283 lines
7.3 KiB
Python
283 lines
7.3 KiB
Python
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
|
|
# vim: set filetype=python:
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
# osclientcerts is currently only implemented for Windows
|
|
# osclientcerts transitively depends on winapi 0.2.8, which doesn't work with
|
|
# AArch64
|
|
if (CONFIG["OS_ARCH"] == "WINNT" and CONFIG["TARGET_CPU"] != "aarch64") or CONFIG[
|
|
"OS_ARCH"
|
|
] == "Darwin":
|
|
DIRS += ["osclientcerts"]
|
|
|
|
DIRS += ["ipcclientcerts"]
|
|
DIRS += ["builtins"]
|
|
|
|
TEST_DIRS += ["tests"]
|
|
|
|
XPIDL_SOURCES += [
|
|
"nsICertificateDialogs.idl",
|
|
"nsICertOverrideService.idl",
|
|
"nsICertStorage.idl",
|
|
"nsICertTree.idl",
|
|
"nsIClientAuthDialogService.idl",
|
|
"nsIClientAuthRememberService.idl",
|
|
"nsIContentSignatureVerifier.idl",
|
|
"nsICryptoHash.idl",
|
|
"nsIDataStorage.idl",
|
|
"nsINSSComponent.idl",
|
|
"nsINSSErrorsService.idl",
|
|
"nsINSSVersion.idl",
|
|
"nsIOSKeyStore.idl",
|
|
"nsIOSReauthenticator.idl",
|
|
"nsIPK11Token.idl",
|
|
"nsIPK11TokenDB.idl",
|
|
"nsIPKCS11Module.idl",
|
|
"nsIPKCS11ModuleDB.idl",
|
|
"nsIPKCS11Slot.idl",
|
|
"nsIPublicKeyPinningService.idl",
|
|
"nsISecretDecoderRing.idl",
|
|
"nsISecurityUITelemetry.idl",
|
|
"nsISiteSecurityService.idl",
|
|
"nsITLSSocketControl.idl",
|
|
"nsITokenPasswordDialogs.idl",
|
|
"nsITransportSecurityInfo.idl",
|
|
"nsIX509Cert.idl",
|
|
"nsIX509CertDB.idl",
|
|
"nsIX509CertValidity.idl",
|
|
]
|
|
|
|
XPIDL_MODULE = "pipnss"
|
|
|
|
XPCOM_MANIFESTS += [
|
|
"components.conf",
|
|
]
|
|
|
|
EXTRA_JS_MODULES.psm += [
|
|
"ClientAuthDialogService.sys.mjs",
|
|
"DER.sys.mjs",
|
|
"RemoteSecuritySettings.sys.mjs",
|
|
"X509.sys.mjs",
|
|
]
|
|
|
|
EXPORTS += [
|
|
"CommonSocketControl.h",
|
|
"CryptoTask.h",
|
|
"EnterpriseRoots.h",
|
|
"nsClientAuthRemember.h",
|
|
"nsNSSCallbacks.h",
|
|
"nsNSSCertificate.h",
|
|
"nsNSSComponent.h",
|
|
"nsNSSHelper.h",
|
|
"nsRandomGenerator.h",
|
|
"nsSecureBrowserUI.h",
|
|
"nsSecurityHeaderParser.h",
|
|
