objc2_security/generated/

SecCertificate.rs

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::ffi::*;
use core::ptr::NonNull;
#[cfg(feature = "objc2")]
use objc2::__framework_prelude::*;
use objc2_core_foundation::*;

use crate::*;

#[cfg(feature = "SecBase")]
unsafe impl ConcreteType for SecCertificate {
    /// Returns the type identifier of SecCertificate instances.
    ///
    /// Returns: The CFTypeID of SecCertificate instances.
    #[doc(alias = "SecCertificateGetTypeID")]
    #[inline]
    fn type_id() -> CFTypeID {
        extern "C-unwind" {
            fn SecCertificateGetTypeID() -> CFTypeID;
        }
        unsafe { SecCertificateGetTypeID() }
    }
}

#[cfg(feature = "SecBase")]
impl SecCertificate {
    /// Create a certificate given it's DER representation as a CFData.
    ///
    /// Parameter `allocator`: CFAllocator to allocate the certificate with.
    ///
    /// Parameter `data`: DER encoded X.509 certificate.
    ///
    /// Returns: Return NULL if the passed-in data is not a valid DER-encoded
    /// X.509 certificate, return a SecCertificateRef otherwise.
    #[doc(alias = "SecCertificateCreateWithData")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn with_data(
        allocator: Option<&CFAllocator>,
        data: &CFData,
    ) -> Option<CFRetained<SecCertificate>> {
        extern "C-unwind" {
            fn SecCertificateCreateWithData(
                allocator: Option<&CFAllocator>,
                data: &CFData,
            ) -> Option<NonNull<SecCertificate>>;
        }
        let ret = unsafe { SecCertificateCreateWithData(allocator, data) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the DER representation of an X.509 certificate.
    ///
    /// Parameter `certificate`: SecCertificate object created with
    /// SecCertificateCreateWithData().
    ///
    /// Returns: DER encoded X.509 certificate.
    #[doc(alias = "SecCertificateCopyData")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn data(&self) -> CFRetained<CFData> {
        extern "C-unwind" {
            fn SecCertificateCopyData(certificate: &SecCertificate) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopyData(self) };
        let ret =
            ret.expect("function was marked as returning non-null, but actually returned NULL");
        unsafe { CFRetained::from_raw(ret) }
    }

    /// Return a simple string which hopefully represents a human
    /// understandable summary.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to derive
    /// the subject summary string.
    ///
    /// All the data in this string comes from the certificate itself
    /// and thus it's in whatever language the certificate itself is in.
    ///
    /// Returns: A CFStringRef which the caller should CFRelease() once it's no
    /// longer needed.
    #[doc(alias = "SecCertificateCopySubjectSummary")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn subject_summary(&self) -> Option<CFRetained<CFString>> {
        extern "C-unwind" {
            fn SecCertificateCopySubjectSummary(
                certificate: &SecCertificate,
            ) -> Option<NonNull<CFString>>;
        }
        let ret = unsafe { SecCertificateCopySubjectSummary(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Retrieves the common name of the subject of a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the common name.
    ///
    /// Parameter `commonName`: On return, a reference to the common name. Your code must release this reference by calling the CFRelease function.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in.
    /// Note that the certificate's common name field may not be present, or may be inadequate to describe the certificate; for display purposes,
    /// you should consider using SecCertificateCopySubjectSummary instead of this function.
    ///
    /// # Safety
    ///
    /// `common_name` must be a valid pointer.
    #[doc(alias = "SecCertificateCopyCommonName")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn copy_common_name(&self, common_name: NonNull<*const CFString>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateCopyCommonName(
                certificate: &SecCertificate,
                common_name: NonNull<*const CFString>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateCopyCommonName(self, common_name) }
    }

    /// Returns an array of zero or more email addresses for the subject of a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the email addresses.
    ///
    /// Parameter `emailAddresses`: On return, an array of zero or more CFStringRef elements corresponding to each email address found.
    /// Your code must release this array reference by calling the CFRelease function.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// # Safety
    ///
    /// `email_addresses` must be a valid pointer.
    #[doc(alias = "SecCertificateCopyEmailAddresses")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn copy_email_addresses(
        &self,
        email_addresses: NonNull<*const CFArray>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateCopyEmailAddresses(
                certificate: &SecCertificate,
                email_addresses: NonNull<*const CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateCopyEmailAddresses(self, email_addresses) }
    }

