objc2_security/generated/

SecTrust.rs

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::cell::UnsafeCell;
use core::ffi::*;
use core::marker::{PhantomData, PhantomPinned};
use core::ptr::NonNull;
#[cfg(feature = "objc2")]
use objc2::__framework_prelude::*;
use objc2_core_foundation::*;

use crate::*;

/// Specifies the trust result type.
///
/// SecTrustResultType results have two dimensions.  They specify
/// both whether evaluation succeeded and whether this is because of a user
/// decision.  The commonly expected result is kSecTrustResultUnspecified,
/// which indicates a positive result that wasn't decided by the user.  The
/// common failure is kSecTrustResultRecoverableTrustFailure, which means a
/// negative result.  kSecTrustResultProceed and kSecTrustResultDeny are the
/// positive and negative result respectively when decided by the user.  User
/// decisions are persisted through the use of SecTrustCopyExceptions() and
/// SecTrustSetExceptions().  Finally, kSecTrustResultFatalTrustFailure is a
/// negative result that must not be circumvented.
///
/// This result usually means that SecTrustEvaluate has not yet been called.
///
/// may be returned by the SecTrustEvaluate function or stored as part of
/// the user trust settings.
///
/// is required before proceeding.  Important: this value is no longer returned
/// or supported by SecTrustEvaluate or the SecTrustSettings API starting in
/// OS X 10.5; its use is deprecated in OS X 10.9 and later, as well as in iOS.
///
/// proceed. This value may be returned by the SecTrustEvaluate function
/// or stored as part of the user trust settings.
///
/// and the certificate is implicitly trusted, but user intent was not
/// explicitly specified.  This value may be returned by the SecTrustEvaluate
/// function or stored as part of the user trust settings.
///
/// failure which can be overridden by the user.  This value may be returned
/// by the SecTrustEvaluate function but not stored as part of the user
/// trust settings.
///
/// which cannot be overridden by the user.  This value may be returned by the
/// SecTrustEvaluate function but not stored as part of the user trust
/// settings.
///
/// of trust evaluation. This value may be returned by the SecTrustEvaluate
/// function but not stored as part of the user trust settings.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrustresulttype?language=objc)
// NS_ENUM
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct SecTrustResultType(pub u32);
impl SecTrustResultType {
    #[doc(alias = "kSecTrustResultInvalid")]
    pub const Invalid: Self = Self(0);
    #[doc(alias = "kSecTrustResultProceed")]
    pub const Proceed: Self = Self(1);
    #[doc(alias = "kSecTrustResultConfirm")]
    #[deprecated]
    pub const Confirm: Self = Self(2);
    #[doc(alias = "kSecTrustResultDeny")]
    pub const Deny: Self = Self(3);
    #[doc(alias = "kSecTrustResultUnspecified")]
    pub const Unspecified: Self = Self(4);
    #[doc(alias = "kSecTrustResultRecoverableTrustFailure")]
    pub const RecoverableTrustFailure: Self = Self(5);
    #[doc(alias = "kSecTrustResultFatalTrustFailure")]
    pub const FatalTrustFailure: Self = Self(6);
    #[doc(alias = "kSecTrustResultOtherError")]
    pub const OtherError: Self = Self(7);
}

#[cfg(feature = "objc2")]
unsafe impl Encode for SecTrustResultType {
    const ENCODING: Encoding = u32::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for SecTrustResultType {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// CFType used for performing X.509 certificate trust evaluations.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrust?language=objc)
#[doc(alias = "SecTrustRef")]
#[repr(C)]
pub struct SecTrust {
    inner: [u8; 0],
    _p: UnsafeCell<PhantomData<(*const UnsafeCell<()>, PhantomPinned)>>,
}

cf_type!(
    unsafe impl SecTrust {}
);
#[cfg(feature = "objc2")]
cf_objc2_type!(
    unsafe impl RefEncode<"__SecTrust"> for SecTrust {}
);

extern "C" {
    /// Predefined key constants used to obtain values in a
    /// per-certificate dictionary of trust evaluation results,
    /// as retrieved from a call to SecTrustCopyProperties.
    ///
    /// CFStringRef containing the title (display name) of this certificate.
    ///
    /// CFStringRef containing the reason for a trust evaluation failure.
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypetitle?language=objc)
    pub static kSecPropertyTypeTitle: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksecpropertytypeerror?language=objc)
    pub static kSecPropertyTypeError: &'static CFString;
}

extern "C" {
    /// Predefined key constants used to obtain values in a
    /// dictionary of trust evaluation results for a certificate chain,
    /// as retrieved from a call to SecTrustCopyResult.
    ///
    /// This key will be present if a trust evaluation has been performed
    /// and results are available. Its value is a CFDateRef representing
    /// when the evaluation for this trust object took place.
    ///
    /// This key will be present and have a value of kCFBooleanTrue
    /// if this chain was validated for EV.
    ///
    /// Organization name field of subject of leaf certificate. This
    /// field is meant to be displayed to the user as the validated
    /// name of the company or entity that owns the certificate if the
    /// kSecTrustExtendedValidation key is present.
    ///
    /// This key will be present and have a value of CFStringRef if
    /// the leaf certificate contains qualified certificate statements.
    /// The string can be displayed to the user as a representation
    /// of a qualified certificate's purpose.
    ///
    /// This key will be present and have a value of kCFBooleanTrue
    /// if this chain was successfully validated as a Qualified Website
    /// Authentication Certificate.
    ///
    /// This key will be present if a trust evaluation has been performed.
    /// Its value is a CFNumberRef representing the SecTrustResultType result
    /// for the evaluation.
    ///
    /// This key will be present iff this chain had its revocation checked.
    /// The value will be a kCFBooleanTrue if revocation checking was
    /// successful and none of the certificates in the chain were revoked.
    /// The value will be kCFBooleanFalse if no current revocation status
    /// could be obtained for one or more certificates in the chain due
    /// to connection problems or timeouts.  This is a hint to a client
    /// to retry revocation checking at a later time.
    ///
    /// This key will be present iff kSecTrustRevocationChecked has a
    /// value of kCFBooleanTrue. The value will be a CFDateRef representing
    /// the earliest date at which the revocation info for one of the
    /// certificates in this chain might change.
    ///
    /// This key will be present and have a value of kCFBooleanTrue
    /// if this chain is CT qualified.
    ///
    /// This key will be present and have a value of kCFBooleanTrue
    /// if this chain is EV, but not CT qualified, and is permitted
    /// as an exception to CT policy requirements.
    /// Note: in macOS 10.12 and iOS 10, previously-issued EV certificates
    /// were considered exempt from the CT requirement. As those certificates
    /// expired, exempting them was no longer needed. This key is deprecated
    /// in macOS 10.13 and iOS 11, and is no longer returned in the trust
    /// results dictionary as of those releases.
    ///
    /// See also [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustevaluationdate?language=objc)
    pub static kSecTrustEvaluationDate: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustextendedvalidation?language=objc)
    pub static kSecTrustExtendedValidation: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustorganizationname?language=objc)
    pub static kSecTrustOrganizationName: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustresultvalue?language=objc)
    pub static kSecTrustResultValue: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustrevocationchecked?language=objc)
    pub static kSecTrustRevocationChecked: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustrevocationvaliduntildate?language=objc)
    pub static kSecTrustRevocationValidUntilDate: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustcertificatetransparency?language=objc)
    pub static kSecTrustCertificateTransparency: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustcertificatetransparencywhitelist?language=objc)
    #[deprecated]
    pub static kSecTrustCertificateTransparencyWhiteList: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustqcstatements?language=objc)
    pub static kSecTrustQCStatements: &'static CFString;
}

