Skip to main content

security_framework_sys/
trust.rs

1use crate::base::{SecCertificateRef, SecKeyRef};
2use core_foundation_sys::array::CFArrayRef;
3use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus};
4use core_foundation_sys::date::CFDateRef;
5use core_foundation_sys::error::CFErrorRef;
6
7pub type SecTrustResultType = u32;
8
9pub const kSecTrustResultInvalid: SecTrustResultType = 0;
10pub const kSecTrustResultProceed: SecTrustResultType = 1;
11pub const kSecTrustResultDeny: SecTrustResultType = 3;
12pub const kSecTrustResultUnspecified: SecTrustResultType = 4;
13pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5;
14pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6;
15pub const kSecTrustResultOtherError: SecTrustResultType = 7;
16
17#[cfg(target_os = "macos")]
18mod flags {
19    pub type SecTrustOptionFlags = u32;
20
21    pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001;
22    pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002;
23    pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x0000_0004;
24    pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_0008;
25    pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000_0010;
26    pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_0020;
27    pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0040;
28}
29
30#[cfg(target_os = "macos")]
31pub use flags::*;
32
33pub enum __SecTrust {}
34
35pub type SecTrustRef = *mut __SecTrust;
36
37extern "C" {
38    pub fn SecTrustGetTypeID() -> CFTypeID;
39    #[cfg(any(feature = "macos-12", not(target_os = "macos")))]
40    pub fn SecTrustCopyCertificateChain(trust: SecTrustRef) -> CFArrayRef;
41    pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex;
42    #[deprecated(note = "deprecated by Apple, use SecTrustCopyCertificateChain")]
43    pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef;
44    pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) -> OSStatus;
45    pub fn SecTrustSetAnchorCertificates(trust: SecTrustRef, anchorCertificates: CFArrayRef) -> OSStatus;
46    pub fn SecTrustSetAnchorCertificatesOnly(trust: SecTrustRef, anchorCertificatesOnly: Boolean) -> OSStatus;
47    #[cfg(target_os = "macos")]
48    pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSStatus;
49    #[deprecated(note = "deprecated by Apple")]
50    pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultType) -> OSStatus;
51    pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFErrorRef) -> bool;
52    pub fn SecTrustCreateWithCertificates(
53        certificates: CFTypeRef,
54        policies: CFTypeRef,
55        trust: *mut SecTrustRef,
56    ) -> OSStatus;
57    pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus;
58    #[cfg(target_os = "macos")]
59    pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFlags) -> OSStatus;
60    pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *mut Boolean) -> OSStatus;
61    pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus;
62    pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeRef) -> OSStatus;
63    pub fn SecTrustSetSignedCertificateTimestamps(
64        trust: SecTrustRef,
65        sctArray: CFArrayRef,
66    ) -> OSStatus;
67    pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef;
68}