"NSSErrorsService.h",
|
|
"nsSSLSocketProvider.h",
|
|
"nsTLSSocketProvider.h",
|
|
"RootCertificateTelemetryUtils.h",
|
|
"ScopedNSSTypes.h",
|
|
"SharedCertVerifier.h",
|
|
"SSLServerCertVerification.h",
|
|
"TransportSecurityInfo.h",
|
|
]
|
|
|
|
EXPORTS.mozilla += [
|
|
"PublicSSL.h",
|
|
]
|
|
|
|
EXPORTS.mozilla.psm += [
|
|
"IPCClientCertsChild.h",
|
|
"IPCClientCertsParent.h",
|
|
"SelectTLSClientAuthCertChild.h",
|
|
"SelectTLSClientAuthCertParent.h",
|
|
"TransportSecurityInfo.h",
|
|
"VerifySSLServerCertChild.h",
|
|
"VerifySSLServerCertParent.h",
|
|
]
|
|
|
|
UNIFIED_SOURCES += [
|
|
"AppSignatureVerification.cpp",
|
|
"AppTrustDomain.cpp",
|
|
"CertStorageMemoryReporting.cpp",
|
|
"CommonSocketControl.cpp",
|
|
"ContentSignatureVerifier.cpp",
|
|
"CryptoTask.cpp",
|
|
"DataStorageManager.cpp",
|
|
"EnterpriseRoots.cpp",
|
|
"IPCClientCertsChild.cpp",
|
|
"IPCClientCertsParent.cpp",
|
|
"md4.c",
|
|
"nsCertOverrideService.cpp",
|
|
"nsCertTree.cpp",
|
|
"nsClientAuthRemember.cpp",
|
|
"nsNSSCallbacks.cpp",
|
|
"nsNSSCertHelper.cpp",
|
|
"nsNSSCertificate.cpp",
|
|
"nsNSSCertificateDB.cpp",
|
|
"nsNSSCertTrust.cpp",
|
|
"nsNSSComponent.cpp",
|
|
"nsNSSIOLayer.cpp",
|
|
"nsNSSModule.cpp",
|
|
"nsNSSVersion.cpp",
|
|
"nsNTLMAuthModule.cpp",
|
|
"nsPK11TokenDB.cpp",
|
|
"nsPKCS11Slot.cpp",
|
|
"nsPKCS12Blob.cpp",
|
|
"nsRandomGenerator.cpp",
|
|
"nsSecureBrowserUI.cpp",
|
|
"nsSecurityHeaderParser.cpp",
|
|
"NSSErrorsService.cpp",
|
|
"nsSiteSecurityService.cpp",
|
|
"NSSKeyStore.cpp",
|
|
"nsSSLSocketProvider.cpp",
|
|
"NSSSocketControl.cpp",
|
|
"nsTLSSocketProvider.cpp",
|
|
"OSKeyStore.cpp",
|
|
"PKCS11ModuleDB.cpp",
|
|
"PSMRunnable.cpp",
|
|
"PublicKeyPinningService.cpp",
|
|
"RootCertificateTelemetryUtils.cpp",
|
|
"SecretDecoderRing.cpp",
|
|
"SharedSSLState.cpp",
|
|
"SSLServerCertVerification.cpp",
|
|
"TLSClientAuthCertSelection.cpp",
|
|
"TransportSecurityInfo.cpp",
|
|
"VerifySSLServerCertChild.cpp",
|
|
"VerifySSLServerCertParent.cpp",
|
|
"X509CertValidity.cpp",
|
|
]
|
|
|
|
if CONFIG["OS_ARCH"] == "WINNT":