    /// Return the certificate's normalized issuer
    ///
    /// Parameter `certificate`: The certificate from which to get values
    ///
    /// The issuer is a sequence in the format used by SecItemCopyMatching.  The content returned is a DER-encoded X.509 distinguished name. For a display version of the issuer, call SecCertificateCopyValues. The caller must CFRelease the value returned.
    #[doc(alias = "SecCertificateCopyNormalizedIssuerSequence")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn normalized_issuer_sequence(&self) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecCertificateCopyNormalizedIssuerSequence(
                certificate: &SecCertificate,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopyNormalizedIssuerSequence(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the certificate's normalized subject
    ///
    /// Parameter `certificate`: The certificate from which to get values
    ///
    /// The subject is a sequence in the format used by SecItemCopyMatching. The content returned is a DER-encoded X.509 distinguished name. For a display version of the subject, call SecCertificateCopyValues. The caller must CFRelease the value returned.
    #[doc(alias = "SecCertificateCopyNormalizedSubjectSequence")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn normalized_subject_sequence(&self) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecCertificateCopyNormalizedSubjectSequence(
                certificate: &SecCertificate,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopyNormalizedSubjectSequence(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Retrieves the public key for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the public key.
    ///
    /// Returns: A reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. If the public key has an encoding issue or uses an unsupported algorithm, the returned reference will be null.
    ///
    /// RSA and ECDSA public keys are supported. All other public key algorithms are unsupported.
    #[doc(alias = "SecCertificateCopyKey")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn key(&self) -> Option<CFRetained<SecKey>> {
        extern "C-unwind" {
            fn SecCertificateCopyKey(certificate: &SecCertificate) -> Option<NonNull<SecKey>>;
        }
        let ret = unsafe { SecCertificateCopyKey(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Retrieves the public key for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the public key.
    ///
    /// Parameter `key`: On return, a reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// NOTE: Deprecated in macOS 10.14; use SecCertificateCopyKey instead for cross-platform availability.
    ///
    /// # Safety
    ///
    /// `key` must be a valid pointer.
    #[doc(alias = "SecCertificateCopyPublicKey")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn copy_public_key(&self, key: NonNull<*mut SecKey>) -> OSStatus {
        extern "C-unwind" {
            #[cfg_attr(
                target_os = "macos",
                link_name = "SecCertificateCopyPublicKey$LEGACYMAC"
            )]
            fn SecCertificateCopyPublicKey(
                certificate: &SecCertificate,
                key: NonNull<*mut SecKey>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateCopyPublicKey(self, key) }
    }

    /// Return the certificate's serial number.
    ///
    /// Parameter `certificate`: The certificate from which to get values.
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef which will be set on return from the function if an error occurred. If not NULL, the caller is responsible for releasing the CFErrorRef.
    ///
    /// Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned.
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopySerialNumberData")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn serial_number_data(
        &self,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecCertificateCopySerialNumberData(
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopySerialNumberData(self, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Obtain the starting date of the given certificate.
    ///
    /// Parameter `certificate`: The certificate from which to get values.
    ///
    /// Returns: Returns the absolute time at which the given certificate becomes valid,
    /// or NULL if this value could not be obtained. The caller must CFRelease the value returned.
    #[doc(alias = "SecCertificateCopyNotValidBeforeDate")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn not_valid_before_date(&self) -> Option<CFRetained<CFDate>> {
        extern "C-unwind" {
            fn SecCertificateCopyNotValidBeforeDate(
                certificate: &SecCertificate,
            ) -> Option<NonNull<CFDate>>;
        }
        let ret = unsafe { SecCertificateCopyNotValidBeforeDate(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Obtain the expiration date of the given certificate.
    ///
    /// Parameter `certificate`: The certificate from which to get values.
    ///
    /// Returns: Returns the absolute time at which the given certificate expires,
    /// or NULL if this value could not be obtained. The caller must CFRelease the value returned.
    #[doc(alias = "SecCertificateCopyNotValidAfterDate")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn not_valid_after_date(&self) -> Option<CFRetained<CFDate>> {
        extern "C-unwind" {
            fn SecCertificateCopyNotValidAfterDate(
                certificate: &SecCertificate,
            ) -> Option<NonNull<CFDate>>;
        }
        let ret = unsafe { SecCertificateCopyNotValidAfterDate(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the certificate's serial number.
    ///
    /// Parameter `certificate`: The certificate from which to get values.
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef which will be set on return from the function if an error occurred. If not NULL, the caller is responsible for releasing the CFErrorRef.
    ///
    /// Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned. NOTE: Deprecated in macOS 10.13; use SecCertificateCopySerialNumberData instead for cross-platform availability.
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopySerialNumber")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn serial_number(&self, error: *mut *mut CFError) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            #[cfg_attr(
                target_os = "macos",
                link_name = "SecCertificateCopySerialNumber$LEGACYMAC"
            )]
            fn SecCertificateCopySerialNumber(
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopySerialNumber(self, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }
}

