Showing preview only (564K chars total). Download the full file or copy to clipboard to get everything.
Repository: kornelski/rust-security-framework
Branch: main
Commit: df2c535b2e8d
Files: 102
Total size: 532.4 KB
Directory structure:
gitextract_ido0h2qq/
├── .github/
│ └── workflows/
│ └── main.yml
├── .gitignore
├── .rustfmt.toml
├── Cargo.toml
├── LICENSE-APACHE
├── LICENSE-MIT
├── README.md
├── iostest/
│ ├── Cargo.toml
│ ├── ios-test-harness/
│ │ ├── ios-test-harness/
│ │ │ ├── Assets.xcassets/
│ │ │ │ ├── AccentColor.colorset/
│ │ │ │ │ └── Contents.json
│ │ │ │ ├── AppIcon.appiconset/
│ │ │ │ │ └── Contents.json
│ │ │ │ └── Contents.json
│ │ │ ├── ContentView.swift
│ │ │ ├── Preview Content/
│ │ │ │ └── Preview Assets.xcassets/
│ │ │ │ └── Contents.json
│ │ │ └── ios_test_harnessApp.swift
│ │ ├── ios-test-harness.xcodeproj/
│ │ │ └── project.pbxproj
│ │ ├── ios-test-harnessTests/
│ │ │ └── ios_test_harnessTests.swift
│ │ └── test-runner/
│ │ ├── TestRunner.swift
│ │ ├── create-library.sh
│ │ ├── remove-library.sh
│ │ ├── test-Bridging-Header.h
│ │ └── test.h
│ ├── src/
│ │ └── lib.rs
│ └── tests/
│ └── ios_macos.rs
├── security-framework/
│ ├── Cargo.toml
│ ├── THIRD_PARTY
│ ├── examples/
│ │ ├── client.rs
│ │ ├── find_internet_password.rs
│ │ └── set_internet_password.rs
│ ├── src/
│ │ ├── access_control.rs
│ │ ├── authorization.rs
│ │ ├── base.rs
│ │ ├── certificate.rs
│ │ ├── cipher_suite.rs
│ │ ├── cms.rs
│ │ ├── identity.rs
│ │ ├── import_export.rs
│ │ ├── item.rs
│ │ ├── key.rs
│ │ ├── lib.rs
│ │ ├── os/
│ │ │ ├── macos/
│ │ │ │ ├── access.rs
│ │ │ │ ├── certificate.rs
│ │ │ │ ├── certificate_oids.rs
│ │ │ │ ├── code_signing.rs
│ │ │ │ ├── digest_transform.rs
│ │ │ │ ├── encrypt_transform.rs
│ │ │ │ ├── identity.rs
│ │ │ │ ├── import_export.rs
│ │ │ │ ├── item.rs
│ │ │ │ ├── key.rs
│ │ │ │ ├── keychain.rs
│ │ │ │ ├── keychain_item.rs
│ │ │ │ ├── mod.rs
│ │ │ │ ├── passwords.rs
│ │ │ │ ├── secure_transport.rs
│ │ │ │ └── transform.rs
│ │ │ └── mod.rs
│ │ ├── passwords.rs
│ │ ├── passwords_options.rs
│ │ ├── policy.rs
│ │ ├── random.rs
│ │ ├── secure_transport.rs
│ │ ├── trust.rs
│ │ └── trust_settings.rs
│ └── test/
│ ├── ca.der
│ ├── cms/
│ │ ├── encrypted.p7m
│ │ ├── keystore.p12
│ │ ├── signed-encrypted.p7m
│ │ └── signed.p7m
│ ├── dhparam.der
│ ├── regen-certs.sh
│ ├── server.der
│ ├── server.key
│ ├── server.keychain
│ └── server.p12
├── security-framework-sys/
│ ├── Cargo.toml
│ └── src/
│ ├── access.rs
│ ├── access_control.rs
│ ├── authorization.rs
│ ├── base.rs
│ ├── certificate.rs
│ ├── certificate_oids.rs
│ ├── cipher_suite.rs
│ ├── cms.rs
│ ├── code_signing.rs
│ ├── digest_transform.rs
│ ├── encrypt_transform.rs
│ ├── identity.rs
│ ├── import_export.rs
│ ├── item.rs
│ ├── key.rs
│ ├── keychain.rs
│ ├── keychain_item.rs
│ ├── lib.rs
│ ├── policy.rs
│ ├── random.rs
│ ├── secure_transport.rs
│ ├── transform.rs
│ ├── trust.rs
│ └── trust_settings.rs
└── systest/
├── Cargo.toml
├── build.rs
└── src/
└── main.rs
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/workflows/main.yml
================================================
name: CI
on:
pull_request:
push:
branches: main
env:
RUST_BACKTRACE: 1
CARGO_PROFILE_DEV_DEBUG: 0
jobs:
test:
name: Tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest ]
rust: [ 1.85.0, stable, nightly ]
steps:
- name: Checkout sources
uses: actions/checkout@v2
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@v1
with:
toolchain: ${{ matrix.rust }}
- uses: actions/cache/restore@v5
name: Cache crates.io
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
key: cratesio-${{ runner.os }}-${{ hashFiles('Cargo.toml') }}
- name: Fix time MSRV
run: |
cargo update -p time --precise 0.3.41
cargo update -p time-core --precise 0.1.4
- uses: actions/cache@v5
name: Cache build dir
with:
path: target
key: tests-${{ runner.os }}-${{ matrix.rust }}-${{ hashFiles('Cargo.lock') }}
- name: Check default features
run: cargo check --all
- name: Run cargo test
run: cargo test --all-features --all
lints:
name: Lints and Breaking Changes
runs-on: macos-latest
continue-on-error: true
steps:
- name: Checkout sources
uses: actions/checkout@v2
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@v1
with:
toolchain: stable
components: clippy, rustfmt
- uses: actions/cache@v5
name: Cache crates.io
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
key: cratesio-${{ runner.os }}-${{ hashFiles('Cargo.toml') }}
- name: DO NOT USE RUSTFMT
run: "if cargo fmt --quiet --check -- --config-path=/dev/null; then echo >&2 'Do not reformat the code with rustfmt. This project does not use rustfmt.'; fi"
- run: cargo generate-lockfile
- uses: actions/cache@v5
name: Cache build dir
with:
path: target
key: lints-${{ runner.os }}-${{ matrix.rust }}-${{ hashFiles('Cargo.lock') }}
- name: SemVer check
uses: obi1kenobi/cargo-semver-checks-action@v2
- name: Run cargo clippy
run: cargo clippy --all-features
ios:
name: iOS and Intel compile-check
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v2
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@v1
with:
toolchain: stable
target: aarch64-apple-ios,x86_64-apple-darwin
- uses: actions/cache/restore@v5
name: Cache crates.io
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
key: cratesio-${{ runner.os }}-${{ hashFiles('Cargo.toml') }}
- run: cargo generate-lockfile
- uses: actions/cache@v5
name: Cache build dir
with:
path: target
key: lints-${{ runner.os }}-${{ matrix.rust }}-${{ hashFiles('Cargo.lock') }}
- name: Run check iOS
run: cargo check --all-features -p security-framework --target aarch64-apple-ios
- name: Run check Intel
run: cargo check --all-features -p security-framework --target x86_64-apple-darwin
================================================
FILE: .gitignore
================================================
target/
Cargo.lock
.cargo/
.DS_Store
.idea
*.iml
.vscode
================================================
FILE: .rustfmt.toml
================================================
# please do not use rustfmt, it destroys well-formatted code
disable_all_formatting = true
ignore = ["/"]
================================================
FILE: Cargo.toml
================================================
[workspace]
resolver = "2"
members = [
"security-framework-sys",
"security-framework",
"iostest",
"systest"
]
[workspace.lints.clippy]
pedantic = { level = "warn", priority = -100 }
cast_possible_truncation = "allow"
cast_possible_wrap = "allow"
cast_sign_loss = "allow"
if_not_else = "allow"
inline_always = "allow"
items_after_statements = "allow"
iter_not_returning_iterator = "allow"
map_unwrap_or = "allow"
missing_errors_doc = "allow"
missing_panics_doc = "allow"
module_name_repetitions = "allow"
redundant_closure_for_method_calls = "allow"
similar_names = "allow"
unnested_or_patterns = "allow"
wildcard_imports = "allow"
doc_markdown = "allow"
default_trait_access = "allow"
needless_pass_by_value = "allow"
needless_continue = "allow"
struct_field_names = "allow"
================================================
FILE: LICENSE-APACHE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: LICENSE-MIT
================================================
The MIT License (MIT)
Copyright (c) 2015 Steven Fackler
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
================================================
FILE: README.md
================================================
# macOS/iOS Security framework for Rust
[](https://lib.rs/crates/security-framework)
[Documentation](https://docs.rs/security-framework)
Bindings to the Apple's `Security.framework`. Allows use of TLS and Keychain from Rust.
## License
Licensed under either of
* Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
* MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
at your option.
### Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you shall be dual licensed as above, without any
additional terms or conditions.
================================================
FILE: iostest/Cargo.toml
================================================
[package]
name = "iostest"
version = "0.1.0"
edition = "2021"
publish = false
[lib]
crate-type = ["staticlib"]
[dependencies]
core-foundation = "0.10.0"
security-framework = { path = "../security-framework" }
security-framework-sys = { path = "../security-framework-sys" }
[dev-dependencies]
rand = "0.8.5"
serial_test = "3.3"
[package.metadata.release]
release = false
[lints]
workspace = true
================================================
FILE: iostest/ios-test-harness/ios-test-harness/Assets.xcassets/AccentColor.colorset/Contents.json
================================================
{
"colors" : [
{
"idiom" : "universal"
}
],
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness/Assets.xcassets/AppIcon.appiconset/Contents.json
================================================
{
"images" : [
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "20x20"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "20x20"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "29x29"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "29x29"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "40x40"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "40x40"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "60x60"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "60x60"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "20x20"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "20x20"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "29x29"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "29x29"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "40x40"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "40x40"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "76x76"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "76x76"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "83.5x83.5"
},
{
"idiom" : "ios-marketing",
"scale" : "1x",
"size" : "1024x1024"
}
],
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness/Assets.xcassets/Contents.json
================================================
{
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness/ContentView.swift
================================================
//
// ContentView.swift
// ios-test-harness
//
import SwiftUI
struct ContentView: View {
@State var showAlert = false;
var body: some View {
Button("Run Test") {
TestRunner.runTest()
showAlert = true
}
.alert(isPresented: $showAlert) {
Alert(title: Text("Test Result"),
message: Text("Tests ran without crash!"))
}
}
}
struct ContentView_Previews: PreviewProvider {
static var previews: some View {
ContentView()
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness/Preview Content/Preview Assets.xcassets/Contents.json
================================================
{
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness/ios_test_harnessApp.swift
================================================
//
// ios_test_harnessApp.swift
// ios-test-harness
//
import SwiftUI
@main
struct ios_test_harnessApp: App {
var body: some Scene {
WindowGroup {
ContentView()
}
}
}
================================================
FILE: iostest/ios-test-harness/ios-test-harness.xcodeproj/project.pbxproj
================================================
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 55;
objects = {
/* Begin PBXBuildFile section */
3779698F27A6749700F0EF3C /* ios_test_harnessApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3779698E27A6749700F0EF3C /* ios_test_harnessApp.swift */; };
3779699127A6749700F0EF3C /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3779699027A6749700F0EF3C /* ContentView.swift */; };
3779699327A6749A00F0EF3C /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 3779699227A6749A00F0EF3C /* Assets.xcassets */; };
3779699627A6749A00F0EF3C /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 3779699527A6749A00F0EF3C /* Preview Assets.xcassets */; };
377969A027A6749A00F0EF3C /* ios_test_harnessTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3779699F27A6749A00F0EF3C /* ios_test_harnessTests.swift */; };
377969BA27A6755A00F0EF3C /* TestRunner.swift in Sources */ = {isa = PBXBuildFile; fileRef = 377969B927A6755A00F0EF3C /* TestRunner.swift */; };
377969C427A6826300F0EF3C /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 377969C327A6826300F0EF3C /* libresolv.tbd */; };
37B75D8627AD0A7000D233CA /* libiostest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 37B75D8527AD0A7000D233CA /* libiostest.a */; };
/* End PBXBuildFile section */
/* Begin PBXContainerItemProxy section */
3779699C27A6749A00F0EF3C /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 3779698327A6749700F0EF3C /* Project object */;
proxyType = 1;
remoteGlobalIDString = 3779698A27A6749700F0EF3C;
remoteInfo = "static-test-harness";
};
/* End PBXContainerItemProxy section */
/* Begin PBXFileReference section */
3779698B27A6749700F0EF3C /* ios-test-harness.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "ios-test-harness.app"; sourceTree = BUILT_PRODUCTS_DIR; };
3779698E27A6749700F0EF3C /* ios_test_harnessApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ios_test_harnessApp.swift; sourceTree = "<group>"; };
3779699027A6749700F0EF3C /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
3779699227A6749A00F0EF3C /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
3779699527A6749A00F0EF3C /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
3779699B27A6749A00F0EF3C /* ios-test-harnessTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "ios-test-harnessTests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; };
3779699F27A6749A00F0EF3C /* ios_test_harnessTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ios_test_harnessTests.swift; sourceTree = "<group>"; };
377969B927A6755A00F0EF3C /* TestRunner.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TestRunner.swift; sourceTree = "<group>"; };
377969BB27A675E800F0EF3C /* test.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = test.h; sourceTree = "<group>"; };
377969BC27A6771500F0EF3C /* test-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "test-Bridging-Header.h"; sourceTree = "<group>"; };
377969BD27A67A3A00F0EF3C /* remove-library.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = "remove-library.sh"; sourceTree = "<group>"; };
377969BE27A67A3A00F0EF3C /* create-library.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = "create-library.sh"; sourceTree = "<group>"; };
377969C327A6826300F0EF3C /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; };
37B75D8527AD0A7000D233CA /* libiostest.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libiostest.a; path = "test-runner/libiostest.a"; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
3779698827A6749700F0EF3C /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
37B75D8627AD0A7000D233CA /* libiostest.a in Frameworks */,
377969C427A6826300F0EF3C /* libresolv.tbd in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
3779699827A6749A00F0EF3C /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
3779698227A6749700F0EF3C = {
isa = PBXGroup;
children = (
377969B827A6751200F0EF3C /* test-runner */,
3779698D27A6749700F0EF3C /* ios-test-harness */,
3779699E27A6749A00F0EF3C /* ios-test-harnessTests */,
3779698C27A6749700F0EF3C /* Products */,
377969C027A6824C00F0EF3C /* Frameworks */,
);
sourceTree = "<group>";
};
3779698C27A6749700F0EF3C /* Products */ = {
isa = PBXGroup;
children = (
3779698B27A6749700F0EF3C /* ios-test-harness.app */,
3779699B27A6749A00F0EF3C /* ios-test-harnessTests.xctest */,
);
name = Products;
sourceTree = "<group>";
};
3779698D27A6749700F0EF3C /* ios-test-harness */ = {
isa = PBXGroup;
children = (
3779698E27A6749700F0EF3C /* ios_test_harnessApp.swift */,
3779699027A6749700F0EF3C /* ContentView.swift */,
3779699227A6749A00F0EF3C /* Assets.xcassets */,
3779699427A6749A00F0EF3C /* Preview Content */,
);
path = "ios-test-harness";
sourceTree = "<group>";
};
3779699427A6749A00F0EF3C /* Preview Content */ = {
isa = PBXGroup;
children = (
3779699527A6749A00F0EF3C /* Preview Assets.xcassets */,
);
path = "Preview Content";
sourceTree = "<group>";
};
3779699E27A6749A00F0EF3C /* ios-test-harnessTests */ = {
isa = PBXGroup;
children = (
3779699F27A6749A00F0EF3C /* ios_test_harnessTests.swift */,
);
path = "ios-test-harnessTests";
sourceTree = "<group>";
};
377969B827A6751200F0EF3C /* test-runner */ = {
isa = PBXGroup;
children = (
377969BB27A675E800F0EF3C /* test.h */,
377969BC27A6771500F0EF3C /* test-Bridging-Header.h */,
377969BE27A67A3A00F0EF3C /* create-library.sh */,
377969BD27A67A3A00F0EF3C /* remove-library.sh */,
377969B927A6755A00F0EF3C /* TestRunner.swift */,
);
path = "test-runner";
sourceTree = "<group>";
};
377969C027A6824C00F0EF3C /* Frameworks */ = {
isa = PBXGroup;
children = (
37B75D8527AD0A7000D233CA /* libiostest.a */,
377969C327A6826300F0EF3C /* libresolv.tbd */,
);
name = Frameworks;
sourceTree = "<group>";
};
/* End PBXGroup section */
/* Begin PBXNativeTarget section */
3779698A27A6749700F0EF3C /* ios-test-harness */ = {
isa = PBXNativeTarget;
buildConfigurationList = 377969AF27A6749B00F0EF3C /* Build configuration list for PBXNativeTarget "ios-test-harness" */;
buildPhases = (
377969BF27A6816900F0EF3C /* create library */,
3779698727A6749700F0EF3C /* Sources */,
3779698827A6749700F0EF3C /* Frameworks */,
3779698927A6749700F0EF3C /* Resources */,
377969C527A682E200F0EF3C /* delete library */,
);
buildRules = (
);
dependencies = (
);
name = "ios-test-harness";
productName = "static-test-harness";
productReference = 3779698B27A6749700F0EF3C /* ios-test-harness.app */;
productType = "com.apple.product-type.application";
};
3779699A27A6749A00F0EF3C /* ios-test-harnessTests */ = {
isa = PBXNativeTarget;
buildConfigurationList = 377969B227A6749B00F0EF3C /* Build configuration list for PBXNativeTarget "ios-test-harnessTests" */;
buildPhases = (
3779699727A6749A00F0EF3C /* Sources */,
3779699827A6749A00F0EF3C /* Frameworks */,
3779699927A6749A00F0EF3C /* Resources */,
);
buildRules = (
);
dependencies = (
3779699D27A6749A00F0EF3C /* PBXTargetDependency */,
);
name = "ios-test-harnessTests";
productName = "static-test-harnessTests";
productReference = 3779699B27A6749A00F0EF3C /* ios-test-harnessTests.xctest */;
productType = "com.apple.product-type.bundle.unit-test";
};
/* End PBXNativeTarget section */
/* Begin PBXProject section */
3779698327A6749700F0EF3C /* Project object */ = {
isa = PBXProject;
attributes = {
BuildIndependentTargetsInParallel = 1;
LastSwiftUpdateCheck = 1320;
LastUpgradeCheck = 1320;
TargetAttributes = {
3779698A27A6749700F0EF3C = {
CreatedOnToolsVersion = 13.2.1;
};
3779699A27A6749A00F0EF3C = {
CreatedOnToolsVersion = 13.2.1;
TestTargetID = 3779698A27A6749700F0EF3C;
};
};
};
buildConfigurationList = 3779698627A6749700F0EF3C /* Build configuration list for PBXProject "ios-test-harness" */;
compatibilityVersion = "Xcode 13.0";
developmentRegion = en;
hasScannedForEncodings = 0;
knownRegions = (
en,
Base,
);
mainGroup = 3779698227A6749700F0EF3C;
productRefGroup = 3779698C27A6749700F0EF3C /* Products */;
projectDirPath = "";
projectRoot = "";
targets = (
3779698A27A6749700F0EF3C /* ios-test-harness */,
3779699A27A6749A00F0EF3C /* ios-test-harnessTests */,
);
};
/* End PBXProject section */
/* Begin PBXResourcesBuildPhase section */
3779698927A6749700F0EF3C /* Resources */ = {
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
3779699627A6749A00F0EF3C /* Preview Assets.xcassets in Resources */,
3779699327A6749A00F0EF3C /* Assets.xcassets in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
3779699927A6749A00F0EF3C /* Resources */ = {
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXResourcesBuildPhase section */
/* Begin PBXShellScriptBuildPhase section */
377969BF27A6816900F0EF3C /* create library */ = {
isa = PBXShellScriptBuildPhase;
buildActionMask = 2147483647;
files = (
);
inputFileListPaths = (
);
inputPaths = (
);
name = "create library";
outputFileListPaths = (
);
outputPaths = (
"$(DERIVED_FILE_DIR)/libiostest.a",
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "source ${PROJECT_DIR}/test-runner/create-library.sh\n";
showEnvVarsInLog = 0;
};
377969C527A682E200F0EF3C /* delete library */ = {
isa = PBXShellScriptBuildPhase;
buildActionMask = 2147483647;
files = (
);
inputFileListPaths = (
);
inputPaths = (
);
name = "delete library";
outputFileListPaths = (
);
outputPaths = (
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "source ${PROJECT_DIR}/test-runner/remove-library.sh\n";
};
/* End PBXShellScriptBuildPhase section */
/* Begin PBXSourcesBuildPhase section */
3779698727A6749700F0EF3C /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
3779699127A6749700F0EF3C /* ContentView.swift in Sources */,
377969BA27A6755A00F0EF3C /* TestRunner.swift in Sources */,
3779698F27A6749700F0EF3C /* ios_test_harnessApp.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
3779699727A6749A00F0EF3C /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
377969A027A6749A00F0EF3C /* ios_test_harnessTests.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXSourcesBuildPhase section */
/* Begin PBXTargetDependency section */
3779699D27A6749A00F0EF3C /* PBXTargetDependency */ = {
isa = PBXTargetDependency;
target = 3779698A27A6749700F0EF3C /* ios-test-harness */;
targetProxy = 3779699C27A6749A00F0EF3C /* PBXContainerItemProxy */;
};
/* End PBXTargetDependency section */
/* Begin XCBuildConfiguration section */
377969AD27A6749B00F0EF3C /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_ANALYZER_NONNULL = YES;
CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
CLANG_CXX_LIBRARY = "libc++";
CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_ENABLE_OBJC_WEAK = YES;
CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
CLANG_WARN_STRICT_PROTOTYPES = YES;
CLANG_WARN_SUSPICIOUS_MOVE = YES;
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
DEBUG_INFORMATION_FORMAT = dwarf;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_TESTABILITY = YES;
GCC_C_LANGUAGE_STANDARD = gnu11;
GCC_DYNAMIC_NO_PIC = NO;
GCC_NO_COMMON_BLOCKS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_PREPROCESSOR_DEFINITIONS = (
"DEBUG=1",
"$(inherited)",
);
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 15.2;
MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
MTL_FAST_MATH = YES;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = iphoneos;
SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
};
name = Debug;
};
377969AE27A6749B00F0EF3C /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_ANALYZER_NONNULL = YES;
CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
CLANG_CXX_LIBRARY = "libc++";
CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_ENABLE_OBJC_WEAK = YES;
CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
CLANG_WARN_STRICT_PROTOTYPES = YES;
CLANG_WARN_SUSPICIOUS_MOVE = YES;
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
ENABLE_NS_ASSERTIONS = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
GCC_C_LANGUAGE_STANDARD = gnu11;
GCC_NO_COMMON_BLOCKS = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 15.2;
MTL_ENABLE_DEBUG_INFO = NO;
MTL_FAST_MATH = YES;
SDKROOT = iphoneos;
SWIFT_COMPILATION_MODE = wholemodule;
SWIFT_OPTIMIZATION_LEVEL = "-O";
VALIDATE_PRODUCT = YES;
};
name = Release;
};
377969B027A6749B00F0EF3C /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 1;
DEVELOPMENT_ASSET_PATHS = "\"ios-test-harness/Preview Content\"";
DEVELOPMENT_TEAM = 85H73V9R3F;
ENABLE_BITCODE = NO;
ENABLE_PREVIEWS = YES;
GENERATE_INFOPLIST_FILE = YES;
INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES;
INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
INFOPLIST_KEY_UILaunchScreen_Generation = YES;
INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"@executable_path/Frameworks",
);
LIBRARY_SEARCH_PATHS = (
"$(DERIVED_FILES_DIR)",
"$(PROJECT_DIR)/test-runner",
);
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.brotsky.ios-test-harness";
PRODUCT_NAME = "ios-test-harness";
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_OBJC_BRIDGING_HEADER = "$(PROJECT_DIR)/test-runner/test-Bridging-Header.h";
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
};
name = Debug;
};
377969B127A6749B00F0EF3C /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 1;
DEVELOPMENT_ASSET_PATHS = "\"ios-test-harness/Preview Content\"";
DEVELOPMENT_TEAM = 85H73V9R3F;
ENABLE_BITCODE = NO;
ENABLE_PREVIEWS = YES;
GENERATE_INFOPLIST_FILE = YES;
INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES;
INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
INFOPLIST_KEY_UILaunchScreen_Generation = YES;
INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"@executable_path/Frameworks",
);
LIBRARY_SEARCH_PATHS = (
"$(DERIVED_FILES_DIR)",
"$(PROJECT_DIR)/test-runner",
);
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.brotsky.ios-test-harness";
PRODUCT_NAME = "ios-test-harness";
SWIFT_EMIT_LOC_STRINGS = YES;
SWIFT_OBJC_BRIDGING_HEADER = "$(PROJECT_DIR)/test-runner/test-Bridging-Header.h";
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
};
name = Release;
};
377969B327A6749B00F0EF3C /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
BUNDLE_LOADER = "$(TEST_HOST)";
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 1;
DEVELOPMENT_TEAM = 85H73V9R3F;
GENERATE_INFOPLIST_FILE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 15.2;
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.brotsky.static-test-harnessTests";
PRODUCT_NAME = "$(TARGET_NAME)";
SWIFT_EMIT_LOC_STRINGS = NO;
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
TEST_HOST = "$(BUILT_PRODUCTS_DIR)/ios-test-harness.app/ios-test-harness";
};
name = Debug;
};
377969B427A6749B00F0EF3C /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
BUNDLE_LOADER = "$(TEST_HOST)";
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 1;
DEVELOPMENT_TEAM = 85H73V9R3F;
GENERATE_INFOPLIST_FILE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 15.2;
MARKETING_VERSION = 1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.brotsky.static-test-harnessTests";
PRODUCT_NAME = "$(TARGET_NAME)";
SWIFT_EMIT_LOC_STRINGS = NO;
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
TEST_HOST = "$(BUILT_PRODUCTS_DIR)/ios-test-harness.app/ios-test-harness";
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
3779698627A6749700F0EF3C /* Build configuration list for PBXProject "ios-test-harness" */ = {
isa = XCConfigurationList;
buildConfigurations = (
377969AD27A6749B00F0EF3C /* Debug */,
377969AE27A6749B00F0EF3C /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
377969AF27A6749B00F0EF3C /* Build configuration list for PBXNativeTarget "ios-test-harness" */ = {
isa = XCConfigurationList;
buildConfigurations = (
377969B027A6749B00F0EF3C /* Debug */,
377969B127A6749B00F0EF3C /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
377969B227A6749B00F0EF3C /* Build configuration list for PBXNativeTarget "ios-test-harnessTests" */ = {
isa = XCConfigurationList;
buildConfigurations = (
377969B327A6749B00F0EF3C /* Debug */,
377969B427A6749B00F0EF3C /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = 3779698327A6749700F0EF3C /* Project object */;
}
================================================
FILE: iostest/ios-test-harness/ios-test-harnessTests/ios_test_harnessTests.swift
================================================
//
// static_test_harnessTests.swift
// static-test-harnessTests
//
// Created by Daniel Brotsky on 1/29/22.
//
import XCTest
@testable import ios_test_harness
class static_test_harnessTests: XCTestCase {
func testRun() throws {
TestRunner.runTest()
}
}
================================================
FILE: iostest/ios-test-harness/test-runner/TestRunner.swift
================================================
//
// TestRunner.swift
// ios-test-harness
//
import Foundation
class TestRunner {
static func runTest() {
test()
}
}
================================================
FILE: iostest/ios-test-harness/test-runner/create-library.sh
================================================
#!/bin/bash
set -x
# create-library.sh
# Build the correct Rust target and place
# the resulting library in the build products
#
# The $PATH used by Xcode likely won't contain Cargo, fix that.
# In addition, the $PATH used by XCode has lots of Apple-specific
# developer tools that your Cargo isn't expecting to use, fix that.
# Note: This assumes a default `rustup` setup and default path.
build_path="$HOME/.cargo/bin:/usr/local/bin:/usr/bin:/bin"
#
# Figure out the correct Rust target from the ARCHS and PLATFORM.
# This script expects just one element in ARCHS.
case "$ARCHS" in
"arm64") rust_arch="aarch64" ;;
"x86_64") rust_arch="x86_64" ;;
*) echo "error: unsupported architecture: $ARCHS" ;;
esac
if [[ "$PLATFORM_NAME" == "macosx" ]]; then
rust_platform="apple-darwin"
else
rust_platform="apple-ios"
fi
if [[ "$PLATFORM_NAME" == "iphonesimulator" ]]; then
if [[ "${rust_arch}" == "aarch64" ]]; then
rust_abi="-sim"
else
rust_abi=""
fi
else
rust_abi=""
fi
rust_target="${rust_arch}-${rust_platform}${rust_abi}"
#
# Build library in debug or release
build_args=(--manifest-path ../Cargo.toml --target "${rust_target}")
if [[ "$CONFIGURATION" == "Release" ]]; then
rust_config="release"
env PATH="${build_path}" cargo build --release "${build_args[@]}"
elif [[ "$CONFIGURATION" == "Debug" ]]; then
rust_config="debug"
env PATH="${build_path}" cargo build "${build_args[@]}"
else
echo "error: Unexpected build configuration: $CONFIGURATION"
fi
#
# Copy the built library to the derived files directory
cp -v "../../target/${rust_target}/${rust_config}/libiostest.a" ${DERIVED_FILES_DIR}
================================================
FILE: iostest/ios-test-harness/test-runner/remove-library.sh
================================================
#!/bin/sh
set -x
# delete-library.sh
# Remove the build Rust library so it will be rebuilt next time.
#
rm -fv ${DERIVED_FILES_DIR}/libiostest.a
================================================
FILE: iostest/ios-test-harness/test-runner/test-Bridging-Header.h
================================================
//
// test-Bridging-Header.h
// ios-test-harness
//
#ifndef test_Bridging_Header_h
#define test_Bridging_Header_h
#import "test.h"
#endif /* test_Bridging_Header_h */
================================================
FILE: iostest/ios-test-harness/test-runner/test.h
================================================
//
// test.h
// ios-test-harness
//
#ifndef test_h
#define test_h
extern void test();
#endif /* test_h */
================================================
FILE: iostest/src/lib.rs
================================================
#![allow(deprecated)]
//! Test library for newer iOS-style APIs.
//!
//! This library exercises the iOS-style password APIs.
//! It will compile under either macOS or iOS, so that
//! it can be linked into a test-harness executable
//! on either platform. Since Rust provides a built-in
//! facility for testing, this library is really only
//! useful when built for iOS. See the ios-test-harness
//! XCode project (part of this crate) for how it gets
//! linked and used for testing.
use security_framework::passwords::{
delete_generic_password, delete_internet_password, get_generic_password, get_internet_password,
set_generic_password, set_internet_password,
};
use security_framework_sys::base::errSecItemNotFound;
use security_framework_sys::keychain::SecAuthenticationType::Any;
use security_framework_sys::keychain::SecProtocolType::HTTP;
#[no_mangle]
extern "C" fn test() {
test_missing_generic_password();
test_round_trip_empty_generic_password();
test_round_trip_ascii_generic_password();
test_round_trip_non_ascii_generic_password();
test_round_trip_non_utf8_generic_password();
test_update_generic_password();
test_missing_internet_password();
test_round_trip_empty_internet_password();
test_round_trip_ascii_internet_password();
test_round_trip_non_ascii_internet_password();
test_round_trip_non_utf8_internet_password();
test_update_internet_password();
}
fn test_missing_generic_password() {
println!("test_missing_generic_password: start");
let name = "test_missing_generic_password";
let result = delete_generic_password(name, name);
match result {
Ok(()) => (),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_generic_password: delete failed with status: {}", err.code()),
}
let result = get_generic_password(name, name);
match result {
Ok(bytes) => panic!("test_missing_password: get returned {bytes:?}"),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_generic_password: get failed with status: {}", err.code()),
}
let result = delete_generic_password(name, name);
match result {
Ok(()) => panic!("test_missing_generic_password: second delete found a password"),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_generic_password: delete failed with status: {}", err.code()),
}
println!("test_missing_generic_password: pass");
}
fn test_round_trip_empty_generic_password() {
println!("test_round_trip_empty_generic_password: start");
let name = "test_empty_generic_password_input";
let in_pass = b"";
set_generic_password(name, name, in_pass).unwrap();
let out_pass = get_generic_password(name, name).unwrap();
assert_eq!(in_pass.as_slice(), out_pass);
delete_generic_password(name, name).unwrap();
println!("test_round_trip_empty_generic_password: pass");
}
fn test_round_trip_ascii_generic_password() {
println!("test_round_trip_ascii_generic_password: start");
let name = "test_round_trip_ascii_generic_password";
let password = b"test ascii password";
set_generic_password(name, name, password).unwrap();
let stored_password = get_generic_password(name, name).unwrap();
assert_eq!(password.as_slice(), stored_password);
delete_generic_password(name, name).unwrap();
println!("test_round_trip_ascii_generic_password: pass");
}
fn test_round_trip_non_ascii_generic_password() {
println!("test_round_trip_non_ascii_generic_password: start");
let name = "test_round_trip_non_ascii_generic_password";
let password = "このきれいな花は桜です".as_bytes();
set_generic_password(name, name, password).unwrap();
let stored_password = get_generic_password(name, name).unwrap();
assert_eq!(stored_password, password);
delete_generic_password(name, name).unwrap();
println!("test_round_trip_non_ascii_generic_password: pass");
}
fn test_round_trip_non_utf8_generic_password() {
println!("test_round_trip_non_utf8_generic_password: start");
let name = "test_round_trip_non_utf8_generic_password";
let password: [u8; 10] = [0, 121, 122, 123, 40, 50, 126, 127, 8, 9];
set_generic_password(name, name, &password).unwrap();
let stored_password = get_generic_password(name, name).unwrap();
assert_eq!(stored_password, password);
delete_generic_password(name, name).unwrap();
println!("test_round_trip_non_utf8_generic_password: pass");
}
fn test_update_generic_password() {
println!("test_update_generic_password: start");
let name = "test_update_generic_password";
let password = b"test ascii password".as_slice();
set_generic_password(name, name, password).unwrap();
let stored_password = get_generic_password(name, name).unwrap();
assert_eq!(stored_password, password);
let password = "このきれいな花は桜です".as_bytes();
set_generic_password(name, name, password).unwrap();
let stored_password = get_generic_password(name, name).unwrap();
assert_eq!(stored_password, password);
delete_generic_password(name, name).unwrap();
println!("test_update_generic_password: pass");
}
fn test_missing_internet_password() {
println!("test_missing_internet_password: start");
let name = "test_missing_internet_password";
let result = delete_internet_password(name, None, name, "/test", None, HTTP, Any);
match result {
Ok(()) => (),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_internet_password: delete failed with status: {}", err.code()),
}
let result = get_internet_password(name, None, name, "/test", None, HTTP, Any);
match result {
Ok(bytes) => panic!("test_missing_password: get returned {bytes:?}"),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_internet_password: get failed with status: {}", err.code()),
}
let result = delete_internet_password(name, None, name, "/test", None, HTTP, Any);
match result {
Ok(()) => panic!("test_missing_internet_password: second delete found a password"),
Err(err) if err.code() == errSecItemNotFound => (),
Err(err) => panic!("test_missing_internet_password: delete failed with status: {}", err.code()),
}
println!("test_missing_internet_password: pass");
}
fn test_round_trip_empty_internet_password() {
println!("test_round_trip_empty_internet_password: start");
let name = "test_empty_internet_password_input";
let in_pass = b"".as_slice();
set_internet_password(name, None, name, "/test", None, HTTP, Any, in_pass).unwrap();
let out_pass = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(in_pass, out_pass);
delete_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
println!("test_round_trip_empty_internet_password: pass");
}
fn test_round_trip_ascii_internet_password() {
println!("test_round_trip_ascii_internet_password: start");
let name = "test_round_trip_ascii_internet_password";
let password = b"test ascii password".as_slice();
set_internet_password(name, None, name, "/test", None, HTTP, Any, password).unwrap();
let stored_password = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(stored_password, password);
delete_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
println!("test_round_trip_ascii_internet_password: pass");
}
fn test_round_trip_non_ascii_internet_password() {
println!("test_round_trip_non_ascii_internet_password: start");
let name = "test_round_trip_non_ascii_internet_password";
let password = "このきれいな花は桜です".as_bytes();
set_internet_password(name, None, name, "/test", None, HTTP, Any, password).unwrap();
let stored_password = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(stored_password, password);
delete_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
println!("test_round_trip_non_ascii_internet_password: pass");
}
fn test_round_trip_non_utf8_internet_password() {
println!("test_round_trip_non_utf8_internet_password: start");
let name = "test_round_trip_non_utf8_internet_password";
let password: [u8; 10] = [0, 121, 122, 123, 40, 50, 126, 127, 8, 9];
set_internet_password(name, None, name, "/test", None, HTTP, Any, &password).unwrap();
let stored_password = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(stored_password, password.as_slice());
delete_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
println!("test_round_trip_non_utf8_internet_password: pass");
}
fn test_update_internet_password() {
println!("test_update_internet_password: start");
let name = "test_update_internet_password";
let password = b"test ascii password".as_slice();
set_internet_password(name, None, name, "/test", None, HTTP, Any, password).unwrap();
let stored_password = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(stored_password, password);
let password = "このきれいな花は桜です".as_bytes();
set_internet_password(name, None, name, "/test", None, HTTP, Any, password).unwrap();
let stored_password = get_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
assert_eq!(stored_password, password);
delete_internet_password(name, None, name, "/test", None, HTTP, Any).unwrap();
println!("test_update_internet_password: pass");
}
================================================
FILE: iostest/tests/ios_macos.rs
================================================
//! Tests of legacy macOS versus newer iOS-style APIs.
//!
//! These tests compile under both iOS and macOS. Of course, there's not
//! much point compiling them under iOS, since you can't run them under iOS,
//! but at least the compilation tells you that the interfaces are intact.
//! For iOS testing, compile the library and use the included ios-test-harness.
//!
//! NOTE: Some of these tests involve keychain queries for multiple items,
//! and experience shows that running multiple keychain queries on separate
//! threads in the same process simultaneously can produce interference.