extern "C" {
    /// [Apple's documentation](https://developer.apple.com/documentation/security/ksectrustqwacvalidation?language=objc)
    pub static kSecTrustQWACValidation: &'static CFString;
}

/// Delivers the result from an asynchronous trust evaluation.
///
/// Parameter `trustRef`: A reference to the trust object which has been evaluated.
///
/// Parameter `trustResult`: The trust result of the evaluation. Additional status
/// information can be obtained by calling SecTrustCopyProperties().
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrustcallback?language=objc)
#[cfg(feature = "block2")]
pub type SecTrustCallback = *mut block2::DynBlock<dyn Fn(NonNull<SecTrust>, SecTrustResultType)>;

unsafe impl ConcreteType for SecTrust {
    /// Returns the type identifier of SecTrust instances.
    ///
    /// Returns: The CFTypeID of SecTrust instances.
    #[doc(alias = "SecTrustGetTypeID")]
    #[inline]
    fn type_id() -> CFTypeID {
        extern "C-unwind" {
            fn SecTrustGetTypeID() -> CFTypeID;
        }
        unsafe { SecTrustGetTypeID() }
    }
}

impl SecTrust {
    /// Creates a trust object based on the given certificates and
    /// policies.
    ///
    /// Parameter `certificates`: The group of certificates to verify.  This can either
    /// be a CFArrayRef of SecCertificateRef objects or a single SecCertificateRef
    ///
    /// Parameter `policies`: An array of one or more policies. You may pass a
    /// SecPolicyRef to represent a single policy.
    ///
    /// Parameter `trust`: On return, a pointer to the trust management reference.
    ///
    /// Returns: A result code.  See "Security Error Codes" (SecBase.h).
    ///
    /// If multiple policies are passed in, all policies must verify
    /// for the chain to be considered valid.
    ///
    /// # Safety
    ///
    /// - `certificates` should be of the correct type.
    /// - `policies` should be of the correct type.
    /// - `trust` must be a valid pointer.
    #[doc(alias = "SecTrustCreateWithCertificates")]
    #[inline]
    pub unsafe fn create_with_certificates(
        certificates: &CFType,
        policies: Option<&CFType>,
        trust: NonNull<*mut SecTrust>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustCreateWithCertificates(
                certificates: &CFType,
                policies: Option<&CFType>,
                trust: NonNull<*mut SecTrust>,
            ) -> OSStatus;
        }
        unsafe { SecTrustCreateWithCertificates(certificates, policies, trust) }
    }

    /// Set the policies for which trust should be verified.
    ///
    /// Parameter `trust`: A trust reference.
    ///
    /// Parameter `policies`: An array of one or more policies. You may pass a
    /// SecPolicyRef to represent a single policy.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function will invalidate the existing trust result,
    /// requiring a fresh evaluation for the newly-set policies.
    ///
    /// # Safety
    ///
    /// `policies` should be of the correct type.
    #[doc(alias = "SecTrustSetPolicies")]
    #[inline]
    pub unsafe fn set_policies(&self, policies: &CFType) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetPolicies(trust: &SecTrust, policies: &CFType) -> OSStatus;
        }
        unsafe { SecTrustSetPolicies(self, policies) }
    }

    /// Returns an array of policies used for this evaluation.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `policies`: On return, an array of policies used by this trust.
    /// Call the CFRelease function to release this reference.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// # Safety
    ///
    /// `policies` must be a valid pointer.
    #[doc(alias = "SecTrustCopyPolicies")]
    #[inline]
    pub unsafe fn copy_policies(&self, policies: NonNull<*const CFArray>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustCopyPolicies(
                trust: &SecTrust,
                policies: NonNull<*const CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecTrustCopyPolicies(self, policies) }
    }

    /// Specifies whether a trust evaluation is permitted to fetch missing
    /// intermediate certificates from the network.
    ///
    /// Parameter `trust`: A trust reference.
    ///
    /// Parameter `allowFetch`: If true, and a certificate's issuer is not present in the
    /// trust reference but its network location is known, the evaluation is permitted
    /// to attempt to download it automatically. Pass false to disable network fetch
    /// for this trust evaluation.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// By default, network fetch of missing certificates is enabled if
    /// the trust evaluation includes the SSL policy, otherwise it is disabled.
    #[doc(alias = "SecTrustSetNetworkFetchAllowed")]
    #[inline]
    pub unsafe fn set_network_fetch_allowed(&self, allow_fetch: bool) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetNetworkFetchAllowed(trust: &SecTrust, allow_fetch: Boolean) -> OSStatus;
        }
        unsafe { SecTrustSetNetworkFetchAllowed(self, allow_fetch as _) }
    }

