Skip to main content

LAPersistedRight

localauthentication::la_persisted_right

Struct LAPersistedRight 

Source 
pub struct LAPersistedRight { /* private fields */ }
Expand description

Managed wrapper around Apple’s LAPersistedRight.

Implementations§

Source§

impl LAPersistedRight

Source

pub fn state(&self) -> Result<LARightState>

The current authorization state.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/07_right_store.rs (line 19)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("store");
16
17    match store.save_right(&right, &identifier) {
18        Ok(persisted) => {
19            println!("saved state: {:?}", persisted.state()?);
20            store.remove_right(&persisted)?;
21        }
22        Err(error) => {
23            println!("save_right expectedly failed in unsigned/headless environments: {error}");
24        }
25    }
26
27    println!("✅ right-store smoke OK");
28    Ok(())
29}
More examples
Hide additional examples
examples/08_persisted_right.rs (line 20)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("persisted");
16
17    match store.save_right_with_secret(&right, &identifier, b"top-secret") {
18        Ok(persisted) => {
19            persisted.set_tag(7)?;
20            println!("persisted state: {:?}", persisted.state()?);
21            println!("persisted tag: {}", persisted.tag()?);
22            println!("persisted preflight: {:?}", persisted.check_can_authorize());
23            println!("secret bytes: {}", persisted.secret()?.load_data()?.len());
24            store.remove_right(&persisted)?;
25        }
26        Err(error) => {
27            println!("persisted-right APIs need entitlements on many systems: {error}");
28        }
29    }
30
31    println!("✅ persisted-right smoke OK");
32    Ok(())
33}
Source

pub fn tag(&self) -> Result<i64>

Application-controlled integer tag.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/08_persisted_right.rs (line 21)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("persisted");
16
17    match store.save_right_with_secret(&right, &identifier, b"top-secret") {
18        Ok(persisted) => {
19            persisted.set_tag(7)?;
20            println!("persisted state: {:?}", persisted.state()?);
21            println!("persisted tag: {}", persisted.tag()?);
22            println!("persisted preflight: {:?}", persisted.check_can_authorize());
23            println!("secret bytes: {}", persisted.secret()?.load_data()?.len());
24            store.remove_right(&persisted)?;
25        }
26        Err(error) => {
27            println!("persisted-right APIs need entitlements on many systems: {error}");
28        }
29    }
30
31    println!("✅ persisted-right smoke OK");
32    Ok(())
33}
Source

pub fn set_tag(&self, tag: i64) -> Result<()>

Update the application-controlled integer tag.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/08_persisted_right.rs (line 19)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("persisted");
16
17    match store.save_right_with_secret(&right, &identifier, b"top-secret") {
18        Ok(persisted) => {
19            persisted.set_tag(7)?;
20            println!("persisted state: {:?}", persisted.state()?);
21            println!("persisted tag: {}", persisted.tag()?);
22            println!("persisted preflight: {:?}", persisted.check_can_authorize());
23            println!("secret bytes: {}", persisted.secret()?.load_data()?.len());
24            store.remove_right(&persisted)?;
25        }
26        Err(error) => {
27            println!("persisted-right APIs need entitlements on many systems: {error}");
28        }
29    }
30
31    println!("✅ persisted-right smoke OK");
32    Ok(())
33}
Source

pub fn authorize(&self, localized_reason: &str) -> Result<()>

Attempt to authorize the persisted right.

§Errors

Returns a mapped framework or bridge error when authorization fails.

Source

pub fn check_can_authorize(&self) -> Result<()>

Preflight whether the persisted right can eventually be authorized.

§Errors

Returns a mapped framework or bridge error when authorization is not possible.

Examples found in repository?
examples/08_persisted_right.rs (line 22)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("persisted");
16
17    match store.save_right_with_secret(&right, &identifier, b"top-secret") {
18        Ok(persisted) => {
19            persisted.set_tag(7)?;
20            println!("persisted state: {:?}", persisted.state()?);
21            println!("persisted tag: {}", persisted.tag()?);
22            println!("persisted preflight: {:?}", persisted.check_can_authorize());
23            println!("secret bytes: {}", persisted.secret()?.load_data()?.len());
24            store.remove_right(&persisted)?;
25        }
26        Err(error) => {
27            println!("persisted-right APIs need entitlements on many systems: {error}");
28        }
29    }
30
31    println!("✅ persisted-right smoke OK");
32    Ok(())
33}
Source

pub fn deauthorize(&self) -> Result<()>

Deauthorize the persisted right.

§Errors

Returns an error if the Swift bridge rejects the request.

Source

pub fn key(&self) -> Result<LAPrivateKey>

Borrow the managed private key associated with this persisted right.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/09_public_key.rs (line 29)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("public-key");
16
17    match store.save_right(&right, &identifier) {
18        Ok(persisted) => {
19            let public_key = persisted.public_key()?;
20            let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
21            let encrypt =
22                SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
23
24            println!("public key bytes: {}", public_key.export_bytes()?.len());
25            println!("can verify: {}", public_key.can_verify_using(&sign)?);
26            println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
27            println!(
28                "private key can sign: {}",
29                persisted.key()?.can_sign_using(&sign)?
30            );
31            store.remove_right(&persisted)?;
32        }
33        Err(error) => {
34            println!("public-key APIs need entitlements on many systems: {error}");
35        }
36    }
37
38    println!("✅ public-key smoke OK");
39    Ok(())
40}
Source

pub fn secret(&self) -> Result<LASecret>

Borrow the generic secret associated with this persisted right.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/08_persisted_right.rs (line 23)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("persisted");
16
17    match store.save_right_with_secret(&right, &identifier, b"top-secret") {
18        Ok(persisted) => {
19            persisted.set_tag(7)?;
20            println!("persisted state: {:?}", persisted.state()?);
21            println!("persisted tag: {}", persisted.tag()?);
22            println!("persisted preflight: {:?}", persisted.check_can_authorize());
23            println!("secret bytes: {}", persisted.secret()?.load_data()?.len());
24            store.remove_right(&persisted)?;
25        }
26        Err(error) => {
27            println!("persisted-right APIs need entitlements on many systems: {error}");
28        }
29    }
30
31    println!("✅ persisted-right smoke OK");
32    Ok(())
33}
Source

pub fn public_key(&self) -> Result<LAPublicKey>

Convenience helper returning self.key()?.public_key().

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/09_public_key.rs (line 19)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let right = LARight::new()?;
15    let identifier = unique_identifier("public-key");
16
17    match store.save_right(&right, &identifier) {
18        Ok(persisted) => {
19            let public_key = persisted.public_key()?;
20            let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
21            let encrypt =
22                SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
23
24            println!("public key bytes: {}", public_key.export_bytes()?.len());
25            println!("can verify: {}", public_key.can_verify_using(&sign)?);
26            println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
27            println!(
28                "private key can sign: {}",
29                persisted.key()?.can_sign_using(&sign)?
30            );
31            store.remove_right(&persisted)?;
32        }
33        Err(error) => {
34            println!("public-key APIs need entitlements on many systems: {error}");
35        }
36    }
37
38    println!("✅ public-key smoke OK");
39    Ok(())
40}

Trait Implementations§

Source§

impl Debug for LAPersistedRight

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.