//! So all the query tests have been conditioned to run serially.
use core_foundation::base::TCFType;
use core_foundation::string::CFString;
use security_framework::item::{ItemClass, ItemSearchOptions, Limit, SearchResult};
#[cfg(target_os = "macos")]
use security_framework::os::macos::keychain::SecKeychain;
use security_framework::passwords::{delete_generic_password, set_generic_password};
use security_framework_sys::item::{kSecAttrAccount, kSecAttrService};
use serial_test::serial;
#[test]
#[serial]
fn insert_then_find_generic() {
let service_key = format!("{}", unsafe { CFString::wrap_under_get_rule(kSecAttrService) });
let mut names = vec![];
for _ in 0..4 {
let name = generate_random_string();
set_generic_password(&name, &name, name.as_bytes()).unwrap();
names.push(name);
}
let results = ItemSearchOptions::new()
.class(ItemClass::generic_password())
.load_attributes(true)
.limit(Limit::All)
.search()
.unwrap();
assert!(results.len() >= names.len());
let mut found = 0;
for result in &results {
match result {
SearchResult::Dict(_) => {
let dict = result.simplify_dict().unwrap();
if let Some(val) = dict.get(&service_key) {
if names.contains(val) {
found += 1;
}
}
},
_ => panic!("Got a non-dictionary from a password search"),
}
}
assert_eq!(names.len(), found);
for name in &names {
delete_generic_password(name, name).unwrap();
}
}
#[test]
#[serial]
#[cfg(target_os = "macos")]
fn insert_then_find_generic_legacy() {
let keychain = SecKeychain::default().unwrap();
let service_key = format!("{}", unsafe { CFString::wrap_under_get_rule(kSecAttrService) });
// create 4 legacy and 4 modern generic passwords
let mut legacy_names = vec![];
for _ in 0..4 {
let name = generate_random_string();
keychain.set_generic_password(&name, &name, name.as_bytes()).unwrap();
legacy_names.push(name);
}
let mut modern_names = vec![];
for _ in 0..4 {
let name = generate_random_string();
set_generic_password(&name, &name, name.as_bytes()).unwrap();
modern_names.push(name);
}
// first check to see that the legacy passwords are found by the modern search
let results = ItemSearchOptions::new()
.class(ItemClass::generic_password())
.load_attributes(true)
.limit(Limit::All)
.search()
.unwrap();
assert!(results.len() >= legacy_names.len());
let mut found = 0;
for result in &results {
match result {
SearchResult::Dict(_) => {
let dict = result.simplify_dict().unwrap();
if let Some(val) = dict.get(&service_key) {
if legacy_names.contains(val) {
found += 1;
}
}
},
_ => panic!("Got a non-dictionary from a password search"),
}
}
assert_eq!(legacy_names.len(), found);
// next check to see that the modern passwords are found by the legacy search
for name in &modern_names {
keychain.find_generic_password(name, name).unwrap();
}
// finally delete both the legacy and the modern passwords
for name in &legacy_names {
let (_, item) = keychain.find_generic_password(name, name).unwrap();
item.delete();
}
for name in &modern_names {
delete_generic_password(name, name).unwrap();
}
}
#[test]
#[serial]
fn find_leftover_test_generic_passwords() {
let service_key = format!("{}", unsafe { CFString::wrap_under_get_rule(kSecAttrService) });
let username_key = format!("{}", unsafe { CFString::wrap_under_get_rule(kSecAttrAccount) });
let mut found: Vec<String> = vec![];
let results = ItemSearchOptions::new()
.class(ItemClass::generic_password())
.load_attributes(true)
.limit(Limit::All)
.search()
.unwrap();
for result in &results {
match result {
SearchResult::Dict(_) => {
let dict = result.simplify_dict().unwrap();
if let Some(val) = dict.get(&service_key) {
if val.len() == 30 {
if let Some(val2) = dict.get(&username_key) {
if val2.eq(val) {
// println!("Found left-over test-created entry: {}", val);
found.push(val.clone());
}
}
}
}
},
_ => panic!("Got a non-dictionary from a password search"),
}
}
assert!(found.is_empty(), "There are {} entries created by older tests: {:?}",
found.len(),
&found);
}
fn generate_random_string() -> String {
// from the Rust Cookbook:
// https://rust-lang-nursery.github.io/rust-cookbook/algorithms/randomness.html
use rand::{distributions::Alphanumeric, thread_rng, Rng};
thread_rng()
.sample_iter(&Alphanumeric)
.take(30)
.map(char::from)
.collect()
}
================================================
FILE: security-framework/Cargo.toml
================================================
[package]
name = "security-framework"
version = "3.7.1"
authors = [
"Steven Fackler <sfackler@gmail.com>",
"Kornel <kornel@geekhood.net>",
]
license = "MIT OR Apache-2.0"
description = "Security.framework bindings for macOS and iOS"
repository = "https://github.com/kornelski/rust-security-framework"
documentation = "https://docs.rs/security_framework"
homepage = "https://lib.rs/crates/security_framework"
categories = ["os::macos-apis", "cryptography", "api-bindings"]
readme = "README.md"
keywords = ["iOS", "TLS", "SSL", "crypto", "keychain"]
exclude = ["test/*"]
edition = "2024"
rust-version = "1.85"
[dependencies]
security-framework-sys = { version = "2.17", default-features = false, path = "../security-framework-sys" }
bitflags = "2.11"
core-foundation = "0.10"
core-foundation-sys = "0.8.6"
libc = "0.2.139"
log = { version = "0.4.20", optional = true }
[dev-dependencies]
hex = "0.4.3"
env_logger = "0.11"
x509-parser = "0.18"
time = "0.3.23"
tempfile = "3.12.0"
[features]
default = ["OSX_10_14", "alpn", "session-tickets"]
# Always enabled
alpn = []
# Always enabled
session-tickets = []
job-bless = []
# Enables `GenerateKeyOptions::set_synchronizable`. Warning: not backwards-compatible!
sync-keychain = ["OSX_10_13"]
# Always enabled
OSX_10_12 = []
# Always enabled
OSX_10_13 = []
# Always enabled
OSX_10_14 = []
OSX_10_15 = ["security-framework-sys/OSX_10_15"]
# Enable features that require macOS 12
macos-12 = ["security-framework-sys/macos-12"]
nightly = [] # not used, doesn't do anything, only for back compat
[lints]
workspace = true
[[example]]
name = "client"
[[example]]
name = "find_internet_password"
[[example]]
name = "set_internet_password"
[package.metadata.docs.rs]
targets = ["x86_64-apple-darwin", "aarch64-apple-ios"]
features = ["OSX_10_15"]
[badges]
maintenance = { status = "looking-for-maintainer" }
================================================
FILE: security-framework/THIRD_PARTY
================================================
This project contains documentation adapted from Apple Inc.'s Security Framework
under the following license:
APPLE PUBLIC SOURCE LICENSE
Version 2.0 - August 6, 2003
Please read this License carefully before downloading this software. By downloading or using this software, you are agreeing to be bound by the terms of this License. If you do not or cannot agree to the terms of this License, please do not download or use the software.
Apple Note: In January 2007, Apple changed its corporate name from "Apple Computer, Inc." to "Apple Inc." This change has been reflected below and copyright years updated, but no other changes have been made to the APSL 2.0.
1. General; Definitions. This License applies to any program or other work which Apple Inc. ("Apple") makes publicly available and which contains a notice placed by Apple identifying such program or work as "Original Code" and stating that it is subject to the terms of this Apple Public Source License version 2.0 ("License"). As used in this License:
1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the grantor of rights, (i) claims of patents that are now or hereafter acquired, owned by or assigned to Apple and (ii) that cover subject matter contained in the Original Code, but only to the extent necessary to use, reproduce and/or distribute the Original Code without infringement; and (b) in the case where You are the grantor of rights, (i) claims of patents that are now or hereafter acquired, owned by or assigned to You and (ii) that cover subject matter in Your Modifications, taken alone or in combination with Original Code.
1.2 "Contributor" means any person or entity that creates or contributes to the creation of Modifications.
1.3 "Covered Code" means the Original Code, Modifications, the combination of Original Code and any Modifications, and/or any respective portions thereof.
1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise make Covered Code available, directly or indirectly, to anyone other than You; and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way to provide a service, including but not limited to delivery of content, through electronic communication with a client other than You.
1.5 "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License.
1.6 "Modifications" mean any addition to, deletion from, and/or change to, the substance and/or structure of the Original Code, any previous Modifications, the combination of Original Code and any previous Modifications, and/or any respective portions thereof. When code is released as a series of files, a Modification is: (a) any addition to or deletion from the contents of a file containing Covered Code; and/or (b) any new file or other representation of computer program statements that contains any part of Covered Code.
1.7 "Original Code" means (a) the Source Code of a program or other work as originally made available by Apple under this License, including the Source Code of any updates or upgrades to such programs or works made available by Apple under this License, and that has been expressly identified by Apple as such in the header file(s) of such work; and (b) the object code compiled from such Source Code and originally made available by Apple under this License
1.8 "Source Code" means the human readable form of a program or other work that is suitable for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an executable (object code).
1.9 "You" or "Your" means an individual or a legal entity exercising rights under this License. For legal entities, "You" or "Your" includes any entity which controls, is controlled by, or is under common control with, You, where "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of fifty percent (50%) or more of the outstanding shares or beneficial ownership of such entity.
2. Permitted Uses; Conditions & Restrictions. Subject to the terms and conditions of this License, Apple hereby grants You, effective on the date You accept this License and download the Original Code, a world-wide, royalty-free, non-exclusive license, to the extent of Apple's Applicable Patent Rights and copyrights covering the Original Code, to do the following:
2.1 Unmodified Code. You may use, reproduce, display, perform, internally distribute within Your organization, and Externally Deploy verbatim, unmodified copies of the Original Code, for commercial or non-commercial purposes, provided that in each instance:
(a) You must retain and reproduce in all copies of Original Code the copyright and other proprietary notices and disclaimers of Apple as they appear in the Original Code, and keep intact all notices in the Original Code that refer to this License; and
(b) You must include a copy of this License with every copy of Source Code of Covered Code and documentation You distribute or Externally Deploy, and You may not offer or impose any terms on such Source Code that alter or restrict this License or the recipients' rights hereunder, except as permitted under Section 6.
2.2 Modified Code. You may modify Covered Code and use, reproduce, display, perform, internally distribute within Your organization, and Externally Deploy Your Modifications and Covered Code, for commercial or non-commercial purposes, provided that in each instance You also meet all of these conditions:
(a) You must satisfy all the conditions of Section 2.1 with respect to the Source Code of the Covered Code;
(b) You must duplicate, to the extent it does not already exist, the notice in Exhibit A in each file of the Source Code of all Your Modifications, and cause the modified files to carry prominent notices stating that You changed the files and the date of any change; and
(c) If You Externally Deploy Your Modifications, You must make Source Code of all Your Externally Deployed Modifications either available to those to whom You have Externally Deployed Your Modifications, or publicly available. Source Code of Your Externally Deployed Modifications must be released under the terms set forth in this License, including the license grants set forth in Section 3 below, for as long as you Externally Deploy the Covered Code or twelve (12) months from the date of initial External Deployment, whichever is longer. You should preferably distribute the Source Code of Your Externally Deployed Modifications electronically (e.g. download from a web site).
2.3 Distribution of Executable Versions. In addition, if You Externally Deploy Covered Code (Original Code and/or Modifications) in object code, executable form only, You must include a prominent notice, in the code itself as well as in related documentation, stating that Source Code of the Covered Code is available under the terms of this License with information on how and where to obtain such Source Code.
2.4 Third Party Rights. You expressly acknowledge and agree that although Apple and each Contributor grants the licenses to their respective portions of the Covered Code set forth herein, no assurances are provided by Apple or any Contributor that the Covered Code does not infringe the patent or other intellectual property rights of any other entity. Apple and each Contributor disclaim any liability to You for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, You hereby assume sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow You to distribute the Covered Code, it is Your responsibility to acquire that license before distributing the Covered Code.
3. Your Grants. In consideration of, and as a condition to, the licenses granted to You under this License, You hereby grant to any person or entity receiving or distributing Covered Code under this License a non-exclusive, royalty-free, perpetual, irrevocable license, under Your Applicable Patent Rights and other intellectual property rights (other than patent) owned or controlled by You, to use, reproduce, display, perform, modify, sublicense, distribute and Externally Deploy Your Modifications of the same scope and extent as Apple's licenses under Sections 2.1 and 2.2 above.
4. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In each such instance, You must make sure the requirements of this License are fulfilled for the Covered Code or any portion thereof.
5. Limitations on Patent License. Except as expressly stated in Section 2, no other patent rights, express or implied, are granted by Apple herein. Modifications and/or Larger Works may require additional patent licenses from Apple which Apple may grant in its sole discretion.
6. Additional Terms. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations and/or other rights consistent with the scope of the license granted herein ("Additional Terms") to one or more recipients of Covered Code. However, You may do so only on Your own behalf and as Your sole responsibility, and not on behalf of Apple or any Contributor. You must obtain the recipient's agreement that any such Additional Terms are offered by You alone, and You hereby agree to indemnify, defend and hold Apple and every Contributor harmless for any liability incurred by or claims asserted against Apple or such Contributor by reason of any such Additional Terms.
7. Versions of the License. Apple may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Once Original Code has been published under a particular version of this License, You may continue to use it under the terms of that version. You may also choose to use such Original Code under the terms of any subsequent version of this License published by Apple. No one other than Apple has the right to modify the terms applicable to Covered Code created under this License.
8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in part pre-release, untested, or not fully tested works. The Covered Code may contain errors that could cause failures or loss of data, and may be incomplete or contain inaccuracies. You expressly acknowledge and agree that use of the Covered Code, or any portion thereof, is at Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. You acknowledge that the Covered Code is not intended for use in the operation of nuclear facilities, aircraft navigation, communication systems, or air traffic control machines in which case the failure of the Covered Code could lead to death, personal injury, or severe physical or environmental damage.
9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO YOU. In no event shall Apple's total liability to You for all damages (other than as may be required by applicable law) under this License exceed the amount of fifty dollars ($50.00).
10. Trademarks. This License does not grant any rights to use the trademarks or trade names "Apple", "Mac", "Mac OS", "QuickTime", "QuickTime Streaming Server" or any other trademarks, service marks, logos or trade names belonging to Apple (collectively "Apple Marks") or to any trademark, service mark, logo or trade name belonging to any Contributor. You agree not to use any Apple Marks in or as part of the name of products derived from the Original Code or to endorse or promote products derived from the Original Code other than as expressly permitted by and in strict compliance at all times with Apple's third party trademark usage guidelines which are posted at http://www.apple.com/legal/guidelinesfor3rdparties.html.
11. Ownership. Subject to the licenses granted under this License, each Contributor retains all rights, title and interest in and to any Modifications made by such Contributor. Apple retains all rights, title and interest in and to the Original Code and any Modifications made by or on behalf of Apple ("Apple Modifications"), and such Apple Modifications will not be automatically subject to this License. Apple may, at its sole discretion, choose to license such Apple Modifications under this License, or on different terms from those contained in this License or may choose not to license them at all.
12. Termination.
12.1 Termination. This License and the rights granted hereunder will terminate:
(a) automatically without notice from Apple if You fail to comply with any term(s) of this License and fail to cure such breach within 30 days of becoming aware of such breach;
(b) immediately in the event of the circumstances described in Section 13.5(b); or
(c) automatically without notice from Apple if You, at any time during the term of this License, commence an action for patent infringement against Apple; provided that Apple did not first commence an action for patent infringement against You in that instance.
12.2 Effect of Termination. Upon termination, You agree to immediately stop any further use, reproduction, modification, sublicensing and distribution of the Covered Code. All sublicenses to the Covered Code which have been properly granted prior to termination shall survive any termination of this License. Provisions which, by their nature, should remain in effect beyond the termination of this License shall survive, including but not limited to Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. No party will be liable to any other for compensation, indemnity or damages of any sort solely as a result of terminating this License in accordance with its terms, and termination of this License will be without prejudice to any other right or remedy of any party.
13. Miscellaneous.
13.1 Government End Users. The Covered Code is a "commercial item" as defined in FAR 2.101. Government software and technical data rights in the Covered Code include only those rights customarily provided to the public as defined in this License. This customary commercial license in technical data and software is provided in accordance with FAR 12.211 (Technical Data) and 12.212 (Computer Software) and, for Department of Defense purchases, DFAR 252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). Accordingly, all U.S. Government End Users acquire Covered Code with only those rights set forth herein.
13.2 Relationship of Parties. This License will not be construed as creating an agency, partnership, joint venture or any other form of legal association between or among You, Apple or any Contributor, and You will not represent to the contrary, whether expressly, by implication, appearance or otherwise.
13.3 Independent Development. Nothing in this License will impair Apple's right to acquire, license, develop, have others develop for it, market and/or distribute technology or products that perform the same or similar functions as, or otherwise compete with, Modifications, Larger Works, technology or products that You may develop, produce, market or distribute.
13.4 Waiver; Construction. Failure by Apple or any Contributor to enforce any provision of this License will not be deemed a waiver of future enforcement of that or any other provision. Any law or regulation which provides that the language of a contract shall be construed against the drafter will not apply to this License.
13.5 Severability. (a) If for any reason a court of competent jurisdiction finds any provision of this License, or portion thereof, to be unenforceable, that provision of the License will be enforced to the maximum extent permissible so as to effect the economic benefits and intent of the parties, and the remainder of this License will continue in full force and effect. (b) Notwithstanding the foregoing, if applicable law prohibits or restricts You from fully and/or specifically complying with Sections 2 and/or 3 or prevents the enforceability of either of those Sections, this License will immediately terminate and You must immediately discontinue any use of the Covered Code and destroy all copies of it that are in your possession or control.
13.6 Dispute Resolution. Any litigation or other dispute resolution between You and Apple relating to this License shall take place in the Northern District of California, and You and Apple hereby consent to the personal jurisdiction of, and venue in, the state and federal courts within that District with respect to this License. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.
13.7 Entire Agreement; Governing Law. This License constitutes the entire agreement between the parties with respect to the subject matter hereof. This License shall be governed by the laws of the United States and the State of California, except that body of California law concerning conflicts of law.
Where You are located in the province of Quebec, Canada, the following clause applies: The parties hereby confirm that they have requested that this License and all related documents be drafted in English. Les parties ont exigé que le présent contrat et tous les documents connexes soient rédigés en anglais.
EXHIBIT A.
"Portions Copyright (c) 1999-2007 Apple Inc. All Rights Reserved.
This file contains Original Code and/or Modifications of Original Code as defined in and that are subject to the Apple Public Source License Version 2.0 (the 'License'). You may not use this file except in compliance with the License. Please obtain a copy of the License at http://www.opensource.apple.com/apsl/ and read it before using this file.
The Original Code and all software distributed under the License are distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the specific language governing rights and limitations under the License."
================================================
FILE: security-framework/examples/client.rs
================================================
use security_framework::secure_transport::ClientBuilder;
use std::io::{Read, Write};
use std::net::TcpStream;
fn main() {
let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = ClientBuilder::new().handshake("google.com", stream).unwrap();
println!("negotiated chipher: {:?}", stream.context().negotiated_cipher().unwrap());
println!("negotiated version: {:?}", stream.context().negotiated_protocol_version().unwrap());
stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
stream.flush().unwrap();
let mut buf = vec![];
stream.read_to_end(&mut buf).unwrap();
println!("{}", String::from_utf8_lossy(&buf));
}
================================================
FILE: security-framework/examples/find_internet_password.rs
================================================
#[cfg(target_os = "macos")]
use security_framework::os::macos::keychain::SecKeychain;
#[cfg(target_os = "macos")]
use security_framework::os::macos::passwords::{SecAuthenticationType, SecProtocolType};
fn main() {
#[cfg(target_os = "macos")] {
let hostname = "example.com";
let username = "rusty";
let res = SecKeychain::default().unwrap().find_internet_password(
hostname,
None,
username,
"",
None,
SecProtocolType::Any,
SecAuthenticationType::Any,
);
match res {
Ok((password, _)) => {
println!(
"Password for {}@{} is {} bytes long",
username,
hostname,
password.len()
);
}
Err(err) if err.code() == -128 => {
eprintln!("Account was found in the Keychain, but user denied access");
}
Err(err) => {
eprintln!("Password not found. Open Keychain Access.app and add internet password for '{username}' at 'https://{hostname}': {err:?}");
}
}
}}
================================================
FILE: security-framework/examples/set_internet_password.rs
================================================
#[cfg(target_os = "macos")]
use security_framework::os::macos::keychain::SecKeychain;
#[cfg(target_os = "macos")]
use security_framework::os::macos::passwords::{SecAuthenticationType, SecProtocolType};
fn main() {
#[cfg(target_os = "macos")] {
let hostname = "example.com";
let username = "rusty";
let password = b"oxidize";
let res = SecKeychain::default().unwrap().set_internet_password(
hostname,
None,
username,
"",
None,
SecProtocolType::HTTPS,
SecAuthenticationType::HTMLForm,
password,
);
match res {
Ok(()) => {
println!(
"Password set for {username}@{hostname}. You can read it using find_internet_password example"
);
}
Err(err) => {
eprintln!("Could not set password: {err:?}");
}
}
}}
================================================
FILE: security-framework/src/access_control.rs
================================================
//! Access Control support.
use crate::base::{Error, Result};
use core_foundation::base::{kCFAllocatorDefault, CFOptionFlags, TCFType};
use core_foundation::string::CFString;
use core_foundation::{declare_TCFType, impl_TCFType};
use security_framework_sys::access_control::{
kSecAttrAccessibleAfterFirstUnlock, kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAttrAccessibleWhenUnlocked,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly, SecAccessControlCreateWithFlags,
SecAccessControlGetTypeID,
};
use security_framework_sys::base::{errSecParam, SecAccessControlRef};
use std::fmt;
use std::ptr;
declare_TCFType! {
/// A type representing sec access control settings.
SecAccessControl, SecAccessControlRef
}
impl_TCFType!(
SecAccessControl,
SecAccessControlRef,
SecAccessControlGetTypeID
);
unsafe impl Sync for SecAccessControl {}
unsafe impl Send for SecAccessControl {}
/// Specify when an item is available.
pub enum ProtectionMode {
/// The data in the keychain can only be accessed when the device is
/// unlocked. Only available if a passcode is set on the device.
AccessibleWhenPasscodeSetThisDeviceOnly,
///The data in the keychain item can be accessed only while the device is
/// unlocked by the user.
AccessibleWhenUnlockedThisDeviceOnly,
/// The data in the keychain item can be accessed only while the device is
/// unlocked by the user.
AccessibleWhenUnlocked,
/// The data in the keychain item cannot be accessed after a restart until
/// the device has been unlocked once by the user.
AccessibleAfterFirstUnlockThisDeviceOnly,
/// The data in the keychain item cannot be accessed after a restart until
/// the device has been unlocked once by the user.
AccessibleAfterFirstUnlock,
}
impl SecAccessControl {
/// Create `AccessControl` object from flags
pub fn create_with_flags(flags: CFOptionFlags) -> Result<Self> {
Self::create_with_protection(None, flags)
}
/// Create `AccessControl` object from a protection value and flags.
pub fn create_with_protection(protection: Option<ProtectionMode>, flags: CFOptionFlags) -> Result<Self> {
let protection_val = protection.map(|v| {
match v {
ProtectionMode::AccessibleWhenPasscodeSetThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly) },
ProtectionMode::AccessibleWhenUnlockedThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlockedThisDeviceOnly) },
ProtectionMode::AccessibleWhenUnlocked => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlocked) },
ProtectionMode::AccessibleAfterFirstUnlockThisDeviceOnly => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly) },
ProtectionMode::AccessibleAfterFirstUnlock => unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleAfterFirstUnlock) },
}
}).unwrap_or_else(|| {
unsafe { CFString::wrap_under_get_rule(kSecAttrAccessibleWhenUnlocked) }
});
unsafe {
let access_control = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
protection_val.as_CFTypeRef(),
flags,
ptr::null_mut(),
);
if access_control.is_null() {
Err(Error::from_code(errSecParam))
} else {
Ok(Self::wrap_under_create_rule(access_control))
}
}
}
}
impl fmt::Debug for SecAccessControl {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("SecAccessControl").finish_non_exhaustive()
}
}
================================================
FILE: security-framework/src/authorization.rs
================================================
//! Authorization Services support.
/// # Potential improvements
///
/// * When generic specialization stabilizes prevent copying from `CString` arguments.
/// * `AuthorizationCopyRightsAsync`
/// * Provide constants for well known item names
use crate::base::{Error, Result};
#[cfg(all(target_os = "macos", feature = "job-bless"))]
use core_foundation::base::Boolean;
use core_foundation::base::{CFTypeRef, TCFType};
use core_foundation::bundle::CFBundleRef;
use core_foundation::dictionary::{CFDictionary, CFDictionaryRef};
#[cfg(all(target_os = "macos", feature = "job-bless"))]
use core_foundation::error::CFError;
#[cfg(all(target_os = "macos", feature = "job-bless"))]
use core_foundation::error::CFErrorRef;
use core_foundation::string::{CFString, CFStringRef};
use security_framework_sys::authorization as sys;
use security_framework_sys::base::errSecConversionError;
use std::ffi::{CStr, CString};
use std::fs::File;
use std::marker::PhantomData;
use std::mem::MaybeUninit;
use std::os::raw::c_void;
use std::ptr::addr_of;
use sys::AuthorizationExternalForm;
macro_rules! optional_str_to_cfref {
($string:ident) => {{
$string
.map(CFString::new)
.map_or(std::ptr::null(), |cfs| cfs.as_concrete_TypeRef())
}};
}
macro_rules! cstring_or_err {
($x:expr) => {{
CString::new($x).map_err(|_| Error::from_code(errSecConversionError))
}};
}
bitflags::bitflags! {
/// The flags used to specify authorization options.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct Flags: sys::AuthorizationFlags {
/// An empty flag set that you use as a placeholder when you don't want
/// any of the other flags.
const DEFAULTS = sys::kAuthorizationFlagDefaults;
/// A flag that permits user interaction as needed.
const INTERACTION_ALLOWED = sys::kAuthorizationFlagInteractionAllowed;
/// A flag that permits the Security Server to attempt to grant the
/// rights requested.
const EXTEND_RIGHTS = sys::kAuthorizationFlagExtendRights;
/// A flag that permits the Security Server to grant rights on an
/// individual basis.
const PARTIAL_RIGHTS = sys::kAuthorizationFlagPartialRights;
/// A flag that instructs the Security Server to revoke authorization.
const DESTROY_RIGHTS = sys::kAuthorizationFlagDestroyRights;
/// A flag that instructs the Security Server to preauthorize the rights
/// requested.
const PREAUTHORIZE = sys::kAuthorizationFlagPreAuthorize;
}
}
impl Default for Flags {
#[inline(always)]
fn default() -> Self {
Self::DEFAULTS
}
}
/// Information about an authorization right or the environment.
#[repr(C)]
pub struct AuthorizationItem(sys::AuthorizationItem);
impl AuthorizationItem {
/// The required name of the authorization right or environment data.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
#[must_use]
pub fn name(&self) -> &str {
unsafe {
CStr::from_ptr(self.0.name)
.to_str()
.expect("AuthorizationItem::name failed to convert &str to CStr")
}
}
/// The information pertaining to the name field. Do not rely on NULL
/// termination of string data.
#[inline]
#[must_use]
pub fn value(&self) -> Option<&[u8]> {
if self.0.value.is_null() {
return None;
}
let value = unsafe { std::slice::from_raw_parts(self.0.value as *const u8, self.0.valueLength) };
Some(value)
}
}
/// A set of authorization items returned and owned by the Security Server.
#[derive(Debug)]
#[repr(C)]
pub struct AuthorizationItemSet<'a> {
inner: *const sys::AuthorizationItemSet,
phantom: PhantomData<&'a sys::AuthorizationItemSet>,
}
impl Drop for AuthorizationItemSet<'_> {
#[inline]
fn drop(&mut self) {
unsafe {
sys::AuthorizationFreeItemSet(self.inner.cast_mut());
}
}
}
/// Used by `AuthorizationItemSetBuilder` to store data pointed to by
/// `sys::AuthorizationItemSet`.
#[derive(Debug)]
pub struct AuthorizationItemSetStorage {
/// The layout of this is a little awkward because of the requirements of
/// Apple's APIs. `items` contains pointers to data owned by `names` and
/// `values`, so we must not modify them once `items` has been set up.
names: Vec<CString>,
values: Vec<Option<Vec<u8>>>,
items: Vec<sys::AuthorizationItem>,
/// Must not be given to APIs which would attempt to modify it.
///
/// See `AuthorizationItemSet` for sets owned by the Security Server which
/// are writable.
pub set: sys::AuthorizationItemSet,
}
impl Default for AuthorizationItemSetStorage {
#[inline]
fn default() -> Self {
Self {
names: Vec::new(),
values: Vec::new(),
items: Vec::new(),
set: sys::AuthorizationItemSet {
count: 0,
items: std::ptr::null_mut(),
},
}
}
}
/// A convenience `AuthorizationItemSetBuilder` builder which enabled you to use
/// rust types. All names and values passed in will be copied.
#[derive(Debug, Default)]
pub struct AuthorizationItemSetBuilder {
storage: AuthorizationItemSetStorage,
}
// Stores AuthorizationItems contiguously, and their items separately
impl AuthorizationItemSetBuilder {
/// Creates a new `AuthorizationItemSetStore`, which simplifies creating
/// owned vectors of `AuthorizationItem`s.
#[inline(always)]
#[must_use]
pub fn new() -> Self {
Default::default()
}
/// Adds an `AuthorizationItem` with the name set to a right and an empty
/// value.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn add_right<N: Into<Vec<u8>>>(mut self, name: N) -> Result<Self> {
self.storage.names.push(cstring_or_err!(name)?);
self.storage.values.push(None);
Ok(self)
}
/// Adds an `AuthorizationItem` with arbitrary data.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn add_data<N, V>(mut self, name: N, value: V) -> Result<Self>
where
N: Into<Vec<u8>>,
V: Into<Vec<u8>>,
{
self.storage.names.push(cstring_or_err!(name)?);
self.storage.values.push(Some(value.into()));
Ok(self)
}
/// Adds an `AuthorizationItem` with NULL terminated string data.
///
/// If `name` or `value` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn add_string<N, V>(mut self, name: N, value: V) -> Result<Self>
where
N: Into<Vec<u8>>,
V: Into<Vec<u8>>,
{
self.storage.names.push(cstring_or_err!(name)?);
self.storage
.values
.push(Some(cstring_or_err!(value)?.to_bytes().to_vec()));
Ok(self)
}
/// Creates the `sys::AuthorizationItemSet`, and gives you ownership of the
/// data it points to.
#[must_use]
pub fn build(mut self) -> AuthorizationItemSetStorage {
self.storage.items = self
.storage
.names
.iter()
.zip(self.storage.values.iter())
.map(|(n, v)| sys::AuthorizationItem {
name: n.as_ptr(),
value: v
.as_ref()
.map_or(std::ptr::null_mut(), |v| v.as_ptr() as *mut c_void),
valueLength: v.as_ref().map_or(0, |v| v.len()),
flags: 0,
})
.collect();
self.storage.set = sys::AuthorizationItemSet {
count: self.storage.items.len() as u32,
items: self.storage.items.as_ptr().cast_mut(),
};
self.storage
}
}
/// Used by `Authorization::set_item` to define the rules of he right.
#[derive(Copy, Clone)]
pub enum RightDefinition<'a> {
/// The dictionary will contain the keys and values that define the rules.
FromDictionary(&'a CFDictionary<CFStringRef, CFTypeRef>),
/// The specified right's rules will be duplicated.
FromExistingRight(&'a str),
}
/// A wrapper around `AuthorizationCreate` and functions which operate on an
/// `AuthorizationRef`.
#[derive(Debug)]
pub struct Authorization {
handle: sys::AuthorizationRef,
free_flags: Flags,
}
impl TryFrom<AuthorizationExternalForm> for Authorization {
type Error = Error;
/// Internalizes the external representation of an authorization reference.
#[cold]
fn try_from(external_form: AuthorizationExternalForm) -> Result<Self> {
let mut handle = MaybeUninit::<sys::AuthorizationRef>::uninit();
let status = unsafe {
sys::AuthorizationCreateFromExternalForm(&external_form, handle.as_mut_ptr())
};
if status != sys::errAuthorizationSuccess {
return Err(Error::from_code(status));
}
let auth = Self {
handle: unsafe { handle.assume_init() },
free_flags: Flags::default(),
};
Ok(auth)
}
}
impl Authorization {
/// Creates an authorization object which has no environment or associated
/// rights.
#[inline]
#[allow(clippy::should_implement_trait)]
pub fn default() -> Result<Self> {
Self::new(None, None, Default::default())
}
/// Creates an authorization reference and provides an option to authorize
/// or preauthorize rights.
///
/// `rights` should be the names of the rights you want to create.
///
/// `environment` is used when authorizing or preauthorizing rights. Not
/// used in OS X v10.2 and earlier. In macOS 10.3 and later, you can pass
/// icon or prompt data to be used in the authentication dialog box. In
/// macOS 10.4 and later, you can also pass a user name and password in
/// order to authorize a user without user interaction.
#[allow(clippy::unnecessary_cast)]
#[allow(clippy::needless_pass_by_value)]
pub fn new(
// FIXME: this should have been by reference
rights: Option<AuthorizationItemSetStorage>,
environment: Option<AuthorizationItemSetStorage>,
flags: Flags,
) -> Result<Self> {
let rights_ptr = rights.as_ref().map_or(std::ptr::null(), |r| {
addr_of!(r.set).cast::<sys::AuthorizationItemSet>()
});
let env_ptr = environment.as_ref().map_or(std::ptr::null(), |e| {
addr_of!(e.set).cast::<sys::AuthorizationItemSet>()
});
let mut handle = MaybeUninit::<sys::AuthorizationRef>::uninit();
let status = unsafe {
sys::AuthorizationCreate(rights_ptr, env_ptr, flags.bits(), handle.as_mut_ptr())
};
if status != sys::errAuthorizationSuccess {
return Err(Error::from_code(status));
}
Ok(Self {
handle: unsafe { handle.assume_init() },
free_flags: Default::default(),
})
}
/// Internalizes the external representation of an authorization reference.
#[deprecated(since = "2.0.1", note = "Please use the TryFrom trait instead")]
pub fn from_external_form(external_form: sys::AuthorizationExternalForm) -> Result<Self> {
external_form.try_into()
}
/// By default the rights acquired will be retained by the Security Server.
/// Use this to ensure they are destroyed and to prevent shared rights'
/// continued used by other processes.
#[inline(always)]
pub fn destroy_rights(mut self) {
self.free_flags = Flags::DESTROY_RIGHTS;
}
/// Retrieve's the right's definition as a dictionary. Use `right_exists`
/// if you want to avoid retrieving the dictionary.
///
/// `name` can be a wildcard right name.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
// TODO: deprecate and remove. CFDictionary should not be exposed in public Rust APIs.
pub fn get_right<T: Into<Vec<u8>>>(name: T) -> Result<CFDictionary<CFString, CFTypeRef>> {
let name = cstring_or_err!(name)?;
let mut dict = MaybeUninit::<CFDictionaryRef>::uninit();
let status = unsafe { sys::AuthorizationRightGet(name.as_ptr(), dict.as_mut_ptr()) };
if status != sys::errAuthorizationSuccess {
return Err(Error::from_code(status));
}
let dict = unsafe { CFDictionary::wrap_under_create_rule(dict.assume_init()) };
Ok(dict)
}
/// Checks if a right exists within the policy database. This is the same as
/// `get_right`, but avoids a dictionary allocation.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn right_exists<T: Into<Vec<u8>>>(name: T) -> Result<bool> {
let name = cstring_or_err!(name)?;
let status = unsafe { sys::AuthorizationRightGet(name.as_ptr(), std::ptr::null_mut()) };
Ok(status == sys::errAuthorizationSuccess)
}
/// Removes a right from the policy database.
///
/// `name` cannot be a wildcard right name.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn remove_right<T: Into<Vec<u8>>>(&self, name: T) -> Result<()> {
let name = cstring_or_err!(name)?;
let status = unsafe { sys::AuthorizationRightRemove(self.handle, name.as_ptr()) };
if status != sys::errAuthorizationSuccess {
return Err(Error::from_code(status));
}
Ok(())
}
/// Creates or updates a right entry in the policy database. Your process
/// must have a code signature in order to be able to add rights to the
/// authorization database.
///
/// `name` cannot be a wildcard right.
///
/// `definition` can be either a `CFDictionaryRef` containing keys defining
/// the rules or a `CFStringRef` representing the name of another right
/// whose rules you wish to duplicaate.
///
/// `description` is a key which can be used to look up localized
/// descriptions.
///
/// `bundle` will be used to get localizations from if not the main bundle.
///
/// `localeTableName` will be used to get localizations if provided.
///
/// If `name` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn set_right<T: Into<Vec<u8>>>(
&self,
name: T,
definition: RightDefinition<'_>,
description: Option<&str>,
bundle: Option<CFBundleRef>,
locale: Option<&str>,
) -> Result<()> {
let name = cstring_or_err!(name)?;
let definition_cfstring: CFString;
let definition_ref = match definition {
RightDefinition::FromDictionary(def) => def.as_CFTypeRef(),
RightDefinition::FromExistingRight(def) => {
definition_cfstring = CFString::new(def);
definition_cfstring.as_CFTypeRef()
},
};
let status = unsafe {
sys::AuthorizationRightSet(
self.handle,
name.as_ptr(),
definition_ref,
optional_str_to_cfref!(description),
bundle.unwrap_or(std::ptr::null_mut()),
optional_str_to_cfref!(locale),
)
};
if status != sys::errAuthorizationSuccess {
return Err(Error::from_code(status));
}
Ok(())
}
/// An authorization plugin can store the results of an authentication
/// operation by calling the `SetContextValue` function. You can then
/// retrieve this supporting data, such as the user name.
///
/// `tag` should specify the type of data the Security Server should return.
/// If `None`, all available information is retreieved.
///
/// If `tag` isn't convertable to a `CString` it will return
/// Err(errSecConversionError).
pub fn copy_info<T: Into<Vec<u8>>>(&self, tag: Option<T>) -> Result<AuthorizationItemSet<'_>> {
let tag_with_nul: CString;
let tag_ptr = match tag {
Some(tag) => {
tag_with_nul = cstring_or_err!(tag)?;
tag_with_nul.as_ptr()
},
None => std::ptr::null(),
};
let mut inner = MaybeUninit::<*mut sys::AuthorizationItemSet>::uninit();
let status = unsafe { sys::AuthorizationCopyInfo(self.handle, tag_ptr, inner.as_mut_ptr()) };
if status != sys::errAuthorizationSuccess {
return Err(Error::from(status));
}
let set = AuthorizationItemSet {
inner: unsafe { inner.assume_init() },
phantom: PhantomData,
};
Ok(set)
}
/// Creates an external representation of an authorization reference so that
/// you can transmit it between processes.
pub fn make_external_form(&self) -> Result<sys::AuthorizationExternalForm> {
let mut external_form = MaybeUninit::<sys::AuthorizationExternalForm>::uninit();
let status = unsafe { sys::AuthorizationMakeExternalForm(self.handle, external_form.as_mut_ptr()) };
if status != sys::errAuthorizationSuccess {
return Err(Error::from(status));
}
Ok(unsafe { external_form.assume_init() })
}
/// Runs an executable tool with root privileges.
