objc2_security/generated/

SecPolicy.rs

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::ptr::NonNull;
use objc2_core_foundation::*;

use crate::*;

extern "C" {
    /// Predefined constants used to specify a policy.
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplex509basic?language=objc)
    pub static kSecPolicyAppleX509Basic: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplessl?language=objc)
    pub static kSecPolicyAppleSSL: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplesmime?language=objc)
    pub static kSecPolicyAppleSMIME: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleeap?language=objc)
    pub static kSecPolicyAppleEAP: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleipsec?language=objc)
    pub static kSecPolicyAppleIPsec: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleichat?language=objc)
    #[deprecated]
    pub static kSecPolicyAppleiChat: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplepkinitclient?language=objc)
    pub static kSecPolicyApplePKINITClient: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplepkinitserver?language=objc)
    pub static kSecPolicyApplePKINITServer: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplecodesigning?language=objc)
    pub static kSecPolicyAppleCodeSigning: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicymacappstorereceipt?language=objc)
    pub static kSecPolicyMacAppStoreReceipt: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleidvalidation?language=objc)
    pub static kSecPolicyAppleIDValidation: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappletimestamping?language=objc)
    pub static kSecPolicyAppleTimeStamping: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplerevocation?language=objc)
    pub static kSecPolicyAppleRevocation: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplepassbooksigning?language=objc)
    pub static kSecPolicyApplePassbookSigning: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplepayissuerencryption?language=objc)
    pub static kSecPolicyApplePayIssuerEncryption: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplesslserver?language=objc)
    pub static kSecPolicyAppleSSLServer: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyapplesslclient?language=objc)
    pub static kSecPolicyAppleSSLClient: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleeapserver?language=objc)
    pub static kSecPolicyAppleEAPServer: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleeapclient?language=objc)
    pub static kSecPolicyAppleEAPClient: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleipsecserver?language=objc)
    pub static kSecPolicyAppleIPSecServer: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyappleipsecclient?language=objc)
    pub static kSecPolicyAppleIPSecClient: &'static CFString;
}

extern "C" {
    /// Predefined property key constants used to get or set values in
    /// a dictionary for a policy instance.
    ///
    /// All policies will have the following read-only value:
    /// kSecPolicyOid       (the policy object identifier)
    ///
    /// Additional policy values which your code can optionally set:
    /// kSecPolicyName      (name which must be matched)
    /// kSecPolicyClient    (evaluate for client, rather than server)
    /// kSecPolicyRevocationFlags   (only valid for a revocation policy)
    /// kSecPolicyTeamIdentifier    (only valid for a Passbook signing policy)
    ///
    ///
    ///
    /// containing a name which must be matched in the certificate to satisfy
    /// this policy. For SSL/TLS, EAP, and IPSec policies, this specifies the
    /// server name which must match the common name of the certificate.
    /// For S/MIME, this specifies the RFC822 email address. For Passbook
    /// signing, this specifies the pass signer.
    ///
    /// this evaluation should be for a client certificate. If not set (or
    /// false), the policy evaluates the certificate as a server certificate.
    ///
    /// kCFNumberCFIndexType bitmask value. See "Revocation Policy Constants"
    /// for a description of individual bits in this value.
    ///
    /// team identifier which must be matched in the certificate to satisfy
    /// this policy. For the Passbook signing policy, this string must match
    /// the Organizational Unit field of the certificate subject.
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyoid?language=objc)
    pub static kSecPolicyOid: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyname?language=objc)
    pub static kSecPolicyName: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyclient?language=objc)
    pub static kSecPolicyClient: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyrevocationflags?language=objc)
    pub static kSecPolicyRevocationFlags: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyteamidentifier?language=objc)
    pub static kSecPolicyTeamIdentifier: &'static CFString;
}

#[cfg(feature = "SecBase")]
unsafe impl ConcreteType for SecPolicy {
    /// Returns the type identifier of SecPolicy instances.
    ///
    /// Returns: The CFTypeID of SecPolicy instances.
    #[doc(alias = "SecPolicyGetTypeID")]
    #[inline]
    fn type_id() -> CFTypeID {
        extern "C-unwind" {
            fn SecPolicyGetTypeID() -> CFTypeID;
        }
        unsafe { SecPolicyGetTypeID() }
    }
}

