//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::ffi::*;
use core::ptr::NonNull;
use objc2::__framework_prelude::*;
use objc2_foundation::*;
#[cfg(feature = "objc2-security")]
use objc2_security::*;
use crate::*;
/// TKTokenObjectID Unique and persistent identification of objects on the token.
///
/// Uniquely and persistently identifies objects (keys and certificates) present on the token. Type of this identifier must be compatible with plist and its format is defined by the implementation of token extension.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenobjectid?language=objc)
pub type TKTokenObjectID = AnyObject;
/// TKTokenInstanceID Unique, persistent identifier of this token in the form of string.
///
/// InstanceID is Typically implemented by some kind of serial number of the target hardware, for example SmartCard serial number.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokeninstanceid?language=objc)
pub type TKTokenInstanceID = NSString;
/// TKTokenDriverClassID ClassID of the token driver.
///
/// Identical with
/// `com.apple.ctk.class-id`token extension attribute. Typically in the RDN form (com.company.id).
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokendriverclassid?language=objc)
pub type TKTokenDriverClassID = NSString;
/// [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenoperation?language=objc)
// NS_ENUM
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct TKTokenOperation(pub NSInteger);
impl TKTokenOperation {
#[doc(alias = "TKTokenOperationNone")]
pub const None: Self = Self(0);
/// Reading of raw data of certificate.
#[doc(alias = "TKTokenOperationReadData")]
pub const ReadData: Self = Self(1);
/// Cryptographic signature using private key.
#[doc(alias = "TKTokenOperationSignData")]
pub const SignData: Self = Self(2);
/// Decrypting data using private key.
#[doc(alias = "TKTokenOperationDecryptData")]
pub const DecryptData: Self = Self(3);
/// Performing Diffie-Hellman style of cryptographic key exchange using private key.
#[doc(alias = "TKTokenOperationPerformKeyExchange")]
pub const PerformKeyExchange: Self = Self(4);
}
unsafe impl Encode for TKTokenOperation {
const ENCODING: Encoding = NSInteger::ENCODING;
}
unsafe impl RefEncode for TKTokenOperation {
const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}
/// TKTokenOperationConstraint represents authentication constraint of token object for specific token operation.
///
/// Persistently identifies constraint for performing specific operation on specific object. Value of constraint can be either:
/// -
/// `true`: the operation is always allowed without any authentication needed
/// -
/// `false`: the operation is never allowed, typically not implemented
/// - any other plist-compatible value: defined by the token extension implementation. Such constraint is opaque to the system and is required to stay constant for the given object during the whole token's lifetime. For example, SmartCard token extension might decide to use string 'PIN' to indicate that the operation is protected by presenting valid PIN to the card first.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenoperationconstraint?language=objc)
pub type TKTokenOperationConstraint = AnyObject;
extern_class!(
/// TKTokenKeyAlgorithm Encapsulates cryptographic algorithm, possibly with additional associated required algorithms.
///
/// An algorithm supported by a key can be usually described by one value of
/// `SecKeyAlgorithm`enumeration. However, some tokens (notably smartcards) require that input data for the operation are in generic format, but that generic format must be formatted according to some more specific algorithm. An example for this would be token accepting raw data for cryptographic signature but requiring that raw data are formatted according to PKCS1 padding rules. To express such requirement, TKTokenKeyAlgorithm defines target algorithm (
/// `kSecKeyAlgorithmRSASignatureRaw`in our example) and a set of other algorithms which were used (continuing example above,
/// `kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1`will be reported as supported).
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenkeyalgorithm?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenKeyAlgorithm;
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenKeyAlgorithm {}
);
impl TKTokenKeyAlgorithm {
extern_methods!(
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
#[cfg(feature = "objc2-security")]
/// Checks if specified algorithm is base operation algorithm.
#[unsafe(method(isAlgorithm:))]
#[unsafe(method_family = none)]
pub unsafe fn isAlgorithm(&self, algorithm: &SecKeyAlgorithm) -> bool;
#[cfg(feature = "objc2-security")]
/// Checks whether specified algorithm is either target algorithm or one of the algorithms through which the operation passed.
