# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- # vim: set filetype=python: # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # osclientcerts is currently only implemented for Windows # osclientcerts transitively depends on winapi 0.2.8, which doesn't work with # AArch64 if (CONFIG["OS_ARCH"] == "WINNT" and CONFIG["CPU_ARCH"] != "aarch64") or CONFIG[ "OS_ARCH" ] == "Darwin": DIRS += ["osclientcerts"] DIRS += ["ipcclientcerts"] DIRS += ["builtins"] TEST_DIRS += ["tests"] XPIDL_SOURCES += [ "nsICertificateDialogs.idl", "nsICertOverrideService.idl", "nsICertStorage.idl", "nsICertTree.idl", "nsIClientAuthDialogs.idl", "nsIClientAuthRememberService.idl", "nsIContentSignatureVerifier.idl", "nsICryptoHash.idl", "nsINSSComponent.idl", "nsINSSErrorsService.idl", "nsINSSVersion.idl", "nsIOSKeyStore.idl", "nsIOSReauthenticator.idl", "nsIPK11Token.idl", "nsIPK11TokenDB.idl", "nsIPKCS11Module.idl", "nsIPKCS11ModuleDB.idl", "nsIPKCS11Slot.idl", "nsIPublicKeyPinningService.idl", "nsISecretDecoderRing.idl", "nsISecurityUITelemetry.idl", "nsISiteSecurityService.idl", "nsITLSSocketControl.idl", "nsITokenPasswordDialogs.idl", "nsITransportSecurityInfo.idl", "nsIX509Cert.idl", "nsIX509CertDB.idl", "nsIX509CertValidity.idl", ] XPIDL_MODULE = "pipnss" XPCOM_MANIFESTS += [ "components.conf", ] EXTRA_JS_MODULES.psm += [ "DER.jsm", "RemoteSecuritySettings.jsm", "X509.jsm", ] EXPORTS += [ "CommonSocketControl.h", "CryptoTask.h", "EnterpriseRoots.h", "nsClientAuthRemember.h", "nsNSSCallbacks.h", "nsNSSCertificate.h", "nsNSSComponent.h", "nsNSSHelper.h", "nsRandomGenerator.h", "nsSecureBrowserUI.h", "nsSecurityHeaderParser.h", "NSSErrorsService.h", "nsSSLSocketProvider.h", "nsTLSSocketProvider.h", "RootCertificateTelemetryUtils.h", "ScopedNSSTypes.h", "SharedCertVerifier.h", "SSLServerCertVerification.h", "TransportSecurityInfo.h", ] EXPORTS.mozilla += [ "DataStorage.h", "DataStorageList.h", "PublicSSL.h", ] EXPORTS.mozilla.psm += [ "IPCClientCertsChild.h", "IPCClientCertsParent.h", "SelectTLSClientAuthCertChild.h", "SelectTLSClientAuthCertParent.h", "TransportSecurityInfo.h", "VerifySSLServerCertChild.h", "VerifySSLServerCertParent.h", ] EXPORTS.ipc += [ "DataStorageIPCUtils.h", ] UNIFIED_SOURCES += [ "AppSignatureVerification.cpp", "AppTrustDomain.cpp", "CertStorageMemoryReporting.cpp", "CommonSocketControl.cpp", "ContentSignatureVerifier.cpp", "CryptoTask.cpp", "DataStorage.cpp", "EnterpriseRoots.cpp", "IPCClientCertsChild.cpp", "IPCClientCertsParent.cpp", "md4.c", "nsCertOverrideService.cpp", "nsCertTree.cpp", "nsClientAuthRemember.cpp", "nsCryptoHash.cpp", "nsNSSCallbacks.cpp", "nsNSSCertHelper.cpp", "nsNSSCertificate.cpp", "nsNSSCertificateDB.cpp", "nsNSSCertTrust.cpp", "nsNSSComponent.cpp", "nsNSSIOLayer.cpp", "nsNSSModule.cpp", "nsNSSVersion.cpp", "nsNTLMAuthModule.cpp", "nsPK11TokenDB.cpp", "nsPKCS11Slot.cpp", "nsPKCS12Blob.cpp", "nsRandomGenerator.cpp", "nsSecureBrowserUI.cpp", "nsSecurityHeaderParser.cpp", "NSSErrorsService.cpp", "nsSiteSecurityService.cpp", "NSSKeyStore.cpp", "nsSSLSocketProvider.cpp", "NSSSocketControl.cpp", "nsTLSSocketProvider.cpp", "OSKeyStore.cpp", "PKCS11ModuleDB.cpp", "PSMRunnable.cpp", "PublicKeyPinningService.cpp", "RootCertificateTelemetryUtils.cpp", "SecretDecoderRing.cpp", "SharedSSLState.cpp", "SSLServerCertVerification.cpp", "TLSClientAuthCertSelection.cpp", "TransportSecurityInfo.cpp", "VerifySSLServerCertChild.cpp", "VerifySSLServerCertParent.cpp", "X509CertValidity.cpp", ] if