    /// Returns whether a trust evaluation is permitted to fetch missing
    /// intermediate certificates from the network.
    ///
    /// Parameter `trust`: A trust reference.
    ///
    /// Parameter `allowFetch`: On return, the boolean pointed to by this parameter is
    /// set to true if the evaluation is permitted to download missing certificates.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// By default, network fetch of missing certificates is enabled if
    /// the trust evaluation includes the SSL policy, otherwise it is disabled.
    ///
    /// # Safety
    ///
    /// `allow_fetch` must be a valid pointer.
    #[doc(alias = "SecTrustGetNetworkFetchAllowed")]
    #[inline]
    pub unsafe fn network_fetch_allowed(&self, allow_fetch: NonNull<Boolean>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetNetworkFetchAllowed(
                trust: &SecTrust,
                allow_fetch: NonNull<Boolean>,
            ) -> OSStatus;
        }
        unsafe { SecTrustGetNetworkFetchAllowed(self, allow_fetch) }
    }

    /// Sets the anchor certificates for a given trust.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `anchorCertificates`: An array of anchor certificates.
    /// Pass NULL to restore the default set of anchor certificates.
    ///
    /// Returns: A result code.  See "Security Error Codes" (SecBase.h).
    ///
    /// Calling this function without also calling
    /// SecTrustSetAnchorCertificatesOnly() will disable trusting any
    /// anchors other than the ones in anchorCertificates.
    ///
    /// # Safety
    ///
    /// `anchor_certificates` generic must be of the correct type.
    #[doc(alias = "SecTrustSetAnchorCertificates")]
    #[inline]
    pub unsafe fn set_anchor_certificates(
        &self,
        anchor_certificates: Option<&CFArray>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetAnchorCertificates(
                trust: &SecTrust,
                anchor_certificates: Option<&CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetAnchorCertificates(self, anchor_certificates) }
    }

    /// Reenables trusting anchor certificates in addition to those
    /// passed in via the SecTrustSetAnchorCertificates API.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `anchorCertificatesOnly`: If true, disables trusting any anchors other
    /// than the ones passed in via SecTrustSetAnchorCertificates().  If false,
    /// the built in anchor certificates are also trusted.
    ///
    /// Returns: A result code.  See "Security Error Codes" (SecBase.h).
    #[doc(alias = "SecTrustSetAnchorCertificatesOnly")]
    #[inline]
    pub unsafe fn set_anchor_certificates_only(&self, anchor_certificates_only: bool) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetAnchorCertificatesOnly(
                trust: &SecTrust,
                anchor_certificates_only: Boolean,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetAnchorCertificatesOnly(self, anchor_certificates_only as _) }
    }

    /// Returns an array of custom anchor certificates used by a given
    /// trust, as set by a prior call to SecTrustSetAnchorCertificates, or NULL if
    /// no custom anchors have been specified.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `anchors`: On return, an array of custom anchor certificates (roots)
    /// used by this trust, or NULL if no custom anchors have been specified. Call
    /// the CFRelease function to release this reference.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// # Safety
    ///
    /// `anchors` must be a valid pointer.
    #[doc(alias = "SecTrustCopyCustomAnchorCertificates")]
    #[inline]
    pub unsafe fn copy_custom_anchor_certificates(
        &self,
        anchors: NonNull<*const CFArray>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustCopyCustomAnchorCertificates(
                trust: &SecTrust,
                anchors: NonNull<*const CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecTrustCopyCustomAnchorCertificates(self, anchors) }
    }

    /// Set the date for which the trust should be verified.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `verifyDate`: The date for which to verify trust.
    ///
    /// Returns: A result code.  See "Security Error Codes" (SecBase.h).
    ///
    /// This function lets you evaluate certificate validity for a
    /// given date (for example, to determine if a signature was valid on the date
    /// it was signed, even if the certificate has since expired.) If this function
    /// is not called, the time at which SecTrustEvaluate() is called is used
    /// implicitly as the verification time.
    #[doc(alias = "SecTrustSetVerifyDate")]
    #[inline]
    pub unsafe fn set_verify_date(&self, verify_date: &CFDate) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetVerifyDate(trust: &SecTrust, verify_date: &CFDate) -> OSStatus;
        }
        unsafe { SecTrustSetVerifyDate(self, verify_date) }
    }

    /// Returns the verify time.
    ///
    /// Parameter `trust`: A reference to the trust object being verified.
    ///
    /// Returns: A CFAbsoluteTime value representing the time at which certificates
    /// should be checked for validity.
    ///
    /// This function retrieves the verification time for the given
    /// trust reference, as set by a prior call to SecTrustSetVerifyDate(). If the
    /// verification time has not been set, this function returns a value of 0,
    /// indicating that the current date/time is implicitly used for verification.
    #[doc(alias = "SecTrustGetVerifyTime")]
    #[inline]
    pub unsafe fn verify_time(&self) -> CFAbsoluteTime {
        extern "C-unwind" {
            fn SecTrustGetVerifyTime(trust: &SecTrust) -> CFAbsoluteTime;
        }
        unsafe { SecTrustGetVerifyTime(self) }
    }

    /// Evaluates a trust reference synchronously.
    ///
    /// Parameter `trust`: A reference to the trust object to evaluate.
    ///
    /// Parameter `result`: A pointer to a result type.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function will completely evaluate trust before returning,
    /// possibly including network access to fetch intermediate certificates or to
    /// perform revocation checking. Since this function can block during those
    /// operations, you should call it from within a function that is placed on a
    /// dispatch queue, or in a separate thread from your application's main
    /// run loop. Alternatively, you can use the SecTrustEvaluateAsync function.
    ///
    /// # Safety
    ///
    /// `result` must be a valid pointer.
    #[doc(alias = "SecTrustEvaluate")]
    #[deprecated]
    #[inline]
    pub unsafe fn evaluate(&self, result: NonNull<SecTrustResultType>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustEvaluate(trust: &SecTrust, result: NonNull<SecTrustResultType>) -> OSStatus;
        }
        unsafe { SecTrustEvaluate(self, result) }
    }