#[cfg(feature = "SecBase")]
impl SecPolicy {
    /// Returns a dictionary of this policy's properties.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Returns: A properties dictionary. See "Policy Value Constants" for a list
    /// of currently defined property keys. It is the caller's responsibility to
    /// CFRelease this reference when it is no longer needed.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function returns the properties for a policy, as set by the
    /// policy's construction function or by a prior call to SecPolicySetProperties.
    #[doc(alias = "SecPolicyCopyProperties")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn properties(&self) -> Option<CFRetained<CFDictionary>> {
        extern "C-unwind" {
            fn SecPolicyCopyProperties(policy_ref: &SecPolicy) -> Option<NonNull<CFDictionary>>;
        }
        let ret = unsafe { SecPolicyCopyProperties(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Returns a policy object for the default X.509 policy.
    ///
    /// Returns: A policy object. The caller is responsible for calling CFRelease
    /// on this when it is no longer needed.
    #[doc(alias = "SecPolicyCreateBasicX509")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn new_basic_x509() -> CFRetained<SecPolicy> {
        extern "C-unwind" {
            fn SecPolicyCreateBasicX509() -> Option<NonNull<SecPolicy>>;
        }
        let ret = unsafe { SecPolicyCreateBasicX509() };
        let ret =
            ret.expect("function was marked as returning non-null, but actually returned NULL");
        unsafe { CFRetained::from_raw(ret) }
    }

    /// Returns a policy object for evaluating SSL certificate chains.
    ///
    /// Parameter `server`: Passing true for this parameter creates a policy for SSL
    /// server certificates.
    ///
    /// Parameter `hostname`: (Optional) If present, the policy will require the specified
    /// hostname to match the hostname in the leaf certificate.
    ///
    /// Returns: A policy object. The caller is responsible for calling CFRelease
    /// on this when it is no longer needed.
    #[doc(alias = "SecPolicyCreateSSL")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn new_ssl(server: bool, hostname: Option<&CFString>) -> CFRetained<SecPolicy> {
        extern "C-unwind" {
            fn SecPolicyCreateSSL(
                server: Boolean,
                hostname: Option<&CFString>,
            ) -> Option<NonNull<SecPolicy>>;
        }
        let ret = unsafe { SecPolicyCreateSSL(server as _, hostname) };
        let ret =
            ret.expect("function was marked as returning non-null, but actually returned NULL");
        unsafe { CFRetained::from_raw(ret) }
    }
}

/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationocspmethod?language=objc)
pub const kSecRevocationOCSPMethod: CFOptionFlags = 1;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationcrlmethod?language=objc)
pub const kSecRevocationCRLMethod: CFOptionFlags = 2;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationprefercrl?language=objc)
pub const kSecRevocationPreferCRL: CFOptionFlags = 4;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationrequirepositiveresponse?language=objc)
pub const kSecRevocationRequirePositiveResponse: CFOptionFlags = 8;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationnetworkaccessdisabled?language=objc)
pub const kSecRevocationNetworkAccessDisabled: CFOptionFlags = 16;
/// [Apple's documentation](https://developer.apple.com/documentation/security/ksecrevocationuseanyavailablemethod?language=objc)
pub const kSecRevocationUseAnyAvailableMethod: CFOptionFlags = 3;

#[cfg(feature = "SecBase")]
impl SecPolicy {
    /// Returns a policy object for checking revocation of certificates.
    ///
    /// Returns: A policy object. The caller is responsible for calling CFRelease
    /// on this when it is no longer needed.
    ///
    /// Parameter `revocationFlags`: Flags to specify revocation checking options.
    ///
    /// Use this function to create a revocation policy with behavior
    /// specified by revocationFlags. See the "Revocation Policy Constants" section
    /// for a description of these flags. Note: it is usually not necessary to
    /// create a revocation policy yourself unless you wish to override default
    /// system behavior (e.g. to force a particular method, or to disable
    /// revocation checking entirely.)
    #[doc(alias = "SecPolicyCreateRevocation")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn new_revocation(revocation_flags: CFOptionFlags) -> Option<CFRetained<SecPolicy>> {
        extern "C-unwind" {
            fn SecPolicyCreateRevocation(
                revocation_flags: CFOptionFlags,
            ) -> Option<NonNull<SecPolicy>>;
        }
        let ret = unsafe { SecPolicyCreateRevocation(revocation_flags) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Returns a policy object based on an object identifier for the
    /// policy type. See the "Policy Constants" section for a list of defined
    /// policy object identifiers.
    ///
    /// Parameter `policyIdentifier`: The identifier for the desired policy type.
    ///
    /// Parameter `properties`: (Optional) A properties dictionary. See "Policy Value
    /// Constants" for a list of currently defined property keys.
    ///
    /// Returns: The returned policy reference, or NULL if the policy could not be
    /// created.
    ///
    /// # Safety
    ///
    /// - `policy_identifier` should be of the correct type.
    /// - `properties` generics must be of the correct type.
    #[doc(alias = "SecPolicyCreateWithProperties")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn with_properties(
        policy_identifier: &CFType,
        properties: Option<&CFDictionary>,
    ) -> Option<CFRetained<SecPolicy>> {
        extern "C-unwind" {
            fn SecPolicyCreateWithProperties(
                policy_identifier: &CFType,
                properties: Option<&CFDictionary>,
            ) -> Option<NonNull<SecPolicy>>;
        }
        let ret = unsafe { SecPolicyCreateWithProperties(policy_identifier, properties) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }
}

