1 files changed, 42 insertions, 0 deletions

diff --git a/security/apps/gen_cert_header.py b/security/apps/gen_cert_header.py
new file mode 100644
index 0000000000..6065b98b83
--- /dev/null
+++ b/security/apps/gen_cert_header.py
@@ -0,0 +1,42 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+def _file_byte_generator(filename):
+    with open(filename, "rb") as f:
+        contents = f.read()
+
+        # Treat empty files the same as a file containing a lone 0;
+        # a single-element array will fail cert verifcation just as an
+        # empty array would.
+        if not contents:
+            return ["\0"]
+
+        return contents
+
+
+def _create_header(array_name, cert_bytes):
+    hexified = ["0x%02x" % byte for byte in cert_bytes]
+
+    substs = {"array_name": array_name, "bytes": ", ".join(hexified)}
+    return "const uint8_t %(array_name)s[] = {\n%(bytes)s\n};\n" % substs
+
+
+# Create functions named the same as the data arrays that we're going to
+# write to the headers, so we don't have to duplicate the names like so:
+#
+#   def arrayName(header, cert_filename):
+#     header.write(_create_header("arrayName", cert_filename))
+array_names = [
+    "xpcshellRoot",
+    "addonsPublicRoot",
+    "addonsPublicIntermediate",
+    "addonsStageRoot",
+]
+
+for n in array_names:
+    # Make sure the lambda captures the right string.
+    globals()[n] = lambda header, cert_filename, name=n: header.write(
+        _create_header(name, _file_byte_generator(cert_filename))
+    )