/// Discards executable's output
#[cfg(target_os = "macos")]
#[inline(always)]
pub fn execute_with_privileges<P, S, I>(
&self,
command: P,
arguments: I,
flags: Flags,
) -> Result<()>
where
P: AsRef<std::path::Path>,
I: IntoIterator<Item = S>,
S: AsRef<std::ffi::OsStr>,
{
use std::os::unix::ffi::OsStrExt;
let arguments = arguments
.into_iter().flat_map(|a| CString::new(a.as_ref().as_bytes()))
.collect::<Vec<_>>();
self.execute_with_privileges_internal(command.as_ref().as_os_str().as_bytes(), &arguments, flags, false)?;
Ok(())
}
/// Runs an executable tool with root privileges,
/// and returns a `File` handle to its communication pipe
#[cfg(target_os = "macos")]
#[inline(always)]
pub fn execute_with_privileges_piped<P, S, I>(
&self,
command: P,
arguments: I,
flags: Flags,
) -> Result<File>
where
P: AsRef<std::path::Path>,
I: IntoIterator<Item = S>,
S: AsRef<std::ffi::OsStr>,
{
use std::os::unix::ffi::OsStrExt;
let arguments = arguments
.into_iter().flat_map(|a| CString::new(a.as_ref().as_bytes()))
.collect::<Vec<_>>();
Ok(self.execute_with_privileges_internal(command.as_ref().as_os_str().as_bytes(), &arguments, flags, true)?.unwrap())
}
/// Submits the executable for the given label as a `launchd` job.
#[cfg(all(target_os = "macos", feature = "job-bless"))]
pub fn job_bless(&self, label: &str) -> Result<(), CFError> {
#[link(name = "ServiceManagement", kind = "framework")]
unsafe extern "C" {
static kSMDomainSystemLaunchd: CFStringRef;
fn SMJobBless(
domain: CFStringRef,
executableLabel: CFStringRef,
auth: sys::AuthorizationRef,
error: *mut CFErrorRef,
) -> Boolean;
}
unsafe {
let mut error = std::ptr::null_mut();
SMJobBless(
kSMDomainSystemLaunchd,
CFString::new(label).as_concrete_TypeRef(),
self.handle,
&mut error,
);
if !error.is_null() {
return Err(CFError::wrap_under_create_rule(error));
}
Ok(())
}
}
// Runs an executable tool with root privileges.
#[cfg(target_os = "macos")]
fn execute_with_privileges_internal(
&self,
command: &[u8],
arguments: &[CString],
flags: Flags,
make_pipe: bool,
) -> Result<Option<File>> {
use std::os::unix::io::{FromRawFd, RawFd};
let c_cmd = cstring_or_err!(command)?;
let mut c_args = arguments.iter().map(|a| a.as_ptr().cast_mut()).collect::<Vec<_>>();
c_args.push(std::ptr::null_mut());
let mut pipe: *mut libc::FILE = std::ptr::null_mut();
let status = unsafe {
sys::AuthorizationExecuteWithPrivileges(
self.handle,
c_cmd.as_ptr(),
flags.bits(),
c_args.as_ptr(),
if make_pipe { &mut pipe } else { std::ptr::null_mut() },
)
};
crate::cvt(status)?;
Ok(if make_pipe {
if pipe.is_null() {
return Err(Error::from_code(32)); // EPIPE?
}
Some(unsafe { File::from_raw_fd(libc::fileno(pipe) as RawFd) })
} else {
None
})
}
}
impl Drop for Authorization {
#[inline]
fn drop(&mut self) {
unsafe {
sys::AuthorizationFree(self.handle, self.free_flags.bits());
}
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_create_default_authorization() {
Authorization::default().unwrap();
}
#[test]
fn test_create_allowed_authorization() -> Result<()> {
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.hdd.smart")?
.add_right("system.login.done")?
.build();
Authorization::new(Some(rights), None, Flags::EXTEND_RIGHTS).unwrap();
Ok(())
}
#[test]
fn test_create_then_destroy_allowed_authorization() -> Result<()> {
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.hdd.smart")?
.add_right("system.login.done")?
.build();
let auth = Authorization::new(Some(rights), None, Flags::EXTEND_RIGHTS).unwrap();
auth.destroy_rights();
Ok(())
}
#[test]
fn test_create_authorization_requiring_interaction() -> Result<()> {
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.privilege.admin")?
.build();
let error = Authorization::new(Some(rights), None, Flags::EXTEND_RIGHTS).unwrap_err();
assert_eq!(error.code(), sys::errAuthorizationInteractionNotAllowed);
Ok(())
}
fn create_credentials_env() -> Result<AuthorizationItemSetStorage> {
let set = AuthorizationItemSetBuilder::new()
.add_string("username", std::env::var("USER").expect("You must set the USER environment variable"))?
.add_string("password", std::env::var("PASSWORD").expect("You must set the PASSWORD environment varible"))?
.build();
Ok(set)
}
#[test]
fn test_create_authorization_with_bad_credentials() -> Result<()> {
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.privilege.admin")?
.build();
let env = AuthorizationItemSetBuilder::new()
.add_string("username", "Tim Apple")?
.add_string("password", "butterfly")?
.build();
let error =
Authorization::new(Some(rights), Some(env), Flags::INTERACTION_ALLOWED).unwrap_err();
assert_eq!(error.code(), sys::errAuthorizationDenied);
Ok(())
}
#[test]
fn test_create_authorization_with_credentials() -> Result<()> {
if std::env::var_os("PASSWORD").is_none() {
return Ok(());
}
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.privilege.admin")?
.build();
let env = create_credentials_env()?;
Authorization::new(Some(rights), Some(env), Flags::EXTEND_RIGHTS).unwrap();
Ok(())
}
#[test]
fn test_query_authorization_database() -> Result<()> {
assert!(Authorization::right_exists("system.hdd.smart")?);
assert!(!Authorization::right_exists("EMPTY")?);
let dict = Authorization::get_right("system.hdd.smart").unwrap();
let key = CFString::from_static_string("class");
assert!(dict.contains_key(&key));
let invalid_key = CFString::from_static_string("EMPTY");
assert!(!dict.contains_key(&invalid_key));
Ok(())
}
/// This test will only pass if its process has a valid code signature.
#[test]
fn test_modify_authorization_database() -> Result<()> {
if std::env::var_os("PASSWORD").is_none() {
return Ok(());
}
let rights = AuthorizationItemSetBuilder::new()
.add_right("config.modify.")?
.build();
let env = create_credentials_env()?;
let auth = Authorization::new(Some(rights), Some(env), Flags::EXTEND_RIGHTS).unwrap();
assert!(!Authorization::right_exists("TEST_RIGHT")?);
auth.set_right(
"TEST_RIGHT",
RightDefinition::FromExistingRight("system.hdd.smart"),
None,
None,
None,
)
.unwrap();
assert!(Authorization::right_exists("TEST_RIGHT")?);
auth.remove_right("TEST_RIGHT").unwrap();
assert!(!Authorization::right_exists("TEST_RIGHT")?);
Ok(())
}
/// This test will succeed if authorization popup is approved.
#[test]
fn test_execute_with_privileges() -> Result<()> {
if std::env::var_os("PASSWORD").is_none() {
return Ok(());
}
let rights = AuthorizationItemSetBuilder::new()
.add_right("system.privilege.admin")?
.build();
let auth = Authorization::new(
Some(rights),
None,
Flags::DEFAULTS
| Flags::INTERACTION_ALLOWED
| Flags::PREAUTHORIZE
| Flags::EXTEND_RIGHTS,
)?;
let file = auth.execute_with_privileges_piped("/bin/ls", ["/"], Flags::DEFAULTS)?;
use std::io::{self, BufRead};
for line in io::BufReader::new(file).lines() {
let _ = line.unwrap();
}
Ok(())
}
}
================================================
FILE: security-framework/src/base.rs
================================================
//! Support types for other modules.
use core_foundation::string::CFString;
use core_foundation_sys::base::OSStatus;
use std::num::NonZeroI32;
use std::{error, fmt, result};
/// A `Result` type commonly returned by functions.
pub type Result<T, E = Error> = result::Result<T, E>;
/// A Security Framework error.
#[derive(Copy, Clone)]
pub struct Error(NonZeroI32);
impl fmt::Debug for Error {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
let mut builder = fmt.debug_struct("Error");
builder.field("code", &self.0);
if let Some(message) = self.message() {
builder.field("message", &message);
}
builder.finish()
}
}
impl Error {
/// Creates a new `Error` from a status code.
/// The code must not be zero
#[inline]
#[must_use]
pub fn from_code(code: OSStatus) -> Self {
Self(NonZeroI32::new(code).unwrap_or_else(|| NonZeroI32::new(1).unwrap()))
}
/// Returns a string describing the current error, if available.
#[inline(always)]
#[must_use]
pub fn message(self) -> Option<String> {
self.inner_message()
}
#[cold]
fn inner_message(self) -> Option<String> {
use core_foundation::base::TCFType;
use security_framework_sys::base::SecCopyErrorMessageString;
use std::ptr;
unsafe {
let s = SecCopyErrorMessageString(self.code(), ptr::null_mut());
if s.is_null() {
None
} else {
Some(CFString::wrap_under_create_rule(s).to_string())
}
}
}
/// Returns the code of the current error.
#[inline(always)]
#[must_use]
pub const fn code(self) -> OSStatus {
self.0.get() as _
}
}
impl From<OSStatus> for Error {
#[inline(always)]
fn from(code: OSStatus) -> Self {
Self::from_code(code)
}
}
impl fmt::Display for Error {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
if let Some(message) = self.message() {
write!(fmt, "{message}")
} else {
write!(fmt, "error code {}", self.code())
}
}
}
impl error::Error for Error {}
================================================
FILE: security-framework/src/certificate.rs
================================================
//! Certificate support.
use core_foundation::array::{CFArray, CFArrayRef};
use core_foundation::base::{TCFType, ToVoid};
use core_foundation::data::CFData;
use core_foundation::dictionary::CFMutableDictionary;
use core_foundation::string::CFString;
use core_foundation::{declare_TCFType, impl_TCFType};
use core_foundation_sys::base::kCFAllocatorDefault;
#[cfg(any(target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
use security_framework_sys::base::{errSecNotTrusted, errSecSuccess};
use security_framework_sys::base::{errSecParam, SecCertificateRef};
use security_framework_sys::certificate::*;
use security_framework_sys::keychain_item::SecItemDelete;
use std::fmt;
use std::ptr;
use crate::base::{Error, Result};
use crate::cvt;
use crate::key;
#[cfg(target_os = "macos")]
use crate::os::macos::keychain::SecKeychain;
use core_foundation::base::FromVoid;
use core_foundation::error::{CFError, CFErrorRef};
use core_foundation::number::CFNumber;
use security_framework_sys::item::kSecValueRef;
declare_TCFType! {
/// A type representing a certificate.
SecCertificate, SecCertificateRef
}
impl_TCFType!(SecCertificate, SecCertificateRef, SecCertificateGetTypeID);
unsafe impl Sync for SecCertificate {}
unsafe impl Send for SecCertificate {}
impl fmt::Debug for SecCertificate {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt.debug_struct("SecCertificate")
.field("subject", &self.subject_summary())
.finish()
}
}
impl SecCertificate {
/// Creates a `SecCertificate` from DER encoded certificate data.
pub fn from_der(der_data: &[u8]) -> Result<Self> {
let der_data = CFData::from_buffer(der_data);
unsafe {
let certificate = SecCertificateCreateWithData(kCFAllocatorDefault, der_data.as_concrete_TypeRef());
if certificate.is_null() {
Err(Error::from_code(errSecParam))
} else {
Ok(Self::wrap_under_create_rule(certificate))
}
}
}
/// Returns DER encoded data describing this certificate.
#[must_use]
pub fn to_der(&self) -> Vec<u8> {
unsafe {
let der_data = SecCertificateCopyData(self.0);
CFData::wrap_under_create_rule(der_data).to_vec()
}
}
/// Adds a certificate to a keychain.
#[cfg(target_os = "macos")]
pub fn add_to_keychain(&self, keychain: Option<SecKeychain>) -> Result<()> {
let kch = match keychain {
Some(kch) => kch,
_ => SecKeychain::default()?,
};
cvt(unsafe {
SecCertificateAddToKeychain(self.as_CFTypeRef() as *mut _, kch.as_CFTypeRef() as *mut _)
})
}
/// Returns a human readable summary of this certificate.
#[must_use]
pub fn subject_summary(&self) -> String {
unsafe {
let summary = SecCertificateCopySubjectSummary(self.0);
CFString::wrap_under_create_rule(summary).to_string()
}
}
/// Returns a vector of email addresses for the subject of the certificate.
pub fn email_addresses(&self) -> Result<Vec<String>, Error> {
let mut array: CFArrayRef = ptr::null();
unsafe {
cvt(SecCertificateCopyEmailAddresses(
self.as_concrete_TypeRef(),
&mut array,
))?;
let array = CFArray::<CFString>::wrap_under_create_rule(array);
Ok(array.into_iter().map(|p| p.to_string()).collect())
}
}
/// Returns DER encoded X.509 distinguished name of the certificate issuer.
#[must_use]
pub fn issuer(&self) -> Vec<u8> {
unsafe {
let issuer = SecCertificateCopyNormalizedIssuerSequence(self.0);
CFData::wrap_under_create_rule(issuer).to_vec()
}
}
/// Returns DER encoded X.509 distinguished name of the certificate subject.
#[must_use]
pub fn subject(&self) -> Vec<u8> {
unsafe {
let subject = SecCertificateCopyNormalizedSubjectSequence(self.0);
CFData::wrap_under_create_rule(subject).to_vec()
}
}
/// Returns DER encoded serial number of the certificate.
pub fn serial_number_bytes(&self) -> Result<Vec<u8>, CFError> {
unsafe {
let mut error: CFErrorRef = ptr::null_mut();
let serial_number = SecCertificateCopySerialNumberData(self.0, &mut error);
if error.is_null() {
Ok(CFData::wrap_under_create_rule(serial_number).to_vec())
} else {
Err(CFError::wrap_under_create_rule(error))
}
}
}
/// Returns DER encoded subjectPublicKeyInfo of certificate if available. This can be used
/// for certificate pinning.
pub fn public_key_info_der(&self) -> Result<Option<Vec<u8>>> {
// Imported from TrustKit
// https://github.com/datatheorem/TrustKit/blob/master/TrustKit/Pinning/TSKSPKIHashCache.m
let public_key = self.public_key()?;
Ok(self.pk_to_der(public_key))
}
#[must_use]
#[allow(clippy::unused_self)]
#[allow(clippy::needless_pass_by_value)]
fn pk_to_der(&self, public_key: key::SecKey) -> Option<Vec<u8>> {
use security_framework_sys::item::{kSecAttrKeySizeInBits, kSecAttrKeyType};
let public_key_attributes = public_key.attributes();
let public_key_type = public_key_attributes
.find(unsafe { kSecAttrKeyType }.cast::<std::os::raw::c_void>())?;
let public_keysize = public_key_attributes
.find(unsafe { kSecAttrKeySizeInBits }.cast::<std::os::raw::c_void>())?;
let public_keysize = unsafe { CFNumber::from_void(*public_keysize) };
let public_keysize_val = public_keysize.to_i64()? as u32;
let hdr_bytes = get_asn1_header_bytes(
unsafe { CFString::wrap_under_get_rule((*public_key_type).cast()) },
public_keysize_val,
)?;
let public_key_data = public_key.external_representation()?;
let mut out = Vec::with_capacity(hdr_bytes.len() + public_key_data.len() as usize);
out.extend_from_slice(hdr_bytes);
out.extend_from_slice(public_key_data.bytes());
Some(out)
}
/// Get public key from certificate
pub fn public_key(&self) -> Result<key::SecKey> {
use crate::policy::SecPolicy;
use crate::trust::SecTrust;
use std::slice::from_ref;
let policy = SecPolicy::create_x509();
let mut trust = SecTrust::create_with_certificates(from_ref(self), from_ref(&policy))?;
#[allow(deprecated)]
#[cfg(not(any(target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos")))]
trust.evaluate()?;
#[cfg(any(target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
cvt(match trust.evaluate_with_error() {
Ok(_) => errSecSuccess,
Err(_) => errSecNotTrusted,
})?;
trust.copy_public_key()
}
/// Translates to `SecItemDelete`, passing in the `SecCertificateRef`
pub fn delete(&self) -> Result<(), Error> {
let query = CFMutableDictionary::from_CFType_pairs(&[(
unsafe { kSecValueRef }.to_void(),
self.to_void(),
)]);
cvt(unsafe { SecItemDelete(query.as_concrete_TypeRef()) })
}
}
fn get_asn1_header_bytes(pkt: CFString, ksz: u32) -> Option<&'static [u8]> {
use security_framework_sys::item::{kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyTypeRSA};
if pkt == unsafe { CFString::wrap_under_get_rule(kSecAttrKeyTypeRSA) } && ksz == 2048 {
return Some(&RSA_2048_ASN1_HEADER);
}
if pkt == unsafe { CFString::wrap_under_get_rule(kSecAttrKeyTypeRSA) } && ksz == 4096 {
return Some(&RSA_4096_ASN1_HEADER);
}
if pkt == unsafe { CFString::wrap_under_get_rule(kSecAttrKeyTypeECSECPrimeRandom) } && ksz == 256 {
return Some(&EC_DSA_SECP_256_R1_ASN1_HEADER);
}
if pkt == unsafe { CFString::wrap_under_get_rule(kSecAttrKeyTypeECSECPrimeRandom) } && ksz == 384 {
return Some(&EC_DSA_SECP_384_R1_ASN1_HEADER);
}
None
}
const RSA_2048_ASN1_HEADER: [u8; 24] = [
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
];
const RSA_4096_ASN1_HEADER: [u8; 24] = [
0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00,
];
const EC_DSA_SECP_256_R1_ASN1_HEADER: [u8; 26] = [
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
];
const EC_DSA_SECP_384_R1_ASN1_HEADER: [u8; 23] = [
0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00,
];
#[cfg(test)]
mod test {
use crate::test::certificate;
use x509_parser::prelude::*;
#[test]
fn subject_summary() {
let cert = certificate();
assert_eq!("foobar.com", cert.subject_summary());
}
#[test]
fn email_addresses() {
let cert = certificate();
assert_eq!(Vec::<String>::new(), cert.email_addresses().unwrap());
}
#[test]
fn issuer() {
let cert = certificate();
let issuer = cert.issuer();
let (_, name) = X509Name::from_der(&issuer).unwrap();
let name_str = name.to_string_with_registry(oid_registry()).unwrap();
assert_eq!(
"C=US, ST=California, L=Palo Alto, O=Foobar LLC, OU=Dev Land, CN=foobar.com",
name_str
);
}
#[test]
fn subject() {
let cert = certificate();
let subject = cert.subject();
let (_, name) = X509Name::from_der(&subject).unwrap();
let name_str = name.to_string_with_registry(oid_registry()).unwrap();
assert_eq!(
"C=US, ST=California, L=Palo Alto, O=Foobar LLC, OU=Dev Land, CN=foobar.com",
name_str
);
}
}
================================================
FILE: security-framework/src/cipher_suite.rs
================================================
//! Cipher Suites supported by Secure Transport
use security_framework_sys::cipher_suite::*;
macro_rules! make_suites {
($($suite:ident),+) => {
/// TLS cipher suites.
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub struct CipherSuite(SSLCipherSuite);
#[allow(missing_docs)]
impl CipherSuite {
$(
pub const $suite: Self = Self($suite);
)+
#[inline(always)]
#[must_use]
pub const fn from_raw(raw: SSLCipherSuite) -> Self {
Self(raw)
}
#[inline(always)]
#[must_use]
pub const fn to_raw(&self) -> SSLCipherSuite {
self.0
}
}
}
}
make_suites! {
// The commented out ones up here are aliases of the matching TLS suites
SSL_NULL_WITH_NULL_NULL,
SSL_RSA_WITH_NULL_MD5,
SSL_RSA_WITH_NULL_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
SSL_RSA_WITH_IDEA_CBC_SHA,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
SSL_DH_DSS_WITH_DES_CBC_SHA,
//SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DH_RSA_WITH_DES_CBC_SHA,
//SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA,
//SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA,
//SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
//SSL_DH_anon_WITH_RC4_128_MD5,
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
SSL_DH_anon_WITH_DES_CBC_SHA,
//SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_FORTEZZA_DMS_WITH_NULL_SHA,
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
/* TLS addenda using AES, per RFC 3268 */
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DH_DSS_WITH_AES_128_CBC_SHA,
TLS_DH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DH_anon_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_DSS_WITH_AES_256_CBC_SHA,
TLS_DH_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_anon_WITH_AES_256_CBC_SHA,
/* ECDSA addenda, RFC 4492 */
TLS_ECDH_ECDSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_RC4_128_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
/* TLS 1.2 addenda, RFC 5246 */
/* Initial state. */
TLS_NULL_WITH_NULL_NULL,
/* Server provided RSA certificate for key exchange. */
TLS_RSA_WITH_NULL_MD5,
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_NULL_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
/* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
//TLS_DH_DSS_WITH_AES_128_CBC_SHA,
//TLS_DH_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DH_DSS_WITH_AES_256_CBC_SHA,
//TLS_DH_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
/* Completely anonymous Diffie-Hellman */
TLS_DH_anon_WITH_RC4_128_MD5,
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
//TLS_DH_anon_WITH_AES_128_CBC_SHA,
//TLS_DH_anon_WITH_AES_256_CBC_SHA,
TLS_DH_anon_WITH_AES_128_CBC_SHA256,
TLS_DH_anon_WITH_AES_256_CBC_SHA256,
/* Addendum from RFC 4279, TLS PSK */
TLS_PSK_WITH_RC4_128_SHA,
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_PSK_WITH_AES_128_CBC_SHA,
TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_DHE_PSK_WITH_RC4_128_SHA,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
TLS_RSA_PSK_WITH_RC4_128_SHA,
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
/* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
TLS_PSK_WITH_NULL_SHA,
TLS_DHE_PSK_WITH_NULL_SHA,
TLS_RSA_PSK_WITH_NULL_SHA,
/* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
for TLS. */
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
TLS_DH_anon_WITH_AES_128_GCM_SHA256,
TLS_DH_anon_WITH_AES_256_GCM_SHA384,
/* RFC 5487 - PSK with SHA-256/384 and AES GCM */
TLS_PSK_WITH_AES_128_GCM_SHA256,
TLS_PSK_WITH_AES_256_GCM_SHA384,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
TLS_PSK_WITH_AES_128_CBC_SHA256,
TLS_PSK_WITH_AES_256_CBC_SHA384,
TLS_PSK_WITH_NULL_SHA256,
TLS_PSK_WITH_NULL_SHA384,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_DHE_PSK_WITH_NULL_SHA256,
TLS_DHE_PSK_WITH_NULL_SHA384,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
TLS_RSA_PSK_WITH_NULL_SHA256,
TLS_RSA_PSK_WITH_NULL_SHA384,
/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
HMAC SHA-256/384. */
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
SHA-256/384 and AES Galois Counter Mode (GCM) */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
/* RFC 5746 - Secure Renegotiation */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
/*
* Tags for SSL 2 cipher kinds which are not specified
* for SSL 3.
*/
SSL_RSA_WITH_RC2_CBC_MD5,
SSL_RSA_WITH_IDEA_CBC_MD5,
SSL_RSA_WITH_DES_CBC_MD5,
SSL_RSA_WITH_3DES_EDE_CBC_MD5,
SSL_NO_SUCH_CIPHERSUITE
}
================================================
FILE: security-framework/src/cms.rs
================================================
//! Cryptographic Message Syntax support
use std::{fmt, ptr};
use core_foundation::array::CFArray;
use core_foundation::base::TCFType;
use core_foundation::data::CFData;
use core_foundation::string::CFString;
use core_foundation_sys::array::CFArrayRef;
use core_foundation_sys::base::{OSStatus, TCFTypeRef};
use core_foundation_sys::data::CFDataRef;
use core_foundation_sys::date::CFAbsoluteTime;
use core_foundation_sys::string::CFStringRef;
use security_framework_sys::cms::*;
use security_framework_sys::trust::SecTrustRef;
use crate::base::Result;
use crate::certificate::SecCertificate;
use crate::cvt;
use crate::policy::SecPolicy;
use crate::trust::SecTrust;
pub use decoder::CMSDecoder;
pub use encoder::cms_encode_content;
pub use encoder::CMSEncoder;
pub use encoder::SignedAttributes;
pub use encoder::CMS_DIGEST_ALGORITHM_SHA1;
pub use encoder::CMS_DIGEST_ALGORITHM_SHA256;
mod encoder {
use super::*;
use crate::identity::SecIdentity;
use core_foundation::{declare_TCFType, impl_TCFType};
/// SHA1 digest algorithm
pub const CMS_DIGEST_ALGORITHM_SHA1: &str = "sha1";
/// SHA256 digest algorithm
pub const CMS_DIGEST_ALGORITHM_SHA256: &str = "sha256";
bitflags::bitflags! {
/// Optional attributes you can add to a signed message
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct SignedAttributes: CMSSignedAttributes {
/// Identify signature, encryption, and digest algorithms supported by the encoder
const SMIME_CAPABILITIES = kCMSAttrSmimeCapabilities;
/// Indicate that the signing certificate included with the message is the preferred one for S/MIME encryption
const SMIME_ENCRYPTION_KEY_PREFS = kCMSAttrSmimeEncryptionKeyPrefs;
/// Indicate that the signing certificate included with the message is the preferred one for S/MIME encryption,
/// but using an attribute object identifier (OID) preferred by Microsoft
const SMIME_MS_ENCRYPTION_KEY_PREFS = kCMSAttrSmimeMSEncryptionKeyPrefs;
/// Include the signing time
const SIGNING_TIME = kCMSAttrSigningTime;
/// Include Apple codesigning hash agility
const APPLE_CODESIGNING_HASH_AGILITY = kCMSAttrAppleCodesigningHashAgility;
/// Include Apple codesigning hash agility, version 2
const APPLE_CODESIGNING_HASH_AGILITY_V2 = kCMSAttrAppleCodesigningHashAgilityV2;
/// Include the expiration time
const APPLE_EXPIRATION_TIME = kCMSAttrAppleExpirationTime;
}
}
declare_TCFType! {
/// A type representing CMS encoder
CMSEncoder, CMSEncoderRef
}
impl_TCFType!(CMSEncoder, CMSEncoderRef, CMSEncoderGetTypeID);
unsafe impl Sync for CMSEncoder {}
unsafe impl Send for CMSEncoder {}
impl fmt::Debug for CMSEncoder {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt.debug_struct("CMSEncoder").finish()
}
}
impl CMSEncoder {
/// Create a new instance of `CMSEncoder`
pub fn create() -> Result<Self> {
let mut inner: CMSEncoderRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCreate(&mut inner) })?;
Ok(Self(inner))
}
/// Sets the digest algorithm to use for the signer.
/// Can be one of the predefined constants:
///
/// * `CMS_DIGEST_ALGORITHM_SHA1`
/// * `CMS_DIGEST_ALGORITHM_SHA256`
pub fn set_signer_algorithm(&self, digest_algorithm: &str) -> Result<()> {
let alg = CFString::new(digest_algorithm);
cvt(unsafe { CMSEncoderSetSignerAlgorithm(self.0, alg.as_concrete_TypeRef()) })?;
Ok(())
}
/// Specify signers of the CMS message; implies that the message will be signed
pub fn add_signers(&self, signers: &[SecIdentity]) -> Result<()> {
let signers = CFArray::from_CFTypes(signers);
cvt(unsafe {
CMSEncoderAddSigners(
self.0,
if signers.is_empty() { ptr::null() } else { signers.as_CFTypeRef() })
})?;
Ok(())
}
#[doc(hidden)]
pub fn get_signers(&self) -> Result<Vec<SecIdentity>> {
self.signers()
}
/// Obtains the array of signers specified with the `add_signers` function
pub fn signers(&self) -> Result<Vec<SecIdentity>> {
let mut out: CFArrayRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCopySigners(self.0, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
let array = unsafe { CFArray::<SecIdentity>::wrap_under_create_rule(out) };
Ok(array.into_iter().map(|c| c.clone()).collect())
}
}
/// Specifies a message is to be encrypted and specifies the recipients of the message
pub fn add_recipients(&self, recipients: &[SecCertificate]) -> Result<()> {
let recipients = CFArray::from_CFTypes(recipients);
cvt(unsafe {
CMSEncoderAddRecipients(
self.0,
if recipients.is_empty() { ptr::null() } else { recipients.as_CFTypeRef() },
)
})?;
Ok(())
}
#[doc(hidden)]
pub fn get_recipients(&self) -> Result<Vec<SecCertificate>> {
self.recipients()
}
/// Obtains the array of recipients specified with the `add_recipients` function
pub fn recipients(&self) -> Result<Vec<SecCertificate>> {
let mut out: CFArrayRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCopyRecipients(self.0, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
let array = unsafe { CFArray::<SecCertificate>::wrap_under_create_rule(out) };
Ok(array.into_iter().map(|c| c.clone()).collect())
}
}
/// Specifies whether the signed data is to be separate from the message
pub fn set_has_detached_content(&self, has_detached_content: bool) -> Result<()> {
cvt(unsafe { CMSEncoderSetHasDetachedContent(self.0, has_detached_content.into()) })?;
Ok(())
}
#[doc(hidden)]
pub fn get_has_detached_content(&self) -> Result<bool> {
self.has_detached_content()
}
/// Indicates whether the message is to have detached content
pub fn has_detached_content(&self) -> Result<bool> {
let mut has_detached_content = 0;
cvt(unsafe { CMSEncoderGetHasDetachedContent(self.0, &mut has_detached_content) })?;
Ok(has_detached_content != 0)
}
/// Specifies an object identifier for the encapsulated data of a signed message
pub fn set_encapsulated_content_type_oid(&self, oid: &str) -> Result<()> {
let oid = CFString::new(oid);
cvt(unsafe { CMSEncoderSetEncapsulatedContentTypeOID(self.0, oid.as_CFTypeRef()) })?;
Ok(())
}
#[doc(hidden)]
pub fn get_encapsulated_content_type(&self) -> Result<Vec<u8>> {
self.encapsulated_content_type()
}
/// Obtains the object identifier for the encapsulated data of a signed message
pub fn encapsulated_content_type(&self) -> Result<Vec<u8>> {
let mut out: CFDataRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCopyEncapsulatedContentType(self.0, &mut out) })?;
Ok(unsafe { CFData::wrap_under_create_rule(out).to_vec() })
}
/// Adds certificates to a message
pub fn add_supporting_certs(&self, certs: &[SecCertificate]) -> Result<()> {
let certs = CFArray::from_CFTypes(certs);
cvt(unsafe {
CMSEncoderAddSupportingCerts(
self.0,
if !certs.is_empty() { certs.as_CFTypeRef() } else { ptr::null() })
})?;
Ok(())
}
#[doc(hidden)]
pub fn get_supporting_certs(&self) -> Result<Vec<SecCertificate>> {
self.supporting_certs()
}
/// Obtains the certificates added to a message with `add_supporting_certs`
pub fn supporting_certs(&self) -> Result<Vec<SecCertificate>> {
let mut out: CFArrayRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCopySupportingCerts(self.0, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
let array = unsafe { CFArray::<SecCertificate>::wrap_under_create_rule(out) };
Ok(array.into_iter().map(|c| c.clone()).collect())
}
}
/// Specifies attributes for a signed message
pub fn add_signed_attributes(&self, signed_attributes: SignedAttributes) -> Result<()> {
cvt(unsafe { CMSEncoderAddSignedAttributes(self.0, signed_attributes.bits()) })?;
Ok(())
}
/// Specifies which certificates to include in a signed CMS message
pub fn set_certificate_chain_mode(&self, certificate_chain_mode: CMSCertificateChainMode) -> Result<()> {
cvt(unsafe { CMSEncoderSetCertificateChainMode(self.0, certificate_chain_mode) })?;
Ok(())
}
#[doc(hidden)]
pub fn get_certificate_chain_mode(&self) -> Result<CMSCertificateChainMode> {
self.certificate_chain_mode()
}
/// Obtains a constant that indicates which certificates are to be included in a signed CMS message
pub fn certificate_chain_mode(&self) -> Result<CMSCertificateChainMode> {
let mut out = CMSCertificateChainMode::kCMSCertificateNone;
cvt(unsafe { CMSEncoderGetCertificateChainMode(self.0, &mut out) })?;
Ok(out)
}
/// Feeds content bytes into the encoder
pub fn update_content(&self, content: &[u8]) -> Result<()> {
cvt(unsafe { CMSEncoderUpdateContent(self.0, content.as_ptr().cast(), content.len()) })?;
Ok(())
}
#[doc(hidden)]
pub fn get_encoded_content(&self) -> Result<Vec<u8>> {
self.encoded_content()
}
/// Finishes encoding the message and obtains the encoded result
pub fn encoded_content(&self) -> Result<Vec<u8>> {
let mut out: CFDataRef = ptr::null_mut();
cvt(unsafe { CMSEncoderCopyEncodedContent(self.0, &mut out) })?;
Ok(unsafe { CFData::wrap_under_create_rule(out).to_vec() })
}
#[doc(hidden)]
pub fn get_signer_timestamp(&self, signer_index: usize) -> Result<CFAbsoluteTime> {
self.signer_timestamp(signer_index)
}
/// Returns the timestamp of a signer of a CMS message, if present
pub fn signer_timestamp(&self, signer_index: usize) -> Result<CFAbsoluteTime> {
let mut out = CFAbsoluteTime::default();
cvt(unsafe { CMSEncoderCopySignerTimestamp(self.0, signer_index, &mut out) })?;
Ok(out)
}
#[doc(hidden)]
pub fn get_signer_timestamp_with_policy(&self, timestamp_policy: Option<CFStringRef>, signer_index: usize) -> Result<CFAbsoluteTime> {
self.signer_timestamp_with_policy(timestamp_policy, signer_index)
}
/// Returns the timestamp of a signer of a CMS message using a particular policy, if present
pub fn signer_timestamp_with_policy(&self, timestamp_policy: Option<CFStringRef>, signer_index: usize) -> Result<CFAbsoluteTime> {
let mut out = CFAbsoluteTime::default();
cvt(unsafe {
CMSEncoderCopySignerTimestampWithPolicy(
self.0,
timestamp_policy.map(|p| p.as_void_ptr()).unwrap_or(ptr::null()),
signer_index,
&mut out,
)
})?;
Ok(out)
}
}
/// Encodes a message and obtains the result in one high-level function call
pub fn cms_encode_content(
signers: &[SecIdentity],
recipients: &[SecCertificate],
content_type_oid: Option<&str>,
detached_content: bool,
signed_attributes: SignedAttributes,
content: &[u8],
) -> Result<Vec<u8>> {
let mut out: CFDataRef = ptr::null_mut();
let signers = CFArray::from_CFTypes(signers);
let recipients = CFArray::from_CFTypes(recipients);
let content_type_oid = content_type_oid.map(CFString::new);
cvt(unsafe {
CMSEncodeContent(
if signers.is_empty() { ptr::null() } else { signers.as_CFTypeRef() },
if recipients.is_empty() { ptr::null() } else { recipients.as_CFTypeRef() },
content_type_oid.as_ref().map(|oid| oid.as_CFTypeRef()).unwrap_or(ptr::null()),
detached_content.into(),
signed_attributes.bits(),
content.as_ptr().cast(),
content.len(),
&mut out,
)
})?;
Ok(unsafe { CFData::wrap_under_create_rule(out).to_vec() })
}
}
mod decoder {
use super::*;
use core_foundation::{declare_TCFType, impl_TCFType};
/// Holds a result of the `CMSDecoder::get_signer_status` function
pub struct SignerStatus {
/// Signature status
pub signer_status: CMSSignerStatus,
/// Trust instance that was used to verify the signer’s certificate
pub sec_trust: SecTrust,
/// Result of the certificate verification
pub cert_verify_result: Result<()>,
}
declare_TCFType! {
/// A type representing CMS Decoder
CMSDecoder, CMSDecoderRef
}
impl_TCFType!(CMSDecoder, CMSDecoderRef, CMSDecoderGetTypeID);
unsafe impl Sync for CMSDecoder {}
unsafe impl Send for CMSDecoder {}
impl fmt::Debug for CMSDecoder {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt.debug_struct("CMSDecoder").finish()
}
}
impl CMSDecoder {
/// Create a new instance of `CMSDecoder`
pub fn create() -> Result<Self> {
let mut inner: CMSDecoderRef = ptr::null_mut();
cvt(unsafe { CMSDecoderCreate(&mut inner) })?;
Ok(Self(inner))
}
/// Feeds raw bytes of the message to be decoded into the decoder
pub fn update_message(&self, message: &[u8]) -> Result<()> {
cvt(unsafe { CMSDecoderUpdateMessage(self.0, message.as_ptr().cast(), message.len()) })?;
Ok(())
}
/// Indicates that there is no more data to decode
pub fn finalize_message(&self) -> Result<()> {
cvt(unsafe { CMSDecoderFinalizeMessage(self.0) })?;
Ok(())
}
/// Specifies the message’s detached content, if any
pub fn set_detached_content(&self, detached_content: &[u8]) -> Result<()> {
let data = CFData::from_buffer(detached_content);
cvt(unsafe { CMSDecoderSetDetachedContent(self.0, data.as_concrete_TypeRef()) })?;
Ok(())
}
/// Obtains the detached content specified with the `set_detached_content` function
pub fn get_detached_content(&self) -> Result<Vec<u8>> {
unsafe {
let mut out: CFDataRef = ptr::null_mut();
cvt(CMSDecoderCopyDetachedContent(self.0, &mut out))?;
if out.is_null() {
Ok(Vec::new())
} else {
Ok(CFData::wrap_under_create_rule(out).to_vec())
}
}
}
/// Obtains the number of signers of a message
pub fn get_num_signers(&self) -> Result<usize> {
let mut out = 0;
cvt(unsafe { CMSDecoderGetNumSigners(self.0, &mut out) })?;
Ok(out)
}
/// Obtains the status of a CMS message’s signature
pub fn get_signer_status(
&self,
signer_index: usize,
policies: &[SecPolicy],
) -> Result<SignerStatus> {
let policies = CFArray::from_CFTypes(policies);
let mut signer_status = CMSSignerStatus::kCMSSignerUnsigned;
let mut sec_trust: SecTrustRef = ptr::null_mut();
let mut verify_result = OSStatus::default();
cvt(unsafe {
CMSDecoderCopySignerStatus(
self.0,
signer_index,
if policies.is_empty() { ptr::null() } else { policies.as_CFTypeRef() },
true.into(),
&mut signer_status,
&mut sec_trust,
&mut verify_result,
)
})?;
Ok(SignerStatus {
signer_status,
sec_trust: unsafe { SecTrust::wrap_under_create_rule(sec_trust) },
cert_verify_result: cvt(verify_result),
})
}
/// Obtains the email address of the specified signer of a CMS message
pub fn get_signer_email_address(&self, signer_index: usize) -> Result<String> {
let mut out: CFStringRef = ptr::null_mut();
cvt(unsafe { CMSDecoderCopySignerEmailAddress(self.0, signer_index, &mut out) })?;
Ok(unsafe { CFString::wrap_under_create_rule(out).to_string() })
}
/// Determines whether a CMS message was encrypted
pub fn is_content_encrypted(&self) -> Result<bool> {
let mut out = 0;
cvt(unsafe { CMSDecoderIsContentEncrypted(self.0, &mut out) })?;
Ok(out != 0)
}
/// Obtains the object identifier for the encapsulated data of a signed message
pub fn get_encapsulated_content_type(&self) -> Result<Vec<u8>> {
let mut out: CFDataRef = ptr::null_mut();
if out.is_null() {
Ok(Vec::new())
} else {
cvt(unsafe { CMSDecoderCopyEncapsulatedContentType(self.0, &mut out) })?;
Ok(unsafe { CFData::wrap_under_create_rule(out).to_vec() })
}
}
/// Obtains an array of all of the certificates in a message
pub fn get_all_certs(&self) -> Result<Vec<SecCertificate>> {
let mut out: CFArrayRef = ptr::null_mut();
cvt(unsafe { CMSDecoderCopyAllCerts(self.0, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
let array = unsafe { CFArray::<SecCertificate>::wrap_under_create_rule(out) };
Ok(array.into_iter().map(|c| c.clone()).collect())
}
}
/// Obtains the message content, if any
pub fn get_content(&self) -> Result<Vec<u8>> {
let mut out: CFDataRef = ptr::null_mut();
cvt(unsafe { CMSDecoderCopyContent(self.0, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
Ok(unsafe { CFData::wrap_under_create_rule(out).to_vec() })
}
}
/// Obtains the signing time of a CMS message, if present
pub fn get_signer_signing_time(&self, signer_index: usize) -> Result<CFAbsoluteTime> {
let mut out = CFAbsoluteTime::default();
cvt(unsafe { CMSDecoderCopySignerSigningTime(self.0, signer_index, &mut out) })?;
Ok(out)
}
/// Returns the timestamp of a signer of a CMS message, if present
pub fn get_signer_timestamp(&self, signer_index: usize) -> Result<CFAbsoluteTime> {
let mut out = CFAbsoluteTime::default();
cvt(unsafe { CMSDecoderCopySignerTimestamp(self.0, signer_index, &mut out) })?;
Ok(out)
}
/// Returns the timestamp of a signer of a CMS message using a given policy, if present
pub fn get_signer_timestamp_with_policy(
&self,
timestamp_policy: Option<CFStringRef>,
signer_index: usize,
) -> Result<CFAbsoluteTime> {
let mut out = CFAbsoluteTime::default();
cvt(unsafe {
CMSDecoderCopySignerTimestampWithPolicy(
self.0,
timestamp_policy.map(|p| p.as_void_ptr()).unwrap_or(ptr::null()),
signer_index,
&mut out,
)
})?;
Ok(out)
}
/// Returns an array containing the certificates from a timestamp response
pub fn get_signer_timestamp_certificates(&self, signer_index: usize) -> Result<Vec<SecCertificate>> {
let mut out: CFArrayRef = ptr::null_mut();
cvt(unsafe { CMSDecoderCopySignerTimestampCertificates(self.0, signer_index, &mut out) })?;
if out.is_null() {
Ok(Vec::new())
} else {
let array = unsafe { CFArray::<SecCertificate>::wrap_under_create_rule(out) };
Ok(array.into_iter().map(|c| c.clone()).collect())
}
}
}
}
#[cfg(test)]
mod tests {
use crate::cms::{cms_encode_content, CMSDecoder, SignedAttributes};
use crate::import_export::{ImportedIdentity, Pkcs12ImportOptions};
use crate::policy::SecPolicy;
use security_framework_sys::cms::CMSSignerStatus;
use std::sync::OnceLock;
const KEYSTORE: &[u8] = include_bytes!("../test/cms/keystore.p12");
const ENCRYPTED_CMS: &[u8] = include_bytes!("../test/cms/encrypted.p7m");
const SIGNED_ENCRYPTED_CMS: &[u8] = include_bytes!("../test/cms/signed-encrypted.p7m");
static KEYSTORE_IDENTITY: OnceLock<Vec<ImportedIdentity>> = OnceLock::new();
fn import_keystore() -> &'static [ImportedIdentity] {
KEYSTORE_IDENTITY.get_or_init(|| {
let mut import_opts = Pkcs12ImportOptions::new();
import_opts.passphrase("cms").import(KEYSTORE).expect("import keystore.p12")
})
}
#[test]
fn test_decode_encrypted_with_keystore_identities() {
let _ = import_keystore();
let decoder = CMSDecoder::create().expect("create");
decoder.update_message(ENCRYPTED_CMS).expect("update");
decoder.finalize_message().expect("finalize");
assert!(decoder.is_content_encrypted().unwrap());
assert_eq!(decoder.get_content().unwrap(), b"encrypted message\n");
assert_eq!(decoder.get_all_certs().unwrap().len(), 0);
assert_eq!(decoder.get_num_signers().unwrap(), 0);
}
#[test]
fn test_decode_signed_and_encrypted_with_keystore_identities() {
let _ = import_keystore();
let decoder = CMSDecoder::create().unwrap();
decoder.update_message(SIGNED_ENCRYPTED_CMS).unwrap();
decoder.finalize_message().unwrap();
assert!(decoder.is_content_encrypted().unwrap());
let signed_content = decoder.get_content().unwrap();
let decoder2 = CMSDecoder::create().unwrap();
decoder2.update_message(&signed_content).unwrap();
decoder2.finalize_message().unwrap();
assert_eq!(decoder2.get_content().unwrap(), b"encrypted message\n");
assert_eq!(decoder2.get_num_signers().unwrap(), 1);
let policies = vec![SecPolicy::create_x509()];
let status = decoder2.get_signer_status(0, &policies).unwrap();
assert!(status.cert_verify_result.is_err());
assert_eq!(status.signer_status, CMSSignerStatus::kCMSSignerInvalidCert);
}
#[test]
fn test_encode_encrypted_with_keystore_identities() {
let identities = import_keystore();
let chain = identities
.iter().find_map(|id| id.cert_chain.as_ref())
.unwrap();
let message = cms_encode_content(
&[],
&chain[0..1],
None,
false,
SignedAttributes::empty(),
b"encrypted message\n",
).unwrap();
let decoder = CMSDecoder::create().unwrap();
decoder.update_message(&message).unwrap();
decoder.finalize_message().unwrap();
assert_eq!(decoder.get_content().unwrap(), b"encrypted message\n");
}
#[test]
fn test_encode_signed_encrypted_with_keystore_identities() {
let identities = import_keystore();
let chain = identities
.iter().find_map(|id| id.cert_chain.as_ref())
.unwrap();
let identity = identities
.iter().find_map(|id| id.identity.as_ref())
.unwrap();
let message = cms_encode_content(
std::slice::from_ref(identity),
&chain[0..1],
None,
false,
SignedAttributes::empty(),
b"encrypted message\n",
).unwrap();
let decoder = CMSDecoder::create().unwrap();
decoder.update_message(&message).unwrap();
decoder.finalize_message().unwrap();
assert_eq!(decoder.get_content().unwrap(), b"encrypted message\n");
assert_eq!(decoder.get_num_signers().unwrap(), 1);
}
#[test]
fn test_encode_with_cms_encoder_with_keystore_identities() {
let identities = import_keystore();
let chain = identities
.iter().find_map(|id| id.cert_chain.as_ref())
.unwrap();
let identity = identities
.iter().find_map(|id| id.identity.as_ref())
.unwrap();
let message = cms_encode_content(
std::slice::from_ref(identity),
&chain[0..1],
None,
false,
SignedAttributes::empty(),
b"encrypted message\n",
).unwrap();
let decoder = CMSDecoder::create().unwrap();
decoder.update_message(&message).unwrap();
decoder.finalize_message().unwrap();
assert_eq!(decoder.get_content().unwrap(), b"encrypted message\n");
assert_eq!(decoder.get_num_signers().unwrap(), 1);
}
}
================================================
FILE: security-framework/src/identity.rs
================================================
//! Identity support.