    /// Evaluates a trust reference synchronously.
    ///
    /// Parameter `trust`: A reference to the trust object to evaluate.
    ///
    /// Parameter `error`: A pointer to an error object
    ///
    /// Returns: A boolean value indicating whether the certificate is trusted
    ///
    /// This function will completely evaluate trust before returning,
    /// possibly including network access to fetch intermediate certificates or to
    /// perform revocation checking. Since this function can block during those
    /// operations, you should call it from within a function that is placed on a
    /// dispatch queue, or in a separate thread from your application's main
    /// run loop.
    /// If the certificate is trusted and the result is true, the error will be set to NULL.
    /// If the certificate is not trusted or the evaluation was unable to complete, the result
    /// will be false and the error will be set with a description of the failure.
    /// The error contains a code for the most serious error encountered (if multiple trust
    /// failures occurred). The localized description indicates the certificate with the most
    /// serious problem and the type of error. The underlying error contains a localized
    /// description of each certificate in the chain that had an error and all errors found
    /// with that certificate.
    ///
    /// # Safety
    ///
    /// `error` must be a valid pointer or null.
    #[doc(alias = "SecTrustEvaluateWithError")]
    #[must_use]
    #[inline]
    pub unsafe fn evaluate_with_error(&self, error: *mut *mut CFError) -> bool {
        extern "C-unwind" {
            fn SecTrustEvaluateWithError(trust: &SecTrust, error: *mut *mut CFError) -> bool;
        }
        unsafe { SecTrustEvaluateWithError(self, error) }
    }
}

/// Delivers the result from an asynchronous trust evaluation.
///
/// Parameter `trustRef`: A reference to the trust object which has been evaluated.
///
/// Parameter `result`: A boolean value indicating whether the certificate is trusted.
///
/// Parameter `error`: An error if the trust evaluation failed.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrustwitherrorcallback?language=objc)
#[cfg(feature = "block2")]
pub type SecTrustWithErrorCallback =
    *mut block2::DynBlock<dyn Fn(NonNull<SecTrust>, bool, *mut CFError)>;

impl SecTrust {
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `result`: A pointer to the result from the most recent call to
    /// SecTrustEvaluate for this trust reference. If SecTrustEvaluate has not been
    /// called or trust parameters have changed, the result is kSecTrustResultInvalid.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function replaces SecTrustGetResult for the purpose of
    /// obtaining the current evaluation result of a given trust reference.
    ///
    /// # Safety
    ///
    /// `result` must be a valid pointer.
    #[doc(alias = "SecTrustGetTrustResult")]
    #[inline]
    pub unsafe fn trust_result(&self, result: NonNull<SecTrustResultType>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetTrustResult(
                trust: &SecTrust,
                result: NonNull<SecTrustResultType>,
            ) -> OSStatus;
        }
        unsafe { SecTrustGetTrustResult(self, result) }
    }

    /// Return the public key for a leaf certificate after it has
    /// been evaluated.
    ///
    /// Parameter `trust`: A reference to the trust object which has been evaluated.
    ///
    /// Returns: The certificate's public key, or NULL if it the public key could
    /// not be extracted (this can happen if the public key algorithm is not
    /// supported).  The caller is responsible for calling CFRelease on the
    /// returned key when it is no longer needed.
    #[doc(alias = "SecTrustCopyPublicKey")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn public_key(&self) -> Option<CFRetained<SecKey>> {
        extern "C-unwind" {
            fn SecTrustCopyPublicKey(trust: &SecTrust) -> Option<NonNull<SecKey>>;
        }
        let ret = unsafe { SecTrustCopyPublicKey(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Return the public key for a leaf certificate after it has
    /// been evaluated.
    ///
    /// Parameter `trust`: A reference to the trust object which has been evaluated.
    ///
    /// Returns: The certificate's public key, or NULL if it the public key could
    /// not be extracted (this can happen if the public key algorithm is not
    /// supported).  The caller is responsible for calling CFRelease on the
    /// returned key when it is no longer needed.
    ///
    /// RSA and ECDSA public keys are supported. All other public key algorithms are unsupported.
    #[doc(alias = "SecTrustCopyKey")]
    #[cfg(feature = "SecBase")]
    #[inline]
    pub unsafe fn key(&self) -> Option<CFRetained<SecKey>> {
        extern "C-unwind" {
            fn SecTrustCopyKey(trust: &SecTrust) -> Option<NonNull<SecKey>>;
        }
        let ret = unsafe { SecTrustCopyKey(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Returns the number of certificates in an evaluated certificate
    /// chain.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Returns: The number of certificates in the trust chain, including the anchor.
    ///
    /// Important: if the trust reference has not yet been evaluated,
    /// this function will evaluate it first before returning. If speed is critical,
    /// you may want to call SecTrustGetTrustResult first to make sure that a
    /// result other than kSecTrustResultInvalid is present for the trust object.
    #[doc(alias = "SecTrustGetCertificateCount")]
    #[inline]
    pub unsafe fn certificate_count(&self) -> CFIndex {
        extern "C-unwind" {
            fn SecTrustGetCertificateCount(trust: &SecTrust) -> CFIndex;
        }
        unsafe { SecTrustGetCertificateCount(self) }
    }

    /// Returns a certificate from the trust chain.
    ///
    /// Parameter `trust`: Reference to a trust object.
    ///
    /// Parameter `ix`: The index of the requested certificate.  Indices run from 0
    /// (leaf) to the anchor (or last certificate found if no anchor was found).
    /// The leaf cert (index 0) is always present regardless of whether the trust
    /// reference has been evaluated or not.
    ///
    /// Returns: A SecCertificateRef for the requested certificate.
    ///
    /// This API is fundamentally not thread-safe -- other threads using the same
    /// trust object may trigger trust evaluations that release the returned certificate or change the
    /// certificate chain as a thread is iterating through the certificate chain. The replacement function
    /// SecTrustCopyCertificateChain provides thread-safe results.
    #[doc(alias = "SecTrustGetCertificateAtIndex")]
    #[cfg(feature = "SecBase")]
    #[deprecated]
    #[inline]
    pub unsafe fn certificate_at_index(&self, ix: CFIndex) -> Option<CFRetained<SecCertificate>> {
        extern "C-unwind" {
            fn SecTrustGetCertificateAtIndex(
                trust: &SecTrust,
                ix: CFIndex,
            ) -> Option<NonNull<SecCertificate>>;
        }
        let ret = unsafe { SecTrustGetCertificateAtIndex(self, ix) };
        ret.map(|ret| unsafe { CFRetained::retain(ret) })
    }

