| blob | 955b86bc14c8b0ea3e62d2072052328486f5a4e6 |
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
2 # vim: set filetype=python:
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 # osclientcerts is currently only implemented for Windows
8 # osclientcerts transitively depends on winapi 0.2.8, which doesn't work with
9 # AArch64
10 if (CONFIG["OS_ARCH"] == "WINNT" and CONFIG["TARGET_CPU"] != "aarch64") or CONFIG[
11 "OS_ARCH"
12 ] == "Darwin":
13 DIRS += ["osclientcerts"]
15 DIRS += ["ipcclientcerts"]
16 DIRS += ["builtins"]
18 TEST_DIRS += ["tests"]
20 XPIDL_SOURCES += [
21 "nsICertificateDialogs.idl",
22 "nsICertOverrideService.idl",
23 "nsICertStorage.idl",
24 "nsICertTree.idl",
25 "nsIClientAuthDialogService.idl",
26 "nsIClientAuthRememberService.idl",
27 "nsIContentSignatureVerifier.idl",
28 "nsICryptoHash.idl",
29 "nsIDataStorage.idl",
30 "nsINSSComponent.idl",
31 "nsINSSErrorsService.idl",
32 "nsINSSVersion.idl",
33 "nsIOSKeyStore.idl",
34 "nsIOSReauthenticator.idl",
35 "nsIPK11Token.idl",
36 "nsIPK11TokenDB.idl",
37 "nsIPKCS11Module.idl",
38 "nsIPKCS11ModuleDB.idl",
39 "nsIPKCS11Slot.idl",
40 "nsIPublicKeyPinningService.idl",
41 "nsISecretDecoderRing.idl",
42 "nsISecurityUITelemetry.idl",
43 "nsISiteSecurityService.idl",
44 "nsITLSSocketControl.idl",
45 "nsITokenPasswordDialogs.idl",
46 "nsITransportSecurityInfo.idl",
47 "nsIX509Cert.idl",
48 "nsIX509CertDB.idl",
49 "nsIX509CertValidity.idl",
50 ]
52 XPIDL_MODULE = "pipnss"
54 XPCOM_MANIFESTS += [
55 "components.conf",
56 ]
58 EXTRA_JS_MODULES.psm += [
59 "ClientAuthDialogService.sys.mjs",
60 "DER.sys.mjs",
61 "RemoteSecuritySettings.sys.mjs",
62 "X509.sys.mjs",
63 ]
65 EXPORTS += [
66 "CommonSocketControl.h",
67 "CryptoTask.h",
68 "EnterpriseRoots.h",
69 "nsClientAuthRemember.h",
70 "nsNSSCallbacks.h",
71 "nsNSSCertificate.h",
72 "nsNSSComponent.h",
73 "nsNSSHelper.h",
74 "nsRandomGenerator.h",
75 "nsSecureBrowserUI.h",
76 "nsSecurityHeaderParser.h",
77 "NSSErrorsService.h",
78 "nsSSLSocketProvider.h",
79 "nsTLSSocketProvider.h",
80 "RootCertificateTelemetryUtils.h",
81 "ScopedNSSTypes.h",
82 "SharedCertVerifier.h",
83 "SSLServerCertVerification.h",
84 "TransportSecurityInfo.h",
85 ]
87 EXPORTS.mozilla += [
88 "crypto_hash/crypto_hash_sha2.h",
89 "PublicSSL.h",
90 ]
92 EXPORTS.mozilla.psm += [
93 "IPCClientCertsChild.h",
94 "IPCClientCertsParent.h",
95 "SelectTLSClientAuthCertChild.h",
96 "SelectTLSClientAuthCertParent.h",
97 "TransportSecurityInfo.h",
98 "VerifySSLServerCertChild.h",
99 "VerifySSLServerCertParent.h",
100 ]
102 UNIFIED_SOURCES += [
103 "AppSignatureVerification.cpp",
104 "AppTrustDomain.cpp",
105 "CertStorageMemoryReporting.cpp",
106 "CommonSocketControl.cpp",
107 "ContentSignatureVerifier.cpp",
108 "CryptoTask.cpp",
109 "DataStorageManager.cpp",
110 "EnterpriseRoots.cpp",
111 "IPCClientCertsChild.cpp",
112 "IPCClientCertsParent.cpp",
113 "md4.c",
114 "nsCertOverrideService.cpp",
115 "nsCertTree.cpp",
116 "nsClientAuthRemember.cpp",
117 "nsNSSCallbacks.cpp",
118 "nsNSSCertHelper.cpp",
119 "nsNSSCertificate.cpp",
120 "nsNSSCertificateDB.cpp",
121 "nsNSSCertTrust.cpp",
122 "nsNSSComponent.cpp",
123 "nsNSSIOLayer.cpp",
124 "nsNSSModule.cpp",
125 "nsNSSVersion.cpp",
126 "nsNTLMAuthModule.cpp",
127 "nsPK11TokenDB.cpp",
128 "nsPKCS11Slot.cpp",
129 "nsPKCS12Blob.cpp",
130 "nsRandomGenerator.cpp",
131 "nsSecureBrowserUI.cpp",
132 "nsSecurityHeaderParser.cpp",
133 "NSSErrorsService.cpp",
134 "nsSiteSecurityService.cpp",
135 "NSSKeyStore.cpp",
136 "nsSSLSocketProvider.cpp",
137 "NSSSocketControl.cpp",
138 "nsTLSSocketProvider.cpp",
139 "OSKeyStore.cpp",
140 "PKCS11ModuleDB.cpp",
141 "PSMRunnable.cpp",
142 "PublicKeyPinningService.cpp",
143 "RootCertificateTelemetryUtils.cpp",
144 "SecretDecoderRing.cpp",
145 "SSLServerCertVerification.cpp",
146 "TLSClientAuthCertSelection.cpp",
147 "TransportSecurityInfo.cpp",
148 "VerifySSLServerCertChild.cpp",
149 "VerifySSLServerCertParent.cpp",
150 "X509CertValidity.cpp",
151 ]
153 if CONFIG["OS_ARCH"] == "WINNT":
154 # On Windows this file includes ntsecapi.h, which contains definitions that
155 # conflict with headers included in remaining source files. We compile this
156 # one independently to prevent that interferance.