/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecsubjectitemattr?language=objc)
pub const kSecSubjectItemAttr: c_uint = 1937072746;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecissueritemattr?language=objc)
pub const kSecIssuerItemAttr: c_uint = 1769173877;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecserialnumberitemattr?language=objc)
pub const kSecSerialNumberItemAttr: c_uint = 1936614002;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpublickeyhashitemattr?language=objc)
pub const kSecPublicKeyHashItemAttr: c_uint = 1752198009;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecsubjectkeyidentifieritemattr?language=objc)
pub const kSecSubjectKeyIdentifierItemAttr: c_uint = 1936419172;
/// [Apple's documentation](https://developer.apple.com/documentation/security/kseccerttypeitemattr?language=objc)
pub const kSecCertTypeItemAttr: c_uint = 1668577648;
/// [Apple's documentation](https://developer.apple.com/documentation/security/kseccertencodingitemattr?language=objc)
pub const kSecCertEncodingItemAttr: c_uint = 1667591779;

#[cfg(feature = "SecBase")]
impl SecCertificate {
    /// Creates a certificate based on the input data, type, and encoding.
    ///
    /// Parameter `data`: A pointer to the certificate data.
    ///
    /// Parameter `type`: The certificate type as defined in cssmtype.h.
    ///
    /// Parameter `encoding`: The certificate encoding as defined in cssmtype.h.
    ///
    /// Parameter `certificate`: On return, a reference to the newly created certificate.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This API is deprecated in 10.7  Please use the SecCertificateCreateWithData API instead.
    ///
    /// # Safety
    ///
    /// - `data` must be a valid pointer.
    /// - `certificate` must be a valid pointer.
    #[doc(alias = "SecCertificateCreateFromData")]
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "cssmtype"
    ))]
    #[deprecated]
    #[inline]
    pub unsafe fn create_from_data(
        data: NonNull<SecAsn1Item>,
        r#type: CSSM_CERT_TYPE,
        encoding: CSSM_CERT_ENCODING,
        certificate: NonNull<*mut SecCertificate>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateCreateFromData(
                data: NonNull<SecAsn1Item>,
                r#type: CSSM_CERT_TYPE,
                encoding: CSSM_CERT_ENCODING,
                certificate: NonNull<*mut SecCertificate>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateCreateFromData(data, r#type, encoding, certificate) }
    }

    /// Adds a certificate to the specified keychain.
    ///
    /// Parameter `certificate`: A reference to a certificate.
    ///
    /// Parameter `keychain`: A reference to the keychain in which to add the certificate. Pass NULL to add the certificate to the default keychain.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is successful only if the certificate was created using the SecCertificateCreateFromData or
    /// SecCertificateCreateWithData functions, and the certificate has not yet been added to the specified keychain.
    #[doc(alias = "SecCertificateAddToKeychain")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn add_to_keychain(&self, keychain: Option<&SecKeychain>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateAddToKeychain(
                certificate: &SecCertificate,
                keychain: Option<&SecKeychain>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateAddToKeychain(self, keychain) }
    }

    /// Retrieves the data for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the data.
    ///
    /// Parameter `data`: On return, the CSSM_DATA structure pointed to by data is filled in. You must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyData API instead.
    ///
    /// # Safety
    ///
    /// `data` must be a valid pointer.
    #[doc(alias = "SecCertificateGetData")]
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn get_data(&self, data: CSSM_DATA_PTR) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetData(certificate: &SecCertificate, data: CSSM_DATA_PTR)
                -> OSStatus;
        }
        unsafe { SecCertificateGetData(self, data) }
    }

    /// Retrieves the type for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to obtain the type.
    ///
    /// Parameter `certificateType`: On return, the certificate type of the certificate. Certificate types are defined in cssmtype.h.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead.
    ///
    /// # Safety
    ///
    /// `certificate_type` must be a valid pointer.
    #[doc(alias = "SecCertificateGetType")]
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn r#type(&self, certificate_type: NonNull<CSSM_CERT_TYPE>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetType(
                certificate: &SecCertificate,
                certificate_type: NonNull<CSSM_CERT_TYPE>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateGetType(self, certificate_type) }
    }

    /// Retrieves the subject name for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to obtain the subject name.
    ///
    /// Parameter `subject`: On return, a pointer to a CSSM_X509_NAME struct which contains the subject's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// Prior to Mac OS X 10.5, this function did not return any output in the subject parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it.
    /// For example:
    /// const CSSM_X509_NAME *subject = NULL;
    /// OSStatus status = SecCertificateGetSubject(certificate,
    /// &subject
    /// );
    /// if ( (status == errSecSuccess)
    /// &
    /// &
    /// (subject != NULL) ) {
    /// // subject is valid
    /// }
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead.
    ///
    /// # Safety
    ///
    /// `subject` must be a valid pointer.
    #[doc(alias = "SecCertificateGetSubject")]
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "x509defs"
    ))]
    #[deprecated]
    #[inline]
    pub unsafe fn subject(&self, subject: NonNull<*const CSSM_X509_NAME>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetSubject(
                certificate: &SecCertificate,
                subject: NonNull<*const CSSM_X509_NAME>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateGetSubject(self, subject) }
    }