    /// Returns an opaque cookie which will allow future evaluations
    /// of the current certificate to succeed.
    ///
    /// Parameter `trust`: A reference to an evaluated trust object.
    ///
    /// Returns: An opaque cookie which when passed to SecTrustSetExceptions() will
    /// cause a call to SecTrustEvaluate() return kSecTrustResultProceed.  This
    /// will happen upon subsequent evaluation of the current certificate unless
    /// some new error starts happening that wasn't being reported when the cookie
    /// was returned from this function (for example, if the certificate expires
    /// then evaluation will start failing again until a new cookie is obtained.)
    ///
    /// Normally this API should only be called once the errors have
    /// been presented to the user and the user decided to trust the current
    /// certificate chain regardless of the errors being presented, for the
    /// current application/server/protocol combination.
    #[doc(alias = "SecTrustCopyExceptions")]
    #[inline]
    pub unsafe fn exceptions(&self) -> Option<CFRetained<CFData>> {
        extern "C-unwind" {
            fn SecTrustCopyExceptions(trust: &SecTrust) -> Option<NonNull<CFData>>;
        }
        let ret = unsafe { SecTrustCopyExceptions(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Set a trust cookie to be used for evaluating this certificate chain.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `exceptions`: An exceptions cookie as returned by a call to
    /// SecTrustCopyExceptions() in the past.  You may pass NULL to clear any
    /// exceptions which have been previously set on this trust reference.
    ///
    /// Returns: Upon calling SecTrustEvaluate(), any failures that were present at the
    /// time the exceptions object was created are ignored, and instead of returning
    /// kSecTrustResultRecoverableTrustFailure, kSecTrustResultProceed will be returned
    /// (if the certificate for which exceptions was created matches the current leaf
    /// certificate).
    ///
    /// Returns: Returns true if the exceptions cookies was valid and matches the current
    /// leaf certificate, false otherwise.  This function will invalidate the existing
    /// trust result, requiring a subsequent evaluation for the newly-set exceptions.
    /// Note that this function returning true doesn't mean the caller can skip calling
    /// SecTrustEvaluate, as there may be new errors since the exceptions cookie was
    /// created (for example, a certificate may have subsequently expired.)
    ///
    /// Clients of this interface will need to establish the context of this
    /// exception to later decide when this exception cookie is to be used.
    /// Examples of this context would be the server we are connecting to, the ssid
    /// of the wireless network for which this cert is needed, the account for which
    /// this cert should be considered valid, and so on.
    #[doc(alias = "SecTrustSetExceptions")]
    #[inline]
    pub unsafe fn set_exceptions(&self, exceptions: Option<&CFData>) -> bool {
        extern "C-unwind" {
            fn SecTrustSetExceptions(trust: &SecTrust, exceptions: Option<&CFData>) -> bool;
        }
        unsafe { SecTrustSetExceptions(self, exceptions) }
    }

    /// Return a property array for this trust evaluation.
    ///
    /// Parameter `trust`: A reference to a trust object. If the trust has not been
    /// evaluated, the returned property array will be empty.
    ///
    /// Returns: A property array. It is the caller's responsibility to CFRelease
    /// the returned array when it is no longer needed.
    ///
    /// On macOS, this function returns an ordered array of CFDictionaryRef
    /// instances for each certificate in the chain. Indices run from 0 (leaf) to
    /// the anchor (or last certificate found if no anchor was found.)
    /// On other platforms, this function returns an unordered array of CFDictionary instances.
    /// See the "Trust Property Constants" section for a list of currently defined keys.
    /// The error information conveyed via this interface is also conveyed via the
    /// returned error of SecTrustEvaluateWithError.
    #[doc(alias = "SecTrustCopyProperties")]
    #[deprecated]
    #[inline]
    pub unsafe fn properties(&self) -> Option<CFRetained<CFArray>> {
        extern "C-unwind" {
            fn SecTrustCopyProperties(trust: &SecTrust) -> Option<NonNull<CFArray>>;
        }
        let ret = unsafe { SecTrustCopyProperties(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Returns a dictionary containing information about the
    /// evaluated certificate chain for use by clients.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Returns: A dictionary with various fields that can be displayed to the user,
    /// or NULL if no additional info is available or the trust has not yet been
    /// validated.  The caller is responsible for calling CFRelease on the value
    /// returned when it is no longer needed.
    ///
    /// Returns a dictionary for the overall trust evaluation. See the
    /// "Trust Result Constants" section for a list of currently defined keys.
    #[doc(alias = "SecTrustCopyResult")]
    #[inline]
    pub unsafe fn result(&self) -> Option<CFRetained<CFDictionary>> {
        extern "C-unwind" {
            fn SecTrustCopyResult(trust: &SecTrust) -> Option<NonNull<CFDictionary>>;
        }
        let ret = unsafe { SecTrustCopyResult(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }

    /// Attach OCSPResponse data to a trust object.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `responseData`: This may be either a CFData object containing a single
    /// DER-encoded OCSPResponse (per RFC 2560), or a CFArray of these.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// Allows the caller to provide OCSPResponse data (which may be
    /// obtained during a TLS/SSL handshake, per RFC 3546) as input to a trust
    /// evaluation. If this data is available, it can obviate the need to contact
    /// an OCSP server for current revocation information.
    ///
    /// # Safety
    ///
    /// `response_data` should be of the correct type.
    #[doc(alias = "SecTrustSetOCSPResponse")]
    #[inline]
    pub unsafe fn set_ocsp_response(&self, response_data: Option<&CFType>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetOCSPResponse(
                trust: &SecTrust,
                response_data: Option<&CFType>,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetOCSPResponse(self, response_data) }
    }

    /// Attach SignedCertificateTimestamp data to a trust object.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `sctArray`: is a CFArray of CFData objects each containing a SCT (per RFC 6962).
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// Allows the caller to provide SCT data (which may be
    /// obtained during a TLS/SSL handshake, per RFC 6962) as input to a trust
    /// evaluation.
    ///
    /// # Safety
    ///
    /// `sct_array` generic must be of the correct type.
    #[doc(alias = "SecTrustSetSignedCertificateTimestamps")]
    #[inline]
    pub unsafe fn set_signed_certificate_timestamps(
        &self,
        sct_array: Option<&CFArray>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetSignedCertificateTimestamps(
                trust: &SecTrust,
                sct_array: Option<&CFArray>,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetSignedCertificateTimestamps(self, sct_array) }
    }