extern "C" {
    /// Predefined property key constants used to get or set values in
    /// a dictionary for a policy instance.
    ///
    /// Some policy values may specify CFBooleanRef key usage constraints:
    /// kSecPolicyKU_DigitalSignature
    /// kSecPolicyKU_NonRepudiation
    /// kSecPolicyKU_KeyEncipherment
    /// kSecPolicyKU_DataEncipherment
    /// kSecPolicyKU_KeyAgreement
    /// kSecPolicyKU_KeyCertSign
    /// kSecPolicyKU_CRLSign
    /// kSecPolicyKU_EncipherOnly
    /// kSecPolicyKU_DecipherOnly
    ///
    /// kSecPolicyKU policy values define certificate-level key purposes,
    /// in contrast to the key-level definitions in SecItem.h
    ///
    /// For example, a key in a certificate might be acceptable to use for
    /// signing a CRL, but not for signing another certificate. In either
    /// case, this key would have the ability to sign (i.e. kSecAttrCanSign
    /// is true), but may only sign for specific purposes allowed by these
    /// policy constants. Similarly, a public key might have the capability
    /// to perform encryption or decryption, but the certificate in which it
    /// resides might have a decipher-only certificate policy.
    ///
    /// These constants correspond to values defined in RFC 5280, section
    /// 4.2.1.3 (Key Usage) which define the purpose of a key contained in a
    /// certificate, in contrast to section 4.1.2.7 which define the uses that
    /// a key is capable of.
    ///
    /// Note: these constants are not available on iOS. Your code should
    /// avoid direct reliance on these values for making policy decisions
    /// and use higher level policies where possible.
    ///
    ///
    /// have a key usage that allows it to be used for signing.
    ///
    /// have a key usage that allows it to be used for non-repudiation.
    ///
    /// have a key usage that allows it to be used for key encipherment.
    ///
    /// have a key usage that allows it to be used for data encipherment.
    ///
    /// have a key usage that allows it to be used for key agreement.
    ///
    /// have a key usage that allows it to be used for signing certificates.
    ///
    /// have a key usage that allows it to be used for signing CRLs.
    ///
    /// have a key usage that permits it to be used for encryption only.
    ///
    /// have a key usage that permits it to be used for decryption only.
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_digitalsignature?language=objc)
    pub static kSecPolicyKU_DigitalSignature: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_nonrepudiation?language=objc)
    pub static kSecPolicyKU_NonRepudiation: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_keyencipherment?language=objc)
    pub static kSecPolicyKU_KeyEncipherment: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_dataencipherment?language=objc)
    pub static kSecPolicyKU_DataEncipherment: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_keyagreement?language=objc)
    pub static kSecPolicyKU_KeyAgreement: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_keycertsign?language=objc)
    pub static kSecPolicyKU_KeyCertSign: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_crlsign?language=objc)
    pub static kSecPolicyKU_CRLSign: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_encipheronly?language=objc)
    pub static kSecPolicyKU_EncipherOnly: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpolicyku_decipheronly?language=objc)
    pub static kSecPolicyKU_DecipherOnly: &'static CFString;
}