    /// Retrieves the issuer name for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to obtain the issuer name.
    ///
    /// Parameter `issuer`: On return, a pointer to a CSSM_X509_NAME struct which contains the issuer's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// Prior to Mac OS X 10.5, this function did not return any output in the issuer parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it.
    /// For example:
    /// const CSSM_X509_NAME *issuer = NULL;
    /// OSStatus status = SecCertificateGetIssuer(certificate,
    /// &issuer
    /// );
    /// if ( (status == errSecSuccess)
    /// &
    /// &
    /// (issuer != NULL) ) {
    /// // issuer is valid
    /// }
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead.
    ///
    /// # Safety
    ///
    /// `issuer` must be a valid pointer.
    #[doc(alias = "SecCertificateGetIssuer")]
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "x509defs"
    ))]
    #[deprecated]
    #[inline]
    pub unsafe fn issuer(&self, issuer: NonNull<*const CSSM_X509_NAME>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetIssuer(
                certificate: &SecCertificate,
                issuer: NonNull<*const CSSM_X509_NAME>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateGetIssuer(self, issuer) }
    }

    /// Retrieves the certificate library handle for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to obtain the certificate library handle.
    ///
    /// Parameter `clHandle`: On return, the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead.
    ///
    /// # Safety
    ///
    /// `cl_handle` must be a valid pointer.
    #[doc(alias = "SecCertificateGetCLHandle")]
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn cl_handle(&self, cl_handle: NonNull<CSSM_CL_HANDLE>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetCLHandle(
                certificate: &SecCertificate,
                cl_handle: NonNull<CSSM_CL_HANDLE>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateGetCLHandle(self, cl_handle) }
    }

    /// Retrieves the algorithm identifier for a given certificate.
    ///
    /// Parameter `certificate`: A reference to the certificate from which to retrieve the algorithm identifier.
    ///
    /// Parameter `algid`: On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER struct which identifies the algorithm for this certificate (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    /// discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead.
    ///
    /// # Safety
    ///
    /// `algid` must be a valid pointer.
    #[doc(alias = "SecCertificateGetAlgorithmID")]
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated]
    #[inline]
    pub unsafe fn algorithm_id(&self, algid: NonNull<*const SecAsn1AlgId>) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateGetAlgorithmID(
                certificate: &SecCertificate,
                algid: NonNull<*const SecAsn1AlgId>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateGetAlgorithmID(self, algid) }
    }

    /// Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned.
    ///
    /// Parameter `name`: A string containing an email address (RFC822) or other name for which a preferred certificate is requested.
    ///
    /// Parameter `keyUsage`: A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to ignore this parameter.
    ///
    /// Parameter `certificate`: On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function will typically be used to obtain the preferred encryption certificate for an email recipient.
    /// This API is deprecated in 10.7. Please use the SecCertificateCopyPreferred API instead.
    ///
    /// # Safety
    ///
    /// `certificate` must be a valid pointer.
    #[doc(alias = "SecCertificateCopyPreference")]
    #[cfg(all(feature = "SecBase", feature = "cssmconfig"))]
    #[deprecated]
    #[inline]
    pub unsafe fn copy_preference(
        name: &CFString,
        key_usage: uint32,
        certificate: NonNull<*mut SecCertificate>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateCopyPreference(
                name: &CFString,
                key_usage: uint32,
                certificate: NonNull<*mut SecCertificate>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateCopyPreference(name, key_usage, certificate) }
    }

    /// Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned.
    ///
    /// Parameter `name`: A string containing an email address (RFC822) or other name for which a preferred certificate is requested.
    ///
    /// Parameter `keyUsage`: A CFArrayRef value, containing items defined in SecItem.h  Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap)
    ///
    /// Returns: On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function.
    ///
    /// This function will typically be used to obtain the preferred encryption certificate for an email recipient. If a preferred certificate has not been set
    /// for the supplied name, the returned reference will be NULL. Your code should then perform a search for possible certificates, using the SecItemCopyMatching API.
    ///
    /// # Safety
    ///
    /// `key_usage` generic must be of the correct type.
    #[doc(alias = "SecCertificateCopyPreferred")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn preferred(
        name: &CFString,
        key_usage: Option<&CFArray>,
    ) -> Option<CFRetained<SecCertificate>> {
        extern "C-unwind" {
            fn SecCertificateCopyPreferred(
                name: &CFString,
                key_usage: Option<&CFArray>,
            ) -> Option<NonNull<SecCertificate>>;
        }
        let ret = unsafe { SecCertificateCopyPreferred(name, key_usage) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Sets the preferred certificate for a specified name, key usage, and date.
    ///
    /// Parameter `certificate`: A reference to the certificate which will be preferred.
    ///
    /// Parameter `name`: A string containing an email address (RFC822) or other name for which a preferred certificate will be associated.
    ///
    /// Parameter `keyUsage`: A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to avoid specifying a particular key usage.
    ///
    /// Parameter `date`: (optional) A date reference. If supplied, the preferred certificate will be changed only if this date is later than the currently saved setting. Pass NULL if this preference should not be restricted by date.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) or automatically upon receipt of encrypted email.
    /// This API is deprecated in 10.7. Plese use the SecCertificateSetPreferred API instead.
    #[doc(alias = "SecCertificateSetPreference")]
    #[cfg(all(feature = "SecBase", feature = "cssmconfig"))]
    #[deprecated]
    #[inline]
    pub unsafe fn set_preference(
        &self,
        name: &CFString,
        key_usage: uint32,
        date: Option<&CFDate>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateSetPreference(
                certificate: &SecCertificate,
                name: &CFString,
                key_usage: uint32,
                date: Option<&CFDate>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateSetPreference(self, name, key_usage, date) }
    }