use core_foundation::base::{TCFType, ToVoid};
use core_foundation::dictionary::CFMutableDictionary;
use core_foundation::{declare_TCFType, impl_TCFType};
use security_framework_sys::base::SecIdentityRef;
use security_framework_sys::identity::{
SecIdentityCopyCertificate, SecIdentityCopyPrivateKey, SecIdentityGetTypeID,
};
use security_framework_sys::item::kSecValueRef;
use security_framework_sys::keychain_item::SecItemDelete;
use std::fmt;
use std::ptr;
use crate::base::{Error, Result};
use crate::certificate::SecCertificate;
use crate::cvt;
use crate::key::SecKey;
declare_TCFType! {
/// A type representing an identity.
///
/// Identities are a certificate paired with the corresponding private key.
SecIdentity, SecIdentityRef
}
impl_TCFType!(SecIdentity, SecIdentityRef, SecIdentityGetTypeID);
unsafe impl Sync for SecIdentity {}
unsafe impl Send for SecIdentity {}
impl fmt::Debug for SecIdentity {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
let mut builder = fmt.debug_struct("SecIdentity");
if let Ok(cert) = self.certificate() {
builder.field("certificate", &cert);
}
if let Ok(key) = self.private_key() {
builder.field("private_key", &key);
}
builder.finish()
}
}
impl SecIdentity {
/// Returns the certificate corresponding to this identity.
pub fn certificate(&self) -> Result<SecCertificate> {
unsafe {
let mut certificate = ptr::null_mut();
cvt(SecIdentityCopyCertificate(self.0, &mut certificate))?;
Ok(SecCertificate::wrap_under_create_rule(certificate))
}
}
/// Returns the private key corresponding to this identity.
pub fn private_key(&self) -> Result<SecKey> {
unsafe {
let mut key = ptr::null_mut();
cvt(SecIdentityCopyPrivateKey(self.0, &mut key))?;
Ok(SecKey::wrap_under_create_rule(key))
}
}
/// Translates to `SecItemDelete`, passing in the `SecIdentityRef`
pub fn delete(&self) -> Result<(), Error> {
let query = CFMutableDictionary::from_CFType_pairs(&[(
unsafe { kSecValueRef }.to_void(),
self.to_void(),
)]);
cvt(unsafe { SecItemDelete(query.as_concrete_TypeRef()) })
}
}
#[cfg(test)]
mod test {
use super::SecIdentity;
#[test]
fn identity_has_send_bound() {
fn assert_send<T: Send>() {}
assert_send::<SecIdentity>();
}
}
================================================
FILE: security-framework/src/import_export.rs
================================================
//! Security Framework type import/export support.
use core_foundation::array::CFArray;
use core_foundation::base::{CFType, TCFType};
use core_foundation::data::CFData;
use core_foundation::dictionary::CFDictionary;
use core_foundation::string::CFString;
use security_framework_sys::import_export::*;
use std::ptr;
use crate::base::Result;
use crate::certificate::SecCertificate;
use crate::cvt;
use crate::identity::SecIdentity;
#[cfg(target_os = "macos")]
use crate::os::macos::access::SecAccess;
#[cfg(target_os = "macos")]
use crate::os::macos::keychain::SecKeychain;
use crate::trust::SecTrust;
/// Information about an imported identity.
#[derive(Clone)]
#[non_exhaustive]
pub struct ImportedIdentity {
/// The label of the identity.
pub label: Option<String>,
/// The ID of the identity. Typically the SHA-1 hash of the public key.
pub key_id: Option<Vec<u8>>,
/// A `SecTrust` object set up to validate this identity.
pub trust: Option<SecTrust>,
/// A certificate chain validating this identity.
pub cert_chain: Option<Vec<SecCertificate>>,
/// The identity itself.
pub identity: Option<SecIdentity>,
}
/// A builder type to import an identity from PKCS#12 formatted data.
#[derive(Default)]
pub struct Pkcs12ImportOptions {
passphrase: Option<CFString>,
#[cfg(target_os = "macos")]
keychain: Option<SecKeychain>,
#[cfg(target_os = "macos")]
access: Option<SecAccess>,
}
#[cfg(target_os = "macos")]
impl Pkcs12ImportOptions {
/// Specifies macOS keychain in which to import the identity.
///
/// If this is not called, the default keychain will be used.
#[inline(always)]
pub fn keychain(&mut self, keychain: SecKeychain) -> &mut Self {
self.keychain = Some(keychain);
self
}
/// Specifies the access control to be associated with the identity. macOS only.
#[inline(always)]
pub fn access(&mut self, access: SecAccess) -> &mut Self {
self.access = Some(access);
self
}
}
impl Pkcs12ImportOptions {
/// Creates a new builder with default options.
#[inline(always)]
#[must_use]
pub fn new() -> Self {
Self::default()
}
/// Specifies the passphrase to be used to decrypt the data.
///
/// This must be specified, as unencrypted PKCS#12 data is not supported.
#[inline]
pub fn passphrase(&mut self, passphrase: &str) -> &mut Self {
self.passphrase = Some(CFString::new(passphrase));
self
}
/// Imports identities from PKCS#12 encoded data.
pub fn import(&self, pkcs12_data: &[u8]) -> Result<Vec<ImportedIdentity>> {
unsafe {
let pkcs12_data = CFData::from_buffer(pkcs12_data);
let mut options = vec![];
if let Some(passphrase) = &self.passphrase {
options.push((
CFString::wrap_under_get_rule(kSecImportExportPassphrase),
passphrase.as_CFType(),
));
}
self.import_setup(&mut options);
let options = CFDictionary::from_CFType_pairs(&options);
let mut raw_items = ptr::null();
cvt(SecPKCS12Import(
pkcs12_data.as_concrete_TypeRef(),
options.as_concrete_TypeRef(),
&mut raw_items,
))?;
let raw_items = CFArray::<CFDictionary<CFString, *const _>>::wrap_under_create_rule(raw_items);
let mut items = vec![];
for raw_item in &raw_items {
let label = raw_item
.find(kSecImportItemLabel)
.map(|label| CFString::wrap_under_get_rule((*label).cast()).to_string());
let key_id = raw_item
.find(kSecImportItemKeyID)
.map(|key_id| CFData::wrap_under_get_rule((*key_id).cast()).to_vec());
let trust = raw_item
.find(kSecImportItemTrust)
.map(|trust| SecTrust::wrap_under_get_rule(*trust as *mut _));
let cert_chain = raw_item
.find(kSecImportItemCertChain)
.map(|cert_chain| {
CFArray::<SecCertificate>::wrap_under_get_rule((*cert_chain).cast())
.iter()
.map(|c| c.clone())
.collect()
});
let identity = raw_item
.find(kSecImportItemIdentity)
.map(|identity| SecIdentity::wrap_under_get_rule(*identity as *mut _));
items.push(ImportedIdentity {
label,
key_id,
trust,
cert_chain,
identity,
});
}
Ok(items)
}
}
#[cfg(target_os = "macos")]
fn import_setup(&self, options: &mut Vec<(CFString, CFType)>) {
unsafe {
if let Some(keychain) = &self.keychain {
options.push((
CFString::wrap_under_get_rule(kSecImportExportKeychain),
keychain.as_CFType(),
));
}
if let Some(access) = &self.access {
options.push((
CFString::wrap_under_get_rule(kSecImportExportAccess),
access.as_CFType(),
));
}
}
}
#[cfg(not(target_os = "macos"))]
fn import_setup(&self, _: &mut Vec<(CFString, CFType)>) {}
}
#[cfg(test)]
mod test {
use super::*;
#[test]
fn missing_passphrase() {
let data = include_bytes!("../test/server.p12");
assert!(Pkcs12ImportOptions::new().import(data).is_err());
}
}
================================================
FILE: security-framework/src/item.rs
================================================
//! Support to search for items in a keychain.
use core_foundation::array::CFArray;
use core_foundation::base::{CFType, TCFType, ToVoid};
use core_foundation::boolean::CFBoolean;
use core_foundation::data::CFData;
use core_foundation::date::CFDate;
use core_foundation::dictionary::{CFDictionary, CFMutableDictionary};
use core_foundation::number::CFNumber;
use core_foundation::string::CFString;
use core_foundation_sys::base::{CFCopyDescription, CFGetTypeID, CFRelease, CFTypeRef};
use core_foundation_sys::string::CFStringRef;
use security_framework_sys::item::*;
use security_framework_sys::keychain_item::{
SecItemAdd, SecItemCopyMatching, SecItemDelete, SecItemUpdate,
};
use std::collections::HashMap;
use std::fmt;
use std::ptr;
use crate::base::Result;
use crate::certificate::SecCertificate;
use crate::cvt;
use crate::identity::SecIdentity;
use crate::key::SecKey;
#[cfg(target_os = "macos")]
use crate::os::macos::keychain::SecKeychain;
/// Specifies the type of items to search for.
#[derive(Debug, Copy, Clone)]
pub struct ItemClass(CFStringRef);
impl ItemClass {
/// Look for `SecKeychainItem`s corresponding to generic passwords.
#[inline(always)]
#[must_use]
pub fn generic_password() -> Self {
unsafe { Self(kSecClassGenericPassword) }
}
/// Look for `SecKeychainItem`s corresponding to internet passwords.
#[inline(always)]
#[must_use]
pub fn internet_password() -> Self {
unsafe { Self(kSecClassInternetPassword) }
}
/// Look for `SecCertificate`s.
#[inline(always)]
#[must_use]
pub fn certificate() -> Self {
unsafe { Self(kSecClassCertificate) }
}
/// Look for `SecKey`s.
#[inline(always)]
#[must_use]
pub fn key() -> Self {
unsafe { Self(kSecClassKey) }
}
/// Look for `SecIdentity`s.
#[inline(always)]
#[must_use]
pub fn identity() -> Self {
unsafe { Self(kSecClassIdentity) }
}
}
/// Specifies the type of keys to search for.
#[derive(Debug, Copy, Clone)]
pub struct KeyClass(CFStringRef);
impl KeyClass {
/// `kSecAttrKeyClassPublic`
#[inline(always)]
#[must_use]
pub fn public() -> Self {
unsafe { Self(kSecAttrKeyClassPublic) }
}
/// `kSecAttrKeyClassPrivate`
#[inline(always)]
#[must_use]
pub fn private() -> Self {
unsafe { Self(kSecAttrKeyClassPrivate) }
}
/// `kSecAttrKeyClassSymmetric`
#[inline(always)]
#[must_use]
pub fn symmetric() -> Self {
unsafe { Self(kSecAttrKeyClassSymmetric) }
}
}
/// Specifies the number of results returned by a search
#[derive(Debug, Copy, Clone)]
pub enum Limit {
/// Always return all results
All,
/// Return up to the specified number of results
Max(i64),
}
impl Limit {
#[inline]
fn to_value(self) -> CFType {
match self {
Self::All => unsafe { CFString::wrap_under_get_rule(kSecMatchLimitAll).into_CFType() },
Self::Max(l) => CFNumber::from(l).into_CFType(),
}
}
}
impl From<i64> for Limit {
#[inline]
fn from(limit: i64) -> Self {
Self::Max(limit)
}
}
/// Specifies whether a search should match cloud-synchronized items.
#[derive(Debug, Copy, Clone)]
pub enum CloudSync {
/// Match only items that are cloud-synchronized.
MatchSyncYes,
/// Match only items that are not cloud-synchronized.
MatchSyncNo,
/// Match items whether they are cloud-synchronized or not.
MatchSyncAny,
}
impl From<Option<bool>> for CloudSync {
#[inline]
fn from(is_sync: Option<bool>) -> Self {
match is_sync {
Some(true) => Self::MatchSyncYes,
Some(false) => Self::MatchSyncNo,
None => Self::MatchSyncAny,
}
}
}
/// A builder type to search for items in keychains.
#[derive(Default)]
pub struct ItemSearchOptions {
#[cfg(target_os = "macos")]
keychains: Option<CFArray<SecKeychain>>,
#[cfg(not(target_os = "macos"))]
keychains: Option<CFArray<CFType>>,
ignore_legacy_keychains: bool, // defined everywhere, only consulted on macOS
case_insensitive: Option<bool>,
class: Option<ItemClass>,
key_class: Option<KeyClass>,
load_refs: bool,
load_attributes: bool,
load_data: bool,
limit: Option<Limit>,
trusted_only: Option<bool>,
label: Option<CFString>,
service: Option<CFString>,
subject: Option<CFString>,
account: Option<CFString>,
access_group: Option<CFString>,
cloud_sync: Option<CloudSync>,
pub_key_hash: Option<CFData>,
serial_number: Option<CFData>,
app_label: Option<CFData>,
authentication_context: Option<CFType>,
skip_authenticated_items: bool,
}
#[cfg(target_os = "macos")]
impl ItemSearchOptions {
/// Search within the specified macOS keychains.
///
/// If this is not called, the default keychain will be searched.
#[inline]
pub fn keychains(&mut self, keychains: &[SecKeychain]) -> &mut Self {
self.keychains = Some(CFArray::from_CFTypes(keychains));
self
}
/// Only search the protected data macOS keychains.
///
/// Has no effect if a legacy keychain has been explicitly specified
/// using [keychains](ItemSearchOptions::keychains).
///
/// Has no effect except in sandboxed applications on macOS 10.15 and above
#[inline]
pub fn ignore_legacy_keychains(&mut self) -> &mut Self {
self.ignore_legacy_keychains = true;
self
}
}
impl ItemSearchOptions {
/// Creates a new builder with default options.
#[inline(always)]
#[must_use]
pub fn new() -> Self {
Self::default()
}
/// Search only for items of the specified class.
#[inline(always)]
pub fn class(&mut self, class: ItemClass) -> &mut Self {
self.class = Some(class);
self
}
/// Whether search for an item should be case insensitive or not.
#[inline(always)]
pub fn case_insensitive(&mut self, case_insensitive: Option<bool>) -> &mut Self {
self.case_insensitive = case_insensitive;
self
}
/// Search only for keys of the specified class. Also sets self.class to
/// `ItemClass::key()`.
#[inline(always)]
pub fn key_class(&mut self, key_class: KeyClass) -> &mut Self {
self.class(ItemClass::key());
self.key_class = Some(key_class);
self
}
/// Load Security Framework objects (`SecCertificate`, `SecKey`, etc) for
/// the results.
#[inline(always)]
pub fn load_refs(&mut self, load_refs: bool) -> &mut Self {
self.load_refs = load_refs;
self
}
/// Load Security Framework object attributes for
/// the results.
#[inline(always)]
pub fn load_attributes(&mut self, load_attributes: bool) -> &mut Self {
self.load_attributes = load_attributes;
self
}
/// Load Security Framework objects data for
/// the results.
#[inline(always)]
pub fn load_data(&mut self, load_data: bool) -> &mut Self {
self.load_data = load_data;
self
}
/// Limit the number of search results.
///
/// If this is not called, the default limit is 1.
#[inline(always)]
pub fn limit<T: Into<Limit>>(&mut self, limit: T) -> &mut Self {
self.limit = Some(limit.into());
self
}
/// Search for an item with the given label.
#[inline(always)]
pub fn label(&mut self, label: &str) -> &mut Self {
self.label = Some(CFString::new(label));
self
}
/// Whether untrusted certificates should be returned.
#[inline(always)]
pub fn trusted_only(&mut self, trusted_only: Option<bool>) -> &mut Self {
self.trusted_only = trusted_only;
self
}
/// Search for an item with the given service.
#[inline(always)]
pub fn service(&mut self, service: &str) -> &mut Self {
self.service = Some(CFString::new(service));
self
}
/// Search for an item with exactly the given subject.
#[inline(always)]
pub fn subject(&mut self, subject: &str) -> &mut Self {
self.subject = Some(CFString::new(subject));
self
}
/// Search for an item with the given account.
#[inline(always)]
pub fn account(&mut self, account: &str) -> &mut Self {
self.account = Some(CFString::new(account));
self
}
/// Search for an item with a specific access group.
pub fn access_group(&mut self, access_group: &str) -> &mut Self {
self.access_group = Some(CFString::new(access_group));
self
}
/// Search for an item based on whether it's cloud-synchronized
///
/// If not specified, only searches non-synchronized entries.
pub fn cloud_sync<T: Into<CloudSync>>(&mut self, spec: T) -> &mut Self {
self.cloud_sync = Some(spec.into());
self
}
/// Sets `kSecAttrAccessGroup` to `kSecAttrAccessGroupToken`
#[inline(always)]
pub fn access_group_token(&mut self) -> &mut Self {
self.access_group = unsafe { Some(CFString::wrap_under_get_rule(kSecAttrAccessGroupToken)) };
self
}
/// Search for a certificate with the given public key hash.
///
/// This is only compatible with [`ItemClass::certificate`], to search for
/// a key by public key hash use [`ItemSearchOptions::application_label`]
/// instead.
#[inline(always)]
pub fn pub_key_hash(&mut self, pub_key_hash: &[u8]) -> &mut Self {
self.pub_key_hash = Some(CFData::from_buffer(pub_key_hash));
self
}
/// Search for a certificate with the given serial number.
///
/// This is only compatible with [`ItemClass::certificate`].
#[inline(always)]
pub fn serial_number(&mut self, serial_number: &[u8]) -> &mut Self {
self.serial_number = Some(CFData::from_buffer(serial_number));
self
}
/// Search for a key with the given public key hash.
///
/// This is only compatible with [`ItemClass::key`], to search for a
/// certificate by the public key hash use [`ItemSearchOptions::pub_key_hash`]
/// instead.
#[inline(always)]
pub fn application_label(&mut self, app_label: &[u8]) -> &mut Self {
self.app_label = Some(CFData::from_buffer(app_label));
self
}
#[doc(hidden)]
#[deprecated(note = "use local_authentication_context")]
pub unsafe fn authentication_context(&mut self, authentication_context: *mut std::os::raw::c_void) -> &mut Self {
self.authentication_context = unsafe { Some(CFType::wrap_under_create_rule(authentication_context)) };
self
}
/// The corresponding value is of type LAContext, and represents a reusable
/// local authentication context that should be used for keychain item authentication.
#[inline(always)]
pub fn local_authentication_context<LAContext: TCFType>(&mut self, authentication_context: Option<LAContext>) -> &mut Self {
self.authentication_context = authentication_context.map(|la| la.into_CFType());
self
}
/// Whether to skip items in the search that require authentication (default false)
#[inline(always)]
pub fn skip_authenticated_items(&mut self, do_skip: bool) -> &mut Self {
self.skip_authenticated_items = do_skip;
self
}
/// Populates a `CFDictionary` to be passed to `update_item` or `delete_item`.
// CFDictionary should not be exposed in public Rust APIs.
#[inline]
fn to_dictionary(&self) -> CFDictionary {
unsafe {
let mut params = CFMutableDictionary::from_CFType_pairs(&[]);
if let Some(keychains) = &self.keychains {
params.add(
&kSecMatchSearchList.to_void(),
&keychains.as_CFType().to_void(),
);
} else if self.ignore_legacy_keychains {
#[cfg(all(target_os = "macos", feature = "OSX_10_15"))]
params.add(
&kSecUseDataProtectionKeychain.to_void(),
&CFBoolean::true_value().to_void(),
);
}
if let Some(class) = self.class {
params.add(&kSecClass.to_void(), &class.0.to_void());
}
if let Some(case_insensitive) = self.case_insensitive {
params.add(
&kSecMatchCaseInsensitive.to_void(),
&CFBoolean::from(case_insensitive).to_void(),
);
}
if let Some(key_class) = self.key_class {
params.add(&kSecAttrKeyClass.to_void(), &key_class.0.to_void());
}
if self.load_refs {
params.add(&kSecReturnRef.to_void(), &CFBoolean::true_value().to_void());
}
if self.load_attributes {
params.add(
&kSecReturnAttributes.to_void(),
&CFBoolean::true_value().to_void(),
);
}
if self.load_data {
params.add(
&kSecReturnData.to_void(),
&CFBoolean::true_value().to_void(),
);
}
if let Some(limit) = self.limit {
params.add(&kSecMatchLimit.to_void(), &limit.to_value().to_void());
}
if let Some(label) = &self.label {
params.add(&kSecAttrLabel.to_void(), &label.to_void());
}
if let Some(trusted_only) = &self.trusted_only {
params.add(
&kSecMatchTrustedOnly.to_void(),
&CFBoolean::from(*trusted_only).to_void(),
);
}
if let Some(service) = &self.service {
params.add(&kSecAttrService.to_void(), &service.to_void());
}
#[cfg(target_os = "macos")]
{
if let Some(subject) = &self.subject {
params.add(&kSecMatchSubjectWholeString.to_void(), &subject.to_void());
}
}
if let Some(account) = &self.account {
params.add(&kSecAttrAccount.to_void(), &account.to_void());
}
if let Some(access_group) = &self.access_group {
params.add(&kSecAttrAccessGroup.to_void(), &access_group.to_void());
}
if let Some(cloud_sync) = &self.cloud_sync {
match cloud_sync {
CloudSync::MatchSyncYes => {
params.add(&kSecAttrSynchronizable.to_void(), &CFBoolean::true_value().to_void());
},
CloudSync::MatchSyncNo => {
params.add(&kSecAttrSynchronizable.to_void(), &CFBoolean::false_value().to_void());
},
CloudSync::MatchSyncAny => {
params.add(&kSecAttrSynchronizable.to_void(), &kSecAttrSynchronizableAny.to_void());
},
}
}
if let Some(pub_key_hash) = &self.pub_key_hash {
params.add(&kSecAttrPublicKeyHash.to_void(), &pub_key_hash.to_void());
}
if let Some(serial_number) = &self.serial_number {
params.add(&kSecAttrSerialNumber.to_void(), &serial_number.to_void());
}
if let Some(app_label) = &self.app_label {
params.add(&kSecAttrApplicationLabel.to_void(), &app_label.to_void());
}
if let Some(authentication_context) = &self.authentication_context {
params.add(&kSecUseAuthenticationContext.to_void(), &authentication_context.to_void());
}
if self.skip_authenticated_items {
params.add(&kSecUseAuthenticationUI.to_void(), &kSecUseAuthenticationUISkip.to_void());
}
params.to_immutable()
}
}
/// Search for objects.
#[inline]
pub fn search(&self) -> Result<Vec<SearchResult>> {
unsafe {
let params = self.to_dictionary();
let mut ret = ptr::null();
cvt(SecItemCopyMatching(params.as_concrete_TypeRef(), &mut ret))?;
if ret.is_null() {
// SecItemCopyMatching returns NULL if no load_* was specified,
// causing a segfault.
return Ok(vec![]);
}
let type_id = CFGetTypeID(ret);
let mut items = vec![];
if type_id == CFArray::<CFType>::type_id() {
let array: CFArray<CFType> = CFArray::wrap_under_create_rule(ret as *mut _);
for item in array.iter() {
items.push(get_item(item.as_CFTypeRef()));
}
} else {
items.push(get_item(ret));
// This is a bit janky, but get_item uses wrap_under_get_rule
// which bumps the refcount but we want create semantics
CFRelease(ret);
}
Ok(items)
}
}
/// Deletes objects matching the search options.
///
/// Translates to `SecItemDelete`.
#[inline]
pub fn delete(&self) -> Result<()> {
cvt(unsafe { SecItemDelete(self.to_dictionary().as_concrete_TypeRef()) })
}
}
unsafe fn get_item(item: CFTypeRef) -> SearchResult { unsafe {
let type_id = CFGetTypeID(item);
if type_id == CFData::type_id() {
let data = CFData::wrap_under_get_rule(item as *mut _);
let mut buf = Vec::new();
buf.extend_from_slice(data.bytes());
return SearchResult::Data(buf);
}
if type_id == CFDictionary::<*const u8, *const u8>::type_id() {
return SearchResult::Dict(CFDictionary::wrap_under_get_rule(item as *mut _));
}
#[cfg(target_os = "macos")]
{
use crate::os::macos::keychain_item::SecKeychainItem;
if type_id == SecKeychainItem::type_id() {
return SearchResult::Ref(Reference::KeychainItem(
SecKeychainItem::wrap_under_get_rule(item as *mut _),
));
}
}
let reference = if type_id == SecCertificate::type_id() {
Reference::Certificate(SecCertificate::wrap_under_get_rule(item as *mut _))
} else if type_id == SecKey::type_id() {
Reference::Key(SecKey::wrap_under_get_rule(item as *mut _))
} else if type_id == SecIdentity::type_id() {
Reference::Identity(SecIdentity::wrap_under_get_rule(item as *mut _))
} else {
panic!("Got bad type from SecItemCopyMatching: {type_id}");
};
SearchResult::Ref(reference)
} }
/// An enum including all objects whose references can be returned from a search.
///
/// Note that generic _Keychain Items_, such as passwords and preferences, do
/// not have specific object types; they are modeled using dictionaries and so
/// are available directly as search results in variant `SearchResult::Dict`.
#[derive(Debug)]
pub enum Reference {
/// A `SecIdentity`.
Identity(SecIdentity),
/// A `SecCertificate`.
Certificate(SecCertificate),
/// A `SecKey`.
Key(SecKey),
/// A `SecKeychainItem`.
///
/// Only defined on OSX
#[cfg(target_os = "macos")]
KeychainItem(crate::os::macos::keychain_item::SecKeychainItem),
#[doc(hidden)]
__NonExhaustive,
}
/// An individual search result.
pub enum SearchResult {
/// A reference to the Security Framework object, if asked for.
Ref(Reference),
/// A dictionary of data about the Security Framework object, if asked for.
Dict(CFDictionary),
/// The Security Framework object as bytes, if asked for.
Data(Vec<u8>),
/// An unknown representation of the Security Framework object.
Other,
}
impl fmt::Debug for SearchResult {
#[cold]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
Self::Ref(reference) => fmt
.debug_struct("SearchResult::Ref")
.field("reference", reference)
.finish(),
Self::Data(buf) => fmt
.debug_struct("SearchResult::Data")
.field("data", buf)
.finish(),
Self::Dict(_) => {
let mut debug = fmt.debug_struct("SearchResult::Dict");
for (k, v) in self.simplify_dict().unwrap() {
debug.field(&k, &v);
}
debug.finish()
},
Self::Other => write!(fmt, "SearchResult::Other"),
}
}
}
impl SearchResult {
/// If the search result is a `CFDict`, simplify that to a
/// `HashMap<String, String>`. This transformation isn't
/// comprehensive, it only supports `CFString`, `CFDate`, and `CFData`
/// value types.
#[must_use]
pub fn simplify_dict(&self) -> Option<HashMap<String, String>> {
match self {
Self::Dict(d) => unsafe {
let mut retmap = HashMap::new();
let (keys, values) = d.get_keys_and_values();
for (k, v) in keys.iter().zip(values.iter()) {
let keycfstr = CFString::wrap_under_get_rule((*k).cast());
let val: String = match CFGetTypeID(*v) {
cfstring if cfstring == CFString::type_id() => {
format!("{}", CFString::wrap_under_get_rule((*v).cast()))
},
cfdata if cfdata == CFData::type_id() => {
let buf = CFData::wrap_under_get_rule((*v).cast());
let mut vec = Vec::new();
vec.extend_from_slice(buf.bytes());
format!("{}", String::from_utf8_lossy(&vec))
},
cfdate if cfdate == CFDate::type_id() => {
format!("{}", CFString::wrap_under_create_rule(CFCopyDescription(*v)))
},
_ => String::from("unknown"),
};
retmap.insert(format!("{keycfstr}"), val);
}
Some(retmap)
},
_ => None,
}
}
}
/// Builder-pattern struct for specifying options for `add_item` (`SecAddItem`
/// wrapper).
///
/// When finished populating options call [`Self::add`].
pub struct ItemAddOptions {
/// The value (by ref or data) of the item to add, required.
pub value: ItemAddValue,
/// Optional kSecAttrAccount attribute.
pub account_name: Option<CFString>,
/// Optional kSecAttrAccessGroup attribute.
pub access_group: Option<CFString>,
/// Optional kSecAttrComment attribute.
pub comment: Option<CFString>,
/// Optional kSecAttrDescription attribute.
pub description: Option<CFString>,
/// Optional kSecAttrLabel attribute.
pub label: Option<CFString>,
/// Optional kSecAttrService attribute.
pub service: Option<CFString>,
/// Optional keychain location.
pub location: Option<Location>,
}
impl ItemAddOptions {
/// Specifies the item to add.
#[inline]
#[must_use]
pub fn new(value: ItemAddValue) -> Self {
Self {
value,
label: None,
location: None,
service: None,
account_name: None,
comment: None,
description: None,
access_group: None,
}
}
/// Specifies the `kSecAttrAccount` attribute.
#[inline]
pub fn set_account_name(&mut self, account_name: impl AsRef<str>) -> &mut Self {
self.account_name = Some(account_name.as_ref().into());
self
}
/// Specifies the `kSecAttrAccessGroup` attribute.