#[unsafe(method(supportsAlgorithm:))]
#[unsafe(method_family = none)]
pub unsafe fn supportsAlgorithm(&self, algorithm: &SecKeyAlgorithm) -> bool;
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenKeyAlgorithm {
extern_methods!(
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_class!(
/// TKTokenKeyExchangeParameters Encapsulates parameters needed for performing specific Key Exchange operation types.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenkeyexchangeparameters?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenKeyExchangeParameters;
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenKeyExchangeParameters {}
);
impl TKTokenKeyExchangeParameters {
extern_methods!(
/// Requested output size of key exchange result. Should be ignored if output size is not configurable for specified key exchange algorithm.
#[unsafe(method(requestedSize))]
#[unsafe(method_family = none)]
pub unsafe fn requestedSize(&self) -> NSInteger;
/// Additional shared information input, typically used for key derivation (KDF) step of key exchange algorithm. Should be ignored if shared info is not used for specified key exchange algorithm.
#[unsafe(method(sharedInfo))]
#[unsafe(method_family = none)]
pub unsafe fn sharedInfo(&self) -> Option<Retained<NSData>>;
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenKeyExchangeParameters {
extern_methods!(
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_class!(
/// TKTokenSession represents token session which shares authentication status.
///
/// Token implementation must inherit its own session implementation from TKTokenSession (or its subclass TKSmartCardTokenSession in case of SmartCard tokens).
///
/// TKTokenSession should keep an authentication state of the token. Authentication status (e.g. entered PIN to unlock SmartCard) should not be shared across borders of single TKTokenSession instance.
///
/// TKTokenSession is always instantiated by TKToken when framework detects access to the token from new authentication session.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokensession?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenSession;
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenSession {}
);
impl TKTokenSession {
extern_methods!(
/// Parameter `token`: Token instance to which is this session instance bound.
#[unsafe(method(initWithToken:))]
#[unsafe(method_family = init)]
pub unsafe fn initWithToken(this: Allocated<Self>, token: &TKToken) -> Retained<Self>;
#[unsafe(method(token))]
#[unsafe(method_family = none)]
pub unsafe fn token(&self) -> Retained<TKToken>;
#[unsafe(method(delegate))]
#[unsafe(method_family = none)]
pub unsafe fn delegate(
&self,
) -> Option<Retained<ProtocolObject<dyn TKTokenSessionDelegate>>>;
/// Setter for [`delegate`][Self::delegate].
///
/// This is a [weak property][objc2::topics::weak_property].
#[unsafe(method(setDelegate:))]
#[unsafe(method_family = none)]
pub unsafe fn setDelegate(
&self,
delegate: Option<&ProtocolObject<dyn TKTokenSessionDelegate>>,
);
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenSession {
extern_methods!(
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_protocol!(
/// TKTokenSessionDelegate contains operations with token objects provided by token implementors which should be performed in the context of authentication session.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokensessiondelegate?language=objc)
pub unsafe trait TKTokenSessionDelegate: NSObjectProtocol {
/// Establishes a context for the requested authentication operation.
///
/// Parameter `session`: Related TKTokenSession instance.
///
/// Parameter `operation`: Identifier of the operation.
///
/// Parameter `constraint`: Constraint to be satisfied by this authentication operation.
///
/// Parameter `error`: Error details (see TKError.h).
///
/// Returns: authOperation Resulting context of the operation, which will be eventually finalized by receiving 'finishWithError:'. The resulting 'authOperation' can be of any type based on TKTokenAuthOperation. For known types (e.g. TKTokenPasswordAuthOperation) the system will first fill in the context-specific properties (e.g. 'password') before triggering 'finishWithError:'. When no authentication is actually needed (typically because the session is already authenticated for requested constraint), return instance of TKTokenAuthOperation class instead of any specific subclass.
///
/// # Safety
///
/// `constraint` should be of the correct type.
#[optional]
#[unsafe(method(tokenSession:beginAuthForOperation:constraint:error:_))]
#[unsafe(method_family = none)]
unsafe fn tokenSession_beginAuthForOperation_constraint_error(
&self,
session: &TKTokenSession,
operation: TKTokenOperation,
constraint: &TKTokenOperationConstraint,
) -> Result<Retained<TKTokenAuthOperation>, Retained<NSError>>;
/// Checks whether specified operation and algorithm is supported on specified key.