|
|
# On Windows this file includes ntsecapi.h, which contains definitions that
|
|
# conflict with headers included in remaining source files. We compile this
|
|
# one independently to prevent that interferance.
|
|
SOURCES += [
|
|
"OSReauthenticator.cpp",
|
|
]
|
|
else:
|
|
UNIFIED_SOURCES += [
|
|
"OSReauthenticator.cpp",
|
|
]
|
|
|
|
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
|
|
UNIFIED_SOURCES += [
|
|
"LibSecret.cpp",
|
|
]
|
|
CFLAGS += CONFIG["GLIB_CFLAGS"]
|
|
CXXFLAGS += CONFIG["GLIB_CFLAGS"]
|
|
|
|
if CONFIG["TARGET_KERNEL"] == "Darwin":
|
|
UNIFIED_SOURCES += [
|
|
"KeychainSecret.cpp",
|
|
"OSReauthenticatorDarwin.mm",
|
|
]
|
|
OS_LIBS += [
|
|
"-framework LocalAuthentication",
|
|
"-framework Security",
|
|
]
|
|
|
|
if CONFIG["OS_ARCH"] == "WINNT":
|
|
OS_LIBS += ["credui"]
|
|
UNIFIED_SOURCES += [
|
|
"CredentialManagerSecret.cpp",
|
|
]
|
|
|
|
IPDL_SOURCES += [
|
|
"PIPCClientCerts.ipdl",
|
|
"PSelectTLSClientAuthCert.ipdl",
|
|
"PSMIPCTypes.ipdlh",
|
|
"PVerifySSLServerCert.ipdl",
|
|
]
|
|
|
|
FINAL_LIBRARY = "xul"
|
|
|
|
LOCAL_INCLUDES += [
|
|
"!/dist/public/nss",
|
|
"/dom/base",
|
|
"/dom/crypto",
|
|
"/netwerk/base",
|
|
"/security/certverifier",
|
|
"/third_party/rust/cose-c/include",
|
|
"/xpcom/build",
|
|
]
|
|
|
|
GeneratedFile(
|
|
"nsSTSPreloadListGenerated.inc",
|
|
script="../../../xpcom/ds/tools/make_dafsa.py",
|
|
inputs=["nsSTSPreloadList.inc"],
|
|
)
|
|
|
|
DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True"
|
|
DEFINES["NSS_ENABLE_ECC"] = "True"
|
|
|
|
# mozpkix is linked statically from the in-tree sources independent of whether
|
|
# system NSS is used or not.
|
|
USE_LIBS += ["mozpkix"]
|
|
|
|
include("/ipc/chromium/chromium-config.mozbuild")
|
|
|
|
if CONFIG["CC_TYPE"] in ("clang", "gcc"):
|
|
CXXFLAGS += [
|
|
"-Wextra",
|
|
# -Wextra enables this warning, but it's too noisy to be useful.
|
|
"-Wno-missing-field-initializers",
|
|
]
|
|
|
|
# Gecko headers aren't warning-free enough for us to enable these warnings.
|
|
CXXFLAGS += [
|
|
"-Wno-unused-parameter",
|
|
]
|
|
|
|
headers_arrays_certs = [
|
|
(
|
|
"xpcshell.inc",
|
|
"xpcshellRoot",
|
|
"tests/unit/test_signed_apps/xpcshellTestRoot.der",
|
|
),
|
|
("addons-public.inc", "addonsPublicRoot", "addons-public.crt"),
|
|
(
|
|
"addons-public-2018-intermediate.inc",
|
|
"addonsPublic2018Intermediate",
|
|
"addons-public-2018-intermediate.crt",
|
|
),
|
|
(
|
|
"addons-public-intermediate.inc",
|
|
"addonsPublicIntermediate",
|
|
"addons-public-intermediate.crt",
|
|
),
|
|
("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"),
|
|
(
|
|
"addons-stage-intermediate.inc",
|
|
"addonsStageIntermediate",
|
|
"addons-stage-intermediate.crt",
|
|
),
|
|
(
|
|
"content-signature-prod.inc",
|
|
"contentSignatureProdRoot",
|
|
"content-signature-prod.crt",
|
|
),
|
|
(
|
|
"content-signature-stage.inc",
|
|
"contentSignatureStageRoot",
|
|
"content-signature-stage.crt",
|
|
),
|
|
# The dev root is the same as the stage root.
|
|
(
|
|
"content-signature-dev.inc",
|
|
"contentSignatureDevRoot",
|
|
"content-signature-stage.crt",
|
|
),
|
|
(
|
|
"content-signature-local.inc",
|
|
"contentSignatureLocalRoot",
|
|
"content-signature-local.crt",
|
|
),
|
|
]
|
|
|
|
for header, array_name, cert in headers_arrays_certs:
|
|
GeneratedFile(
|
|
header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert]
|
|
)
|