#
gitextract_ido0h2qq/
├── .github/
│ └── workflows/
│ └── main.yml
├── .gitignore
├── .rustfmt.toml
├── Cargo.toml
├── LICENSE-APACHE
├── LICENSE-MIT
├── README.md
├── iostest/
│ ├── Cargo.toml
│ ├── ios-test-harness/
│ │ ├── ios-test-harness/
│ │ │ ├── Assets.xcassets/
│ │ │ │ ├── AccentColor.colorset/
│ │ │ │ │ └── Contents.json
│ │ │ │ ├── AppIcon.appiconset/
│ │ │ │ │ └── Contents.json
│ │ │ │ └── Contents.json
│ │ │ ├── ContentView.swift
│ │ │ ├── Preview Content/
│ │ │ │ └── Preview Assets.xcassets/
│ │ │ │ └── Contents.json
│ │ │ └── ios_test_harnessApp.swift
│ │ ├── ios-test-harness.xcodeproj/
│ │ │ └── project.pbxproj
│ │ ├── ios-test-harnessTests/
│ │ │ └── ios_test_harnessTests.swift
│ │ └── test-runner/
│ │ ├── TestRunner.swift
│ │ ├── create-library.sh
│ │ ├── remove-library.sh
│ │ ├── test-Bridging-Header.h
│ │ └── test.h
│ ├── src/
│ │ └── lib.rs
│ └── tests/
│ └── ios_macos.rs
├── security-framework/
│ ├── Cargo.toml
│ ├── THIRD_PARTY
│ ├── examples/
│ │ ├── client.rs
│ │ ├── find_internet_password.rs
│ │ └── set_internet_password.rs
│ ├── src/
│ │ ├── access_control.rs
│ │ ├── authorization.rs
│ │ ├── base.rs
│ │ ├── certificate.rs
│ │ ├── cipher_suite.rs
│ │ ├── cms.rs
│ │ ├── identity.rs
│ │ ├── import_export.rs
│ │ ├── item.rs
│ │ ├── key.rs
│ │ ├── lib.rs
│ │ ├── os/
│ │ │ ├── macos/
│ │ │ │ ├── access.rs
│ │ │ │ ├── certificate.rs
│ │ │ │ ├── certificate_oids.rs
│ │ │ │ ├── code_signing.rs
│ │ │ │ ├── digest_transform.rs
│ │ │ │ ├── encrypt_transform.rs
│ │ │ │ ├── identity.rs
│ │ │ │ ├── import_export.rs
│ │ │ │ ├── item.rs
│ │ │ │ ├── key.rs
│ │ │ │ ├── keychain.rs
│ │ │ │ ├── keychain_item.rs
│ │ │ │ ├── mod.rs
│ │ │ │ ├── passwords.rs
│ │ │ │ ├── secure_transport.rs
│ │ │ │ └── transform.rs
│ │ │ └── mod.rs
│ │ ├── passwords.rs
│ │ ├── passwords_options.rs
│ │ ├── policy.rs
│ │ ├── random.rs
│ │ ├── secure_transport.rs
│ │ ├── trust.rs
│ │ └── trust_settings.rs
│ └── test/
│ ├── ca.der
│ ├── cms/
│ │ ├── encrypted.p7m
│ │ ├── keystore.p12
│ │ ├── signed-encrypted.p7m
│ │ └── signed.p7m
│ ├── dhparam.der
│ ├── regen-certs.sh
│ ├── server.der
│ ├── server.key
│ ├── server.keychain
│ └── server.p12
├── security-framework-sys/
│ ├── Cargo.toml
│ └── src/
│ ├── access.rs
│ ├── access_control.rs
│ ├── authorization.rs
│ ├── base.rs
│ ├── certificate.rs
│ ├── certificate_oids.rs
│ ├── cipher_suite.rs
│ ├── cms.rs
│ ├── code_signing.rs
│ ├── digest_transform.rs
│ ├── encrypt_transform.rs
│ ├── identity.rs
│ ├── import_export.rs
│ ├── item.rs
│ ├── key.rs
│ ├── keychain.rs
│ ├── keychain_item.rs
│ ├── lib.rs
│ ├── policy.rs
│ ├── random.rs
│ ├── secure_transport.rs
│ ├── transform.rs
│ ├── trust.rs
│ └── trust_settings.rs
└── systest/
├── Cargo.toml
├── build.rs
└── src/
└── main.rs
SYMBOL INDEX (1402 symbols across 59 files)
FILE: iostest/src/lib.rs
function test (line 22) | extern "C" fn test() {
function test_missing_generic_password (line 37) | fn test_missing_generic_password() {
function test_round_trip_empty_generic_password (line 61) | fn test_round_trip_empty_generic_password() {
function test_round_trip_ascii_generic_password (line 72) | fn test_round_trip_ascii_generic_password() {
function test_round_trip_non_ascii_generic_password (line 83) | fn test_round_trip_non_ascii_generic_password() {
function test_round_trip_non_utf8_generic_password (line 94) | fn test_round_trip_non_utf8_generic_password() {
function test_update_generic_password (line 105) | fn test_update_generic_password() {
function test_missing_internet_password (line 120) | fn test_missing_internet_password() {
function test_round_trip_empty_internet_password (line 144) | fn test_round_trip_empty_internet_password() {
function test_round_trip_ascii_internet_password (line 155) | fn test_round_trip_ascii_internet_password() {
function test_round_trip_non_ascii_internet_password (line 166) | fn test_round_trip_non_ascii_internet_password() {
function test_round_trip_non_utf8_internet_password (line 177) | fn test_round_trip_non_utf8_internet_password() {
function test_update_internet_password (line 188) | fn test_update_internet_password() {
FILE: iostest/tests/ios_macos.rs
function insert_then_find_generic (line 24) | fn insert_then_find_generic() {
function insert_then_find_generic_legacy (line 62) | fn insert_then_find_generic_legacy() {
function find_leftover_test_generic_passwords (line 117) | fn find_leftover_test_generic_passwords() {
function generate_random_string (line 150) | fn generate_random_string() -> String {
FILE: security-framework-sys/src/access.rs
function SecAccessGetTypeID (line 5) | pub fn SecAccessGetTypeID() -> CFTypeID;
FILE: security-framework-sys/src/access_control.rs
constant kSecAccessControlUserPresence (line 11) | pub const kSecAccessControlUserPresence: CFOptionFlags = 1 << 0;
constant kSecAccessControlBiometryAny (line 12) | pub const kSecAccessControlBiometryAny: CFOptionFlags = 1 << 1;
constant kSecAccessControlBiometryCurrentSet (line 13) | pub const kSecAccessControlBiometryCurrentSet: CFOptionFlags = 1 << 3;
constant kSecAccessControlDevicePasscode (line 14) | pub const kSecAccessControlDevicePasscode: CFOptionFlags = 1 << 4;
constant kSecAccessControlWatch (line 16) | pub const kSecAccessControlWatch: CFOptionFlags = 1 << 5;
constant kSecAccessControlOr (line 17) | pub const kSecAccessControlOr: CFOptionFlags = 1 << 14;
constant kSecAccessControlAnd (line 18) | pub const kSecAccessControlAnd: CFOptionFlags = 1 << 15;
constant kSecAccessControlPrivateKeyUsage (line 19) | pub const kSecAccessControlPrivateKeyUsage: CFOptionFlags = 1 << 30;
constant kSecAccessControlApplicationPassword (line 20) | pub const kSecAccessControlApplicationPassword: CFOptionFlags = 1 << 31;
function SecAccessControlGetTypeID (line 36) | pub fn SecAccessControlGetTypeID() -> CFTypeID;
function SecAccessControlCreateWithFlags (line 38) | pub fn SecAccessControlCreateWithFlags(
FILE: security-framework-sys/src/authorization.rs
constant errAuthorizationSuccess (line 7) | pub const errAuthorizationSuccess: OSStatus = 0;
constant errAuthorizationInvalidSet (line 8) | pub const errAuthorizationInvalidSet: OSStatus = -60001;
constant errAuthorizationInvalidRef (line 9) | pub const errAuthorizationInvalidRef: OSStatus = -60002;
constant errAuthorizationInvalidTag (line 10) | pub const errAuthorizationInvalidTag: OSStatus = -60003;
constant errAuthorizationInvalidPointer (line 11) | pub const errAuthorizationInvalidPointer: OSStatus = -60004;
constant errAuthorizationDenied (line 12) | pub const errAuthorizationDenied: OSStatus = -60005;
constant errAuthorizationCanceled (line 13) | pub const errAuthorizationCanceled: OSStatus = -60006;
constant errAuthorizationInteractionNotAllowed (line 14) | pub const errAuthorizationInteractionNotAllowed: OSStatus = -60007;
constant errAuthorizationInternal (line 15) | pub const errAuthorizationInternal: OSStatus = -60008;
constant errAuthorizationExternalizeNotAllowed (line 16) | pub const errAuthorizationExternalizeNotAllowed: OSStatus = -60009;
constant errAuthorizationInternalizeNotAllowed (line 17) | pub const errAuthorizationInternalizeNotAllowed: OSStatus = -60010;
constant errAuthorizationInvalidFlags (line 18) | pub const errAuthorizationInvalidFlags: OSStatus = -60011;
constant errAuthorizationToolExecuteFailure (line 19) | pub const errAuthorizationToolExecuteFailure: OSStatus = -60031;
constant errAuthorizationToolEnvironmentError (line 20) | pub const errAuthorizationToolEnvironmentError: OSStatus = -60032;
constant errAuthorizationBadAddress (line 21) | pub const errAuthorizationBadAddress: OSStatus = -60033;
type AuthorizationFlags (line 23) | pub type AuthorizationFlags = u32;
constant kAuthorizationFlagDefaults (line 24) | pub const kAuthorizationFlagDefaults: AuthorizationFlags = 0;
constant kAuthorizationFlagInteractionAllowed (line 25) | pub const kAuthorizationFlagInteractionAllowed: AuthorizationFlags = 1;
constant kAuthorizationFlagExtendRights (line 26) | pub const kAuthorizationFlagExtendRights: AuthorizationFlags = 2;
constant kAuthorizationFlagPartialRights (line 27) | pub const kAuthorizationFlagPartialRights: AuthorizationFlags = 4;
constant kAuthorizationFlagDestroyRights (line 28) | pub const kAuthorizationFlagDestroyRights: AuthorizationFlags = 8;
constant kAuthorizationFlagPreAuthorize (line 29) | pub const kAuthorizationFlagPreAuthorize: AuthorizationFlags = 16;
type AuthorizationRef (line 31) | pub type AuthorizationRef = *mut c_void;
type AuthorizationString (line 32) | pub type AuthorizationString = *const c_char;
type AuthorizationItem (line 36) | pub struct AuthorizationItem {
type AuthorizationItemSet (line 45) | pub struct AuthorizationItemSet {
constant kAuthorizationExternalFormLength (line 50) | pub const kAuthorizationExternalFormLength: usize = 32;
type AuthorizationExternalForm (line 54) | pub struct AuthorizationExternalForm {
type AuthorizationRights (line 58) | pub type AuthorizationRights = AuthorizationItemSet;
type AuthorizationEnvironment (line 59) | pub type AuthorizationEnvironment = AuthorizationItemSet;
type AuthorizationAsyncCallback (line 61) | pub type AuthorizationAsyncCallback =
function AuthorizationCreate (line 65) | pub fn AuthorizationCreate(
function AuthorizationFree (line 72) | pub fn AuthorizationFree(
function AuthorizationCopyRights (line 77) | pub fn AuthorizationCopyRights(
function AuthorizationCopyRightsAsync (line 85) | pub fn AuthorizationCopyRightsAsync(
function AuthorizationCopyInfo (line 93) | pub fn AuthorizationCopyInfo(
function AuthorizationMakeExternalForm (line 99) | pub fn AuthorizationMakeExternalForm(
function AuthorizationCreateFromExternalForm (line 104) | pub fn AuthorizationCreateFromExternalForm(
function AuthorizationFreeItemSet (line 109) | pub fn AuthorizationFreeItemSet(set: *mut AuthorizationItemSet) -> OSSta...
function AuthorizationRightGet (line 111) | pub fn AuthorizationRightGet(
function AuthorizationRightSet (line 116) | pub fn AuthorizationRightSet(
function AuthorizationRightRemove (line 125) | pub fn AuthorizationRightRemove(
function AuthorizationExecuteWithPrivileges (line 131) | pub fn AuthorizationExecuteWithPrivileges(
function AuthorizationCopyPrivilegedReference (line 140) | pub fn AuthorizationCopyPrivilegedReference(
FILE: security-framework-sys/src/base.rs
type OpaqueSecKeychainRef (line 5) | pub enum OpaqueSecKeychainRef {}
type SecKeychainRef (line 7) | pub type SecKeychainRef = *mut OpaqueSecKeychainRef;
type OpaqueSecKeychainItemRef (line 9) | pub enum OpaqueSecKeychainItemRef {}
type SecKeychainItemRef (line 11) | pub type SecKeychainItemRef = *mut OpaqueSecKeychainItemRef;
type SecKeychainAttrType (line 15) | pub type SecKeychainAttrType = u32;
type SecKeychainAttribute (line 20) | pub struct SecKeychainAttribute {
type SecKeychainAttributeList (line 29) | pub struct SecKeychainAttributeList {
type OpaqueSecCertificateRef (line 34) | pub enum OpaqueSecCertificateRef {}
type SecCertificateRef (line 35) | pub type SecCertificateRef = *mut OpaqueSecCertificateRef;
type OpaqueSecAccessRef (line 37) | pub enum OpaqueSecAccessRef {}
type SecAccessRef (line 39) | pub type SecAccessRef = *mut OpaqueSecAccessRef;
type OpaqueSecAccessControlRef (line 41) | pub enum OpaqueSecAccessControlRef {}
type SecAccessControlRef (line 42) | pub type SecAccessControlRef = *mut OpaqueSecAccessControlRef;
type OpaqueSecKeyRef (line 44) | pub enum OpaqueSecKeyRef {}
type SecKeyRef (line 45) | pub type SecKeyRef = *mut OpaqueSecKeyRef;
type OpaqueSecIdentityRef (line 47) | pub enum OpaqueSecIdentityRef {}
type SecIdentityRef (line 48) | pub type SecIdentityRef = *mut OpaqueSecIdentityRef;
type OpaqueSecPolicyRef (line 50) | pub enum OpaqueSecPolicyRef {}
type SecPolicyRef (line 51) | pub type SecPolicyRef = *mut OpaqueSecPolicyRef;
constant errSecSuccess (line 53) | pub const errSecSuccess: OSStatus = 0;
constant errSecUnimplemented (line 54) | pub const errSecUnimplemented: OSStatus = -4;
constant errSecIO (line 55) | pub const errSecIO: OSStatus = -36;
constant errSecParam (line 56) | pub const errSecParam: OSStatus = -50;
constant errSecBadReq (line 57) | pub const errSecBadReq: OSStatus = -909;
constant errSecNoTrustSettings (line 58) | pub const errSecNoTrustSettings: OSStatus = -25263;
constant errSecAuthFailed (line 59) | pub const errSecAuthFailed: OSStatus = -25293;
constant errSecDuplicateItem (line 60) | pub const errSecDuplicateItem: OSStatus = -25299;
constant errSecItemNotFound (line 61) | pub const errSecItemNotFound: OSStatus = -25300;
constant errSecCreateChainFailed (line 62) | pub const errSecCreateChainFailed: OSStatus = -25318;
constant errSecConversionError (line 63) | pub const errSecConversionError: OSStatus = -67594;
constant errSecHostNameMismatch (line 64) | pub const errSecHostNameMismatch: OSStatus = -67602;
constant errSecInvalidExtendedKeyUsage (line 65) | pub const errSecInvalidExtendedKeyUsage: OSStatus = -67609;
constant errSecTrustSettingDeny (line 66) | pub const errSecTrustSettingDeny: OSStatus = -67654;
constant errSecCertificateRevoked (line 67) | pub const errSecCertificateRevoked: OSStatus = -67820;
constant errSecNotTrusted (line 68) | pub const errSecNotTrusted: OSStatus = -67843;
constant errSecInternalComponent (line 69) | pub const errSecInternalComponent: OSStatus = -2070;
function SecCopyErrorMessageString (line 73) | pub fn SecCopyErrorMessageString(status: OSStatus, reserved: *mut c_void...
FILE: security-framework-sys/src/certificate.rs
function SecCertificateGetTypeID (line 56) | pub fn SecCertificateGetTypeID() -> CFTypeID;
function SecCertificateCreateWithData (line 57) | pub fn SecCertificateCreateWithData(
function SecCertificateAddToKeychain (line 62) | pub fn SecCertificateAddToKeychain(
function SecCertificateCopyData (line 66) | pub fn SecCertificateCopyData(certificate: SecCertificateRef) -> CFDataRef;
function SecCertificateCopySubjectSummary (line 67) | pub fn SecCertificateCopySubjectSummary(certificate: SecCertificateRef) ...
function SecCertificateCopyCommonName (line 68) | pub fn SecCertificateCopyCommonName(
function SecCertificateCopyEmailAddresses (line 72) | pub fn SecCertificateCopyEmailAddresses(
function SecCertificateCopyNormalizedIssuerSequence (line 77) | pub fn SecCertificateCopyNormalizedIssuerSequence(certificate: SecCertif...
function SecCertificateCopyNormalizedSubjectSequence (line 79) | pub fn SecCertificateCopyNormalizedSubjectSequence(certificate: SecCerti...
function SecCertificateCopyPublicKey (line 84) | pub fn SecCertificateCopyPublicKey(
function SecCertificateCopyKey (line 88) | pub fn SecCertificateCopyKey(certificate: SecCertificateRef) -> SecKeyRef;
function SecCertificateCopySerialNumberData (line 89) | pub fn SecCertificateCopySerialNumberData(
function SecCertificateCopyValues (line 94) | pub fn SecCertificateCopyValues(
FILE: security-framework-sys/src/cipher_suite.rs
type SSLCipherSuite (line 2) | pub type SSLCipherSuite = u16;
type SSLCipherSuite (line 5) | pub type SSLCipherSuite = u16;
type SSLCipherSuite (line 8) | pub type SSLCipherSuite = u32;
constant SSL_NULL_WITH_NULL_NULL (line 10) | pub const SSL_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000;
constant SSL_RSA_WITH_NULL_MD5 (line 11) | pub const SSL_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001;
constant SSL_RSA_WITH_NULL_SHA (line 12) | pub const SSL_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002;
constant SSL_RSA_EXPORT_WITH_RC4_40_MD5 (line 13) | pub const SSL_RSA_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0003;
constant SSL_RSA_WITH_RC4_128_MD5 (line 14) | pub const SSL_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004;
constant SSL_RSA_WITH_RC4_128_SHA (line 15) | pub const SSL_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005;
constant SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (line 16) | pub const SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: SSLCipherSuite = 0x0006;
constant SSL_RSA_WITH_IDEA_CBC_SHA (line 17) | pub const SSL_RSA_WITH_IDEA_CBC_SHA: SSLCipherSuite = 0x0007;
constant SSL_RSA_EXPORT_WITH_DES40_CBC_SHA (line 18) | pub const SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0008;
constant SSL_RSA_WITH_DES_CBC_SHA (line 19) | pub const SSL_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0009;
constant SSL_RSA_WITH_3DES_EDE_CBC_SHA (line 20) | pub const SSL_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A;
constant SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (line 21) | pub const SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000B;
constant SSL_DH_DSS_WITH_DES_CBC_SHA (line 22) | pub const SSL_DH_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000C;
constant SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA (line 23) | pub const SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D;
constant SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (line 24) | pub const SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000E;
constant SSL_DH_RSA_WITH_DES_CBC_SHA (line 25) | pub const SSL_DH_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000F;
constant SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA (line 26) | pub const SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010;
constant SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (line 27) | pub const SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0011;
constant SSL_DHE_DSS_WITH_DES_CBC_SHA (line 28) | pub const SSL_DHE_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0012;
constant SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA (line 29) | pub const SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013;
constant SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (line 30) | pub const SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0014;
constant SSL_DHE_RSA_WITH_DES_CBC_SHA (line 31) | pub const SSL_DHE_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0015;
constant SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA (line 32) | pub const SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016;
constant SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 (line 33) | pub const SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0017;
constant SSL_DH_anon_WITH_RC4_128_MD5 (line 34) | pub const SSL_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018;
constant SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA (line 35) | pub const SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0019;
constant SSL_DH_anon_WITH_DES_CBC_SHA (line 36) | pub const SSL_DH_anon_WITH_DES_CBC_SHA: SSLCipherSuite = 0x001A;
constant SSL_DH_anon_WITH_3DES_EDE_CBC_SHA (line 37) | pub const SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B;
constant SSL_FORTEZZA_DMS_WITH_NULL_SHA (line 38) | pub const SSL_FORTEZZA_DMS_WITH_NULL_SHA: SSLCipherSuite = 0x001C;
constant SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA (line 39) | pub const SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: SSLCipherSuite = 0x001D;
constant TLS_RSA_WITH_AES_128_CBC_SHA (line 42) | pub const TLS_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x002F;
constant TLS_DH_DSS_WITH_AES_128_CBC_SHA (line 43) | pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0030;
constant TLS_DH_RSA_WITH_AES_128_CBC_SHA (line 44) | pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0031;
constant TLS_DHE_DSS_WITH_AES_128_CBC_SHA (line 45) | pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0032;
constant TLS_DHE_RSA_WITH_AES_128_CBC_SHA (line 46) | pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0033;
constant TLS_DH_anon_WITH_AES_128_CBC_SHA (line 47) | pub const TLS_DH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0034;
constant TLS_RSA_WITH_AES_256_CBC_SHA (line 48) | pub const TLS_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0035;
constant TLS_DH_DSS_WITH_AES_256_CBC_SHA (line 49) | pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0036;
constant TLS_DH_RSA_WITH_AES_256_CBC_SHA (line 50) | pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0037;
constant TLS_DHE_DSS_WITH_AES_256_CBC_SHA (line 51) | pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0038;
constant TLS_DHE_RSA_WITH_AES_256_CBC_SHA (line 52) | pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0039;
constant TLS_DH_anon_WITH_AES_256_CBC_SHA (line 53) | pub const TLS_DH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x003A;
constant TLS_ECDH_ECDSA_WITH_NULL_SHA (line 56) | pub const TLS_ECDH_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC001;
constant TLS_ECDH_ECDSA_WITH_RC4_128_SHA (line 57) | pub const TLS_ECDH_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC002;
constant TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (line 58) | pub const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC003;
constant TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (line 59) | pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC004;
constant TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (line 60) | pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC005;
constant TLS_ECDHE_ECDSA_WITH_NULL_SHA (line 61) | pub const TLS_ECDHE_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC006;
constant TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (line 62) | pub const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC007;
constant TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (line 63) | pub const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC008;
constant TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (line 64) | pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC009;
constant TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (line 65) | pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00A;
constant TLS_ECDH_RSA_WITH_NULL_SHA (line 66) | pub const TLS_ECDH_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC00B;
constant TLS_ECDH_RSA_WITH_RC4_128_SHA (line 67) | pub const TLS_ECDH_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC00C;
constant TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (line 68) | pub const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC00D;
constant TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (line 69) | pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC00E;
constant TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (line 70) | pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00F;
constant TLS_ECDHE_RSA_WITH_NULL_SHA (line 71) | pub const TLS_ECDHE_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC010;
constant TLS_ECDHE_RSA_WITH_RC4_128_SHA (line 72) | pub const TLS_ECDHE_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC011;
constant TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (line 73) | pub const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC012;
constant TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (line 74) | pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC013;
constant TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (line 75) | pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC014;
constant TLS_ECDH_anon_WITH_NULL_SHA (line 76) | pub const TLS_ECDH_anon_WITH_NULL_SHA: SSLCipherSuite = 0xC015;
constant TLS_ECDH_anon_WITH_RC4_128_SHA (line 77) | pub const TLS_ECDH_anon_WITH_RC4_128_SHA: SSLCipherSuite = 0xC016;
constant TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (line 78) | pub const TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC017;
constant TLS_ECDH_anon_WITH_AES_128_CBC_SHA (line 79) | pub const TLS_ECDH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC018;
constant TLS_ECDH_anon_WITH_AES_256_CBC_SHA (line 80) | pub const TLS_ECDH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC019;
constant TLS_NULL_WITH_NULL_NULL (line 85) | pub const TLS_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000;
constant TLS_RSA_WITH_NULL_MD5 (line 88) | pub const TLS_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001;
constant TLS_RSA_WITH_NULL_SHA (line 89) | pub const TLS_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002;
constant TLS_RSA_WITH_RC4_128_MD5 (line 90) | pub const TLS_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004;
constant TLS_RSA_WITH_RC4_128_SHA (line 91) | pub const TLS_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005;
constant TLS_RSA_WITH_3DES_EDE_CBC_SHA (line 92) | pub const TLS_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A;
constant TLS_RSA_WITH_NULL_SHA256 (line 95) | pub const TLS_RSA_WITH_NULL_SHA256: SSLCipherSuite = 0x003B;
constant TLS_RSA_WITH_AES_128_CBC_SHA256 (line 96) | pub const TLS_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003C;
constant TLS_RSA_WITH_AES_256_CBC_SHA256 (line 97) | pub const TLS_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x003D;
constant TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (line 100) | pub const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D;
constant TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (line 101) | pub const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010;
constant TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (line 102) | pub const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013;
constant TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (line 103) | pub const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016;
constant TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (line 112) | pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003E;
constant TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (line 113) | pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003F;
constant TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (line 114) | pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0040;
constant TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (line 115) | pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0067;
constant TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (line 116) | pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0068;
constant TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (line 117) | pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0069;
constant TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (line 118) | pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006A;
constant TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (line 119) | pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006B;
constant TLS_DH_anon_WITH_RC4_128_MD5 (line 122) | pub const TLS_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018;
constant TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (line 123) | pub const TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B;
constant TLS_DH_anon_WITH_AES_128_CBC_SHA256 (line 126) | pub const TLS_DH_anon_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x006C;
constant TLS_DH_anon_WITH_AES_256_CBC_SHA256 (line 127) | pub const TLS_DH_anon_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006D;
constant TLS_PSK_WITH_RC4_128_SHA (line 131) | pub const TLS_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008A;
constant TLS_PSK_WITH_3DES_EDE_CBC_SHA (line 132) | pub const TLS_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008B;
constant TLS_PSK_WITH_AES_128_CBC_SHA (line 133) | pub const TLS_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x008C;
constant TLS_PSK_WITH_AES_256_CBC_SHA (line 134) | pub const TLS_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x008D;
constant TLS_DHE_PSK_WITH_RC4_128_SHA (line 135) | pub const TLS_DHE_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008E;
constant TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA (line 136) | pub const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008F;
constant TLS_DHE_PSK_WITH_AES_128_CBC_SHA (line 137) | pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0090;
constant TLS_DHE_PSK_WITH_AES_256_CBC_SHA (line 138) | pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0091;
constant TLS_RSA_PSK_WITH_RC4_128_SHA (line 139) | pub const TLS_RSA_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x0092;
constant TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA (line 140) | pub const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0093;
constant TLS_RSA_PSK_WITH_AES_128_CBC_SHA (line 141) | pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0094;
constant TLS_RSA_PSK_WITH_AES_256_CBC_SHA (line 142) | pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0095;
constant TLS_PSK_WITH_NULL_SHA (line 146) | pub const TLS_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002C;
constant TLS_DHE_PSK_WITH_NULL_SHA (line 147) | pub const TLS_DHE_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002D;
constant TLS_RSA_PSK_WITH_NULL_SHA (line 148) | pub const TLS_RSA_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002E;
constant TLS_RSA_WITH_AES_128_GCM_SHA256 (line 152) | pub const TLS_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009C;
constant TLS_RSA_WITH_AES_256_GCM_SHA384 (line 153) | pub const TLS_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009D;
constant TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (line 154) | pub const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009E;
constant TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (line 155) | pub const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009F;
constant TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (line 156) | pub const TLS_DH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A0;
constant TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (line 157) | pub const TLS_DH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A1;
constant TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (line 158) | pub const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A2;
constant TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (line 159) | pub const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A3;
constant TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (line 160) | pub const TLS_DH_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A4;
constant TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (line 161) | pub const TLS_DH_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A5;
constant TLS_DH_anon_WITH_AES_128_GCM_SHA256 (line 162) | pub const TLS_DH_anon_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A6;
constant TLS_DH_anon_WITH_AES_256_GCM_SHA384 (line 163) | pub const TLS_DH_anon_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A7;
constant TLS_PSK_WITH_AES_128_GCM_SHA256 (line 166) | pub const TLS_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A8;
constant TLS_PSK_WITH_AES_256_GCM_SHA384 (line 167) | pub const TLS_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A9;
constant TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 (line 168) | pub const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AA;
constant TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (line 169) | pub const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AB;
constant TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 (line 170) | pub const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AC;
constant TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 (line 171) | pub const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AD;
constant TLS_PSK_WITH_AES_128_CBC_SHA256 (line 173) | pub const TLS_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00AE;
constant TLS_PSK_WITH_AES_256_CBC_SHA384 (line 174) | pub const TLS_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00AF;
constant TLS_PSK_WITH_NULL_SHA256 (line 175) | pub const TLS_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B0;
constant TLS_PSK_WITH_NULL_SHA384 (line 176) | pub const TLS_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B1;
constant TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 (line 178) | pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B2;
constant TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 (line 179) | pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B3;
constant TLS_DHE_PSK_WITH_NULL_SHA256 (line 180) | pub const TLS_DHE_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B4;
constant TLS_DHE_PSK_WITH_NULL_SHA384 (line 181) | pub const TLS_DHE_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B5;
constant TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 (line 183) | pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B6;
constant TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 (line 184) | pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B7;
constant TLS_RSA_PSK_WITH_NULL_SHA256 (line 185) | pub const TLS_RSA_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B8;
constant TLS_RSA_PSK_WITH_NULL_SHA384 (line 186) | pub const TLS_RSA_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B9;
constant TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (line 190) | pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC023;
constant TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (line 191) | pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC024;
constant TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (line 192) | pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC025;
constant TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (line 193) | pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC026;
constant TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (line 194) | pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC027;
constant TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (line 195) | pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC028;
constant TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (line 196) | pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC029;
constant TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (line 197) | pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC02A;
constant TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (line 201) | pub const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02B;
constant TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (line 202) | pub const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02C;
constant TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (line 203) | pub const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02D;
constant TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (line 204) | pub const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02E;
constant TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (line 205) | pub const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02F;
constant TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (line 206) | pub const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC030;
constant TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (line 207) | pub const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC031;
constant TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (line 208) | pub const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC032;
constant TLS_EMPTY_RENEGOTIATION_INFO_SCSV (line 211) | pub const TLS_EMPTY_RENEGOTIATION_INFO_SCSV: SSLCipherSuite = 0x00FF;
constant SSL_RSA_WITH_RC2_CBC_MD5 (line 215) | pub const SSL_RSA_WITH_RC2_CBC_MD5: SSLCipherSuite = 0xFF80;
constant SSL_RSA_WITH_IDEA_CBC_MD5 (line 216) | pub const SSL_RSA_WITH_IDEA_CBC_MD5: SSLCipherSuite = 0xFF81;
constant SSL_RSA_WITH_DES_CBC_MD5 (line 217) | pub const SSL_RSA_WITH_DES_CBC_MD5: SSLCipherSuite = 0xFF82;
constant SSL_RSA_WITH_3DES_EDE_CBC_MD5 (line 218) | pub const SSL_RSA_WITH_3DES_EDE_CBC_MD5: SSLCipherSuite = 0xFF83;
constant SSL_NO_SUCH_CIPHERSUITE (line 219) | pub const SSL_NO_SUCH_CIPHERSUITE: SSLCipherSuite = 0xFFFF;
FILE: security-framework-sys/src/cms.rs
type OpaqueCMSEncoderRef (line 14) | pub enum OpaqueCMSEncoderRef {}
type CMSEncoderRef (line 15) | pub type CMSEncoderRef = *mut OpaqueCMSEncoderRef;
type OpaqueCMSDecoderRef (line 17) | pub enum OpaqueCMSDecoderRef {}
type CMSDecoderRef (line 18) | pub type CMSDecoderRef = *mut OpaqueCMSEncoderRef;
type CMSSignerStatus (line 22) | pub enum CMSSignerStatus {
type CMSSignedAttributes (line 31) | pub type CMSSignedAttributes = u32;
constant kCMSAttrNone (line 32) | pub const kCMSAttrNone: CMSSignedAttributes = 0x0000;
constant kCMSAttrSmimeCapabilities (line 33) | pub const kCMSAttrSmimeCapabilities: CMSSignedAttributes = 0x0001;
constant kCMSAttrSmimeEncryptionKeyPrefs (line 34) | pub const kCMSAttrSmimeEncryptionKeyPrefs: CMSSignedAttributes = 0x0002;
constant kCMSAttrSmimeMSEncryptionKeyPrefs (line 35) | pub const kCMSAttrSmimeMSEncryptionKeyPrefs: CMSSignedAttributes = 0x0004;
constant kCMSAttrSigningTime (line 36) | pub const kCMSAttrSigningTime: CMSSignedAttributes = 0x0008;
constant kCMSAttrAppleCodesigningHashAgility (line 37) | pub const kCMSAttrAppleCodesigningHashAgility: CMSSignedAttributes = 0x0...
constant kCMSAttrAppleCodesigningHashAgilityV2 (line 38) | pub const kCMSAttrAppleCodesigningHashAgilityV2: CMSSignedAttributes = 0...
constant kCMSAttrAppleExpirationTime (line 39) | pub const kCMSAttrAppleExpirationTime: CMSSignedAttributes = 0x0040;
type CMSCertificateChainMode (line 43) | pub enum CMSCertificateChainMode {
function CMSDecoderGetTypeID (line 55) | pub fn CMSDecoderGetTypeID() -> CFTypeID;
function CMSDecoderCreate (line 57) | pub fn CMSDecoderCreate(output: *mut CMSDecoderRef) -> OSStatus;
function CMSDecoderUpdateMessage (line 59) | pub fn CMSDecoderUpdateMessage(
function CMSDecoderFinalizeMessage (line 65) | pub fn CMSDecoderFinalizeMessage(decoder: CMSDecoderRef) -> OSStatus;
function CMSDecoderSetDetachedContent (line 67) | pub fn CMSDecoderSetDetachedContent(
function CMSDecoderCopyDetachedContent (line 72) | pub fn CMSDecoderCopyDetachedContent(
function CMSDecoderGetNumSigners (line 77) | pub fn CMSDecoderGetNumSigners(
function CMSDecoderCopySignerStatus (line 82) | pub fn CMSDecoderCopySignerStatus(
function CMSDecoderCopySignerEmailAddress (line 92) | pub fn CMSDecoderCopySignerEmailAddress(
function CMSDecoderCopySignerCert (line 98) | pub fn CMSDecoderCopySignerCert(
function CMSDecoderIsContentEncrypted (line 104) | pub fn CMSDecoderIsContentEncrypted(
function CMSDecoderCopyEncapsulatedContentType (line 109) | pub fn CMSDecoderCopyEncapsulatedContentType(
function CMSDecoderCopyAllCerts (line 114) | pub fn CMSDecoderCopyAllCerts(decoder: CMSDecoderRef, certs_out: *mut CF...
function CMSDecoderCopyContent (line 116) | pub fn CMSDecoderCopyContent(decoder: CMSDecoderRef, content_out: *mut C...
function CMSDecoderCopySignerSigningTime (line 118) | pub fn CMSDecoderCopySignerSigningTime(
function CMSDecoderCopySignerTimestamp (line 124) | pub fn CMSDecoderCopySignerTimestamp(
function CMSDecoderCopySignerTimestampWithPolicy (line 130) | pub fn CMSDecoderCopySignerTimestampWithPolicy(
function CMSDecoderCopySignerTimestampCertificates (line 137) | pub fn CMSDecoderCopySignerTimestampCertificates(
function CMSEncoderGetTypeID (line 148) | pub fn CMSEncoderGetTypeID() -> CFTypeID;
function CMSEncoderCreate (line 150) | pub fn CMSEncoderCreate(encoder_out: *mut CMSEncoderRef) -> OSStatus;
function CMSEncoderSetSignerAlgorithm (line 152) | pub fn CMSEncoderSetSignerAlgorithm(
function CMSEncoderAddSigners (line 157) | pub fn CMSEncoderAddSigners(encoder: CMSEncoderRef, signer_or_array: CFT...
function CMSEncoderCopySigners (line 159) | pub fn CMSEncoderCopySigners(encoder: CMSEncoderRef, signers_out: *mut C...
function CMSEncoderAddRecipients (line 161) | pub fn CMSEncoderAddRecipients(
function CMSEncoderCopyRecipients (line 166) | pub fn CMSEncoderCopyRecipients(
function CMSEncoderSetHasDetachedContent (line 171) | pub fn CMSEncoderSetHasDetachedContent(
function CMSEncoderGetHasDetachedContent (line 176) | pub fn CMSEncoderGetHasDetachedContent(
function CMSEncoderSetEncapsulatedContentTypeOID (line 181) | pub fn CMSEncoderSetEncapsulatedContentTypeOID(
function CMSEncoderCopyEncapsulatedContentType (line 186) | pub fn CMSEncoderCopyEncapsulatedContentType(
function CMSEncoderAddSupportingCerts (line 191) | pub fn CMSEncoderAddSupportingCerts(
function CMSEncoderCopySupportingCerts (line 196) | pub fn CMSEncoderCopySupportingCerts(
function CMSEncoderAddSignedAttributes (line 201) | pub fn CMSEncoderAddSignedAttributes(
function CMSEncoderSetCertificateChainMode (line 206) | pub fn CMSEncoderSetCertificateChainMode(
function CMSEncoderGetCertificateChainMode (line 211) | pub fn CMSEncoderGetCertificateChainMode(
function CMSEncoderUpdateContent (line 216) | pub fn CMSEncoderUpdateContent(
function CMSEncoderCopyEncodedContent (line 222) | pub fn CMSEncoderCopyEncodedContent(
function CMSEncodeContent (line 227) | pub fn CMSEncodeContent(
function CMSEncoderCopySignerTimestamp (line 238) | pub fn CMSEncoderCopySignerTimestamp(
function CMSEncoderCopySignerTimestampWithPolicy (line 244) | pub fn CMSEncoderCopySignerTimestampWithPolicy(
FILE: security-framework-sys/src/code_signing.rs
type OpaqueSecRequirementRef (line 6) | pub enum OpaqueSecRequirementRef {}
type SecRequirementRef (line 7) | pub type SecRequirementRef = *mut OpaqueSecRequirementRef;
type OpaqueSecCodeRef (line 9) | pub enum OpaqueSecCodeRef {}
type SecCodeRef (line 10) | pub type SecCodeRef = *mut OpaqueSecCodeRef;
type OpaqueSecStaticCodeRef (line 12) | pub enum OpaqueSecStaticCodeRef {}
type SecStaticCodeRef (line 13) | pub type SecStaticCodeRef = *mut OpaqueSecStaticCodeRef;
type SecCSFlags (line 15) | pub type SecCSFlags = u32;
constant kSecCSCheckAllArchitectures (line 16) | pub const kSecCSCheckAllArchitectures: SecCSFlags = 1 << 0;
constant kSecCSDoNotValidateExecutable (line 17) | pub const kSecCSDoNotValidateExecutable: SecCSFlags = 1 << 1;
constant kSecCSDoNotValidateResources (line 18) | pub const kSecCSDoNotValidateResources: SecCSFlags = 1 << 2;
constant kSecCSBasicValidateOnly (line 19) | pub const kSecCSBasicValidateOnly: SecCSFlags = kSecCSDoNotValidateExecu...
constant kSecCSCheckNestedCode (line 20) | pub const kSecCSCheckNestedCode: SecCSFlags = 1 << 3;
constant kSecCSStrictValidate (line 21) | pub const kSecCSStrictValidate: SecCSFlags = 1 << 4;
constant kSecCSFullReport (line 22) | pub const kSecCSFullReport: SecCSFlags = 1 << 5;
constant kSecCSCheckGatekeeperArchitectures (line 23) | pub const kSecCSCheckGatekeeperArchitectures: SecCSFlags = (1 << 6) | kS...
constant kSecCSRestrictSymlinks (line 24) | pub const kSecCSRestrictSymlinks: SecCSFlags = 1 << 7;
constant kSecCSRestrictToAppLike (line 25) | pub const kSecCSRestrictToAppLike: SecCSFlags = 1 << 8;
constant kSecCSRestrictSidebandData (line 26) | pub const kSecCSRestrictSidebandData: SecCSFlags = 1 << 9;
constant kSecCSUseSoftwareSigningCert (line 27) | pub const kSecCSUseSoftwareSigningCert: SecCSFlags = 1 << 10;
constant kSecCSValidatePEH (line 28) | pub const kSecCSValidatePEH: SecCSFlags = 1 << 11;
constant kSecCSSingleThreaded (line 29) | pub const kSecCSSingleThreaded: SecCSFlags = 1 << 12;
constant kSecCSQuickCheck (line 34) | pub const kSecCSQuickCheck: SecCSFlags = 1 << 26;
constant kSecCSCheckTrustedAnchors (line 35) | pub const kSecCSCheckTrustedAnchors: SecCSFlags = 1 << 27;
constant kSecCSReportProgress (line 36) | pub const kSecCSReportProgress: SecCSFlags = 1 << 28;
constant kSecCSNoNetworkAccess (line 37) | pub const kSecCSNoNetworkAccess: SecCSFlags = 1 << 29;
constant kSecCSEnforceRevocationChecks (line 38) | pub const kSecCSEnforceRevocationChecks: SecCSFlags = 1 << 30;
constant kSecCSConsiderExpiration (line 39) | pub const kSecCSConsiderExpiration: SecCSFlags = 1 << 31;
function SecCodeGetTypeID (line 52) | pub fn SecCodeGetTypeID() -> CFTypeID;
function SecStaticCodeGetTypeID (line 53) | pub fn SecStaticCodeGetTypeID() -> CFTypeID;
function SecRequirementGetTypeID (line 54) | pub fn SecRequirementGetTypeID() -> CFTypeID;
function SecCodeCheckValidity (line 56) | pub fn SecCodeCheckValidity(
function SecCodeCopyGuestWithAttributes (line 62) | pub fn SecCodeCopyGuestWithAttributes(
function SecCodeCopyPath (line 69) | pub fn SecCodeCopyPath(
function SecCodeCopySelf (line 75) | pub fn SecCodeCopySelf(flags: SecCSFlags, out: *mut SecCodeRef) -> OSSta...
function SecRequirementCreateWithString (line 77) | pub fn SecRequirementCreateWithString(
function SecStaticCodeCheckValidity (line 83) | pub fn SecStaticCodeCheckValidity(
function SecStaticCodeCreateWithPath (line 89) | pub fn SecStaticCodeCreateWithPath(
FILE: security-framework-sys/src/digest_transform.rs
function SecDigestTransformCreate (line 21) | pub fn SecDigestTransformCreate(
FILE: security-framework-sys/src/encrypt_transform.rs
function SecDecryptTransformCreate (line 24) | pub fn SecDecryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorR...
function SecEncryptTransformCreate (line 28) | pub fn SecEncryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorR...
