]
CXXFLAGS += CONFIG["MOZ_GTK3_CFLAGS"]
if CONFIG["TARGET_KERNEL"] == "Darwin":
UNIFIED_SOURCES += [
"KeychainSecret.cpp",
"OSReauthenticatorDarwin.mm",
]
OS_LIBS += [
"-framework CoreFoundation",
"-framework LocalAuthentication",
"-framework Security",
]
IPDL_SOURCES += [
"PIPCClientCerts.ipdl",
"PSelectTLSClientAuthCert.ipdl",
"PSMIPCTypes.ipdlh",
"PVerifySSLServerCert.ipdl",
]
# Required by OSClientCerts and CredentialManagerSecret.
if CONFIG["OS_ARCH"] == "WINNT":
OS_LIBS += [
"advapi32",
"credui",
"crypt32",
"kernel32",
"ncrypt",
"userenv",
"ws2_32",
"ntdll",
]
UNIFIED_SOURCES += [
"CredentialManagerSecret.cpp",
]
# Version string comparison is generally wrong, but by the time it would
# actually matter, either bug 1489995 would be fixed, or the build would
# require version >= 1.78.
if CONFIG["RUSTC_VERSION"] and CONFIG["RUSTC_VERSION"] >= "1.78.0":
OS_LIBS += [
"synchronization",
]
FINAL_LIBRARY = "xul"
LOCAL_INCLUDES += [
"!/dist/public/nss",
"/dom/base",
"/dom/crypto",
"/netwerk/base",
"/security/certverifier",
"/third_party/rust/cose-c/include",
"/xpcom/build",
]
GeneratedFile(
"nsSTSPreloadListGenerated.inc",
script="../../../xpcom/ds/tools/make_dafsa.py",
inputs=["nsSTSPreloadList.inc"],
)
DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True"
DEFINES["NSS_ENABLE_ECC"] = "True"
# mozpkix is linked statically from the in-tree sources independent of whether
# system NSS is used or not.
USE_LIBS += ["mozpkix"]
include("/ipc/chromium/chromium-config.mozbuild")
if CONFIG["CC_TYPE"] in ("clang", "gcc"):
CXXFLAGS += [
"-Wextra",
# -Wextra enables this warning, but it's too noisy to be useful.
"-Wno-missing-field-initializers",
]
# Gecko headers aren't warning-free enough for us to enable these warnings.
CXXFLAGS += [
"-Wno-unused-parameter",
]
headers_arrays_certs = [
(
"xpcshell.inc",
"xpcshellRoots",
[
"tests/unit/test_signed_apps/xpcshellTestRoot.pem",
"tests/unit/test_signed_apps/xpcshellTestRoot2.pem",
],
),
("addons-public.inc", "addonsPublicRoots", ["addons-public.pem"]),
(
"addons-public-intermediate.inc",
"addonsPublicIntermediates",
["addons-public-intermediate.pem"],
),
("addons-stage.inc", "addonsStageRoots", ["addons-stage.pem"]),
(
"addons-stage-intermediate.inc",
"addonsStageIntermediates",
["addons-stage-intermediate.pem"],
),
(
"content-signature-prod.inc",
"contentSignatureProdRoots",
["content-signature-prod.pem"],
),
(
"content-signature-stage.inc",
"contentSignatureStageRoots",
["content-signature-stage.pem"],
),
# The dev root is the same as the stage root.
(
"content-signature-dev.inc",
"contentSignatureDevRoots",
["content-signature-stage.pem"],
),
(
"content-signature-local.inc",
"contentSignatureLocalRoots",
["content-signature-local.pem"],
),
]
for header, array_name, certs in headers_arrays_certs:
GeneratedFile(
header,
script="gen_cert_header.py",
entry_point="generate",
inputs=certs,
flags=[array_name],
)