///
/// Parameter `session`: Related TKTokenSession instance.
///
/// Parameter `operation`: Type of cryptographic operation for which the list of supported algorithms should be retrieved.
///
/// Parameter `keyObjectID`: Identifier of the private key object.
///
/// Parameter `algorithm`: Algorithm with which the oepration should be performed.
///
/// Returns: YES if the operation is supported, NO otherwise.
///
/// # Safety
///
/// `key_object_id` should be of the correct type.
#[optional]
#[unsafe(method(tokenSession:supportsOperation:usingKey:algorithm:))]
#[unsafe(method_family = none)]
unsafe fn tokenSession_supportsOperation_usingKey_algorithm(
&self,
session: &TKTokenSession,
operation: TKTokenOperation,
key_object_id: &TKTokenObjectID,
algorithm: &TKTokenKeyAlgorithm,
) -> bool;
/// Performs cryptographic signature operation.
///
/// Parameter `session`: Related TKTokenSession instance.
///
/// Parameter `dataToSign`: Input data for the signature operation.
///
/// Parameter `keyObjectID`: Identifier of the private key object.
///
/// Parameter `algorithm`: Requested signature algorithm to be used.
///
/// Parameter `error`: Error details (see TKError.h). If authentication is required (by invoking beginAuthForOperation:),
/// `TKErrorCodeAuthenticationNeeded`should be used.
///
/// Returns: Resulting signature, or nil if an error happened.
///
/// # Safety
///
/// `key_object_id` should be of the correct type.
#[optional]
#[unsafe(method(tokenSession:signData:usingKey:algorithm:error:_))]
#[unsafe(method_family = none)]
unsafe fn tokenSession_signData_usingKey_algorithm_error(
&self,
session: &TKTokenSession,
data_to_sign: &NSData,
key_object_id: &TKTokenObjectID,
algorithm: &TKTokenKeyAlgorithm,
) -> Result<Retained<NSData>, Retained<NSError>>;
/// Decrypts ciphertext using private key.
///
/// Parameter `session`: Related TKTokenSession instance.
///
/// Parameter `ciphertext`: Encrypted data to decrypt.
///
/// Parameter `keyObjectID`: Identifier of the private key object.
///
/// Parameter `algorithm`: Requested encryption/decryption algorithm to be used.
///
/// Parameter `error`: Error details (see TKError.h). If authentication is required (by invoking beginAuthForOperation:),
/// `TKErrorCodeAuthenticationNeeded`should be used.
///
/// Returns: Resulting decrypted plaintext, or nil if an error happened.
///
/// # Safety
///
/// `key_object_id` should be of the correct type.
#[optional]
#[unsafe(method(tokenSession:decryptData:usingKey:algorithm:error:_))]
#[unsafe(method_family = none)]
unsafe fn tokenSession_decryptData_usingKey_algorithm_error(
&self,
session: &TKTokenSession,
ciphertext: &NSData,
key_object_id: &TKTokenObjectID,
algorithm: &TKTokenKeyAlgorithm,
) -> Result<Retained<NSData>, Retained<NSError>>;
/// Performs Diffie-Hellman style key exchange operation.
///
/// Parameter `session`: Related TKTokenSession instance.
///
/// Parameter `otherPartyPublicKeyData`: Raw public data of other party public key.
///
/// Parameter `objectID`: Identifier of the private key object.
///
/// Parameter `algorithm`: Requested key exchange algorithm to be used.
///
/// Parameter `parameters`: Additional parameters for key exchange operation. Chosen algorithm dictates meaning of parameters.
///
/// Parameter `error`: Error details (see TKError.h). If authentication is required (by invoking beginAuthForOperation:),
/// `TKErrorCodeAuthenticationNeeded`should be used.
///
/// Returns: Result of key exchange operation, or nil if the operation failed.
///
/// # Safety
///
/// `object_id` should be of the correct type.