FILE: security-framework-sys/src/identity.rs
function SecIdentityGetTypeID (line 8) | pub fn SecIdentityGetTypeID() -> CFTypeID;
function SecIdentityCopyCertificate (line 9) | pub fn SecIdentityCopyCertificate(
function SecIdentityCopyPrivateKey (line 13) | pub fn SecIdentityCopyPrivateKey(identity: SecIdentityRef, key_ref: *mut...
function SecIdentityCreateWithCertificate (line 16) | pub fn SecIdentityCreateWithCertificate(
FILE: security-framework-sys/src/import_export.rs
type SecExternalFormat (line 16) | pub type SecExternalFormat = u32;
type SecExternalItemType (line 18) | pub type SecExternalItemType = u32;
type SecItemImportExportFlags (line 20) | pub type SecItemImportExportFlags = u32;
type SecKeyImportExportFlags (line 22) | pub type SecKeyImportExportFlags = u32;
constant kSecKeyImportOnlyOne (line 25) | pub const kSecKeyImportOnlyOne: SecKeyImportExportFlags = 1;
constant kSecKeySecurePassphrase (line 27) | pub const kSecKeySecurePassphrase: SecKeyImportExportFlags = 2;
constant kSecKeyNoAccessControl (line 29) | pub const kSecKeyNoAccessControl: SecKeyImportExportFlags = 4;
constant SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION (line 32) | pub const SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION: c_uint = 0;
constant kSecFormatUnknown (line 37) | pub const kSecFormatUnknown: SecExternalFormat = 0;
constant kSecFormatOpenSSL (line 39) | pub const kSecFormatOpenSSL: SecExternalFormat = 1;
constant kSecFormatSSH (line 41) | pub const kSecFormatSSH: SecExternalFormat = 2;
constant kSecFormatBSAFE (line 42) | pub const kSecFormatBSAFE: SecExternalFormat = 3;
constant kSecFormatRawKey (line 44) | pub const kSecFormatRawKey: SecExternalFormat = 4;
constant kSecFormatWrappedPKCS8 (line 45) | pub const kSecFormatWrappedPKCS8: SecExternalFormat = 5;
constant kSecFormatWrappedOpenSSL (line 47) | pub const kSecFormatWrappedOpenSSL: SecExternalFormat = 6;
constant kSecFormatWrappedSSH (line 49) | pub const kSecFormatWrappedSSH: SecExternalFormat = 7;
constant kSecFormatWrappedLSH (line 50) | pub const kSecFormatWrappedLSH: SecExternalFormat = 8;
constant kSecFormatX509Cert (line 52) | pub const kSecFormatX509Cert: SecExternalFormat = 9;
constant kSecFormatPEMSequence (line 54) | pub const kSecFormatPEMSequence: SecExternalFormat = 10;
constant kSecFormatPKCS7 (line 56) | pub const kSecFormatPKCS7: SecExternalFormat = 11;
constant kSecFormatPKCS12 (line 58) | pub const kSecFormatPKCS12: SecExternalFormat = 12;
constant kSecFormatNetscapeCertSequence (line 60) | pub const kSecFormatNetscapeCertSequence: SecExternalFormat = 13;
constant kSecFormatSSHv2 (line 62) | pub const kSecFormatSSHv2: SecExternalFormat = 14;
type SecItemImportExportKeyParameters (line 71) | pub struct SecItemImportExportKeyParameters {
function SecItemImport (line 84) | pub fn SecItemImport(
function SecItemExport (line 96) | pub fn SecItemExport(
function SecPKCS12Import (line 116) | pub fn SecPKCS12Import(
FILE: security-framework-sys/src/key.rs
type SecKeyAlgorithm (line 9) | pub type SecKeyAlgorithm = CFStringRef;
type SecKeyOperationType (line 11) | pub type SecKeyOperationType = u32;
constant kSecKeyOperationTypeSign (line 12) | pub const kSecKeyOperationTypeSign: SecKeyOperationType = 0;
constant kSecKeyOperationTypeVerify (line 13) | pub const kSecKeyOperationTypeVerify: SecKeyOperationType = 1;
constant kSecKeyOperationTypeEncrypt (line 14) | pub const kSecKeyOperationTypeEncrypt: SecKeyOperationType = 2;
constant kSecKeyOperationTypeDecrypt (line 15) | pub const kSecKeyOperationTypeDecrypt: SecKeyOperationType = 3;
constant kSecKeyOperationTypeKeyExchange (line 16) | pub const kSecKeyOperationTypeKeyExchange: SecKeyOperationType = 4;
function SecKeyGetTypeID (line 19) | pub fn SecKeyGetTypeID() -> CFTypeID;
function SecKeyCreateRandomKey (line 21) | pub fn SecKeyCreateRandomKey(parameters: CFDictionaryRef, error: *mut CF...
function SecKeyCreateWithData (line 23) | pub fn SecKeyCreateWithData(
function SecKeyCreateFromData (line 31) | pub fn SecKeyCreateFromData(
function SecKeyCopyExternalRepresentation (line 38) | pub fn SecKeyCopyExternalRepresentation(key: SecKeyRef, error: *mut CFEr...
function SecKeyCopyAttributes (line 40) | pub fn SecKeyCopyAttributes(key: SecKeyRef) -> CFDictionaryRef;
function SecKeyCopyPublicKey (line 42) | pub fn SecKeyCopyPublicKey(key: SecKeyRef) -> SecKeyRef;
function SecKeyCreateSignature (line 45) | pub fn SecKeyCreateSignature(
function SecKeyVerifySignature (line 53) | pub fn SecKeyVerifySignature(
function SecKeyCreateEncryptedData (line 62) | pub fn SecKeyCreateEncryptedData(
function SecKeyCreateDecryptedData (line 70) | pub fn SecKeyCreateDecryptedData(
function SecKeyIsAlgorithmSupported (line 78) | pub fn SecKeyIsAlgorithmSupported(
function SecKeyCopyKeyExchangeResult (line 85) | pub fn SecKeyCopyKeyExchangeResult(
FILE: security-framework-sys/src/keychain.rs
constant SEC_KEYCHAIN_SETTINGS_VERS1 (line 14) | pub const SEC_KEYCHAIN_SETTINGS_VERS1: c_uint = 1;
type SecKeychainSettings (line 18) | pub struct SecKeychainSettings {
type SecProtocolType (line 42) | pub enum SecProtocolType {
type SecAuthenticationType (line 117) | pub enum SecAuthenticationType {
type SecPreferencesDomain (line 139) | pub enum SecPreferencesDomain {
function SecKeychainGetTypeID (line 148) | pub fn SecKeychainGetTypeID() -> CFTypeID;
function SecKeychainCopyDefault (line 150) | pub fn SecKeychainCopyDefault(keychain: *mut SecKeychainRef) -> OSStatus;
function SecKeychainCopyDomainDefault (line 152) | pub fn SecKeychainCopyDomainDefault(
function SecKeychainCreate (line 158) | pub fn SecKeychainCreate(
function SecKeychainOpen (line 168) | pub fn SecKeychainOpen(pathName: *const c_char, keychain: *mut SecKeycha...
function SecKeychainUnlock (line 171) | pub fn SecKeychainUnlock(
function SecKeychainFindGenericPassword (line 178) | pub fn SecKeychainFindGenericPassword(
function SecKeychainFindInternetPassword (line 190) | pub fn SecKeychainFindInternetPassword(
function SecKeychainAddGenericPassword (line 209) | pub fn SecKeychainAddGenericPassword(
function SecKeychainAddInternetPassword (line 221) | pub fn SecKeychainAddInternetPassword(
function SecKeychainSetSettings (line 240) | pub fn SecKeychainSetSettings(
function SecKeychainGetUserInteractionAllowed (line 246) | pub fn SecKeychainGetUserInteractionAllowed(state: *mut Boolean) -> OSSt...
function SecKeychainSetUserInteractionAllowed (line 249) | pub fn SecKeychainSetUserInteractionAllowed(state: Boolean) -> OSStatus;
FILE: security-framework-sys/src/keychain_item.rs
function SecKeychainItemGetTypeID (line 15) | pub fn SecKeychainItemGetTypeID() -> CFTypeID;
function SecItemAdd (line 18) | pub fn SecItemAdd(attributes: CFDictionaryRef, result: *mut CFTypeRef) -...
function SecItemCopyMatching (line 21) | pub fn SecItemCopyMatching(query: CFDictionaryRef, result: *mut CFTypeRe...
function SecItemUpdate (line 24) | pub fn SecItemUpdate(query: CFDictionaryRef, attributesToUpdate: CFDicti...
function SecItemDelete (line 27) | pub fn SecItemDelete(query: CFDictionaryRef) -> OSStatus;
function SecKeychainItemModifyAttributesAndData (line 32) | pub fn SecKeychainItemModifyAttributesAndData(
function SecKeychainItemFreeContent (line 41) | pub fn SecKeychainItemFreeContent(
function SecKeychainItemDelete (line 48) | pub fn SecKeychainItemDelete(itemRef: SecKeychainItemRef) -> OSStatus;
FILE: security-framework-sys/src/policy.rs
constant kSecRevocationOCSPMethod (line 9) | pub const kSecRevocationOCSPMethod: CFOptionFlags = 1 << 0;
constant kSecRevocationCRLMethod (line 10) | pub const kSecRevocationCRLMethod: CFOptionFlags = 1 << 1;
constant kSecRevocationPreferCRL (line 11) | pub const kSecRevocationPreferCRL: CFOptionFlags = 1 << 2;
constant kSecRevocationRequirePositiveResponse (line 12) | pub const kSecRevocationRequirePositiveResponse: CFOptionFlags = 1 << 3;
constant kSecRevocationNetworkAccessDisabled (line 13) | pub const kSecRevocationNetworkAccessDisabled: CFOptionFlags = 1 << 4;
constant kSecRevocationUseAnyAvailableMethod (line 14) | pub const kSecRevocationUseAnyAvailableMethod: CFOptionFlags = kSecRevoc...
function SecPolicyCreateSSL (line 20) | pub fn SecPolicyCreateSSL(server: Boolean, hostname: CFStringRef) -> Sec...
function SecPolicyCreateRevocation (line 21) | pub fn SecPolicyCreateRevocation(revocationFlags: CFOptionFlags) -> SecP...
function SecPolicyGetTypeID (line 22) | pub fn SecPolicyGetTypeID() -> CFTypeID;
function SecPolicyCreateBasicX509 (line 23) | pub fn SecPolicyCreateBasicX509() -> SecPolicyRef;
FILE: security-framework-sys/src/random.rs
type __SecRandom (line 3) | pub enum __SecRandom {}
type SecRandomRef (line 4) | pub type SecRandomRef = *const __SecRandom;
function SecRandomCopyBytes (line 9) | pub fn SecRandomCopyBytes(rnd: SecRandomRef, count: usize, bytes: *mut c...
FILE: security-framework-sys/src/secure_transport.rs
type SSLContext (line 10) | pub enum SSLContext {}
type SSLContextRef (line 11) | pub type SSLContextRef = *mut SSLContext;
type SSLConnectionRef (line 13) | pub type SSLConnectionRef = *const c_void;
type SSLProtocol (line 15) | pub type SSLProtocol = c_int;
constant kSSLProtocolUnknown (line 16) | pub const kSSLProtocolUnknown: SSLProtocol = 0;
constant kSSLProtocol3 (line 17) | pub const kSSLProtocol3: SSLProtocol = 2;
constant kTLSProtocol1 (line 18) | pub const kTLSProtocol1: SSLProtocol = 4;
constant kTLSProtocol11 (line 19) | pub const kTLSProtocol11: SSLProtocol = 7;
constant kTLSProtocol12 (line 20) | pub const kTLSProtocol12: SSLProtocol = 8;
constant kDTLSProtocol1 (line 21) | pub const kDTLSProtocol1: SSLProtocol = 9;
constant kTLSProtocol13 (line 22) | pub const kTLSProtocol13: SSLProtocol = 10;
constant kSSLProtocol2 (line 23) | pub const kSSLProtocol2: SSLProtocol = 1;
constant kSSLProtocol3Only (line 24) | pub const kSSLProtocol3Only: SSLProtocol = 3;
constant kTLSProtocol1Only (line 25) | pub const kTLSProtocol1Only: SSLProtocol = 5;
constant kSSLProtocolAll (line 26) | pub const kSSLProtocolAll: SSLProtocol = 6;
type SSLSessionOption (line 28) | pub type SSLSessionOption = c_int;
constant kSSLSessionOptionBreakOnServerAuth (line 30) | pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0;
constant kSSLSessionOptionBreakOnCertRequested (line 32) | pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1;
constant kSSLSessionOptionBreakOnClientAuth (line 34) | pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2;
constant kSSLSessionOptionFalseStart (line 36) | pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3;
constant kSSLSessionOptionSendOneByteRecord (line 37) | pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4;
constant kSSLSessionOptionAllowServerIdentityChange (line 39) | pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5;
constant kSSLSessionOptionFallback (line 42) | pub const kSSLSessionOptionFallback: SSLSessionOption = 6;
constant kSSLSessionOptionBreakOnClientHello (line 44) | pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7;
type SSLSessionState (line 46) | pub type SSLSessionState = c_int;
constant kSSLIdle (line 47) | pub const kSSLIdle: SSLSessionState = 0;
constant kSSLHandshake (line 48) | pub const kSSLHandshake: SSLSessionState = 1;
constant kSSLConnected (line 49) | pub const kSSLConnected: SSLSessionState = 2;
constant kSSLClosed (line 50) | pub const kSSLClosed: SSLSessionState = 3;
constant kSSLAborted (line 51) | pub const kSSLAborted: SSLSessionState = 4;
type SSLReadFunc (line 53) | pub type SSLReadFunc = unsafe extern "C" fn(
type SSLWriteFunc (line 59) | pub type SSLWriteFunc = unsafe extern "C" fn(
type SSLProtocolSide (line 65) | pub type SSLProtocolSide = c_int;
constant kSSLServerSide (line 66) | pub const kSSLServerSide: SSLProtocolSide = 0;
constant kSSLClientSide (line 67) | pub const kSSLClientSide: SSLProtocolSide = 1;
type SSLConnectionType (line 69) | pub type SSLConnectionType = c_int;
constant kSSLStreamType (line 70) | pub const kSSLStreamType: SSLConnectionType = 0;
constant kSSLDatagramType (line 71) | pub const kSSLDatagramType: SSLConnectionType = 1;
constant errSSLProtocol (line 73) | pub const errSSLProtocol: OSStatus = -9800;
constant errSSLNegotiation (line 74) | pub const errSSLNegotiation: OSStatus = -9801;
constant errSSLFatalAlert (line 75) | pub const errSSLFatalAlert: OSStatus = -9802;
constant errSSLWouldBlock (line 76) | pub const errSSLWouldBlock: OSStatus = -9803;
constant errSSLSessionNotFound (line 77) | pub const errSSLSessionNotFound: OSStatus = -9804;
constant errSSLClosedGraceful (line 78) | pub const errSSLClosedGraceful: OSStatus = -9805;
constant errSSLClosedAbort (line 79) | pub const errSSLClosedAbort: OSStatus = -9806;
constant errSSLXCertChainInvalid (line 80) | pub const errSSLXCertChainInvalid: OSStatus = -9807;
constant errSSLBadCert (line 81) | pub const errSSLBadCert: OSStatus = -9808;
constant errSSLCrypto (line 82) | pub const errSSLCrypto: OSStatus = -9809;
constant errSSLInternal (line 83) | pub const errSSLInternal: OSStatus = -9810;
constant errSSLModuleAttach (line 84) | pub const errSSLModuleAttach: OSStatus = -9811;
constant errSSLUnknownRootCert (line 85) | pub const errSSLUnknownRootCert: OSStatus = -9812;
constant errSSLNoRootCert (line 86) | pub const errSSLNoRootCert: OSStatus = -9813;
constant errSSLCertExpired (line 87) | pub const errSSLCertExpired: OSStatus = -9814;
constant errSSLCertNotYetValid (line 88) | pub const errSSLCertNotYetValid: OSStatus = -9815;
constant errSSLClosedNoNotify (line 89) | pub const errSSLClosedNoNotify: OSStatus = -9816;
constant errSSLBufferOverflow (line 90) | pub const errSSLBufferOverflow: OSStatus = -9817;
constant errSSLBadCipherSuite (line 91) | pub const errSSLBadCipherSuite: OSStatus = -9818;
constant errSSLPeerUnexpectedMsg (line 92) | pub const errSSLPeerUnexpectedMsg: OSStatus = -9819;
constant errSSLPeerBadRecordMac (line 93) | pub const errSSLPeerBadRecordMac: OSStatus = -9820;
constant errSSLPeerDecryptionFail (line 94) | pub const errSSLPeerDecryptionFail: OSStatus = -9821;
constant errSSLPeerRecordOverflow (line 95) | pub const errSSLPeerRecordOverflow: OSStatus = -9822;
constant errSSLPeerDecompressFail (line 96) | pub const errSSLPeerDecompressFail: OSStatus = -9823;
constant errSSLPeerHandshakeFail (line 97) | pub const errSSLPeerHandshakeFail: OSStatus = -9824;
constant errSSLPeerBadCert (line 98) | pub const errSSLPeerBadCert: OSStatus = -9825;
constant errSSLPeerUnsupportedCert (line 99) | pub const errSSLPeerUnsupportedCert: OSStatus = -9826;
constant errSSLPeerCertRevoked (line 100) | pub const errSSLPeerCertRevoked: OSStatus = -9827;
constant errSSLPeerCertExpired (line 101) | pub const errSSLPeerCertExpired: OSStatus = -9828;
constant errSSLPeerCertUnknown (line 102) | pub const errSSLPeerCertUnknown: OSStatus = -9829;
constant errSSLIllegalParam (line 103) | pub const errSSLIllegalParam: OSStatus = -9830;
constant errSSLPeerUnknownCA (line 104) | pub const errSSLPeerUnknownCA: OSStatus = -9831;
constant errSSLPeerAccessDenied (line 105) | pub const errSSLPeerAccessDenied: OSStatus = -9832;
constant errSSLPeerDecodeError (line 106) | pub const errSSLPeerDecodeError: OSStatus = -9833;
constant errSSLPeerDecryptError (line 107) | pub const errSSLPeerDecryptError: OSStatus = -9834;
constant errSSLPeerExportRestriction (line 108) | pub const errSSLPeerExportRestriction: OSStatus = -9835;
constant errSSLPeerProtocolVersion (line 109) | pub const errSSLPeerProtocolVersion: OSStatus = -9836;
constant errSSLPeerInsufficientSecurity (line 110) | pub const errSSLPeerInsufficientSecurity: OSStatus = -9837;
constant errSSLPeerInternalError (line 111) | pub const errSSLPeerInternalError: OSStatus = -9838;
constant errSSLPeerUserCancelled (line 112) | pub const errSSLPeerUserCancelled: OSStatus = -9839;
constant errSSLPeerNoRenegotiation (line 113) | pub const errSSLPeerNoRenegotiation: OSStatus = -9840;
constant errSSLPeerAuthCompleted (line 114) | pub const errSSLPeerAuthCompleted: OSStatus = -9841;
constant errSSLClientCertRequested (line 115) | pub const errSSLClientCertRequested: OSStatus = -9842;
constant errSSLHostNameMismatch (line 116) | pub const errSSLHostNameMismatch: OSStatus = -9843;
constant errSSLConnectionRefused (line 117) | pub const errSSLConnectionRefused: OSStatus = -9844;
constant errSSLDecryptionFail (line 118) | pub const errSSLDecryptionFail: OSStatus = -9845;
constant errSSLBadRecordMac (line 119) | pub const errSSLBadRecordMac: OSStatus = -9846;
constant errSSLRecordOverflow (line 120) | pub const errSSLRecordOverflow: OSStatus = -9847;
constant errSSLBadConfiguration (line 121) | pub const errSSLBadConfiguration: OSStatus = -9848;
constant errSSLClientHelloReceived (line 122) | pub const errSSLClientHelloReceived: OSStatus = -9851;
type SSLAuthenticate (line 124) | pub type SSLAuthenticate = c_int;
constant kNeverAuthenticate (line 125) | pub const kNeverAuthenticate: SSLAuthenticate = 0;
constant kAlwaysAuthenticate (line 126) | pub const kAlwaysAuthenticate: SSLAuthenticate = 1;
constant kTryAuthenticate (line 127) | pub const kTryAuthenticate: SSLAuthenticate = 2;
type SSLClientCertificateState (line 129) | pub type SSLClientCertificateState = c_int;
constant kSSLClientCertNone (line 130) | pub const kSSLClientCertNone: SSLClientCertificateState = 0;
constant kSSLClientCertRequested (line 131) | pub const kSSLClientCertRequested: SSLClientCertificateState = 1;
constant kSSLClientCertSent (line 132) | pub const kSSLClientCertSent: SSLClientCertificateState = 2;
constant kSSLClientCertRejected (line 133) | pub const kSSLClientCertRejected: SSLClientCertificateState = 3;
function SSLContextGetTypeID (line 136) | pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID;
function SSLCreateContext (line 137) | pub fn SSLCreateContext(
function SSLNewContext (line 143) | pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) ...
function SSLDisposeContext (line 145) | pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus;
function SSLSetConnection (line 146) | pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectio...
function SSLGetConnection (line 147) | pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConn...
function SSLSetIOFuncs (line 148) | pub fn SSLSetIOFuncs(
function SSLHandshake (line 153) | pub fn SSLHandshake(context: SSLContextRef) -> OSStatus;
function SSLClose (line 154) | pub fn SSLClose(context: SSLContextRef) -> OSStatus;
function SSLRead (line 155) | pub fn SSLRead(
function SSLWrite (line 161) | pub fn SSLWrite(
function SSLSetPeerDomainName (line 167) | pub fn SSLSetPeerDomainName(
function SSLGetPeerDomainNameLength (line 172) | pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *...
function SSLGetPeerDomainName (line 173) | pub fn SSLGetPeerDomainName(
function SSLSetCertificate (line 178) | pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -...
function SSLSetCertificateAuthorities (line 180) | pub fn SSLSetCertificateAuthorities(
function SSLCopyCertificateAuthorities (line 186) | pub fn SSLCopyCertificateAuthorities(
function SSLSetSessionOption (line 190) | pub fn SSLSetSessionOption(
function SSLGetSessionOption (line 195) | pub fn SSLGetSessionOption(
function SSLCopyPeerTrust (line 200) | pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef)...
function SSLGetSessionState (line 201) | pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSession...
function SSLGetSupportedCiphers (line 202) | pub fn SSLGetSupportedCiphers(
function SSLGetNumberSupportedCiphers (line 207) | pub fn SSLGetNumberSupportedCiphers(
function SSLGetEnabledCiphers (line 211) | pub fn SSLGetEnabledCiphers(
function SSLGetNumberEnabledCiphers (line 216) | pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *m...
function SSLSetEnabledCiphers (line 217) | pub fn SSLSetEnabledCiphers(
function SSLGetNegotiatedCipher (line 222) | pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCi...
function SSLSetClientSideAuthenticate (line 223) | pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAut...
function SSLSetDiffieHellmanParams (line 225) | pub fn SSLSetDiffieHellmanParams(
function SSLGetDiffieHellmanParams (line 231) | pub fn SSLGetDiffieHellmanParams(
function SSLSetPeerID (line 236) | pub fn SSLSetPeerID(
function SSLGetPeerID (line 241) | pub fn SSLGetPeerID(
function SSLGetBufferedReadSize (line 246) | pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usiz...
function SSLGetClientCertificateState (line 247) | pub fn SSLGetClientCertificateState(
function SSLGetNegotiatedProtocolVersion (line 251) | pub fn SSLGetNegotiatedProtocolVersion(
function SSLGetProtocolVersionMax (line 255) | pub fn SSLGetProtocolVersionMax(
function SSLGetProtocolVersionMin (line 259) | pub fn SSLGetProtocolVersionMin(
function SSLSetProtocolVersionMax (line 263) | pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLP...
function SSLSetProtocolVersionMin (line 264) | pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLP...
function SSLSetProtocolVersionEnabled (line 266) | pub fn SSLSetProtocolVersionEnabled(
function SSLSetALPNProtocols (line 271) | pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef...
function SSLCopyALPNProtocols (line 272) | pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFAr...
function SSLSetSessionTicketsEnabled (line 273) | pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Bool...
FILE: security-framework-sys/src/transform.rs
type SecTransformRef (line 5) | pub type SecTransformRef = CFTypeRef;
function SecTransformGetTypeID (line 11) | pub fn SecTransformGetTypeID() -> CFTypeID;
function SecTransformSetAttribute (line 14) | pub fn SecTransformSetAttribute(
function SecTransformExecute (line 22) | pub fn SecTransformExecute(
FILE: security-framework-sys/src/trust.rs
type SecTrustResultType (line 7) | pub type SecTrustResultType = u32;
constant kSecTrustResultInvalid (line 9) | pub const kSecTrustResultInvalid: SecTrustResultType = 0;
constant kSecTrustResultProceed (line 10) | pub const kSecTrustResultProceed: SecTrustResultType = 1;
constant kSecTrustResultDeny (line 11) | pub const kSecTrustResultDeny: SecTrustResultType = 3;
constant kSecTrustResultUnspecified (line 12) | pub const kSecTrustResultUnspecified: SecTrustResultType = 4;
constant kSecTrustResultRecoverableTrustFailure (line 13) | pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5;
constant kSecTrustResultFatalTrustFailure (line 14) | pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6;
constant kSecTrustResultOtherError (line 15) | pub const kSecTrustResultOtherError: SecTrustResultType = 7;
type SecTrustOptionFlags (line 19) | pub type SecTrustOptionFlags = u32;
constant kSecTrustOptionAllowExpired (line 21) | pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001;
constant kSecTrustOptionLeafIsCA (line 22) | pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002;
constant kSecTrustOptionFetchIssuerFromNet (line 23) | pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x000...
constant kSecTrustOptionAllowExpiredRoot (line 24) | pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_...
constant kSecTrustOptionRequireRevPerCert (line 25) | pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000...
constant kSecTrustOptionUseTrustSettings (line 26) | pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_...
constant kSecTrustOptionImplicitAnchors (line 27) | pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0...
type __SecTrust (line 33) | pub enum __SecTrust {}
type SecTrustRef (line 35) | pub type SecTrustRef = *mut __SecTrust;
function SecTrustGetTypeID (line 38) | pub fn SecTrustGetTypeID() -> CFTypeID;
function SecTrustCopyCertificateChain (line 40) | pub fn SecTrustCopyCertificateChain(trust: SecTrustRef) -> CFArrayRef;
function SecTrustGetCertificateCount (line 41) | pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex;
function SecTrustGetCertificateAtIndex (line 43) | pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) ->...
function SecTrustSetVerifyDate (line 44) | pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) ...
function SecTrustSetAnchorCertificates (line 45) | pub fn SecTrustSetAnchorCertificates(trust: SecTrustRef, anchorCertifica...
function SecTrustSetAnchorCertificatesOnly (line 46) | pub fn SecTrustSetAnchorCertificatesOnly(trust: SecTrustRef, anchorCerti...
function SecTrustCopyAnchorCertificates (line 48) | pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSSta...
function SecTrustEvaluate (line 50) | pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultT...
function SecTrustEvaluateWithError (line 51) | pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFError...
function SecTrustCreateWithCertificates (line 52) | pub fn SecTrustCreateWithCertificates(
function SecTrustSetPolicies (line 57) | pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> O...
function SecTrustSetOptions (line 59) | pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFla...
function SecTrustGetNetworkFetchAllowed (line 60) | pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *m...
function SecTrustSetNetworkFetchAllowed (line 61) | pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Bo...
function SecTrustSetOCSPResponse (line 62) | pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeR...
function SecTrustSetSignedCertificateTimestamps (line 63) | pub fn SecTrustSetSignedCertificateTimestamps(
function SecTrustCopyPublicKey (line 67) | pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef;
FILE: security-framework-sys/src/trust_settings.rs
type SecTrustSettingsDomain (line 5) | pub type SecTrustSettingsDomain = u32;
constant kSecTrustSettingsDomainUser (line 7) | pub const kSecTrustSettingsDomainUser: SecTrustSettingsDomain = 0;
constant kSecTrustSettingsDomainAdmin (line 8) | pub const kSecTrustSettingsDomainAdmin: SecTrustSettingsDomain = 1;
constant kSecTrustSettingsDomainSystem (line 9) | pub const kSecTrustSettingsDomainSystem: SecTrustSettingsDomain = 2;
type SecTrustSettingsResult (line 11) | pub type SecTrustSettingsResult = u32;
constant kSecTrustSettingsResultInvalid (line 13) | pub const kSecTrustSettingsResultInvalid: SecTrustSettingsResult = 0;
constant kSecTrustSettingsResultTrustRoot (line 14) | pub const kSecTrustSettingsResultTrustRoot: SecTrustSettingsResult = 1;
constant kSecTrustSettingsResultTrustAsRoot (line 15) | pub const kSecTrustSettingsResultTrustAsRoot: SecTrustSettingsResult = 2;
constant kSecTrustSettingsResultDeny (line 16) | pub const kSecTrustSettingsResultDeny: SecTrustSettingsResult = 3;
constant kSecTrustSettingsResultUnspecified (line 17) | pub const kSecTrustSettingsResultUnspecified: SecTrustSettingsResult = 4;
function SecTrustSettingsCopyCertificates (line 20) | pub fn SecTrustSettingsCopyCertificates(
function SecTrustSettingsCopyTrustSettings (line 24) | pub fn SecTrustSettingsCopyTrustSettings(
function SecTrustSettingsSetTrustSettings (line 29) | pub fn SecTrustSettingsSetTrustSettings(
FILE: security-framework/examples/client.rs
function main (line 5) | fn main() {
FILE: security-framework/examples/find_internet_password.rs
function main (line 6) | fn main() {
FILE: security-framework/examples/set_internet_password.rs
function main (line 6) | fn main() {
FILE: security-framework/src/access_control.rs
type ProtectionMode (line 31) | pub enum ProtectionMode {
method create_with_flags (line 51) | pub fn create_with_flags(flags: CFOptionFlags) -> Result<Self> {
method create_with_protection (line 56) | pub fn create_with_protection(protection: Option<ProtectionMode>, flags:...
method fmt (line 85) | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
FILE: security-framework/src/authorization.rs
method default (line 73) | fn default() -> Self {
type AuthorizationItem (line 80) | pub struct AuthorizationItem(sys::AuthorizationItem);
method name (line 88) | pub fn name(&self) -> &str {
method value (line 100) | pub fn value(&self) -> Option<&[u8]> {
type AuthorizationItemSet (line 114) | pub struct AuthorizationItemSet<'a> {
method drop (line 121) | fn drop(&mut self) {
type AuthorizationItemSetStorage (line 131) | pub struct AuthorizationItemSetStorage {
method default (line 148) | fn default() -> Self {
type AuthorizationItemSetBuilder (line 164) | pub struct AuthorizationItemSetBuilder {
method new (line 174) | pub fn new() -> Self {
method add_right (line 183) | pub fn add_right<N: Into<Vec<u8>>>(mut self, name: N) -> Result<Self> {
method add_data (line 193) | pub fn add_data<N, V>(mut self, name: N, value: V) -> Result<Self>
method add_string (line 207) | pub fn add_string<N, V>(mut self, name: N, value: V) -> Result<Self>
method build (line 222) | pub fn build(mut self) -> AuthorizationItemSetStorage {
type RightDefinition (line 249) | pub enum RightDefinition<'a> {
type Authorization (line 260) | pub struct Authorization {
type Error (line 266) | type Error = Error;
method try_from (line 270) | fn try_from(external_form: AuthorizationExternalForm) -> Result<Self> {
method default (line 295) | pub fn default() -> Result<Self> {
method new (line 311) | pub fn new(
method from_external_form (line 343) | pub fn from_external_form(external_form: sys::AuthorizationExternalFor...
method destroy_rights (line 351) | pub fn destroy_rights(mut self) {
method get_right (line 363) | pub fn get_right<T: Into<Vec<u8>>>(name: T) -> Result<CFDictionary<CFS...
method right_exists (line 383) | pub fn right_exists<T: Into<Vec<u8>>>(name: T) -> Result<bool> {
method remove_right (line 397) | pub fn remove_right<T: Into<Vec<u8>>>(&self, name: T) -> Result<()> {
method set_right (line 428) | pub fn set_right<T: Into<Vec<u8>>>(
method copy_info (line 474) | pub fn copy_info<T: Into<Vec<u8>>>(&self, tag: Option<T>) -> Result<Au...
method make_external_form (line 503) | pub fn make_external_form(&self) -> Result<sys::AuthorizationExternalF...
method execute_with_privileges (line 519) | pub fn execute_with_privileges<P, S, I>(
method execute_with_privileges_piped (line 543) | pub fn execute_with_privileges_piped<P, S, I>(
method job_bless (line 564) | pub fn job_bless(&self, label: &str) -> Result<(), CFError> {
method execute_with_privileges_internal (line 595) | fn execute_with_privileges_internal(
method drop (line 635) | fn drop(&mut self) {
function test_create_default_authorization (line 647) | fn test_create_default_authorization() {
function test_create_allowed_authorization (line 652) | fn test_create_allowed_authorization() -> Result<()> {
function test_create_then_destroy_allowed_authorization (line 664) | fn test_create_then_destroy_allowed_authorization() -> Result<()> {
function test_create_authorization_requiring_interaction (line 677) | fn test_create_authorization_requiring_interaction() -> Result<()> {
function create_credentials_env (line 689) | fn create_credentials_env() -> Result<AuthorizationItemSetStorage> {
function test_create_authorization_with_bad_credentials (line 699) | fn test_create_authorization_with_bad_credentials() -> Result<()> {
function test_create_authorization_with_credentials (line 718) | fn test_create_authorization_with_credentials() -> Result<()> {
function test_query_authorization_database (line 735) | fn test_query_authorization_database() -> Result<()> {
function test_modify_authorization_database (line 752) | fn test_modify_authorization_database() -> Result<()> {
function test_execute_with_privileges (line 787) | fn test_execute_with_privileges() -> Result<()> {
FILE: security-framework/src/base.rs
type Result (line 9) | pub type Result<T, E = Error> = result::Result<T, E>;
type Error (line 13) | pub struct Error(NonZeroI32);
method fmt (line 17) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method from_code (line 32) | pub fn from_code(code: OSStatus) -> Self {
method message (line 39) | pub fn message(self) -> Option<String> {
method inner_message (line 44) | fn inner_message(self) -> Option<String> {
method code (line 62) | pub const fn code(self) -> OSStatus {
method from (line 69) | fn from(code: OSStatus) -> Self {
method fmt (line 76) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
FILE: security-framework/src/certificate.rs
method fmt (line 38) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method from_der (line 47) | pub fn from_der(der_data: &[u8]) -> Result<Self> {
method to_der (line 61) | pub fn to_der(&self) -> Vec<u8> {
method add_to_keychain (line 70) | pub fn add_to_keychain(&self, keychain: Option<SecKeychain>) -> Result<(...
method subject_summary (line 82) | pub fn subject_summary(&self) -> String {
method email_addresses (line 90) | pub fn email_addresses(&self) -> Result<Vec<String>, Error> {
method issuer (line 105) | pub fn issuer(&self) -> Vec<u8> {
method subject (line 114) | pub fn subject(&self) -> Vec<u8> {
method serial_number_bytes (line 122) | pub fn serial_number_bytes(&self) -> Result<Vec<u8>, CFError> {
method public_key_info_der (line 136) | pub fn public_key_info_der(&self) -> Result<Option<Vec<u8>>> {
method pk_to_der (line 146) | fn pk_to_der(&self, public_key: key::SecKey) -> Option<Vec<u8>> {
method public_key (line 168) | pub fn public_key(&self) -> Result<key::SecKey> {
method delete (line 187) | pub fn delete(&self) -> Result<(), Error> {
function get_asn1_header_bytes (line 197) | fn get_asn1_header_bytes(pkt: CFString, ksz: u32) -> Option<&'static [u8...