    /// Sets the preferred certificate for a specified name and optional key usage.
    ///
    /// Parameter `certificate`: A reference to the preferred certificate. If NULL is passed, any existing preference for the specified name is cleared instead.
    ///
    /// Parameter `name`: A string containing an email address (RFC822) or other name for which a preferred certificate will be associated.
    ///
    /// Parameter `keyUsage`: A CFArrayRef value, containing items defined in SecItem.h  Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap)
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient)
    /// or automatically upon receipt of encrypted email.
    ///
    /// # Safety
    ///
    /// `key_usage` generic must be of the correct type.
    #[doc(alias = "SecCertificateSetPreferred")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn set_preferred(
        certificate: Option<&SecCertificate>,
        name: &CFString,
        key_usage: Option<&CFArray>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecCertificateSetPreferred(
                certificate: Option<&SecCertificate>,
                name: &CFString,
                key_usage: Option<&CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecCertificateSetPreferred(certificate, name, key_usage) }
    }
}

/// Flags to indicate key usages in the KeyUsage extension of a certificate
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/seckeyusage?language=objc)
// NS_OPTIONS
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct SecKeyUsage(pub u32);
bitflags::bitflags! {
    impl SecKeyUsage: u32 {
        #[doc(alias = "kSecKeyUsageUnspecified")]
        const Unspecified = 0;
        #[doc(alias = "kSecKeyUsageDigitalSignature")]
        const DigitalSignature = 1<<0;
        #[doc(alias = "kSecKeyUsageNonRepudiation")]
        const NonRepudiation = 1<<1;
        #[doc(alias = "kSecKeyUsageContentCommitment")]
        const ContentCommitment = 1<<1;
        #[doc(alias = "kSecKeyUsageKeyEncipherment")]
        const KeyEncipherment = 1<<2;
        #[doc(alias = "kSecKeyUsageDataEncipherment")]
        const DataEncipherment = 1<<3;
        #[doc(alias = "kSecKeyUsageKeyAgreement")]
        const KeyAgreement = 1<<4;
        #[doc(alias = "kSecKeyUsageKeyCertSign")]
        const KeyCertSign = 1<<5;
        #[doc(alias = "kSecKeyUsageCRLSign")]
        const CRLSign = 1<<6;
        #[doc(alias = "kSecKeyUsageEncipherOnly")]
        const EncipherOnly = 1<<7;
        #[doc(alias = "kSecKeyUsageDecipherOnly")]
        const DecipherOnly = 1<<8;
        #[doc(alias = "kSecKeyUsageCritical")]
        const Critical = 1<<31;
        #[doc(alias = "kSecKeyUsageAll")]
        const All = 0x7FFFFFFF;
    }
}

#[cfg(feature = "objc2")]
unsafe impl Encode for SecKeyUsage {
    const ENCODING: Encoding = u32::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for SecKeyUsage {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

extern "C" {
    /// Constants used to access dictionary entries returned by SecCertificateCopyValues
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertykeytype?language=objc)
    pub static kSecPropertyKeyType: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertykeylabel?language=objc)
    pub static kSecPropertyKeyLabel: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertykeylocalizedlabel?language=objc)
    pub static kSecPropertyKeyLocalizedLabel: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertykeyvalue?language=objc)
    pub static kSecPropertyKeyValue: &'static CFString;
}

extern "C" {
    /// Public Constants for property list values returned by SecCertificateCopyValues
    ///
    /// Note that kSecPropertyTypeTitle and kSecPropertyTypeError are defined in SecTrust.h
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypewarning?language=objc)
    pub static kSecPropertyTypeWarning: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypesuccess?language=objc)
    pub static kSecPropertyTypeSuccess: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypesection?language=objc)
    pub static kSecPropertyTypeSection: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypedata?language=objc)
    pub static kSecPropertyTypeData: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypestring?language=objc)
    pub static kSecPropertyTypeString: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypeurl?language=objc)
    pub static kSecPropertyTypeURL: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypedate?language=objc)
    pub static kSecPropertyTypeDate: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypearray?language=objc)
    pub static kSecPropertyTypeArray: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypenumber?language=objc)
    pub static kSecPropertyTypeNumber: &'static CFString;
}