    /// Returns the certificate trust chain
    ///
    /// Parameter `trust`: Reference to a trust object.
    ///
    /// Returns: A CFArray of the SecCertificateRefs for the resulting certificate chain
    #[doc(alias = "SecTrustCopyCertificateChain")]
    #[inline]
    pub unsafe fn certificate_chain(&self) -> Option<CFRetained<CFArray>> {
        extern "C-unwind" {
            fn SecTrustCopyCertificateChain(trust: &SecTrust) -> Option<NonNull<CFArray>>;
        }
        let ret = unsafe { SecTrustCopyCertificateChain(self) };
        ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
    }
}

/// Specifies a user-specified trust setting value.
///
/// Deprecated in OS X 10.9. User trust settings are managed by
/// functions in SecTrustSettings.h (starting with OS X 10.5), and by the
/// SecTrustCopyExceptions and SecTrustSetExceptions functions (starting with
/// iOS 4 and OS X 10.9). The latter two functions are recommended for both macOS
/// and iOS, as they avoid the need to explicitly specify these values.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrustusersetting?language=objc)
#[deprecated]
pub type SecTrustUserSetting = SecTrustResultType;

/// Options for customizing trust evaluation.
///
///
///
///
///
/// check per certificate.
///
/// anchors.
///
/// treated as anchors implicitly.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sectrustoptionflags?language=objc)
// NS_OPTIONS
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct SecTrustOptionFlags(pub u32);
bitflags::bitflags! {
    impl SecTrustOptionFlags: u32 {
        #[doc(alias = "kSecTrustOptionAllowExpired")]
        const AllowExpired = 0x00000001;
        #[doc(alias = "kSecTrustOptionLeafIsCA")]
        const LeafIsCA = 0x00000002;
        #[doc(alias = "kSecTrustOptionFetchIssuerFromNet")]
        const FetchIssuerFromNet = 0x00000004;
        #[doc(alias = "kSecTrustOptionAllowExpiredRoot")]
        const AllowExpiredRoot = 0x00000008;
        #[doc(alias = "kSecTrustOptionRequireRevPerCert")]
        const RequireRevPerCert = 0x00000010;
        #[doc(alias = "kSecTrustOptionUseTrustSettings")]
        const UseTrustSettings = 0x00000020;
        #[doc(alias = "kSecTrustOptionImplicitAnchors")]
        const ImplicitAnchors = 0x00000040;
    }
}

#[cfg(feature = "objc2")]
unsafe impl Encode for SecTrustOptionFlags {
    const ENCODING: Encoding = u32::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for SecTrustOptionFlags {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

impl SecTrust {
    /// Sets optional flags for customizing a trust evaluation.
    ///
    /// Parameter `trustRef`: A trust reference.
    ///
    /// Parameter `options`: Flags to change evaluation behavior for this trust.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is not available on iOS. Use SecTrustSetExceptions
    /// and SecTrustCopyExceptions to modify default trust results, and
    /// SecTrustSetNetworkFetchAllowed to specify whether missing CA certificates
    /// can be fetched from the network.
    #[doc(alias = "SecTrustSetOptions")]
    #[inline]
    pub unsafe fn set_options(&self, options: SecTrustOptionFlags) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetOptions(trust_ref: &SecTrust, options: SecTrustOptionFlags) -> OSStatus;
        }
        unsafe { SecTrustSetOptions(self, options) }
    }

    /// Sets the action and action data for a trust object.
    ///
    /// Parameter `trustRef`: The reference to the trust to change.
    ///
    /// Parameter `action`: A trust action.
    ///
    /// Parameter `actionData`: A reference to data associated with this action.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in OS X 10.7 and later, where it
    /// was replaced by SecTrustSetOptions, and is not available on iOS. Your code
    /// should use SecTrustSetExceptions and SecTrustCopyExceptions to modify default
    /// trust results, and SecTrustSetNetworkFetchAllowed to specify whether missing
    /// CA certificates can be fetched from the network.
    #[doc(alias = "SecTrustSetParameters")]
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn set_parameters(&self, action: CSSM_TP_ACTION, action_data: &CFData) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetParameters(
                trust_ref: &SecTrust,
                action: CSSM_TP_ACTION,
                action_data: &CFData,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetParameters(self, action, action_data) }
    }

    /// Sets the keychains for a given trust object.
    ///
    /// Parameter `trust`: A reference to a trust object.
    ///
    /// Parameter `keychainOrArray`: A reference to an array of keychains to search, a
    /// single keychain, or NULL to use the default keychain search list.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in macOS 10.13 and later. Beginning in
    /// macOS 10.12, this function no longer affected the behavior of the trust
    /// evaluation: the user's keychain search list and the system
    /// anchors keychain are searched for certificates to complete the chain. To change
    /// the keychains that are searched, callers must use SecKeychainSetSearchList to
    /// change the user's keychain search list.
    /// Note: this function was never applicable to iOS.
    ///
    /// # Safety
    ///
    /// `keychain_or_array` should be of the correct type.
    #[doc(alias = "SecTrustSetKeychains")]
    #[deprecated]
    #[inline]
    pub unsafe fn set_keychains(&self, keychain_or_array: Option<&CFType>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustSetKeychains(
                trust: &SecTrust,
                keychain_or_array: Option<&CFType>,
            ) -> OSStatus;
        }
        unsafe { SecTrustSetKeychains(self, keychain_or_array) }
    }

    /// Returns detailed information on the outcome of an evaluation.
    ///
    /// Parameter `trustRef`: A reference to a trust object.
    ///
    /// Parameter `result`: A pointer to the result from the call to SecTrustEvaluate.
    ///
    /// Parameter `certChain`: On return, a pointer to the certificate chain used to
    /// validate the input certificate. Call the CFRelease function to release
    /// this pointer.
    ///
    /// Parameter `statusChain`: On return, a pointer to the status of the certificate
    /// chain. Do not attempt to free this pointer; it remains valid until the
    /// trust is destroyed or the next call to SecTrustEvaluate.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in OS X 10.7 and later,
    /// and is not available on iOS.
    /// To get the complete certificate chain, use SecTrustCopyCertificateChain.
    /// To get detailed status information for each certificate, use
    /// SecTrustCopyProperties. To get the overall trust result for the evaluation,
    /// use SecTrustGetTrustResult.
    ///
    /// # Safety
    ///
    /// - `result` must be a valid pointer or null.
    /// - `cert_chain` must be a valid pointer or null.
    /// - `status_chain` must be a valid pointer or null.
    #[doc(alias = "SecTrustGetResult")]
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "cssmapple",
        feature = "cssmconfig",
        feature = "cssmtype"
    ))]
    #[deprecated]
    #[inline]
    pub unsafe fn get_trust(
        &self,
        result: *mut SecTrustResultType,
        cert_chain: *mut *const CFArray,
        status_chain: *mut *mut CSSM_TP_APPLE_EVIDENCE_INFO,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetResult(
                trust_ref: &SecTrust,
                result: *mut SecTrustResultType,
                cert_chain: *mut *const CFArray,
                status_chain: *mut *mut CSSM_TP_APPLE_EVIDENCE_INFO,
            ) -> OSStatus;
        }
        unsafe { SecTrustGetResult(self, result, cert_chain, status_chain) }
    }