constant RSA_2048_ASN1_HEADER (line 215) | const RSA_2048_ASN1_HEADER: [u8; 24] = [
constant RSA_4096_ASN1_HEADER (line 220) | const RSA_4096_ASN1_HEADER: [u8; 24] = [
constant EC_DSA_SECP_256_R1_ASN1_HEADER (line 225) | const EC_DSA_SECP_256_R1_ASN1_HEADER: [u8; 26] = [
constant EC_DSA_SECP_384_R1_ASN1_HEADER (line 230) | const EC_DSA_SECP_384_R1_ASN1_HEADER: [u8; 23] = [
function subject_summary (line 241) | fn subject_summary() {
function email_addresses (line 247) | fn email_addresses() {
function issuer (line 253) | fn issuer() {
function subject (line 265) | fn subject() {
FILE: security-framework/src/cms.rs
constant CMS_DIGEST_ALGORITHM_SHA1 (line 37) | pub const CMS_DIGEST_ALGORITHM_SHA1: &str = "sha1";
constant CMS_DIGEST_ALGORITHM_SHA256 (line 39) | pub const CMS_DIGEST_ALGORITHM_SHA256: &str = "sha256";
method fmt (line 74) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method create (line 81) | pub fn create() -> Result<Self> {
method set_signer_algorithm (line 92) | pub fn set_signer_algorithm(&self, digest_algorithm: &str) -> Result<()> {
method add_signers (line 100) | pub fn add_signers(&self, signers: &[SecIdentity]) -> Result<()> {
method get_signers (line 111) | pub fn get_signers(&self) -> Result<Vec<SecIdentity>> {
method signers (line 116) | pub fn signers(&self) -> Result<Vec<SecIdentity>> {
method add_recipients (line 129) | pub fn add_recipients(&self, recipients: &[SecCertificate]) -> Result<()> {
method get_recipients (line 141) | pub fn get_recipients(&self) -> Result<Vec<SecCertificate>> {
method recipients (line 146) | pub fn recipients(&self) -> Result<Vec<SecCertificate>> {
method set_has_detached_content (line 159) | pub fn set_has_detached_content(&self, has_detached_content: bool) -> Re...
method get_has_detached_content (line 165) | pub fn get_has_detached_content(&self) -> Result<bool> {
method has_detached_content (line 170) | pub fn has_detached_content(&self) -> Result<bool> {
method set_encapsulated_content_type_oid (line 177) | pub fn set_encapsulated_content_type_oid(&self, oid: &str) -> Result<()> {
method get_encapsulated_content_type (line 184) | pub fn get_encapsulated_content_type(&self) -> Result<Vec<u8>> {
method encapsulated_content_type (line 189) | pub fn encapsulated_content_type(&self) -> Result<Vec<u8>> {
method add_supporting_certs (line 196) | pub fn add_supporting_certs(&self, certs: &[SecCertificate]) -> Result<(...
method get_supporting_certs (line 207) | pub fn get_supporting_certs(&self) -> Result<Vec<SecCertificate>> {
method supporting_certs (line 212) | pub fn supporting_certs(&self) -> Result<Vec<SecCertificate>> {
method add_signed_attributes (line 225) | pub fn add_signed_attributes(&self, signed_attributes: SignedAttributes)...
method set_certificate_chain_mode (line 231) | pub fn set_certificate_chain_mode(&self, certificate_chain_mode: CMSCert...
method get_certificate_chain_mode (line 237) | pub fn get_certificate_chain_mode(&self) -> Result<CMSCertificateChainMo...
method certificate_chain_mode (line 242) | pub fn certificate_chain_mode(&self) -> Result<CMSCertificateChainMode> {
method update_content (line 249) | pub fn update_content(&self, content: &[u8]) -> Result<()> {
method get_encoded_content (line 255) | pub fn get_encoded_content(&self) -> Result<Vec<u8>> {
method encoded_content (line 260) | pub fn encoded_content(&self) -> Result<Vec<u8>> {
method get_signer_timestamp (line 267) | pub fn get_signer_timestamp(&self, signer_index: usize) -> Result<CFAbso...
method signer_timestamp (line 272) | pub fn signer_timestamp(&self, signer_index: usize) -> Result<CFAbsolute...
method get_signer_timestamp_with_policy (line 279) | pub fn get_signer_timestamp_with_policy(&self, timestamp_policy: Option<...
method signer_timestamp_with_policy (line 284) | pub fn signer_timestamp_with_policy(&self, timestamp_policy: Option<CFSt...
function cms_encode_content (line 300) | pub fn cms_encode_content(
type SignerStatus (line 335) | pub struct SignerStatus {
method fmt (line 355) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method create (line 362) | pub fn create() -> Result<Self> {
method update_message (line 369) | pub fn update_message(&self, message: &[u8]) -> Result<()> {
method finalize_message (line 375) | pub fn finalize_message(&self) -> Result<()> {
method set_detached_content (line 381) | pub fn set_detached_content(&self, detached_content: &[u8]) -> Result<()> {
method get_detached_content (line 388) | pub fn get_detached_content(&self) -> Result<Vec<u8>> {
method get_num_signers (line 401) | pub fn get_num_signers(&self) -> Result<usize> {
method get_signer_status (line 408) | pub fn get_signer_status(
method get_signer_email_address (line 439) | pub fn get_signer_email_address(&self, signer_index: usize) -> Result<St...
method is_content_encrypted (line 446) | pub fn is_content_encrypted(&self) -> Result<bool> {
method get_encapsulated_content_type (line 453) | pub fn get_encapsulated_content_type(&self) -> Result<Vec<u8>> {
method get_all_certs (line 464) | pub fn get_all_certs(&self) -> Result<Vec<SecCertificate>> {
method get_content (line 477) | pub fn get_content(&self) -> Result<Vec<u8>> {
method get_signer_signing_time (line 490) | pub fn get_signer_signing_time(&self, signer_index: usize) -> Result<CFA...
method get_signer_timestamp (line 497) | pub fn get_signer_timestamp(&self, signer_index: usize) -> Result<CFAbso...
method get_signer_timestamp_with_policy (line 504) | pub fn get_signer_timestamp_with_policy(
method get_signer_timestamp_certificates (line 523) | pub fn get_signer_timestamp_certificates(&self, signer_index: usize) -> ...
constant KEYSTORE (line 545) | const KEYSTORE: &[u8] = include_bytes!("../test/cms/keystore.p12");
constant ENCRYPTED_CMS (line 546) | const ENCRYPTED_CMS: &[u8] = include_bytes!("../test/cms/encrypted.p7m");
constant SIGNED_ENCRYPTED_CMS (line 547) | const SIGNED_ENCRYPTED_CMS: &[u8] = include_bytes!("../test/cms/signed-e...
function import_keystore (line 550) | fn import_keystore() -> &'static [ImportedIdentity] {
function test_decode_encrypted_with_keystore_identities (line 558) | fn test_decode_encrypted_with_keystore_identities() {
function test_decode_signed_and_encrypted_with_keystore_identities (line 572) | fn test_decode_signed_and_encrypted_with_keystore_identities() {
function test_encode_encrypted_with_keystore_identities (line 596) | fn test_encode_encrypted_with_keystore_identities() {
function test_encode_signed_encrypted_with_keystore_identities (line 619) | fn test_encode_signed_encrypted_with_keystore_identities() {
function test_encode_with_cms_encoder_with_keystore_identities (line 647) | fn test_encode_with_cms_encoder_with_keystore_identities() {
FILE: security-framework/src/identity.rs
method fmt (line 33) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method certificate (line 47) | pub fn certificate(&self) -> Result<SecCertificate> {
method private_key (line 56) | pub fn private_key(&self) -> Result<SecKey> {
method delete (line 65) | pub fn delete(&self) -> Result<(), Error> {
function identity_has_send_bound (line 80) | fn identity_has_send_bound() {
FILE: security-framework/src/import_export.rs
type ImportedIdentity (line 24) | pub struct ImportedIdentity {
type Pkcs12ImportOptions (line 39) | pub struct Pkcs12ImportOptions {
method keychain (line 53) | pub fn keychain(&mut self, keychain: SecKeychain) -> &mut Self {
method access (line 60) | pub fn access(&mut self, access: SecAccess) -> &mut Self {
method new (line 70) | pub fn new() -> Self {
method passphrase (line 78) | pub fn passphrase(&mut self, passphrase: &str) -> &mut Self {
method import (line 84) | pub fn import(&self, pkcs12_data: &[u8]) -> Result<Vec<ImportedIdentit...
method import_setup (line 147) | fn import_setup(&self, options: &mut Vec<(CFString, CFType)>) {
method import_setup (line 166) | fn import_setup(&self, _: &mut Vec<(CFString, CFType)>) {}
function missing_passphrase (line 174) | fn missing_passphrase() {
FILE: security-framework/src/item.rs
type ItemClass (line 31) | pub struct ItemClass(CFStringRef);
method generic_password (line 37) | pub fn generic_password() -> Self {
method internet_password (line 44) | pub fn internet_password() -> Self {
method certificate (line 51) | pub fn certificate() -> Self {
method key (line 58) | pub fn key() -> Self {
method identity (line 65) | pub fn identity() -> Self {
type KeyClass (line 72) | pub struct KeyClass(CFStringRef);
method public (line 78) | pub fn public() -> Self {
method private (line 85) | pub fn private() -> Self {
method symmetric (line 92) | pub fn symmetric() -> Self {
type Limit (line 99) | pub enum Limit {
method to_value (line 109) | fn to_value(self) -> CFType {
method from (line 119) | fn from(limit: i64) -> Self {
type CloudSync (line 126) | pub enum CloudSync {
method from (line 137) | fn from(is_sync: Option<bool>) -> Self {
type ItemSearchOptions (line 148) | pub struct ItemSearchOptions {
method keychains (line 181) | pub fn keychains(&mut self, keychains: &[SecKeychain]) -> &mut Self {
method ignore_legacy_keychains (line 193) | pub fn ignore_legacy_keychains(&mut self) -> &mut Self {
method new (line 203) | pub fn new() -> Self {
method class (line 209) | pub fn class(&mut self, class: ItemClass) -> &mut Self {
method case_insensitive (line 216) | pub fn case_insensitive(&mut self, case_insensitive: Option<bool>) -> ...
method key_class (line 224) | pub fn key_class(&mut self, key_class: KeyClass) -> &mut Self {
method load_refs (line 233) | pub fn load_refs(&mut self, load_refs: bool) -> &mut Self {
method load_attributes (line 241) | pub fn load_attributes(&mut self, load_attributes: bool) -> &mut Self {
method load_data (line 249) | pub fn load_data(&mut self, load_data: bool) -> &mut Self {
method limit (line 258) | pub fn limit<T: Into<Limit>>(&mut self, limit: T) -> &mut Self {
method label (line 265) | pub fn label(&mut self, label: &str) -> &mut Self {
method trusted_only (line 272) | pub fn trusted_only(&mut self, trusted_only: Option<bool>) -> &mut Self {
method service (line 279) | pub fn service(&mut self, service: &str) -> &mut Self {
method subject (line 286) | pub fn subject(&mut self, subject: &str) -> &mut Self {
method account (line 293) | pub fn account(&mut self, account: &str) -> &mut Self {
method access_group (line 299) | pub fn access_group(&mut self, access_group: &str) -> &mut Self {
method cloud_sync (line 307) | pub fn cloud_sync<T: Into<CloudSync>>(&mut self, spec: T) -> &mut Self {
method access_group_token (line 314) | pub fn access_group_token(&mut self) -> &mut Self {
method pub_key_hash (line 325) | pub fn pub_key_hash(&mut self, pub_key_hash: &[u8]) -> &mut Self {
method serial_number (line 334) | pub fn serial_number(&mut self, serial_number: &[u8]) -> &mut Self {
method application_label (line 345) | pub fn application_label(&mut self, app_label: &[u8]) -> &mut Self {
method authentication_context (line 352) | pub unsafe fn authentication_context(&mut self, authentication_context...
method local_authentication_context (line 360) | pub fn local_authentication_context<LAContext: TCFType>(&mut self, aut...
method skip_authenticated_items (line 367) | pub fn skip_authenticated_items(&mut self, do_skip: bool) -> &mut Self {
method to_dictionary (line 375) | fn to_dictionary(&self) -> CFDictionary {
method search (line 499) | pub fn search(&self) -> Result<Vec<SearchResult>> {
method delete (line 534) | pub fn delete(&self) -> Result<()> {
function get_item (line 539) | unsafe fn get_item(item: CFTypeRef) -> SearchResult { unsafe {
type Reference (line 582) | pub enum Reference {
type SearchResult (line 599) | pub enum SearchResult {
method fmt (line 612) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method simplify_dict (line 640) | pub fn simplify_dict(&self) -> Option<HashMap<String, String>> {
type ItemAddOptions (line 675) | pub struct ItemAddOptions {
method new (line 698) | pub fn new(value: ItemAddValue) -> Self {
method set_account_name (line 713) | pub fn set_account_name(&mut self, account_name: impl AsRef<str>) -> &...
method set_access_group (line 720) | pub fn set_access_group(&mut self, access_group: impl AsRef<str>) -> &...
method set_comment (line 727) | pub fn set_comment(&mut self, comment: impl AsRef<str>) -> &mut Self {
method set_description (line 734) | pub fn set_description(&mut self, description: impl AsRef<str>) -> &mu...
method set_label (line 741) | pub fn set_label(&mut self, label: impl AsRef<str>) -> &mut Self {
method set_location (line 748) | pub fn set_location(&mut self, location: Location) -> &mut Self {
method set_service (line 755) | pub fn set_service(&mut self, service: impl AsRef<str>) -> &mut Self {
method to_dictionary (line 764) | pub fn to_dictionary(&self) -> CFDictionary {
method add (line 824) | pub fn add(&self) -> Result<()> {
type ItemAddValue (line 831) | pub enum ItemAddValue {
type AddRef (line 844) | pub enum AddRef {
method class (line 854) | fn class(&self) -> Option<ItemClass> {
method ref_ (line 864) | fn ref_(&self) -> CFTypeRef {
type ItemUpdateOptions (line 878) | pub struct ItemUpdateOptions {
method new (line 904) | pub fn new() -> Self {
method set_value (line 910) | pub fn set_value(&mut self, value: ItemUpdateValue) -> &mut Self {
method set_class (line 917) | pub fn set_class(&mut self, class: ItemClass) -> &mut Self {
method set_account_name (line 924) | pub fn set_account_name(&mut self, account_name: impl AsRef<str>) -> &...
method set_access_group (line 931) | pub fn set_access_group(&mut self, access_group: impl AsRef<str>) -> &...
method set_comment (line 938) | pub fn set_comment(&mut self, comment: impl AsRef<str>) -> &mut Self {
method set_description (line 945) | pub fn set_description(&mut self, description: impl AsRef<str>) -> &mu...
method set_label (line 952) | pub fn set_label(&mut self, label: impl AsRef<str>) -> &mut Self {
method set_location (line 959) | pub fn set_location(&mut self, location: Location) -> &mut Self {
method set_service (line 966) | pub fn set_service(&mut self, service: impl AsRef<str>) -> &mut Self {
method to_dictionary (line 974) | fn to_dictionary(&self) -> CFDictionary {
type ItemUpdateValue (line 1038) | pub enum ItemUpdateValue {
type Location (line 1051) | pub enum Location {
method fmt (line 1072) | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
function add_item (line 1088) | pub fn add_item(add_params: CFDictionary) -> Result<()> {
function update_item (line 1093) | pub fn update_item(search_params: &ItemSearchOptions, update_params: &It...
function find_nothing (line 1105) | fn find_nothing() {
function limit_two (line 1110) | fn limit_two() {
function limit_all (line 1120) | fn limit_all() {
FILE: security-framework/src/key.rs
type KeyType (line 46) | pub struct KeyType(CFStringRef);
method rsa (line 52) | pub fn rsa() -> Self {
method dsa (line 59) | pub fn dsa() -> Self {
method aes (line 66) | pub fn aes() -> Self {
method des (line 73) | pub fn des() -> Self {
method triple_des (line 80) | pub fn triple_des() -> Self {
method rc4 (line 87) | pub fn rc4() -> Self {
method cast (line 94) | pub fn cast() -> Self {
method ec (line 102) | pub fn ec() -> Self {
method ec_sec_prime_random (line 108) | pub fn ec_sec_prime_random() -> Self {
method as_cfstring (line 112) | pub(crate) fn as_cfstring(self) -> CFStringRef {
method default_size_in_bits (line 117) | pub fn default_size_in_bits(&self) -> Option<u32> {
method new (line 162) | pub fn new(options: &GenerateKeyOptions) -> Result<Self, CFError> {
method generate (line 169) | pub fn generate(attributes: CFDictionary) -> Result<Self, CFError> {
method application_label (line 183) | pub fn application_label(&self) -> Option<Vec<u8>> {
method attributes (line 192) | pub fn attributes(&self) -> CFDictionary {
method external_representation (line 200) | pub fn external_representation(&self) -> Option<CFData> {
method public_key (line 211) | pub fn public_key(&self) -> Option<Self> {
method encrypt_data (line 221) | pub fn encrypt_data(&self, algorithm: Algorithm, input: &[u8]) -> Result...
method decrypt_data (line 237) | pub fn decrypt_data(&self, algorithm: Algorithm, input: &[u8]) -> Result...
method create_signature (line 254) | pub fn create_signature(&self, algorithm: Algorithm, input: &[u8]) -> Re...
method verify_signature (line 276) | pub fn verify_signature(&self, algorithm: Algorithm, signed_data: &[u8],...
method key_exchange (line 297) | pub fn key_exchange(
method delete (line 344) | pub fn delete(&self) -> Result<(), Error> {
type Token (line 356) | pub enum Token {
type GenerateKeyOptions (line 368) | pub struct GenerateKeyOptions {
method set_key_type (line 395) | pub fn set_key_type(&mut self, key_type: KeyType) -> &mut Self {
method set_size_in_bits (line 401) | pub fn set_size_in_bits(&mut self, size_in_bits: u32) -> &mut Self {
method set_label (line 407) | pub fn set_label(&mut self, label: impl Into<String>) -> &mut Self {
method set_token (line 413) | pub fn set_token(&mut self, token: Token) -> &mut Self {
method set_location (line 419) | pub fn set_location(&mut self, location: Location) -> &mut Self {
method set_access_control (line 425) | pub fn set_access_control(&mut self, access_control: SecAccessControl)...
method set_synchronizable (line 432) | pub fn set_synchronizable(&mut self, synchronizable: bool) -> &mut Self {
method to_dictionary (line 440) | pub fn to_dictionary(&self) -> CFDictionary {
method fmt (line 525) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
function generate_aes_key (line 536) | fn generate_aes_key() {
FILE: security-framework/src/lib.rs
function cvt (line 51) | fn cvt(err: OSStatus) -> Result<()> {
function certificate (line 63) | pub fn certificate() -> SecCertificate {
function ca_certificate (line 69) | pub fn ca_certificate() -> SecCertificate {
FILE: security-framework/src/os/macos/certificate.rs
type SecCertificateExt (line 21) | pub trait SecCertificateExt {
method common_name (line 23) | fn common_name(&self) -> Result<String, Error>;
method public_key (line 26) | fn public_key(&self) -> Result<SecKey, Error>;
method properties (line 32) | fn properties(&self, keys: Option<&[CertificateOid]>) -> Result<Certif...
method fingerprint (line 35) | fn fingerprint(&self) -> Result<[u8; 32], CFError> { unimplemented!() }
method common_name (line 39) | fn common_name(&self) -> Result<String, Error> {
method public_key (line 47) | fn public_key(&self) -> Result<SecKey, Error> {
method properties (line 57) | fn properties(&self, keys: Option<&[CertificateOid]>) -> Result<Certif...
method fingerprint (line 82) | fn fingerprint(&self) -> Result<[u8; 32], CFError> {
type CertificateProperties (line 94) | pub struct CertificateProperties(CFDictionary);
method get (line 99) | pub fn get(&self, oid: CertificateOid) -> Option<CertificateProperty> {
type CertificateProperty (line 109) | pub struct CertificateProperty(CFDictionary);
method label (line 114) | pub fn label(&self) -> CFString {
method get (line 122) | pub fn get(&self) -> PropertyType {
type PropertySection (line 141) | pub struct PropertySection(CFArray<CFDictionary>);
method iter (line 147) | pub fn iter(&self) -> PropertySectionIter<'_> {
type IntoIter (line 153) | type IntoIter = PropertySectionIter<'a>;
type Item (line 154) | type Item = CertificateProperty;
method into_iter (line 157) | fn into_iter(self) -> PropertySectionIter<'a> {
type PropertySectionIter (line 163) | pub struct PropertySectionIter<'a>(CFArrayIterator<'a, CFDictionary>);
type Item (line 166) | type Item = CertificateProperty;
method next (line 169) | fn next(&mut self) -> Option<CertificateProperty> {
method size_hint (line 174) | fn size_hint(&self) -> (usize, Option<usize>) {
type PropertyType (line 180) | pub enum PropertyType {
function common_name (line 196) | fn common_name() {
function public_key (line 202) | fn public_key() {
function fingerprint (line 208) | fn fingerprint() {
function signature_algorithm (line 215) | fn signature_algorithm() {
FILE: security-framework/src/os/macos/certificate_oids.rs
type CertificateOid (line 9) | pub struct CertificateOid(CFStringRef);
method x509_v1_signature_algorithm (line 15) | pub fn x509_v1_signature_algorithm() -> Self {
method as_ptr (line 23) | pub fn as_ptr(&self) -> CFStringRef {
method to_str (line 31) | pub fn to_str(&self) -> CFString {
FILE: security-framework/src/os/macos/code_signing.rs
method default (line 107) | fn default() -> Self {
type GuestAttributes (line 114) | pub struct GuestAttributes {
method new (line 131) | pub fn new() -> Self {
method set_audit_token (line 138) | pub fn set_audit_token(&mut self, token: CFDataRef) {
method set_pid (line 144) | pub fn set_pid(&mut self, pid: pid_t) {
method set_other (line 151) | pub fn set_other<V: ToVoid<V>>(&mut self, key: CFStringRef, value: V) {
method default (line 157) | fn default() -> Self {
type Err (line 169) | type Err = crate::base::Error;
method from_str (line 171) | fn from_str(s: &str) -> Result<Self, Self::Err> {
method fmt (line 194) | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
method for_self (line 201) | pub fn for_self(flags: Flags) -> Result<Self> {
method check_validity (line 211) | pub fn check_validity(&self, flags: Flags, requirement: &SecRequirement)...
method copy_guest_with_attribues (line 226) | pub fn copy_guest_with_attribues(
method path (line 253) | pub fn path(&self, flags: Flags) -> Result<CFURL> {
method from_path (line 278) | pub fn from_path(path: &CFURL, flags: Flags) -> Result<Self> {
method path (line 295) | pub fn path(&self, flags: Flags) -> Result<CFURL> {
method check_validity (line 311) | pub fn check_validity(&self, flags: Flags, requirement: &SecRequirement)...
function path_to_static_code_and_back (line 329) | fn path_to_static_code_and_back() {
function self_to_path (line 336) | fn self_to_path() {
function bash_is_signed_by_apple (line 343) | fn bash_is_signed_by_apple() {
function self_is_not_signed_by_apple (line 352) | fn self_is_not_signed_by_apple() {
function self_is_not_signed_by_apple (line 365) | fn self_is_not_signed_by_apple() {
function copy_kernel_guest_with_launchd_pid (line 377) | fn copy_kernel_guest_with_launchd_pid() {
function copy_current_guest_with_launchd_pid (line 393) | fn copy_current_guest_with_launchd_pid() {
function copy_kernel_guest_with_unmatched_pid (line 409) | fn copy_kernel_guest_with_unmatched_pid() {
function copy_kernel_guest_with_current_token (line 423) | fn copy_kernel_guest_with_current_token() {
function copy_kernel_guest_with_unmatched_token (line 469) | fn copy_kernel_guest_with_unmatched_token() {
FILE: security-framework/src/os/macos/digest_transform.rs
type DigestType (line 18) | pub struct DigestType(CFStringRef);
method hmac_md5 (line 24) | pub fn hmac_md5() -> Self {
method hmac_sha1 (line 30) | pub fn hmac_sha1() -> Self {
method hmac_sha2 (line 36) | pub fn hmac_sha2() -> Self {
method md2 (line 42) | pub fn md2() -> Self {
method md4 (line 48) | pub fn md4() -> Self {
method md5 (line 54) | pub fn md5() -> Self {
method sha1 (line 60) | pub fn sha1() -> Self {
method sha2 (line 66) | pub fn sha2() -> Self {
method to_type (line 71) | fn to_type(self) -> CFTypeRef {
type Builder (line 78) | pub struct Builder {
method new (line 97) | pub fn new() -> Self {
method type_ (line 109) | pub fn type_(&mut self, digest_type: DigestType) -> &mut Self {
method length (line 119) | pub fn length(&mut self, digest_length: CFIndex) -> &mut Self {
method hmac_key (line 128) | pub fn hmac_key(&mut self, hmac_key: CFData) -> &mut Self {
method execute (line 135) | pub fn execute(&self, data: &CFData) -> Result<CFData, CFError> {
method default (line 87) | fn default() -> Self {
function md5 (line 172) | fn md5() {
function hmac_sha1 (line 179) | fn hmac_sha1() {
FILE: security-framework/src/os/macos/encrypt_transform.rs
type Padding (line 19) | pub struct Padding(CFStringRef);
method none (line 25) | pub fn none() -> Self {
method pkcs1 (line 32) | pub fn pkcs1() -> Self {
method pkcs5 (line 39) | pub fn pkcs5() -> Self {
method pkcs7 (line 46) | pub fn pkcs7() -> Self {
method oaep (line 53) | pub fn oaep() -> Self {
method to_str (line 58) | fn to_str(self) -> CFString {
type Mode (line 67) | pub struct Mode(CFStringRef);
method none (line 73) | pub fn none() -> Self {
method ecb (line 79) | pub fn ecb() -> Self {
method cbc (line 85) | pub fn cbc() -> Self {
method cfb (line 91) | pub fn cfb() -> Self {
method ofb (line 97) | pub fn ofb() -> Self {
method to_str (line 101) | fn to_str(self) -> CFString {
type Builder (line 109) | pub struct Builder {
method new (line 120) | pub fn new() -> Self {
method padding (line 128) | pub fn padding(&mut self, padding: Padding) -> &mut Self {
method mode (line 137) | pub fn mode(&mut self, mode: Mode) -> &mut Self {
method iv (line 146) | pub fn iv(&mut self, iv: CFData) -> &mut Self {
method encrypt (line 153) | pub fn encrypt(&self, key: &SecKey, data: &CFData) -> Result<CFData, C...
method decrypt (line 168) | pub fn decrypt(&self, key: &SecKey, data: &CFData) -> Result<CFData, C...
method finish (line 181) | fn finish(&self, mut transform: SecTransform, data: &CFData) -> Result...
function cbc_mmt_256 (line 219) | fn cbc_mmt_256() {
FILE: security-framework/src/os/macos/identity.rs
type SecIdentityExt (line 14) | pub trait SecIdentityExt {
method with_certificate (line 21) | fn with_certificate(
method with_certificate (line 28) | fn with_certificate(keychains: &[SecKeychain], certificate: &SecCertif...
function certificate (line 54) | fn certificate() {
function private_key (line 62) | fn private_key() {
function with_certificate (line 69) | fn with_certificate() {
FILE: security-framework/src/os/macos/import_export.rs
type Pkcs12ImportOptionsExt (line 22) | pub trait Pkcs12ImportOptionsExt {
method keychain (line 26) | fn keychain(&mut self, keychain: SecKeychain) -> &mut Self;
method access (line 29) | fn access(&mut self, access: SecAccess) -> &mut Self;
method keychain (line 35) | fn keychain(&mut self, keychain: SecKeychain) -> &mut Self {
method access (line 40) | fn access(&mut self, access: SecAccess) -> &mut Self {
type ImportOptions (line 47) | pub struct ImportOptions<'a> {
function new (line 64) | pub fn new() -> Self {
function filename (line 72) | pub fn filename(&mut self, filename: &str) -> &mut Self {
function pkcs12 (line 79) | pub fn pkcs12(&mut self) -> &mut Self {
function passphrase (line 86) | pub fn passphrase(&mut self, passphrase: &str) -> &mut Self {
function passphrase_bytes (line 93) | pub fn passphrase_bytes(&mut self, passphrase: &[u8]) -> &mut Self {
function secure_passphrase (line 101) | pub fn secure_passphrase(&mut self, secure_passphrase: bool) -> &mut Self {
function no_access_control (line 108) | pub fn no_access_control(&mut self, no_access_control: bool) -> &mut Self {
function access (line 115) | pub fn access(&mut self, access: SecAccess) -> &mut Self {
function alert_title (line 123) | pub fn alert_title(&mut self, alert_title: &str) -> &mut Self {
function alert_prompt (line 131) | pub fn alert_prompt(&mut self, alert_prompt: &str) -> &mut Self {
function items (line 138) | pub fn items(&mut self, items: &'a mut SecItems) -> &mut Self {
function keychain (line 147) | pub fn keychain(&mut self, keychain: &SecKeychain) -> &mut Self {
function import (line 153) | pub fn import(&mut self, data: &[u8]) -> Result<()> {
type SecItems (line 257) | pub struct SecItems {
function certificate (line 274) | fn certificate() {
function key (line 288) | fn key() {
function identity (line 302) | fn identity() {
function secure_passphrase_identity (line 320) | fn secure_passphrase_identity() {
function pkcs12_import (line 344) | fn pkcs12_import() {
FILE: security-framework/src/os/macos/item.rs
type ItemSearchOptionsExt (line 11) | pub trait ItemSearchOptionsExt {
method keychains (line 15) | fn keychains(&mut self, keychains: &[SecKeychain]) -> &mut Self;
method keychains (line 21) | fn keychains(&mut self, keychains: &[SecKeychain]) -> &mut Self {
function find_certificate (line 36) | fn find_certificate() {
FILE: security-framework/src/os/macos/key.rs
type SecKeyExt (line 14) | pub trait SecKeyExt {
method from_data (line 16) | fn from_data(key_type: KeyType, key_data: &CFData) -> Result<SecKey, C...
method from_data (line 21) | fn from_data(key_type: KeyType, key_data: &CFData) -> Result<Self, CFE...
FILE: security-framework/src/os/macos/keychain.rs
method default (line 35) | pub fn default() -> Result<Self> {
method default_for_domain (line 45) | pub fn default_for_domain(domain: SecPreferencesDomain) -> Result<Self> {
method open (line 55) | pub fn open<P: AsRef<Path>>(path: P) -> Result<Self> {
method unlock (line 73) | pub fn unlock(&mut self, password: Option<&str>) -> Result<()> {
method set_settings (line 91) | pub fn set_settings(&mut self, settings: &KeychainSettings) -> Result<()> {
method disable_user_interaction (line 103) | pub fn disable_user_interaction() -> Result<KeychainUserInteractionLock> {
method user_interaction_allowed (line 116) | pub fn user_interaction_allowed() -> Result<bool> {
type CreateOptions (line 130) | pub struct CreateOptions {
method new (line 140) | pub fn new() -> Self {
method password (line 146) | pub fn password(&mut self, password: &str) -> &mut Self {
method prompt_user (line 154) | pub fn prompt_user(&mut self, prompt_user: bool) -> &mut Self {
method access (line 161) | pub fn access(&mut self, access: SecAccess) -> &mut Self {
method create (line 168) | pub fn create<P: AsRef<Path>>(&self, path: P) -> Result<SecKeychain> {
type KeychainSettings (line 200) | pub struct KeychainSettings(SecKeychainSettings);
method new (line 206) | pub fn new() -> Self {
method set_lock_on_sleep (line 219) | pub fn set_lock_on_sleep(&mut self, lock_on_sleep: bool) {
method set_lock_interval (line 227) | pub fn set_lock_interval(&mut self, lock_interval: Option<u32>) {
method default (line 240) | fn default() -> Self {
type KeychainUserInteractionLock (line 248) | pub struct KeychainUserInteractionLock;
method drop (line 253) | fn drop(&mut self) {
function create_options (line 265) | fn create_options() {
function disable_user_interaction (line 277) | fn disable_user_interaction() {
FILE: security-framework/src/os/macos/keychain_item.rs
method fmt (line 23) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
FILE: security-framework/src/os/macos/mod.rs
function identity (line 29) | pub(crate) fn identity(dir: &Path) -> SecIdentity {
function keychain (line 43) | pub(crate) fn keychain(dir: &Path) -> SecKeychain {
FILE: security-framework/src/os/macos/passwords.rs
type SecKeychainItemPassword (line 26) | pub struct SecKeychainItemPassword {
method fmt (line 33) | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
method as_ref (line 43) | fn as_ref(&self) -> &[u8] {
type Target (line 49) | type Target = [u8];
method deref (line 52) | fn deref(&self) -> &Self::Target {
method drop (line 59) | fn drop(&mut self) {
method set_password (line 69) | pub fn set_password(&mut self, password: &[u8]) -> Result<()> {
method delete (line 84) | pub fn delete(self) {
function find_generic_password (line 100) | pub fn find_generic_password(
function find_internet_password (line 146) | pub fn find_internet_password(
method find_generic_password (line 198) | pub fn find_generic_password(
method find_internet_password (line 209) | pub fn find_internet_password(
method set_internet_password (line 233) | pub fn set_internet_password(
method set_generic_password (line 273) | pub fn set_generic_password(
method add_generic_password (line 289) | pub fn add_generic_password(
method add_internet_password (line 315) | pub fn add_internet_password(
function temp_keychain_setup (line 355) | fn temp_keychain_setup(name: &str) -> (TempDir, SecKeychain) {
function temp_keychain_teardown (line 365) | fn temp_keychain_teardown(dir: TempDir) {
function missing_password_temp (line 370) | fn missing_password_temp() {
function default_keychain_test_missing_password_default (line 384) | fn default_keychain_test_missing_password_default() {
function round_trip_password_temp (line 393) | fn round_trip_password_temp() {
function default_keychain_test_round_trip_password_default (line 410) | fn default_keychain_test_round_trip_password_default() {
function change_password_temp (line 426) | fn change_password_temp() {
function default_keychain_test_change_password_default (line 455) | fn default_keychain_test_change_password_default() {
function cross_keychain_corruption_temp (line 479) | fn cross_keychain_corruption_temp() {
FILE: security-framework/src/os/macos/secure_transport.rs
type SslContextExt (line 16) | pub trait SslContextExt {
method diffie_hellman_params (line 19) | fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>;
method set_diffie_hellman_params (line 29) | fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>;
method certificate_authorities (line 33) | fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>;
method set_certificate_authorities (line 37) | fn set_certificate_authorities(&mut self, certs: &[SecCertificate]) ->...
method add_certificate_authorities (line 40) | fn add_certificate_authorities(&mut self, certs: &[SecCertificate]) ->...
method allow_server_identity_change (line 45) | fn allow_server_identity_change(&self) -> Result<bool>;
method set_allow_server_identity_change (line 51) | fn set_allow_server_identity_change(&mut self, value: bool) -> Result<...
method fallback (line 57) | fn fallback(&self) -> Result<bool>;
method set_fallback (line 64) | fn set_fallback(&mut self, value: bool) -> Result<()>;
method break_on_client_hello (line 68) | fn break_on_client_hello(&self) -> Result<bool>;
method set_break_on_client_hello (line 73) | fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>;
method diffie_hellman_params (line 103) | fn diffie_hellman_params(&self) -> Result<Option<&[u8]>> {
method set_diffie_hellman_params (line 120) | fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()> {
method certificate_authorities (line 130) | fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>...
method set_certificate_authorities (line 149) | fn set_certificate_authorities(&mut self, certs: &[SecCertificate]) ->...
method add_certificate_authorities (line 160) | fn add_certificate_authorities(&mut self, certs: &[SecCertificate]) ->...
type MidHandshakeSslStreamExt (line 180) | pub trait MidHandshakeSslStreamExt {
method client_hello_received (line 183) | fn client_hello_received(&self) -> bool;
method client_hello_received (line 187) | fn client_hello_received(&self) -> bool {
function server_client (line 206) | fn server_client() {
function server_client_builders (line 247) | fn server_client_builders() {
function client_bad_cert (line 276) | fn client_bad_cert() {
function client (line 300) | fn client() {
function negotiated_cipher (line 329) | fn negotiated_cipher() {
function dh_params (line 379) | fn dh_params() {
function try_authenticate_no_cert (line 389) | fn try_authenticate_no_cert() {
function always_authenticate_no_cert (line 426) | fn always_authenticate_no_cert() {
function always_authenticate_with_cert (line 467) | fn always_authenticate_with_cert() {
function certificate_authorities (line 511) | fn certificate_authorities() {
function close (line 519) | fn close() {
function short_read (line 547) | fn short_read() {
FILE: security-framework/src/os/macos/transform.rs
method set_attribute (line 23) | pub fn set_attribute<T>(&mut self, key: &CFString, value: &T) -> Result<...
method execute (line 45) | pub fn execute(&mut self) -> Result<CFType, CFError> {
FILE: security-framework/src/passwords.rs
function set_generic_password (line 26) | pub fn set_generic_password(service: &str, account: &str, password: &[u8...
function set_generic_password_options (line 33) | pub fn set_generic_password_options(password: &[u8], mut options: Passwo...
function get_generic_password (line 40) | pub fn get_generic_password(service: &str, account: &str) -> Result<Vec<...
function generic_password (line 53) | pub fn generic_password(mut options: PasswordOptions) -> Result<Vec<u8>> {
function delete_generic_password (line 63) | pub fn delete_generic_password(service: &str, account: &str) -> Result<(...
function delete_generic_password_options (line 77) | pub fn delete_generic_password_options(options: PasswordOptions) -> Resu...
function set_internet_password (line 85) | pub fn set_internet_password(
function get_internet_password (line 109) | pub fn get_internet_password(
function delete_internet_password (line 136) | pub fn delete_internet_password(
function set_password_internal (line 160) | fn set_password_internal(options: &mut PasswordOptions, password: &[u8])...
function get_password_and_release (line 184) | fn get_password_and_release(data: CFTypeRef) -> Result<Vec<u8>> {
function missing_generic (line 209) | fn missing_generic() {
function roundtrip_generic (line 232) | fn roundtrip_generic() {
function update_generic (line 241) | fn update_generic() {
function missing_internet (line 252) | fn missing_internet() {
function roundtrip_internet (line 277) | fn roundtrip_internet() {
function update_internet (line 291) | fn update_internet() {
FILE: security-framework/src/passwords_options.rs
type PasswordOptions (line 26) | pub struct PasswordOptions {
method new_generic_password (line 63) | pub fn new_generic_password(service: &str, account: &str) -> Self {
method new_internet_password (line 79) | pub fn new_internet_password(
method set_access_control_options (line 117) | pub fn set_access_control_options(&mut self, options: AccessControlOpt...
method set_access_control (line 124) | pub fn set_access_control(&mut self, access_control: SecAccessControl) {
method set_access_group (line 131) | pub fn set_access_group(&mut self, group: &str) {
method set_access_synchronized (line 160) | pub fn set_access_synchronized(&mut self, synchronized: Option<bool>) {
method set_comment (line 172) | pub fn set_comment(&mut self, comment: &str) {
method set_description (line 179) | pub fn set_description(&mut self, description: &str) {
method set_label (line 186) | pub fn set_label(&mut self, label: &str) {
method use_protected_keychain (line 194) | pub fn use_protected_keychain(&mut self) {
method push_query (line 202) | pub(crate) unsafe fn push_query(&mut self, static_key_constant: CFStri...
method to_dictionary (line 210) | pub(crate) fn to_dictionary(&self) -> CFDictionary<CFString, CFType> {
FILE: security-framework/src/policy.rs
method fmt (line 24) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method create_ssl (line 53) | pub fn create_ssl(protocol_side: SslProtocolSide, hostname: Option<&str>...