#[cfg(feature = "SecBase")]
impl SecPolicy {
    /// Returns a policy object based on an object identifier for the
    /// policy type. See the "Policy Constants" section for a list of defined
    /// policy object identifiers.
    ///
    /// Parameter `policyOID`: The OID of the desired policy.
    ///
    /// Returns: The returned policy reference, or NULL if the policy could not be
    /// created.
    ///
    /// This function is deprecated in Mac OS X 10.9 and later;
    /// use SecPolicyCreateWithProperties (or a more specific policy creation
    /// function) instead.
    ///
    /// # Safety
    ///
    /// `policy_oid` should be of the correct type.
    #[doc(alias = "SecPolicyCreateWithOID")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn with_oid(policy_oid: &CFType) -> Option<CFRetained<SecPolicy>> {
        extern "C-unwind" {
            fn SecPolicyCreateWithOID(policy_oid: &CFType) -> Option<NonNull<SecPolicy>>;
        }
        let ret = unsafe { SecPolicyCreateWithOID(policy_oid) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Returns a policy's object identifier.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Parameter `oid`: On return, a pointer to the policy's object identifier.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in Mac OS X 10.7 and later;
    /// use SecPolicyCopyProperties instead.
    ///
    /// # Safety
    ///
    /// `oid` must be a valid pointer.
    #[doc(alias = "SecPolicyGetOID")]
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated]
    #[inline]
    pub unsafe fn oid(&self, oid: NonNull<SecAsn1Oid>) -> OSStatus {
        extern "C-unwind" {
            fn SecPolicyGetOID(policy_ref: &SecPolicy, oid: NonNull<SecAsn1Oid>) -> OSStatus;
        }
        unsafe { SecPolicyGetOID(self, oid) }
    }

    /// Returns a policy's value.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Parameter `value`: On return, a pointer to the policy's value.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in Mac OS X 10.7 and later;
    /// use SecPolicyCopyProperties instead.
    ///
    /// # Safety
    ///
    /// `value` must be a valid pointer.
    #[doc(alias = "SecPolicyGetValue")]
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated]
    #[inline]
    pub unsafe fn value(&self, value: NonNull<SecAsn1Item>) -> OSStatus {
        extern "C-unwind" {
            fn SecPolicyGetValue(policy_ref: &SecPolicy, value: NonNull<SecAsn1Item>) -> OSStatus;
        }
        unsafe { SecPolicyGetValue(self, value) }
    }

    /// Sets a policy's value.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Parameter `value`: The value to be set into the policy object, replacing any
    /// previous value.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in Mac OS X 10.7 and later. Policy
    /// instances should be considered read-only; in cases where your code would
    /// consider changing properties of a policy, it should instead create a new
    /// policy instance with the desired properties.
    ///
    /// # Safety
    ///
    /// `value` must be a valid pointer.
    #[doc(alias = "SecPolicySetValue")]
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated]
    #[inline]
    pub unsafe fn set_value(&self, value: NonNull<SecAsn1Item>) -> OSStatus {
        extern "C-unwind" {
            fn SecPolicySetValue(policy_ref: &SecPolicy, value: NonNull<SecAsn1Item>) -> OSStatus;
        }
        unsafe { SecPolicySetValue(self, value) }
    }

    /// Sets a policy's properties.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Parameter `properties`: A properties dictionary. See "Policy Value Constants"
    /// for a list of currently defined property keys. This dictionary replaces the
    /// policy's existing properties, if any. Note that the policy OID (specified
    /// by kSecPolicyOid) is a read-only property of the policy and cannot be set.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in Mac OS X 10.9 and later. Policy
    /// instances should be considered read-only; in cases where your code would
    /// consider changing properties of a policy, it should instead create a new
    /// policy instance with the desired properties.
    ///
    /// # Safety
    ///
    /// `properties` generics must be of the correct type.
    #[doc(alias = "SecPolicySetProperties")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn set_properties(&self, properties: &CFDictionary) -> OSStatus {
        extern "C-unwind" {
            fn SecPolicySetProperties(
                policy_ref: &SecPolicy,
                properties: &CFDictionary,
            ) -> OSStatus;
        }
        unsafe { SecPolicySetProperties(self, properties) }
    }