#[cfg(feature = "SecBase")]
impl SecCertificate {
    /// Creates a dictionary that represents a certificate's contents.
    ///
    /// Parameter `certificate`: The certificate from which to get values
    ///
    /// Parameter `keys`: An array of string OID values, or NULL. If present, this is
    /// the subset of values from the certificate to return. If NULL,
    /// all values will be returned. Only OIDs that are top level keys
    /// in the returned dictionary can be specified. Unknown OIDs are
    /// ignored.
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef. This value is
    /// set if an error occurred.  If not NULL the caller is
    /// responsible for releasing the CFErrorRef.
    ///
    /// The keys array will contain all of the keys used in the
    /// returned dictionary. The top level keys in the returned
    /// dictionary are OIDs, many of which are found in SecCertificateOIDs.h.
    /// Each entry that is returned is itself a dictionary with four
    /// entries, whose keys are kSecPropertyKeyType, kSecPropertyKeyLabel,
    /// kSecPropertyKeyLocalizedLabel, kSecPropertyKeyValue. The label
    /// entries may contain a descriptive (localized) string, or an
    /// OID string. The kSecPropertyKeyType describes the type in the
    /// value entry. The value entry may be any CFType, although it
    /// is usually a CFStringRef, CFArrayRef or a CFDictionaryRef.
    ///
    /// # Safety
    ///
    /// - `keys` generic must be of the correct type.
    /// - `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopyValues")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn values(
        &self,
        keys: Option<&CFArray>,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFDictionary>> {
        extern "C-unwind" {
            fn SecCertificateCopyValues(
                certificate: &SecCertificate,
                keys: Option<&CFArray>,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFDictionary>>;
        }
        let ret = unsafe { SecCertificateCopyValues(self, keys, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the long description of a certificate
    ///
    /// Parameter `alloc`: The CFAllocator which should be used to allocate
    /// memory for the dictionary and its storage for values. This
    /// parameter may be NULL in which case the current default
    /// CFAllocator is used. If this reference is not a valid
    /// CFAllocator, the behavior is undefined.
    ///
    /// Parameter `certificate`: The certificate from which to retrieve the long description
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef. This value is
    /// set if an error occurred.  If not NULL the caller is
    /// responsible for releasing the CFErrorRef.
    ///
    /// Returns: A CFStringRef of the long description or NULL. If NULL and the error
    /// parameter is supplied the error will be returned in the error parameter
    ///
    /// Note that the format of this string may change in the future
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopyLongDescription")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn long_description(
        alloc: Option<&CFAllocator>,
        certificate: &SecCertificate,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFString>> {
        extern "C-unwind" {
            fn SecCertificateCopyLongDescription(
                alloc: Option<&CFAllocator>,
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFString>>;
        }
        let ret = unsafe { SecCertificateCopyLongDescription(alloc, certificate, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the short description of a certificate
    ///
    /// Parameter `alloc`: The CFAllocator which should be used to allocate
    /// memory for the dictionary and its storage for values. This
    /// parameter may be NULL in which case the current default
    /// CFAllocator is used. If this reference is not a valid
    /// CFAllocator, the behavior is undefined.
    ///
    /// Parameter `certificate`: The certificate from which to retrieve the short description
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef. This value is
    /// set if an error occurred.  If not NULL the caller is
    /// responsible for releasing the CFErrorRef.
    ///
    /// Returns: A CFStringRef of the short description or NULL. If NULL and the error
    /// parameter is supplied the error will be returned in the error parameter
    ///
    /// Note that the format of this string may change in the future
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopyShortDescription")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn short_description(
        alloc: Option<&CFAllocator>,
        certificate: &SecCertificate,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFString>> {
        extern "C-unwind" {
            fn SecCertificateCopyShortDescription(
                alloc: Option<&CFAllocator>,
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFString>>;
        }
        let ret = unsafe { SecCertificateCopyShortDescription(alloc, certificate, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the certificate's normalized issuer
    ///
    /// Parameter `certificate`: The certificate from which to get values
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef. This value is
    /// set if an error occurred.  If not NULL the caller is
    /// responsible for releasing the CFErrorRef.
    ///
    /// The issuer is a sequence in the format used by
    /// SecItemCopyMatching.  The content returned is a DER-encoded
    /// X.509 distinguished name. For a display version of the issuer,
    /// call SecCertificateCopyValues. The caller must CFRelease
    /// the value returned.
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopyNormalizedIssuerContent")]
    #[cfg(feature = "SecBase")]
    #[deprecated = "SecCertificateCopyNormalizedIssuerContent is deprecated. Use SecCertificateCopyNormalizedIssuerSequence instead."]
    #[inline]
    pub unsafe fn normalized_issuer_content(
        &self,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecCertificateCopyNormalizedIssuerContent(
