security_framework_sys/
trust.rs

1use crate::base::SecCertificateRef;
2use crate::base::SecKeyRef;
3use core_foundation_sys::array::CFArrayRef;
4use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus};
5use core_foundation_sys::date::CFDateRef;
6#[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
7use core_foundation_sys::error::CFErrorRef;
8
9pub type SecTrustResultType = u32;
10
11pub const kSecTrustResultInvalid: SecTrustResultType = 0;
12pub const kSecTrustResultProceed: SecTrustResultType = 1;
13pub const kSecTrustResultDeny: SecTrustResultType = 3;
14pub const kSecTrustResultUnspecified: SecTrustResultType = 4;
15pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5;
16pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6;
17pub const kSecTrustResultOtherError: SecTrustResultType = 7;
18
19#[cfg(target_os = "macos")]
20mod flags {
21    pub type SecTrustOptionFlags = u32;
22
23    pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001;
24    pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002;
25    pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x0000_0004;
26    pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_0008;
27    pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000_0010;
28    pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_0020;
29    pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0040;
30}
31
32#[cfg(target_os = "macos")]
33pub use flags::*;
34
35pub enum __SecTrust {}
36
37pub type SecTrustRef = *mut __SecTrust;
38
39extern "C" {
40    pub fn SecTrustGetTypeID() -> CFTypeID;
41    pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex;
42    #[deprecated(note = "deprecated by Apple")]
43    pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef;
44    pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) -> OSStatus;
45    pub fn SecTrustSetAnchorCertificates(
46        trust: SecTrustRef,
47        anchorCertificates: CFArrayRef,
48    ) -> OSStatus;
49    pub fn SecTrustSetAnchorCertificatesOnly(
50        trust: SecTrustRef,
51        anchorCertificatesOnly: Boolean,
52    ) -> OSStatus;
53    #[cfg(target_os = "macos")]
54    pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSStatus;
55    #[deprecated(note = "deprecated by Apple")]
56    pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultType) -> OSStatus;
57    // it should have been OSX_10_14, but due to back-compat it can't rely on the newer feature flag
58    #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
59    pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFErrorRef) -> bool;
60    pub fn SecTrustCreateWithCertificates(
61        certificates: CFTypeRef,
62        policies: CFTypeRef,
63        trust: *mut SecTrustRef,
64    ) -> OSStatus;
65    pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus;
66    #[cfg(target_os = "macos")]
67    pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFlags) -> OSStatus;
68    pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *mut Boolean) -> OSStatus;
69    pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus;
70    pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeRef) -> OSStatus;
71    #[cfg(any(feature = "OSX_10_14", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
72    pub fn SecTrustSetSignedCertificateTimestamps(
73        trust: SecTrustRef,
74        sctArray: CFArrayRef,
75    ) -> OSStatus;
76    pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef;
77}