Skip to main content

security_framework_sys/
trust.rs

1use crate::base::{SecCertificateRef, SecKeyRef};
2use core_foundation_sys::array::CFArrayRef;
3use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus};
4use core_foundation_sys::date::CFDateRef;
5#[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
6use core_foundation_sys::error::CFErrorRef;
7
8pub type SecTrustResultType = u32;
9
10pub const kSecTrustResultInvalid: SecTrustResultType = 0;
11pub const kSecTrustResultProceed: SecTrustResultType = 1;
12pub const kSecTrustResultDeny: SecTrustResultType = 3;
13pub const kSecTrustResultUnspecified: SecTrustResultType = 4;
14pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5;
15pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6;
16pub const kSecTrustResultOtherError: SecTrustResultType = 7;
17
18#[cfg(target_os = "macos")]
19mod flags {
20    pub type SecTrustOptionFlags = u32;
21
22    pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001;
23    pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002;
24    pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x0000_0004;
25    pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_0008;
26    pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000_0010;
27    pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_0020;
28    pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0040;
29}
30
31#[cfg(target_os = "macos")]
32pub use flags::*;
33
34pub enum __SecTrust {}
35
36pub type SecTrustRef = *mut __SecTrust;
37
38extern "C" {
39    pub fn SecTrustGetTypeID() -> CFTypeID;
40    pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex;
41    #[deprecated(note = "deprecated by Apple")]
42    pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef;
43    pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) -> OSStatus;
44    pub fn SecTrustSetAnchorCertificates(trust: SecTrustRef, anchorCertificates: CFArrayRef) -> OSStatus;
45    pub fn SecTrustSetAnchorCertificatesOnly(trust: SecTrustRef, anchorCertificatesOnly: Boolean) -> OSStatus;
46    #[cfg(target_os = "macos")]
47    pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSStatus;
48    #[deprecated(note = "deprecated by Apple")]
49    pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultType) -> OSStatus;
50    // it should have been OSX_10_14, but due to back-compat it can't rely on the newer feature flag
51    #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
52    pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFErrorRef) -> bool;
53    pub fn SecTrustCreateWithCertificates(
54        certificates: CFTypeRef,
55        policies: CFTypeRef,
56        trust: *mut SecTrustRef,
57    ) -> OSStatus;
58    pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus;
59    #[cfg(target_os = "macos")]
60    pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFlags) -> OSStatus;
61    pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *mut Boolean) -> OSStatus;
62    pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus;
63    pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeRef) -> OSStatus;
64    #[cfg(any(feature = "OSX_10_14", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
65    pub fn SecTrustSetSignedCertificateTimestamps(
66        trust: SecTrustRef,
67        sctArray: CFArrayRef,
68    ) -> OSStatus;
69    pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef;
70}