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopyNormalizedIssuerContent(self, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the certificate's normalized subject
    ///
    /// Parameter `certificate`: The certificate from which to get values
    ///
    /// Parameter `error`: An optional pointer to a CFErrorRef. This value is
    /// set if an error occurred.  If not NULL the caller is
    /// responsible for releasing the CFErrorRef.
    ///
    /// The subject is a sequence in the format used by
    /// SecItemCopyMatching. The content returned is a DER-encoded
    /// X.509 distinguished name. For a display version of the subject,
    /// call SecCertificateCopyValues. The caller must CFRelease
    /// the value returned.
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecCertificateCopyNormalizedSubjectContent")]
    #[cfg(feature = "SecBase")]
    #[deprecated = "SecCertificateCopyNormalizedSubjectContent is deprecated. Use SecCertificateCopyNormalizedSubjectSequence instead."]
    #[inline]
    pub unsafe fn normalized_subject_content(
        &self,
        error: *mut *mut CFError,
    ) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecCertificateCopyNormalizedSubjectContent(
                certificate: &SecCertificate,
                error: *mut *mut CFError,
            ) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecCertificateCopyNormalizedSubjectContent(self, error) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::with_data`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCreateWithData(
    allocator: Option<&CFAllocator>,
    data: &CFData,
) -> Option<CFRetained<SecCertificate>> {
    extern "C-unwind" {
        fn SecCertificateCreateWithData(
            allocator: Option<&CFAllocator>,
            data: &CFData,
        ) -> Option<NonNull<SecCertificate>>;
    }
    let ret = unsafe { SecCertificateCreateWithData(allocator, data) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::data`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyData(
    certificate: &SecCertificate,
) -> CFRetained<CFData> {
    extern "C-unwind" {
        fn SecCertificateCopyData(certificate: &SecCertificate) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopyData(certificate) };
    let ret = ret.expect("function was marked as returning non-null, but actually returned NULL");
    unsafe { CFRetained::from_raw(ret) }
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::subject_summary`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopySubjectSummary(
    certificate: &SecCertificate,
) -> Option<CFRetained<CFString>> {
    extern "C-unwind" {
        fn SecCertificateCopySubjectSummary(
            certificate: &SecCertificate,
        ) -> Option<NonNull<CFString>>;
    }
    let ret = unsafe { SecCertificateCopySubjectSummary(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecCertificate::copy_common_name`"]
    pub fn SecCertificateCopyCommonName(
        certificate: &SecCertificate,
        common_name: NonNull<*const CFString>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecCertificate::copy_email_addresses`"]
    pub fn SecCertificateCopyEmailAddresses(
        certificate: &SecCertificate,
        email_addresses: NonNull<*const CFArray>,
    ) -> OSStatus;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::normalized_issuer_sequence`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNormalizedIssuerSequence(
    certificate: &SecCertificate,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecCertificateCopyNormalizedIssuerSequence(
            certificate: &SecCertificate,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopyNormalizedIssuerSequence(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::normalized_subject_sequence`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNormalizedSubjectSequence(
    certificate: &SecCertificate,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecCertificateCopyNormalizedSubjectSequence(
            certificate: &SecCertificate,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopyNormalizedSubjectSequence(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::key`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyKey(
    certificate: &SecCertificate,
) -> Option<CFRetained<SecKey>> {
    extern "C-unwind" {
        fn SecCertificateCopyKey(certificate: &SecCertificate) -> Option<NonNull<SecKey>>;
    }
    let ret = unsafe { SecCertificateCopyKey(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecCertificate::copy_public_key`"]
    #[cfg_attr(
        target_os = "macos",
        link_name = "SecCertificateCopyPublicKey$LEGACYMAC"
    )]
    pub fn SecCertificateCopyPublicKey(
        certificate: &SecCertificate,
        key: NonNull<*mut SecKey>,
    ) -> OSStatus;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::serial_number_data`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopySerialNumberData(
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecCertificateCopySerialNumberData(
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopySerialNumberData(certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::not_valid_before_date`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNotValidBeforeDate(
    certificate: &SecCertificate,
) -> Option<CFRetained<CFDate>> {
    extern "C-unwind" {
        fn SecCertificateCopyNotValidBeforeDate(
            certificate: &SecCertificate,
        ) -> Option<NonNull<CFDate>>;
    }
    let ret = unsafe { SecCertificateCopyNotValidBeforeDate(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::not_valid_after_date`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNotValidAfterDate(
    certificate: &SecCertificate,
) -> Option<CFRetained<CFDate>> {
    extern "C-unwind" {
        fn SecCertificateCopyNotValidAfterDate(
            certificate: &SecCertificate,
        ) -> Option<NonNull<CFDate>>;
    }
    let ret = unsafe { SecCertificateCopyNotValidAfterDate(certificate) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::serial_number`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopySerialNumber(