#[optional]
#[unsafe(method(tokenSession:performKeyExchangeWithPublicKey:usingKey:algorithm:parameters:error:_))]
#[unsafe(method_family = none)]
unsafe fn tokenSession_performKeyExchangeWithPublicKey_usingKey_algorithm_parameters_error(
&self,
session: &TKTokenSession,
other_party_public_key_data: &NSData,
object_id: &TKTokenObjectID,
algorithm: &TKTokenKeyAlgorithm,
parameters: &TKTokenKeyExchangeParameters,
) -> Result<Retained<NSData>, Retained<NSError>>;
}
);
extern_class!(
/// Class representing single token. When implementing SmartCard based token, it is recommended to inherit the implementation from TKSmartCardToken. Token object serves as synchronization point, all operations invoked upon token and all its sessions are serialized.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktoken?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKToken;
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKToken {}
);
impl TKToken {
extern_methods!(
/// Initializes token instance
///
/// Parameter `tokenDriver`: Creating token driver.
///
/// Parameter `instanceID`: Unique, persistent identifier of this token.
#[unsafe(method(initWithTokenDriver:instanceID:))]
#[unsafe(method_family = init)]
pub unsafe fn initWithTokenDriver_instanceID(
this: Allocated<Self>,
token_driver: &TKTokenDriver,
instance_id: &TKTokenInstanceID,
) -> Retained<Self>;
#[unsafe(method(tokenDriver))]
#[unsafe(method_family = none)]
pub unsafe fn tokenDriver(&self) -> Retained<TKTokenDriver>;
#[unsafe(method(delegate))]
#[unsafe(method_family = none)]
pub unsafe fn delegate(&self) -> Option<Retained<ProtocolObject<dyn TKTokenDelegate>>>;
/// Setter for [`delegate`][Self::delegate].
///
/// This is a [weak property][objc2::topics::weak_property].
#[unsafe(method(setDelegate:))]
#[unsafe(method_family = none)]
pub unsafe fn setDelegate(&self, delegate: Option<&ProtocolObject<dyn TKTokenDelegate>>);
#[cfg(feature = "TKTokenConfiguration")]
/// Token configuration associated with this token instance.
#[unsafe(method(configuration))]
#[unsafe(method_family = none)]
pub unsafe fn configuration(&self) -> Retained<TKTokenConfiguration>;
#[cfg(feature = "TKTokenKeychainItem")]
/// Keychain contents (certificate and key items) representing this token.
#[unsafe(method(keychainContents))]
#[unsafe(method_family = none)]
pub unsafe fn keychainContents(&self) -> Option<Retained<TKTokenKeychainContents>>;
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
);
}
/// Methods declared on superclass `NSObject`.
impl TKToken {
extern_methods!(
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_protocol!(
/// TKTokenDelegate contains operations implementing functionality of token class.
///
/// TKTokenDelegate represents protocol which must be implemented by token implementors' class representing token. Apart from being able to identify itself with its unique identifier, and must be able to establish new TKTokenSession when requested.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokendelegate?language=objc)
pub unsafe trait TKTokenDelegate: NSObjectProtocol {
/// Create new session instance
///
/// All operations with objects on the token are performed inside TKTokenSession which represent authentication context. This method is called whenever new authentication context is needed (typically when client application wants to perform token operation using keychain object which has associated LocalAuthentication LAContext which was not yet seen by this token instance).
///
/// Parameter `token`: Related token instance.
#[unsafe(method(token:createSessionWithError:_))]
#[unsafe(method_family = none)]
unsafe fn token_createSessionWithError(
&self,
token: &TKToken,
) -> Result<Retained<TKTokenSession>, Retained<NSError>>;
/// Terminates previously created session, implementation should free all associated resources.
///
/// Parameter `token`: Related token instance.
#[optional]
#[unsafe(method(token:terminateSession:))]
#[unsafe(method_family = none)]
unsafe fn token_terminateSession(&self, token: &TKToken, session: &TKTokenSession);
}
);
extern_class!(
/// Base class for token drivers. SmartCard token drivers should use TKSmartCardTokenDriver subclass.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokendriver?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenDriver;
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenDriver {}
);
impl TKTokenDriver {
extern_methods!(
#[unsafe(method(delegate))]
#[unsafe(method_family = none)]
pub unsafe fn delegate(
&self,
) -> Option<Retained<ProtocolObject<dyn TKTokenDriverDelegate>>>;
/// Setter for [`delegate`][Self::delegate].