    /// Gets the CSSM trust result.
    ///
    /// Parameter `trust`: A reference to a trust.
    ///
    /// Parameter `result`: On return, a pointer to the CSSM trust result.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in OS X 10.7 and later,
    /// and is not available on iOS.
    /// To get detailed status information for each certificate, use
    /// SecTrustCopyProperties. To get the overall trust result for the evaluation,
    /// use SecTrustGetTrustResult.
    ///
    /// # Safety
    ///
    /// `result` must be a valid pointer.
    #[doc(alias = "SecTrustGetCssmResult")]
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn cssm_result(
        &self,
        result: NonNull<CSSM_TP_VERIFY_CONTEXT_RESULT_PTR>,
    ) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetCssmResult(
                trust: &SecTrust,
                result: NonNull<CSSM_TP_VERIFY_CONTEXT_RESULT_PTR>,
            ) -> OSStatus;
        }
        unsafe { SecTrustGetCssmResult(self, result) }
    }

    /// Gets the result code from the most recent call to SecTrustEvaluate
    /// for the specified trust.
    ///
    /// Parameter `trust`: A reference to a trust.
    ///
    /// Parameter `resultCode`: On return, the result code produced by the most recent
    /// evaluation of the given trust (cssmerr.h). The value of resultCode is
    /// undefined if SecTrustEvaluate has not been called.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h). Returns
    /// errSecTrustNotAvailable if SecTrustEvaluate has not been called for the
    /// specified trust.
    ///
    /// This function is deprecated in OS X 10.7 and later,
    /// and is not available on iOS.
    /// To get detailed status information for each certificate, use
    /// SecTrustCopyProperties. To get the overall trust result for the evaluation,
    /// use SecTrustGetTrustResult.
    ///
    /// # Safety
    ///
    /// `result_code` must be a valid pointer.
    #[doc(alias = "SecTrustGetCssmResultCode")]
    #[deprecated]
    #[inline]
    pub unsafe fn cssm_result_code(&self, result_code: NonNull<OSStatus>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetCssmResultCode(
                trust: &SecTrust,
                result_code: NonNull<OSStatus>,
            ) -> OSStatus;
        }
        unsafe { SecTrustGetCssmResultCode(self, result_code) }
    }

    /// Gets the CSSM trust handle
    ///
    /// Parameter `trust`: A reference to a trust.
    ///
    /// Parameter `handle`: On return, a CSSM trust handle.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is deprecated in OS X 10.7 and later.
    ///
    /// # Safety
    ///
    /// `handle` must be a valid pointer.
    #[doc(alias = "SecTrustGetTPHandle")]
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated]
    #[inline]
    pub unsafe fn tp_handle(&self, handle: NonNull<CSSM_TP_HANDLE>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustGetTPHandle(trust: &SecTrust, handle: NonNull<CSSM_TP_HANDLE>) -> OSStatus;
        }
        unsafe { SecTrustGetTPHandle(self, handle) }
    }

    /// Returns an array of default anchor (root) certificates used by
    /// the system.
    ///
    /// Parameter `anchors`: On return, an array containing the system's default anchors
    /// (roots). Call the CFRelease function to release this pointer.
    ///
    /// Returns: A result code. See "Security Error Codes" (SecBase.h).
    ///
    /// This function is not available on iOS, as certificate data
    /// for system-trusted roots is currently unavailable on that platform.
    ///
    /// # Safety
    ///
    /// `anchors` must be a valid pointer.
    #[doc(alias = "SecTrustCopyAnchorCertificates")]
    #[inline]
    pub unsafe fn copy_anchor_certificates(anchors: NonNull<*const CFArray>) -> OSStatus {
        extern "C-unwind" {
            fn SecTrustCopyAnchorCertificates(anchors: NonNull<*const CFArray>) -> OSStatus;
        }
        unsafe { SecTrustCopyAnchorCertificates(anchors) }
    }
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::create_with_certificates`"]
    pub fn SecTrustCreateWithCertificates(
        certificates: &CFType,
        policies: Option<&CFType>,
        trust: NonNull<*mut SecTrust>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_policies`"]
    pub fn SecTrustSetPolicies(trust: &SecTrust, policies: &CFType) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::copy_policies`"]
    pub fn SecTrustCopyPolicies(trust: &SecTrust, policies: NonNull<*const CFArray>) -> OSStatus;
}

#[deprecated = "renamed to `SecTrust::set_network_fetch_allowed`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustSetNetworkFetchAllowed(
    trust: &SecTrust,
    allow_fetch: bool,
) -> OSStatus {
    extern "C-unwind" {
        fn SecTrustSetNetworkFetchAllowed(trust: &SecTrust, allow_fetch: Boolean) -> OSStatus;
    }
    unsafe { SecTrustSetNetworkFetchAllowed(trust, allow_fetch as _) }
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::network_fetch_allowed`"]
    pub fn SecTrustGetNetworkFetchAllowed(
        trust: &SecTrust,
        allow_fetch: NonNull<Boolean>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_anchor_certificates`"]
    pub fn SecTrustSetAnchorCertificates(
        trust: &SecTrust,
        anchor_certificates: Option<&CFArray>,
    ) -> OSStatus;
}