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        #[cfg_attr(
            target_os = "macos",
            link_name = "SecCertificateCopySerialNumber$LEGACYMAC"
        )]
        fn SecCertificateCopySerialNumber(
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopySerialNumber(certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "cssmtype"
    ))]
    #[deprecated = "renamed to `SecCertificate::create_from_data`"]
    pub fn SecCertificateCreateFromData(
        data: NonNull<SecAsn1Item>,
        r#type: CSSM_CERT_TYPE,
        encoding: CSSM_CERT_ENCODING,
        certificate: NonNull<*mut SecCertificate>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecCertificate::add_to_keychain`"]
    pub fn SecCertificateAddToKeychain(
        certificate: &SecCertificate,
        keychain: Option<&SecKeychain>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecCertificate::get_data`"]
    pub fn SecCertificateGetData(certificate: &SecCertificate, data: CSSM_DATA_PTR) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecCertificate::type`"]
    pub fn SecCertificateGetType(
        certificate: &SecCertificate,
        certificate_type: NonNull<CSSM_CERT_TYPE>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "x509defs"
    ))]
    #[deprecated = "renamed to `SecCertificate::subject`"]
    pub fn SecCertificateGetSubject(
        certificate: &SecCertificate,
        subject: NonNull<*const CSSM_X509_NAME>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "SecBase",
        feature = "cssmconfig",
        feature = "x509defs"
    ))]
    #[deprecated = "renamed to `SecCertificate::issuer`"]
    pub fn SecCertificateGetIssuer(
        certificate: &SecCertificate,
        issuer: NonNull<*const CSSM_X509_NAME>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecCertificate::cl_handle`"]
    pub fn SecCertificateGetCLHandle(
        certificate: &SecCertificate,
        cl_handle: NonNull<CSSM_CL_HANDLE>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated = "renamed to `SecCertificate::algorithm_id`"]
    pub fn SecCertificateGetAlgorithmID(
        certificate: &SecCertificate,
        algid: NonNull<*const SecAsn1AlgId>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecBase", feature = "cssmconfig"))]
    #[deprecated = "renamed to `SecCertificate::copy_preference`"]
    pub fn SecCertificateCopyPreference(
        name: &CFString,
        key_usage: uint32,
        certificate: NonNull<*mut SecCertificate>,
    ) -> OSStatus;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::preferred`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyPreferred(
    name: &CFString,
    key_usage: Option<&CFArray>,
) -> Option<CFRetained<SecCertificate>> {
    extern "C-unwind" {
        fn SecCertificateCopyPreferred(
            name: &CFString,
            key_usage: Option<&CFArray>,
        ) -> Option<NonNull<SecCertificate>>;
    }
    let ret = unsafe { SecCertificateCopyPreferred(name, key_usage) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[cfg(all(feature = "SecBase", feature = "cssmconfig"))]
    #[deprecated = "renamed to `SecCertificate::set_preference`"]
    pub fn SecCertificateSetPreference(
        certificate: &SecCertificate,
        name: &CFString,
        key_usage: uint32,
        date: Option<&CFDate>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecCertificate::set_preferred`"]
    pub fn SecCertificateSetPreferred(
        certificate: Option<&SecCertificate>,
        name: &CFString,
        key_usage: Option<&CFArray>,
    ) -> OSStatus;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::values`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyValues(
    certificate: &SecCertificate,
    keys: Option<&CFArray>,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFDictionary>> {
    extern "C-unwind" {
        fn SecCertificateCopyValues(
            certificate: &SecCertificate,
            keys: Option<&CFArray>,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFDictionary>>;
    }
    let ret = unsafe { SecCertificateCopyValues(certificate, keys, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::long_description`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyLongDescription(
    alloc: Option<&CFAllocator>,
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFString>> {
    extern "C-unwind" {
        fn SecCertificateCopyLongDescription(
            alloc: Option<&CFAllocator>,
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFString>>;
    }
    let ret = unsafe { SecCertificateCopyLongDescription(alloc, certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::short_description`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyShortDescription(
    alloc: Option<&CFAllocator>,
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFString>> {
    extern "C-unwind" {
        fn SecCertificateCopyShortDescription(
            alloc: Option<&CFAllocator>,
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFString>>;
    }
    let ret = unsafe { SecCertificateCopyShortDescription(alloc, certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::normalized_issuer_content`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNormalizedIssuerContent(
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecCertificateCopyNormalizedIssuerContent(
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopyNormalizedIssuerContent(certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecCertificate::normalized_subject_content`"]
#[inline]
pub unsafe extern "C-unwind" fn SecCertificateCopyNormalizedSubjectContent(
    certificate: &SecCertificate,
    error: *mut *mut CFError,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecCertificateCopyNormalizedSubjectContent(
            certificate: &SecCertificate,
            error: *mut *mut CFError,
        ) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecCertificateCopyNormalizedSubjectContent(certificate, error) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}