///
/// This is a [weak property][objc2::topics::weak_property].
#[unsafe(method(setDelegate:))]
#[unsafe(method_family = none)]
pub unsafe fn setDelegate(
&self,
delegate: Option<&ProtocolObject<dyn TKTokenDriverDelegate>>,
);
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenDriver {
extern_methods!(
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_protocol!(
/// Delegate for customizing token driver operations. SmartCard tokens should implement TKSmartCardTokenDriverDelegate instead of this base protocol.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokendriverdelegate?language=objc)
pub unsafe trait TKTokenDriverDelegate: NSObjectProtocol {
#[cfg(feature = "TKTokenConfiguration")]
/// Creates new token for specified configuration. SmartCard token drivers should not implement this method.
#[optional]
#[unsafe(method(tokenDriver:tokenForConfiguration:error:_))]
#[unsafe(method_family = none)]
unsafe fn tokenDriver_tokenForConfiguration_error(
&self,
driver: &TKTokenDriver,
configuration: &TKTokenConfiguration,
) -> Result<Retained<TKToken>, Retained<NSError>>;
/// Terminates previously created token, should release all resources associated with it.
#[optional]
#[unsafe(method(tokenDriver:terminateToken:))]
#[unsafe(method_family = none)]
unsafe fn tokenDriver_terminateToken(&self, driver: &TKTokenDriver, token: &TKToken);
}
);
extern_class!(
/// Context of a pending authentication operation.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenauthoperation?language=objc)
#[unsafe(super(NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenAuthOperation;
);
extern_conformance!(
unsafe impl NSCoding for TKTokenAuthOperation {}
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenAuthOperation {}
);
extern_conformance!(
unsafe impl NSSecureCoding for TKTokenAuthOperation {}
);
impl TKTokenAuthOperation {
extern_methods!(
/// Handler triggered by the system in order to let the token finalize the authentication operation.
///
/// Parameter `error`: Error details (see TKError.h).
///
/// Returns: Finalization status.
#[unsafe(method(finishWithError:_))]
#[unsafe(method_family = none)]
pub unsafe fn finishWithError(&self) -> Result<(), Retained<NSError>>;
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenAuthOperation {
extern_methods!(
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}
extern_class!(
/// Context of a password authentication operation.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/cryptotokenkit/tktokenpasswordauthoperation?language=objc)
#[unsafe(super(TKTokenAuthOperation, NSObject))]
#[derive(Debug, PartialEq, Eq, Hash)]
pub struct TKTokenPasswordAuthOperation;
);
extern_conformance!(
unsafe impl NSCoding for TKTokenPasswordAuthOperation {}
);
extern_conformance!(
unsafe impl NSObjectProtocol for TKTokenPasswordAuthOperation {}
);
extern_conformance!(
unsafe impl NSSecureCoding for TKTokenPasswordAuthOperation {}
);
impl TKTokenPasswordAuthOperation {
extern_methods!(
/// Password, which will be filled in by the system when 'finishWithError:' is called.
#[unsafe(method(password))]
#[unsafe(method_family = none)]
pub unsafe fn password(&self) -> Option<Retained<NSString>>;
/// Setter for [`password`][Self::password].
///
/// This is [copied][objc2_foundation::NSCopying::copy] when set.
#[unsafe(method(setPassword:))]
#[unsafe(method_family = none)]
pub unsafe fn setPassword(&self, password: Option<&NSString>);
);
}
/// Methods declared on superclass `NSObject`.
impl TKTokenPasswordAuthOperation {
extern_methods!(
#[unsafe(method(init))]
#[unsafe(method_family = init)]
pub unsafe fn init(this: Allocated<Self>) -> Retained<Self>;
#[unsafe(method(new))]
#[unsafe(method_family = new)]
pub unsafe fn new() -> Retained<Self>;
);
}