157 SOURCES += [
158 "OSReauthenticator.cpp",
159 ]
160 else:
161 UNIFIED_SOURCES += [
162 "OSReauthenticator.cpp",
163 ]
165 if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
166 UNIFIED_SOURCES += [
167 "LibSecret.cpp",
168 ]
169 CFLAGS += CONFIG["GLIB_CFLAGS"]
170 CXXFLAGS += CONFIG["GLIB_CFLAGS"]
171 CFLAGS += CONFIG["MOZ_GTK3_CFLAGS"]
172 CXXFLAGS += CONFIG["MOZ_GTK3_CFLAGS"]
174 if CONFIG["TARGET_KERNEL"] == "Darwin":
175 UNIFIED_SOURCES += [
176 "KeychainSecret.cpp",
177 "OSReauthenticatorDarwin.mm",
178 ]
179 OS_LIBS += [
180 "-framework LocalAuthentication",
181 "-framework Security",
182 ]
184 if CONFIG["OS_ARCH"] == "WINNT":
185 OS_LIBS += ["credui"]
186 UNIFIED_SOURCES += [
187 "CredentialManagerSecret.cpp",
188 ]
190 IPDL_SOURCES += [
191 "PIPCClientCerts.ipdl",
192 "PSelectTLSClientAuthCert.ipdl",
193 "PSMIPCTypes.ipdlh",
194 "PVerifySSLServerCert.ipdl",
195 ]
197 FINAL_LIBRARY = "xul"
199 LOCAL_INCLUDES += [
200 "!/dist/public/nss",
201 "/dom/base",
202 "/dom/crypto",
203 "/netwerk/base",
204 "/security/certverifier",
205 "/third_party/rust/cose-c/include",
206 "/xpcom/build",
207 ]
209 GeneratedFile(
210 "nsSTSPreloadListGenerated.inc",
211 script="../../../xpcom/ds/tools/make_dafsa.py",
212 inputs=["nsSTSPreloadList.inc"],
213 )
215 DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True"
216 DEFINES["NSS_ENABLE_ECC"] = "True"
218 # mozpkix is linked statically from the in-tree sources independent of whether
219 # system NSS is used or not.
220 USE_LIBS += ["mozpkix"]
222 include("/ipc/chromium/chromium-config.mozbuild")
224 if CONFIG["CC_TYPE"] in ("clang", "gcc"):
225 CXXFLAGS += [
226 "-Wextra",
227 # -Wextra enables this warning, but it's too noisy to be useful.
228 "-Wno-missing-field-initializers",
229 ]
231 # Gecko headers aren't warning-free enough for us to enable these warnings.
232 CXXFLAGS += [
233 "-Wno-unused-parameter",
234 ]
236 headers_arrays_certs = [
237 (
238 "xpcshell.inc",
239 "xpcshellRoots",
240 [
241 "tests/unit/test_signed_apps/xpcshellTestRoot.pem",
242 "tests/unit/test_signed_apps/xpcshellTestRoot2.pem",
243 ],
244 ),
245 ("addons-public.inc", "addonsPublicRoots", ["addons-public.pem"]),
246 (
247 "addons-public-intermediate.inc",
248 "addonsPublicIntermediates",
249 ["addons-public-intermediate.pem"],
250 ),
251 ("addons-stage.inc", "addonsStageRoots", ["addons-stage.pem"]),
252 (
253 "addons-stage-intermediate.inc",
254 "addonsStageIntermediates",
255 ["addons-stage-intermediate.pem"],
256 ),
257 (
258 "content-signature-prod.inc",
259 "contentSignatureProdRoots",
260 ["content-signature-prod.pem"],
261 ),
262 (
263 "content-signature-stage.inc",
264 "contentSignatureStageRoots",
265 ["content-signature-stage.pem"],
266 ),
267 # The dev root is the same as the stage root.
268 (
269 "content-signature-dev.inc",
270 "contentSignatureDevRoots",
271 ["content-signature-stage.pem"],
272 ),
273 (
274 "content-signature-local.inc",
275 "contentSignatureLocalRoots",
276 ["content-signature-local.pem"],
277 ),
278 ]
280 for header, array_name, certs in headers_arrays_certs:
281 GeneratedFile(
282 header,
283 script="gen_cert_header.py",
284 entry_point="generate",
285 inputs=certs,
286 flags=[array_name],
287 )