    /// Returns the CSSM trust policy handle for the given policy.
    ///
    /// Parameter `policyRef`: A policy reference.
    ///
    /// Parameter `tpHandle`: On return, a pointer to a value of type CSSM_TP_HANDLE.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in Mac OS X 10.7 and later.
    ///
    /// # Safety
    ///
    /// `tp_handle` must be a valid pointer.
    #[doc(alias = "SecPolicyGetTPHandle")]
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn tp_handle(&self, tp_handle: NonNull<CSSM_TP_HANDLE>) -> OSStatus {
        extern "C-unwind" {
            fn SecPolicyGetTPHandle(
                policy_ref: &SecPolicy,
                tp_handle: NonNull<CSSM_TP_HANDLE>,
            ) -> OSStatus;
        }
        unsafe { SecPolicyGetTPHandle(self, tp_handle) }
    }
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::properties`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCopyProperties(
    policy_ref: &SecPolicy,
) -> Option<CFRetained<CFDictionary>> {
    extern "C-unwind" {
        fn SecPolicyCopyProperties(policy_ref: &SecPolicy) -> Option<NonNull<CFDictionary>>;
    }
    let ret = unsafe { SecPolicyCopyProperties(policy_ref) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::new_basic_x509`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCreateBasicX509() -> CFRetained<SecPolicy> {
    extern "C-unwind" {
        fn SecPolicyCreateBasicX509() -> Option<NonNull<SecPolicy>>;
    }
    let ret = unsafe { SecPolicyCreateBasicX509() };
    let ret = ret.expect("function was marked as returning non-null, but actually returned NULL");
    unsafe { CFRetained::from_raw(ret) }
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::new_ssl`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCreateSSL(
    server: bool,
    hostname: Option<&CFString>,
) -> CFRetained<SecPolicy> {
    extern "C-unwind" {
        fn SecPolicyCreateSSL(
            server: Boolean,
            hostname: Option<&CFString>,
        ) -> Option<NonNull<SecPolicy>>;
    }
    let ret = unsafe { SecPolicyCreateSSL(server as _, hostname) };
    let ret = ret.expect("function was marked as returning non-null, but actually returned NULL");
    unsafe { CFRetained::from_raw(ret) }
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::new_revocation`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCreateRevocation(
    revocation_flags: CFOptionFlags,
) -> Option<CFRetained<SecPolicy>> {
    extern "C-unwind" {
        fn SecPolicyCreateRevocation(revocation_flags: CFOptionFlags)
            -> Option<NonNull<SecPolicy>>;
    }
    let ret = unsafe { SecPolicyCreateRevocation(revocation_flags) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::with_properties`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCreateWithProperties(
    policy_identifier: &CFType,
    properties: Option<&CFDictionary>,
) -> Option<CFRetained<SecPolicy>> {
    extern "C-unwind" {
        fn SecPolicyCreateWithProperties(
            policy_identifier: &CFType,
            properties: Option<&CFDictionary>,
        ) -> Option<NonNull<SecPolicy>>;
    }
    let ret = unsafe { SecPolicyCreateWithProperties(policy_identifier, properties) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecPolicy::with_oid`"]
#[inline]
pub unsafe extern "C-unwind" fn SecPolicyCreateWithOID(
    policy_oid: &CFType,
) -> Option<CFRetained<SecPolicy>> {
    extern "C-unwind" {
        fn SecPolicyCreateWithOID(policy_oid: &CFType) -> Option<NonNull<SecPolicy>>;
    }
    let ret = unsafe { SecPolicyCreateWithOID(policy_oid) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated = "renamed to `SecPolicy::oid`"]
    pub fn SecPolicyGetOID(policy_ref: &SecPolicy, oid: NonNull<SecAsn1Oid>) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated = "renamed to `SecPolicy::value`"]
    pub fn SecPolicyGetValue(policy_ref: &SecPolicy, value: NonNull<SecAsn1Item>) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecAsn1Types", feature = "SecBase"))]
    #[deprecated = "renamed to `SecPolicy::set_value`"]
    pub fn SecPolicySetValue(policy_ref: &SecPolicy, value: NonNull<SecAsn1Item>) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(feature = "SecBase")]
    #[deprecated = "renamed to `SecPolicy::set_properties`"]
    pub fn SecPolicySetProperties(policy_ref: &SecPolicy, properties: &CFDictionary) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "SecBase", feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecPolicy::tp_handle`"]
    pub fn SecPolicyGetTPHandle(
        policy_ref: &SecPolicy,
        tp_handle: NonNull<CSSM_TP_HANDLE>,
    ) -> OSStatus;
}