#[deprecated = "renamed to `SecTrust::set_anchor_certificates_only`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustSetAnchorCertificatesOnly(
    trust: &SecTrust,
    anchor_certificates_only: bool,
) -> OSStatus {
    extern "C-unwind" {
        fn SecTrustSetAnchorCertificatesOnly(
            trust: &SecTrust,
            anchor_certificates_only: Boolean,
        ) -> OSStatus;
    }
    unsafe { SecTrustSetAnchorCertificatesOnly(trust, anchor_certificates_only as _) }
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::copy_custom_anchor_certificates`"]
    pub fn SecTrustCopyCustomAnchorCertificates(
        trust: &SecTrust,
        anchors: NonNull<*const CFArray>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_verify_date`"]
    pub fn SecTrustSetVerifyDate(trust: &SecTrust, verify_date: &CFDate) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::verify_time`"]
    pub fn SecTrustGetVerifyTime(trust: &SecTrust) -> CFAbsoluteTime;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::evaluate`"]
    pub fn SecTrustEvaluate(trust: &SecTrust, result: NonNull<SecTrustResultType>) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::evaluate_with_error`"]
    #[must_use]
    pub fn SecTrustEvaluateWithError(trust: &SecTrust, error: *mut *mut CFError) -> bool;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::trust_result`"]
    pub fn SecTrustGetTrustResult(
        trust: &SecTrust,
        result: NonNull<SecTrustResultType>,
    ) -> OSStatus;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecTrust::public_key`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyPublicKey(
    trust: &SecTrust,
) -> Option<CFRetained<SecKey>> {
    extern "C-unwind" {
        fn SecTrustCopyPublicKey(trust: &SecTrust) -> Option<NonNull<SecKey>>;
    }
    let ret = unsafe { SecTrustCopyPublicKey(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecTrust::key`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyKey(trust: &SecTrust) -> Option<CFRetained<SecKey>> {
    extern "C-unwind" {
        fn SecTrustCopyKey(trust: &SecTrust) -> Option<NonNull<SecKey>>;
    }
    let ret = unsafe { SecTrustCopyKey(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::certificate_count`"]
    pub fn SecTrustGetCertificateCount(trust: &SecTrust) -> CFIndex;
}

#[cfg(feature = "SecBase")]
#[deprecated = "renamed to `SecTrust::certificate_at_index`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustGetCertificateAtIndex(
    trust: &SecTrust,
    ix: CFIndex,
) -> Option<CFRetained<SecCertificate>> {
    extern "C-unwind" {
        fn SecTrustGetCertificateAtIndex(
            trust: &SecTrust,
            ix: CFIndex,
        ) -> Option<NonNull<SecCertificate>>;
    }
    let ret = unsafe { SecTrustGetCertificateAtIndex(trust, ix) };
    ret.map(|ret| unsafe { CFRetained::retain(ret) })
}

#[deprecated = "renamed to `SecTrust::exceptions`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyExceptions(
    trust: &SecTrust,
) -> Option<CFRetained<CFData>> {
    extern "C-unwind" {
        fn SecTrustCopyExceptions(trust: &SecTrust) -> Option<NonNull<CFData>>;
    }
    let ret = unsafe { SecTrustCopyExceptions(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_exceptions`"]
    pub fn SecTrustSetExceptions(trust: &SecTrust, exceptions: Option<&CFData>) -> bool;
}

#[deprecated = "renamed to `SecTrust::properties`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyProperties(
    trust: &SecTrust,
) -> Option<CFRetained<CFArray>> {
    extern "C-unwind" {
        fn SecTrustCopyProperties(trust: &SecTrust) -> Option<NonNull<CFArray>>;
    }
    let ret = unsafe { SecTrustCopyProperties(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

#[deprecated = "renamed to `SecTrust::result`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyResult(
    trust: &SecTrust,
) -> Option<CFRetained<CFDictionary>> {
    extern "C-unwind" {
        fn SecTrustCopyResult(trust: &SecTrust) -> Option<NonNull<CFDictionary>>;
    }
    let ret = unsafe { SecTrustCopyResult(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_ocsp_response`"]
    pub fn SecTrustSetOCSPResponse(trust: &SecTrust, response_data: Option<&CFType>) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_signed_certificate_timestamps`"]
    pub fn SecTrustSetSignedCertificateTimestamps(
        trust: &SecTrust,
        sct_array: Option<&CFArray>,
    ) -> OSStatus;
}

#[deprecated = "renamed to `SecTrust::certificate_chain`"]
#[inline]
pub unsafe extern "C-unwind" fn SecTrustCopyCertificateChain(
    trust: &SecTrust,
) -> Option<CFRetained<CFArray>> {
    extern "C-unwind" {
        fn SecTrustCopyCertificateChain(trust: &SecTrust) -> Option<NonNull<CFArray>>;
    }
    let ret = unsafe { SecTrustCopyCertificateChain(trust) };
    ret.map(|ret| unsafe { CFRetained::from_raw(ret) })
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_options`"]
    pub fn SecTrustSetOptions(trust_ref: &SecTrust, options: SecTrustOptionFlags) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecTrust::set_parameters`"]
    pub fn SecTrustSetParameters(
        trust_ref: &SecTrust,
        action: CSSM_TP_ACTION,
        action_data: &CFData,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::set_keychains`"]
    pub fn SecTrustSetKeychains(trust: &SecTrust, keychain_or_array: Option<&CFType>) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(
        feature = "SecAsn1Types",
        feature = "cssmapple",
        feature = "cssmconfig",
        feature = "cssmtype"
    ))]
    #[deprecated = "renamed to `SecTrust::get_trust`"]
    pub fn SecTrustGetResult(
        trust_ref: &SecTrust,
        result: *mut SecTrustResultType,
        cert_chain: *mut *const CFArray,
        status_chain: *mut *mut CSSM_TP_APPLE_EVIDENCE_INFO,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecTrust::cssm_result`"]
    pub fn SecTrustGetCssmResult(
        trust: &SecTrust,
        result: NonNull<CSSM_TP_VERIFY_CONTEXT_RESULT_PTR>,
    ) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::cssm_result_code`"]
    pub fn SecTrustGetCssmResultCode(trust: &SecTrust, result_code: NonNull<OSStatus>) -> OSStatus;
}

extern "C-unwind" {
    #[cfg(all(feature = "cssmconfig", feature = "cssmtype"))]
    #[deprecated = "renamed to `SecTrust::tp_handle`"]
    pub fn SecTrustGetTPHandle(trust: &SecTrust, handle: NonNull<CSSM_TP_HANDLE>) -> OSStatus;
}

extern "C-unwind" {
    #[deprecated = "renamed to `SecTrust::copy_anchor_certificates`"]
    pub fn SecTrustCopyAnchorCertificates(anchors: NonNull<*const CFArray>) -> OSStatus;
}