CONFIG["OS_ARCH"] == "WINNT": # On Windows this file includes ntsecapi.h, which contains definitions that # conflict with headers included in remaining source files. We compile this # one independently to prevent that interferance. SOURCES += [ "OSReauthenticator.cpp", ] else: UNIFIED_SOURCES += [ "OSReauthenticator.cpp", ] if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": UNIFIED_SOURCES += [ "LibSecret.cpp", ] CFLAGS += CONFIG["GLIB_CFLAGS"] CXXFLAGS += CONFIG["GLIB_CFLAGS"] if CONFIG["OS_ARCH"] == "Darwin": UNIFIED_SOURCES += [ "KeychainSecret.cpp", "OSReauthenticatorDarwin.mm", ] OS_LIBS += [ "-framework LocalAuthentication", "-framework Security", ] if CONFIG["OS_ARCH"] == "WINNT": OS_LIBS += ["credui"] UNIFIED_SOURCES += [ "CredentialManagerSecret.cpp", ] IPDL_SOURCES += [ "PIPCClientCerts.ipdl", "PSelectTLSClientAuthCert.ipdl", "PSMIPCTypes.ipdlh", "PVerifySSLServerCert.ipdl", ] FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ "!/dist/public/nss", "/dom/base", "/dom/crypto", "/netwerk/base", "/security/certverifier", "/third_party/rust/cose-c/include", "/xpcom/build", ] GeneratedFile( "nsSTSPreloadListGenerated.inc", script="../../../xpcom/ds/tools/make_dafsa.py", inputs=["nsSTSPreloadList.inc"], ) DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True" DEFINES["NSS_ENABLE_ECC"] = "True" if not CONFIG["MOZ_SYSTEM_NSS"]: USE_LIBS += [ "crmf", ] # mozpkix is linked statically from the in-tree sources independent of whether # system NSS is used or not. USE_LIBS += ["mozpkix"] include("/ipc/chromium/chromium-config.mozbuild") if CONFIG["CC_TYPE"] in ("clang", "gcc"): CXXFLAGS += [ "-Wextra", # -Wextra enables this warning, but it's too noisy to be useful. "-Wno-missing-field-initializers", ] # Gecko headers aren't warning-free enough for us to enable these warnings. CXXFLAGS += [ "-Wno-unused-parameter", ] headers_arrays_certs = [ ( "xpcshell.inc", "xpcshellRoot", "tests/unit/test_signed_apps/xpcshellTestRoot.der", ), ("addons-public.inc", "addonsPublicRoot", "addons-public.crt"), ( "addons-public-intermediate.inc", "addonsPublicIntermediate", "addons-public-intermediate.crt", ), ("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"), ( "content-signature-prod.inc", "contentSignatureProdRoot", "content-signature-prod.crt", ), ( "content-signature-stage.inc", "contentSignatureStageRoot", "content-signature-stage.crt", ), # The dev root is the same as the stage root. ( "content-signature-dev.inc", "contentSignatureDevRoot", "content-signature-stage.crt", ), ( "content-signature-local.inc", "contentSignatureLocalRoot", "content-signature-local.crt", ), ] for header, array_name, cert in headers_arrays_certs: GeneratedFile( header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert] ) REQUIRES_UNIFIED_BUILD = True