method create_revocation (line 70) | pub fn create_revocation(options: RevocationPolicy) -> crate::Result<Sel...
method create_x509 (line 82) | pub fn create_x509() -> Self {
function create_ssl (line 96) | fn create_ssl() {
FILE: security-framework/src/random.rs
type SecRandom (line 7) | pub struct SecRandom(SecRandomRef);
method copy_bytes (line 21) | pub fn copy_bytes(&self, buf: &mut [u8]) -> io::Result<()> {
method default (line 14) | fn default() -> Self {
function basic (line 35) | fn basic() {
FILE: security-framework/src/secure_transport.rs
type SslProtocolSide (line 113) | pub struct SslProtocolSide(SSLProtocolSide);
constant CLIENT (line 117) | pub const CLIENT: Self = Self(kSSLClientSide);
constant SERVER (line 119) | pub const SERVER: Self = Self(kSSLServerSide);
type SslConnectionType (line 124) | pub struct SslConnectionType(SSLConnectionType);
constant DATAGRAM (line 128) | pub const DATAGRAM: Self = Self(kSSLDatagramType);
constant STREAM (line 130) | pub const STREAM: Self = Self(kSSLStreamType);
type HandshakeError (line 135) | pub enum HandshakeError<S> {
function from (line 144) | fn from(err: Error) -> Self {
type ClientHandshakeError (line 151) | pub enum ClientHandshakeError<S> {
function from (line 160) | fn from(err: Error) -> Self {
type MidHandshakeSslStream (line 167) | pub struct MidHandshakeSslStream<S> {
function get_ref (line 176) | pub fn get_ref(&self) -> &S {
function get_mut (line 182) | pub fn get_mut(&mut self) -> &mut S {
function context (line 189) | pub fn context(&self) -> &SslContext {
function context_mut (line 195) | pub fn context_mut(&mut self) -> &mut SslContext {
function server_auth_completed (line 203) | pub fn server_auth_completed(&self) -> bool {
function client_cert_requested (line 211) | pub fn client_cert_requested(&self) -> bool {
function would_block (line 219) | pub fn would_block(&self) -> bool {
function error (line 226) | pub const fn error(&self) -> &Error {
function handshake (line 232) | pub fn handshake(self) -> result::Result<SslStream<S>, HandshakeError<S>> {
type MidHandshakeClientBuilder (line 239) | pub struct MidHandshakeClientBuilder<S> {
function get_ref (line 251) | pub fn get_ref(&self) -> &S {
function get_mut (line 257) | pub fn get_mut(&mut self) -> &mut S {
function error (line 264) | pub fn error(&self) -> &Error {
function handshake (line 269) | pub fn handshake(self) -> result::Result<SslStream<S>, ClientHandshakeEr...
type SessionState (line 327) | pub struct SessionState(SSLSessionState);
constant ABORTED (line 331) | pub const ABORTED: Self = Self(kSSLAborted);
constant CLOSED (line 333) | pub const CLOSED: Self = Self(kSSLClosed);
constant CONNECTED (line 335) | pub const CONNECTED: Self = Self(kSSLConnected);
constant HANDSHAKE (line 337) | pub const HANDSHAKE: Self = Self(kSSLHandshake);
constant IDLE (line 339) | pub const IDLE: Self = Self(kSSLIdle);
type SslAuthenticate (line 344) | pub struct SslAuthenticate(SSLAuthenticate);
constant ALWAYS (line 348) | pub const ALWAYS: Self = Self(kAlwaysAuthenticate);
constant NEVER (line 350) | pub const NEVER: Self = Self(kNeverAuthenticate);
constant TRY (line 352) | pub const TRY: Self = Self(kTryAuthenticate);
type SslClientCertificateState (line 357) | pub struct SslClientCertificateState(SSLClientCertificateState);
constant NONE (line 361) | pub const NONE: Self = Self(kSSLClientCertNone);
constant REJECTED (line 363) | pub const REJECTED: Self = Self(kSSLClientCertRejected);
constant REQUESTED (line 365) | pub const REQUESTED: Self = Self(kSSLClientCertRequested);
constant SENT (line 367) | pub const SENT: Self = Self(kSSLClientCertSent);
type SslProtocol (line 372) | pub struct SslProtocol(SSLProtocol);
constant ALL (line 376) | pub const ALL: Self = Self(kSSLProtocolAll);
constant DTLS1 (line 378) | pub const DTLS1: Self = Self(kDTLSProtocol1);
constant SSL2 (line 380) | pub const SSL2: Self = Self(kSSLProtocol2);
constant SSL3 (line 383) | pub const SSL3: Self = Self(kSSLProtocol3);
constant SSL3_ONLY (line 385) | pub const SSL3_ONLY: Self = Self(kSSLProtocol3Only);
constant TLS1 (line 388) | pub const TLS1: Self = Self(kTLSProtocol1);
constant TLS11 (line 391) | pub const TLS11: Self = Self(kTLSProtocol11);
constant TLS12 (line 394) | pub const TLS12: Self = Self(kTLSProtocol12);
constant TLS13 (line 397) | pub const TLS13: Self = Self(kTLSProtocol13);
constant TLS1_ONLY (line 399) | pub const TLS1_ONLY: Self = Self(kTLSProtocol1Only);
constant UNKNOWN (line 401) | pub const UNKNOWN: Self = Self(kSSLProtocolUnknown);
method fmt (line 413) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method as_inner (line 427) | pub(crate) fn as_inner(&self) -> SSLContextRef {
method new (line 458) | pub fn new(side: SslProtocolSide, type_: SslConnectionType) -> Result<Se...
method set_peer_domain_name (line 474) | pub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()> {
method peer_domain_name (line 482) | pub fn peer_domain_name(&self) -> Result<String> {
method set_certificate (line 499) | pub fn set_certificate(
method set_peer_id (line 518) | pub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()> {
method peer_id (line 523) | pub fn peer_id(&self) -> Result<Option<&[u8]>> {
method supported_ciphers (line 537) | pub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>> {
method enabled_ciphers (line 553) | pub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>> {
method set_enabled_ciphers (line 568) | pub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result...
method negotiated_cipher (line 581) | pub fn negotiated_cipher(&self) -> Result<CipherSuite> {
method set_client_side_authenticate (line 593) | pub fn set_client_side_authenticate(&mut self, auth: SslAuthenticate) ->...
method client_certificate_state (line 599) | pub fn client_certificate_state(&self) -> Result<SslClientCertificateSta...
method peer_trust2 (line 612) | pub fn peer_trust2(&self) -> Result<Option<SecTrust>> {
method state (line 632) | pub fn state(&self) -> Result<SessionState> {
method negotiated_protocol_version (line 642) | pub fn negotiated_protocol_version(&self) -> Result<SslProtocol> {
method protocol_version_max (line 652) | pub fn protocol_version_max(&self) -> Result<SslProtocol> {
method set_protocol_version_max (line 662) | pub fn set_protocol_version_max(&mut self, max_version: SslProtocol) -> ...
method protocol_version_min (line 668) | pub fn protocol_version_min(&self) -> Result<SslProtocol> {
method set_protocol_version_min (line 678) | pub fn set_protocol_version_min(&mut self, min_version: SslProtocol) -> ...
method alpn_protocols (line 683) | pub fn alpn_protocols(&self) -> Result<Vec<String>> {
method set_alpn_protocols (line 700) | pub fn set_alpn_protocols(&mut self, protocols: &[impl AsRef<str>]) -> R...
method set_session_tickets_enabled (line 721) | pub fn set_session_tickets_enabled(&mut self, enabled: bool) -> Result<(...
method buffered_read_size (line 728) | pub fn buffered_read_size(&self) -> Result<usize> {
method into_stream (line 756) | fn into_stream<S>(self, stream: S) -> Result<SslStream<S>>
method handshake (line 777) | pub fn handshake<S>(self, stream: S) -> result::Result<SslStream<S>, Han...
type Connection (line 787) | struct Connection<S> {
function translate_err (line 795) | fn translate_err(e: &io::Error) -> OSStatus {
function read_func (line 805) | unsafe extern "C" fn read_func<S>(
function write_func (line 851) | unsafe extern "C" fn write_func<S>(
type SslStream (line 905) | pub struct SslStream<S> {
function fmt (line 912) | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
method drop (line 921) | fn drop(&mut self) {
function handshake (line 932) | fn handshake(mut self) -> result::Result<Self, HandshakeError<S>> {
function get_ref (line 954) | pub fn get_ref(&self) -> &S {
function get_mut (line 960) | pub fn get_mut(&mut self) -> &mut S {
function context (line 967) | pub fn context(&self) -> &SslContext {
function context_mut (line 973) | pub fn context_mut(&mut self) -> &mut SslContext {
function close (line 978) | pub fn close(&mut self) -> result::Result<(), io::Error> {
function connection (line 989) | fn connection(&self) -> &Connection<S> {
function connection_mut (line 999) | fn connection_mut(&mut self) -> &mut Connection<S> {
function check_panic (line 1010) | fn check_panic(&mut self) {
function get_error (line 1018) | fn get_error(&mut self, ret: OSStatus) -> io::Error {
method read (line 1030) | fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
method write (line 1070) | fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
method flush (line 1093) | fn flush(&mut self) -> io::Result<()> {
type ClientBuilder (line 1100) | pub struct ClientBuilder {
method new (line 1127) | pub fn new() -> Self {
method anchor_certificates (line 1148) | pub fn anchor_certificates(&mut self, certs: &[SecCertificate]) -> &mu...
method add_anchor_certificate (line 1156) | pub fn add_anchor_certificate(&mut self, certs: &SecCertificate) -> &m...
method trust_anchor_certificates_only (line 1164) | pub fn trust_anchor_certificates_only(&mut self, only: bool) -> &mut S...
method danger_accept_invalid_certs (line 1178) | pub fn danger_accept_invalid_certs(&mut self, noverify: bool) -> &mut ...
method use_sni (line 1185) | pub fn use_sni(&mut self, use_sni: bool) -> &mut Self {
method danger_accept_invalid_hostnames (line 1198) | pub fn danger_accept_invalid_hostnames(
method whitelist_ciphers (line 1207) | pub fn whitelist_ciphers(&mut self, whitelisted_ciphers: &[CipherSuite...
method blacklist_ciphers (line 1213) | pub fn blacklist_ciphers(&mut self, blacklisted_ciphers: &[CipherSuite...
method identity (line 1219) | pub fn identity(&mut self, identity: &SecIdentity, chain: &[SecCertifi...
method protocol_min (line 1227) | pub fn protocol_min(&mut self, min: SslProtocol) -> &mut Self {
method protocol_max (line 1234) | pub fn protocol_max(&mut self, max: SslProtocol) -> &mut Self {
method alpn_protocols (line 1240) | pub fn alpn_protocols(&mut self, protocols: &[&str]) -> &mut Self {
method enable_session_tickets (line 1249) | pub fn enable_session_tickets(&mut self, enable: bool) -> &mut Self {
method handshake (line 1257) | pub fn handshake<S>(
method ctx_into_stream (line 1287) | fn ctx_into_stream<S>(&self, domain: &str, stream: S) -> Result<SslStr...
method configure_protocols (line 1313) | fn configure_protocols(&self, ctx: &mut SslContext) -> Result<()> {
method configure_ciphers (line 1323) | fn configure_ciphers(&self, ctx: &mut SslContext) -> Result<()> {
method default (line 1118) | fn default() -> Self {
type ServerBuilder (line 1341) | pub struct ServerBuilder {
method new (line 1350) | pub fn new(identity: &SecIdentity, certs: &[SecCertificate]) -> Self {
method from_pkcs12 (line 1363) | pub fn from_pkcs12(pkcs12_der: &[u8], passphrase: &str) -> Result<Self> {
method new_ssl_context (line 1383) | pub fn new_ssl_context(&self) -> Result<SslContext> {
method handshake (line 1390) | pub fn handshake<S>(&self, stream: S) -> Result<SslStream<S>>
function server_builder_from_pkcs12 (line 1408) | fn server_builder_from_pkcs12() {
function connect (line 1414) | fn connect() {
function connect_bad_domain (line 1422) | fn connect_bad_domain() {
function connect_buffered_stream (line 1430) | fn connect_buffered_stream() {
function load_page (line 1473) | fn load_page() {
function client_no_session_ticket_resumption (line 1486) | fn client_no_session_ticket_resumption() {
function client_session_ticket_resumption (line 1512) | fn client_session_ticket_resumption() {
function client_alpn_accept (line 1541) | fn client_alpn_accept() {
function client_alpn_reject (line 1551) | fn client_alpn_reject() {
function client_no_anchor_certs (line 1561) | fn client_no_anchor_certs() {
function client_bad_domain (line 1570) | fn client_bad_domain() {
function client_bad_domain_ignored (line 1578) | fn client_bad_domain_ignored() {
function connect_no_verify_ssl (line 1587) | fn connect_no_verify_ssl() {
function load_page_client (line 1595) | fn load_page_client() {
function cipher_configuration (line 1607) | fn cipher_configuration() {
function test_builder_whitelist_ciphers (line 1620) | fn test_builder_whitelist_ciphers() {
function test_builder_blacklist_ciphers (line 1637) | fn test_builder_blacklist_ciphers() {
function idle_context_peer_trust (line 1654) | fn idle_context_peer_trust() {
function peer_id (line 1660) | fn peer_id() {
function peer_domain_name (line 1668) | fn peer_domain_name() {
function write_panic (line 1677) | fn write_panic() {
function read_panic (line 1704) | fn read_panic() {
function zero_length_buffers (line 1730) | fn zero_length_buffers() {
FILE: security-framework/src/trust.rs
type TrustResult (line 23) | pub struct TrustResult(SecTrustResultType);
constant DENY (line 27) | pub const DENY: Self = Self(kSecTrustResultDeny);
constant FATAL_TRUST_FAILURE (line 29) | pub const FATAL_TRUST_FAILURE: Self = Self(kSecTrustResultFatalTrustFa...
constant INVALID (line 31) | pub const INVALID: Self = Self(kSecTrustResultInvalid);
constant OTHER_ERROR (line 33) | pub const OTHER_ERROR: Self = Self(kSecTrustResultOtherError);
constant PROCEED (line 35) | pub const PROCEED: Self = Self(kSecTrustResultProceed);
constant RECOVERABLE_TRUST_FAILURE (line 37) | pub const RECOVERABLE_TRUST_FAILURE: Self = Self(kSecTrustResultRecove...
constant UNSPECIFIED (line 39) | pub const UNSPECIFIED: Self = Self(kSecTrustResultUnspecified);
method success (line 46) | pub fn success(self) -> bool {
method create_with_certificates (line 85) | pub fn create_with_certificates(
method set_trust_verify_date (line 105) | pub fn set_trust_verify_date(&mut self, date: &CFDate) -> Result<()> {
method set_anchor_certificates (line 110) | pub fn set_anchor_certificates(&mut self, certs: &[SecCertificate]) -> R...
method copy_anchor_certificates (line 123) | pub fn copy_anchor_certificates() -> Result<Vec<SecCertificate>> {
method set_trust_anchor_certificates_only (line 142) | pub fn set_trust_anchor_certificates_only(&mut self, only: bool) -> Resu...
method set_policy (line 148) | pub fn set_policy(&mut self, policy: &SecPolicy) -> Result<()> {
method set_options (line 155) | pub fn set_options(&mut self, options: TrustOptions) -> Result<()> {
method get_network_fetch_allowed (line 161) | pub fn get_network_fetch_allowed(&mut self) -> Result<bool> {
method set_network_fetch_allowed (line 172) | pub fn set_network_fetch_allowed(&mut self, allowed: bool) -> Result<()> {
method set_trust_ocsp_response (line 178) | pub fn set_trust_ocsp_response<I: Iterator<Item = impl AsRef<[u8]>>>(
method set_signed_certificate_timestamps (line 193) | pub fn set_signed_certificate_timestamps<I: Iterator<Item = impl AsRef<[...
method copy_public_key (line 209) | pub fn copy_public_key(&mut self) -> Result<SecKey> {
method evaluate (line 215) | pub fn evaluate(&self) -> Result<TrustResult> {
method evaluate_with_error (line 226) | pub fn evaluate_with_error(&self) -> Result<(), CFError> {
method chain (line 243) | pub fn chain(&self) -> Vec<SecCertificate> {
method certificate_count (line 261) | pub fn certificate_count(&self) -> CFIndex {
method certificate_at_index (line 270) | pub fn certificate_at_index(&self, ix: CFIndex) -> Option<SecCertificate> {
function create_with_certificates (line 292) | fn create_with_certificates() {
function create_with_certificates_new (line 300) | fn create_with_certificates_new() {
function certificate_count_and_at_index (line 309) | fn certificate_count_and_at_index() {
function certificate_count_and_at_index_new (line 325) | fn certificate_count_and_at_index_new() {
function certificate_at_index_out_of_bounds (line 341) | fn certificate_at_index_out_of_bounds() {
function set_policy (line 356) | fn set_policy() {
function set_policy_new (line 366) | fn set_policy_new() {
FILE: security-framework/src/trust_settings.rs
type Domain (line 22) | pub enum Domain {
method from (line 33) | fn from(domain: Domain) -> Self {
type TrustSettingsForCertificate (line 44) | pub enum TrustSettingsForCertificate {
method new (line 64) | fn new(value: i64) -> Self {
type TrustSettings (line 79) | pub struct TrustSettings {
method new (line 92) | pub const fn new(domain: Domain) -> Self {
method iter (line 98) | pub fn iter(&self) -> Result<TrustSettingsIter> {
method set_trust_settings_always (line 129) | pub fn set_trust_settings_always(&self, cert: &SecCertificate) -> Resu...
method tls_trust_settings_for_certificate (line 153) | pub fn tls_trust_settings_for_certificate(&self, cert: &SecCertificate...
type TrustSettingsIter (line 207) | pub struct TrustSettingsIter {
type Item (line 213) | type Item = SecCertificate;
method next (line 216) | fn next(&mut self) -> Option<Self::Item> {
method size_hint (line 227) | fn size_hint(&self) -> (usize, Option<usize>) {
function list_for_domain (line 238) | fn list_for_domain(domain: Domain) {
function list_for_user (line 251) | fn list_for_user() {
function list_for_system (line 256) | fn list_for_system() {
function list_for_admin (line 261) | fn list_for_admin() {
function test_system_certs_are_present (line 266) | fn test_system_certs_are_present() {
function test_isrg_root_exists_and_is_trusted (line 274) | fn test_isrg_root_exists_and_is_trusted() {
function test_unknown_cert_is_not_trusted (line 290) | fn test_unknown_cert_is_not_trusted() {
FILE: systest/build.rs
function main (line 3) | fn main() {
Condensed preview — 102 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (571K chars).
[
{
"path": ".github/workflows/main.yml",
"chars": 3398,
"preview": "name: CI\n\non:\n pull_request:\n push:\n branches: main\n\nenv:\n RUST_BACKTRACE: 1\n CARGO_PROFILE_DEV_DEBUG: 0\n\njobs:\n "
},
{
"path": ".gitignore",
"chars": 57,
"preview": "target/\nCargo.lock\n.cargo/\n.DS_Store\n.idea\n*.iml\n.vscode\n"
},
{
"path": ".rustfmt.toml",
"chars": 106,
"preview": "# please do not use rustfmt, it destroys well-formatted code\ndisable_all_formatting = true\nignore = [\"/\"]\n"
},
{
"path": "Cargo.toml",
"chars": 792,
"preview": "[workspace]\nresolver = \"2\"\nmembers = [\n \"security-framework-sys\",\n \"security-framework\",\n \"iostest\",\n \"syste"
},
{
"path": "LICENSE-APACHE",
"chars": 10847,
"preview": " Apache License\n Version 2.0, January 2004\n http"
},
{
"path": "LICENSE-MIT",
"chars": 1081,
"preview": "The MIT License (MIT)\n\nCopyright (c) 2015 Steven Fackler\n\nPermission is hereby granted, free of charge, to any person ob"
},
{
"path": "README.md",
"chars": 760,
"preview": "# macOS/iOS Security framework for Rust\n\n[](htt"
},
{
"path": "iostest/Cargo.toml",
"chars": 400,
"preview": "[package]\nname = \"iostest\"\nversion = \"0.1.0\"\nedition = \"2021\"\npublish = false\n\n[lib]\ncrate-type = [\"staticlib\"]\n\n[depend"
},
{
"path": "iostest/ios-test-harness/ios-test-harness/Assets.xcassets/AccentColor.colorset/Contents.json",
"chars": 123,
"preview": "{\n \"colors\" : [\n {\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }"
},
{
"path": "iostest/ios-test-harness/ios-test-harness/Assets.xcassets/AppIcon.appiconset/Contents.json",
"chars": 1591,
"preview": "{\n \"images\" : [\n {\n \"idiom\" : \"iphone\",\n \"scale\" : \"2x\",\n \"size\" : \"20x20\"\n },\n {\n \"idiom\""
},
{
"path": "iostest/ios-test-harness/ios-test-harness/Assets.xcassets/Contents.json",
"chars": 63,
"preview": "{\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }\n}\n"
},
{
"path": "iostest/ios-test-harness/ios-test-harness/ContentView.swift",
"chars": 541,
"preview": "//\n// ContentView.swift\n// ios-test-harness\n//\n\nimport SwiftUI\n\nstruct ContentView: View {\n @State var showAlert = "
},
{
"path": "iostest/ios-test-harness/ios-test-harness/Preview Content/Preview Assets.xcassets/Contents.json",
"chars": 63,
"preview": "{\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }\n}\n"
},
{
"path": "iostest/ios-test-harness/ios-test-harness/ios_test_harnessApp.swift",
"chars": 207,
"preview": "//\n// ios_test_harnessApp.swift\n// ios-test-harness\n//\n\nimport SwiftUI\n\n@main\nstruct ios_test_harnessApp: App {\n va"
},
{
"path": "iostest/ios-test-harness/ios-test-harness.xcodeproj/project.pbxproj",
"chars": 22305,
"preview": "// !$*UTF8*$!\n{\n\tarchiveVersion = 1;\n\tclasses = {\n\t};\n\tobjectVersion = 55;\n\tobjects = {\n\n/* Begin PBXBuildFile section *"
},
{
"path": "iostest/ios-test-harness/ios-test-harnessTests/ios_test_harnessTests.swift",
"chars": 277,
"preview": "//\n// static_test_harnessTests.swift\n// static-test-harnessTests\n//\n// Created by Daniel Brotsky on 1/29/22.\n//\n\nimpo"
},
{
"path": "iostest/ios-test-harness/test-runner/TestRunner.swift",
"chars": 136,
"preview": "//\n// TestRunner.swift\n// ios-test-harness\n//\n\nimport Foundation\n\nclass TestRunner {\n static func runTest() {\n "
},
{
"path": "iostest/ios-test-harness/test-runner/create-library.sh",
"chars": 1637,
"preview": "#!/bin/bash\nset -x\n# create-library.sh\n# Build the correct Rust target and place\n# the resulting library in the build pr"
},
{
"path": "iostest/ios-test-harness/test-runner/remove-library.sh",
"chars": 145,
"preview": "#!/bin/sh\nset -x\n# delete-library.sh\n# Remove the build Rust library so it will be rebuilt next time.\n#\nrm -fv ${DERIVED"
},
{
"path": "iostest/ios-test-harness/test-runner/test-Bridging-Header.h",
"chars": 170,
"preview": "//\n// test-Bridging-Header.h\n// ios-test-harness\n//\n\n#ifndef test_Bridging_Header_h\n#define test_Bridging_Header_h\n\n#imp"
},
{
"path": "iostest/ios-test-harness/test-runner/test.h",
"chars": 109,
"preview": "//\n// test.h\n// ios-test-harness\n//\n\n#ifndef test_h\n#define test_h\n\nextern void test();\n\n#endif /* test_h */\n"
},
{
"path": "iostest/src/lib.rs",
"chars": 9732,
"preview": "#![allow(deprecated)]\n//! Test library for newer iOS-style APIs.\n//!\n//! This library exercises the iOS-style password A"
},
{
"path": "iostest/tests/ios_macos.rs",
"chars": 5912,
"preview": "//! Tests of legacy macOS versus newer iOS-style APIs.\n//!\n//! These tests compile under both iOS and macOS. Of course,"
},
{
"path": "security-framework/Cargo.toml",
"chars": 1862,
"preview": "[package]\nname = \"security-framework\"\nversion = \"3.7.1\"\nauthors = [\n \"Steven Fackler <sfackler@gmail.com>\",\n \"Korn"
},
{
"path": "security-framework/THIRD_PARTY",
"chars": 20257,
"preview": "This project contains documentation adapted from Apple Inc.'s Security Framework\nunder the following license:\n\nAPPLE PUB"
},
{
"path": "security-framework/examples/client.rs",
"chars": 669,
"preview": "use security_framework::secure_transport::ClientBuilder;\nuse std::io::{Read, Write};\nuse std::net::TcpStream;\n\nfn main()"
},
{
"path": "security-framework/examples/find_internet_password.rs",
"chars": 1088,
"preview": "#[cfg(target_os = \"macos\")]\nuse security_framework::os::macos::keychain::SecKeychain;\n#[cfg(target_os = \"macos\")]\nuse se"
},
{
"path": "security-framework/examples/set_internet_password.rs",
"chars": 879,
"preview": "#[cfg(target_os = \"macos\")]\nuse security_framework::os::macos::keychain::SecKeychain;\n#[cfg(target_os = \"macos\")]\nuse se"
},
{
"path": "security-framework/src/access_control.rs",
"chars": 3843,
"preview": "//! Access Control support.\n\nuse crate::base::{Error, Result};\nuse core_foundation::base::{kCFAllocatorDefault, CFOption"
},
{
"path": "security-framework/src/authorization.rs",
"chars": 26471,
"preview": "//! Authorization Services support.\n\n/// # Potential improvements\n///\n/// * When generic specialization stabilizes preve"
},
{
"path": "security-framework/src/base.rs",
"chars": 2226,
"preview": "//! Support types for other modules.\n\nuse core_foundation::string::CFString;\nuse core_foundation_sys::base::OSStatus;\nus"
},
{
"path": "security-framework/src/certificate.rs",
"chars": 10206,
"preview": "//! Certificate support.\nuse core_foundation::array::{CFArray, CFArrayRef};\nuse core_foundation::base::{TCFType, ToVoid}"
},
{
"path": "security-framework/src/cipher_suite.rs",
"chars": 8263,
"preview": "//! Cipher Suites supported by Secure Transport\n\nuse security_framework_sys::cipher_suite::*;\n\nmacro_rules! make_suites "
},
{
"path": "security-framework/src/cms.rs",
"chars": 26098,
"preview": "//! Cryptographic Message Syntax support\n\nuse std::{fmt, ptr};\n\nuse core_foundation::array::CFArray;\nuse core_foundation"
},
{
"path": "security-framework/src/identity.rs",
"chars": 2539,
"preview": "//! Identity support.\n\nuse core_foundation::base::{TCFType, ToVoid};\nuse core_foundation::dictionary::CFMutableDictionar"
},
{
"path": "security-framework/src/import_export.rs",
"chars": 5795,
"preview": "//! Security Framework type import/export support.\n\nuse core_foundation::array::CFArray;\nuse core_foundation::base::{CFT"
},
{
"path": "security-framework/src/item.rs",
"chars": 38065,
"preview": "//! Support to search for items in a keychain.\n\nuse core_foundation::array::CFArray;\nuse core_foundation::base::{CFType,"
},
{
"path": "security-framework/src/key.rs",
"chars": 18920,
"preview": "//! Encryption key support\n\nuse core_foundation::{declare_TCFType, impl_TCFType};\nuse crate::cvt;\nuse core_foundation::{"
},
{
"path": "security-framework/src/lib.rs",
"chars": 1784,
"preview": "#![cfg(target_vendor = \"apple\")]\n\n//! Wrappers around the macOS Security Framework.\n#![warn(missing_docs)]\n#![allow(non_"
},
{
"path": "security-framework/src/os/macos/access.rs",
"chars": 430,
"preview": "#![allow(deprecated)]\n//! Access functionality.\nuse core_foundation::{declare_TCFType, impl_TCFType};\nuse security_frame"
},
{
"path": "security-framework/src/os/macos/certificate.rs",
"chars": 7532,
"preview": "//! OSX specific extensions to certificate functionality.\n\nuse core_foundation::array::{CFArray, CFArrayIterator};\nuse c"
},
{
"path": "security-framework/src/os/macos/certificate_oids.rs",
"chars": 1023,
"preview": "//! OIDs associated with certificate properties.\nuse core_foundation::base::TCFType;\nuse core_foundation::string::CFStri"
},
{
"path": "security-framework/src/os/macos/code_signing.rs",
"chars": 15343,
"preview": "//! Code signing services.\n\nuse core_foundation::base::{TCFType, TCFTypeRef, ToVoid};\nuse core_foundation::data::CFDataR"
},
{
"path": "security-framework/src/os/macos/digest_transform.rs",
"chars": 5232,
"preview": "//! Digest Transform support\n\nuse core_foundation::base::{CFIndex, TCFType};\nuse core_foundation::data::CFData;\nuse core"
},
{
"path": "security-framework/src/os/macos/encrypt_transform.rs",
"chars": 7943,
"preview": "//! Encryption and Decryption transform support.\n\nuse core_foundation::base::TCFType;\nuse core_foundation::data::CFData;"
},
{
"path": "security-framework/src/os/macos/identity.rs",
"chars": 2722,
"preview": "//! OSX specific extensions to identity functionality.\nuse core_foundation::array::CFArray;\nuse core_foundation::base::T"
},
{
"path": "security-framework/src/os/macos/import_export.rs",
"chars": 11733,
"preview": "//! OSX specific extensions to import/export functionality.\n\nuse core_foundation::array::CFArray;\nuse core_foundation::b"
},
{
"path": "security-framework/src/os/macos/item.rs",
"chars": 1558,
"preview": "//! OSX specific functionality for items.\nuse crate::item::ItemSearchOptions;\nuse crate::os::macos::keychain::SecKeychai"
},
{
"path": "security-framework/src/os/macos/key.rs",
"chars": 1484,
"preview": "//! OSX specific functionality for keys.\nuse core_foundation::base::TCFType;\nuse core_foundation::data::CFData;\nuse core"
},
{
"path": "security-framework/src/os/macos/keychain.rs",
"chars": 8460,
"preview": "//! Keychain support.\n//!\n//! Apple has deprecated `SecKeychain`.\n\nuse core_foundation::base::{Boolean, TCFType};\nuse co"
},
{
"path": "security-framework/src/os/macos/keychain_item.rs",
"chars": 712,
"preview": "#![allow(deprecated)]\n//! Keychain item support.\nuse core_foundation::{declare_TCFType, impl_TCFType};\nuse security_fram"
},
{
"path": "security-framework/src/os/macos/mod.rs",
"chars": 1520,
"preview": "//! OSX specific extensions.\n\npub mod access;\npub mod certificate;\npub mod certificate_oids;\npub mod code_signing;\npub m"
},
{
"path": "security-framework/src/os/macos/passwords.rs",
"chars": 16219,
"preview": "//! Password support.\n\nuse crate::os::macos::keychain::SecKeychain;\nuse crate::os::macos::keychain_item::SecKeychainItem"
},
{
"path": "security-framework/src/os/macos/secure_transport.rs",
"chars": 20626,
"preview": "//! OSX specific extensions to Secure Transport functionality.\n\nuse core_foundation::array::CFArray;\nuse core_foundation"
},
{
"path": "security-framework/src/os/macos/transform.rs",
"chars": 1768,
"preview": "#![allow(deprecated)]\n//! Transform support. Deprecated by Apple.\nuse core_foundation::base::{CFType, TCFType};\nuse core"
},
{
"path": "security-framework/src/os/mod.rs",
"chars": 72,
"preview": "//! OS specific extensions.\n\n#[cfg(target_os = \"macos\")]\npub mod macos;\n"
},
{
"path": "security-framework/src/passwords.rs",
"chars": 13118,
"preview": "//! Support for password entries in the keychain. Works on both iOS and macOS.\n//!\n//! If you want the extended keychai"
},
{
"path": "security-framework/src/passwords_options.rs",
"chars": 9657,
"preview": "//! Support for password options, to be used with the passwords module\n\n// NB: re-export these types in the `passwords` "
},
{
"path": "security-framework/src/policy.rs",
"chars": 3620,
"preview": "//! Security Policies support.\nuse core_foundation::base::{CFOptionFlags, TCFType};\nuse core_foundation::string::CFStrin"
},
{
"path": "security-framework/src/random.rs",
"chars": 908,
"preview": "//! Randomness support.\n\nuse security_framework_sys::random::{kSecRandomDefault, SecRandomCopyBytes, SecRandomRef};\nuse "
},
{
"path": "security-framework/src/secure_transport.rs",
"chars": 58927,
"preview": "//! SSL/TLS encryption support using Secure Transport.\n//!\n//! # Examples\n//!\n//! To connect as a client to a server wit"
},
{
"path": "security-framework/src/trust.rs",
"chars": 14168,
"preview": "//! Trust evaluation support.\nuse core_foundation::array::CFArray;\n#[cfg(target_os = \"macos\")]\nuse core_foundation::arra"
},
{
"path": "security-framework/src/trust_settings.rs",
"chars": 10636,
"preview": "//! Querying trust settings.\n\nuse core_foundation::array::{CFArray, CFArrayRef};\nuse core_foundation::base::{CFIndex, TC"
},
{
"path": "security-framework/test/regen-certs.sh",
"chars": 4450,
"preview": "#!/bin/bash\nset -xe\n\ncd \"$(dirname \"$0\")\"\nTEST_DIR=\"$(pwd)\"\n\nopenssl genrsa -out ca.key 2048\n\ncat > ca.cnf << 'EOF'\n[req"
},
{
"path": "security-framework/test/server.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDUdbb5beIHeP1Z\nup4gZ1hPtgfN0frILyQSR2E40L8"
},
{
"path": "security-framework-sys/Cargo.toml",
"chars": 1149,
"preview": "[package]\nname = \"security-framework-sys\"\nversion = \"2.17.1\"\nauthors = [\"Steven Fackler <sfackler@gmail.com>\", \"Kornel <"
},
{
"path": "security-framework-sys/src/access.rs",
"chars": 177,
"preview": "use core_foundation_sys::base::CFTypeID;\n\nextern \"C\" {\n #[deprecated(note = \"Deprecated by Apple. SecKeychain is depr"
},
{
"path": "security-framework-sys/src/access_control.rs",
"chars": 1752,
"preview": "use core_foundation_sys::base::CFOptionFlags;\nuse core_foundation_sys::base::{CFAllocatorRef, CFTypeID, CFTypeRef};\nuse "
},
{
"path": "security-framework-sys/src/authorization.rs",
"chars": 4947,
"preview": "use core_foundation_sys::base::{CFTypeRef, OSStatus};\nuse core_foundation_sys::bundle::CFBundleRef;\nuse core_foundation_"
},
{
"path": "security-framework-sys/src/base.rs",
"chars": 2326,
"preview": "use core_foundation_sys::base::OSStatus;\nuse core_foundation_sys::string::CFStringRef;\nuse std::os::raw::c_void;\n\npub en"
},
{
"path": "security-framework-sys/src/certificate.rs",
"chars": 4015,
"preview": "use core_foundation_sys::array::CFArrayRef;\nuse core_foundation_sys::base::{CFAllocatorRef, CFTypeID, OSStatus};\nuse cor"
},
{
"path": "security-framework-sys/src/certificate_oids.rs",
"chars": 123,
"preview": "use core_foundation_sys::string::CFStringRef;\n\nextern \"C\" {\n pub static kSecOIDX509V1SignatureAlgorithm: CFStringRef;"
},
{
"path": "security-framework-sys/src/cipher_suite.rs",
"chars": 12825,
"preview": "#[cfg(not(target_os = \"macos\"))]\npub type SSLCipherSuite = u16;\n\n#[cfg(all(target_os = \"macos\", target_arch = \"aarch64\")"
},
{
"path": "security-framework-sys/src/cms.rs",
"chars": 7448,
"preview": "//! Cryptographic Message Syntax support\n\nuse std::os::raw::c_void;\n\nuse core_foundation_sys::array::CFArrayRef;\nuse cor"
},
{
"path": "security-framework-sys/src/code_signing.rs",
"chars": 3545,
"preview": "use core_foundation_sys::base::{CFTypeID, OSStatus};\nuse core_foundation_sys::dictionary::CFDictionaryRef;\nuse core_foun"
},
{
"path": "security-framework-sys/src/digest_transform.rs",
"chars": 1069,
"preview": "use core_foundation_sys::base::{CFIndex, CFTypeRef};\nuse core_foundation_sys::error::CFErrorRef;\nuse core_foundation_sys"
},
{
"path": "security-framework-sys/src/encrypt_transform.rs",
"chars": 1398,
"preview": "use core_foundation_sys::error::CFErrorRef;\nuse core_foundation_sys::string::CFStringRef;\n\nuse crate::base::SecKeyRef;\nu"
},
{
"path": "security-framework-sys/src/identity.rs",
"chars": 723,
"preview": "#[cfg(target_os = \"macos\")]\nuse core_foundation_sys::base::CFTypeRef;\nuse core_foundation_sys::base::{CFTypeID, OSStatus"
},
{
"path": "security-framework-sys/src/import_export.rs",
"chars": 4222,
"preview": "use core_foundation_sys::array::CFArrayRef;\n#[cfg(target_os = \"macos\")]\nuse core_foundation_sys::base::CFTypeRef;\nuse co"
},
{
"path": "security-framework-sys/src/item.rs",
"chars": 4105,
"preview": "use core_foundation_sys::string::CFStringRef;\n\nextern \"C\" {\n pub static kSecClass: CFStringRef;\n pub static kSecCl"
},
{
"path": "security-framework-sys/src/key.rs",
"chars": 10100,
"preview": "use core_foundation_sys::base::CFTypeID;\nuse core_foundation_sys::data::CFDataRef;\nuse core_foundation_sys::dictionary::"
},
{
"path": "security-framework-sys/src/keychain.rs",
"chars": 9676,
"preview": "#[cfg(target_os = \"macos\")]\nuse core_foundation_sys::base::CFTypeRef;\n#[cfg(target_os = \"macos\")]\nuse core_foundation_sy"
},
{
"path": "security-framework-sys/src/keychain_item.rs",
"chars": 1968,
"preview": "#[cfg(target_os = \"macos\")]\nuse crate::base::{SecKeychainAttributeList, SecKeychainItemRef};\n#[cfg(target_os = \"macos\")]"
},
{
"path": "security-framework-sys/src/lib.rs",
"chars": 980,
"preview": "#![allow(bad_style)]\n\n#[cfg_attr(target_vendor = \"apple\", link(name = \"Security\", kind = \"framework\"))]\nextern \"C\" {}\n\n/"
},
{
"path": "security-framework-sys/src/policy.rs",
"chars": 982,
"preview": "use core_foundation_sys::base::{Boolean, CFOptionFlags, CFTypeID};\nuse core_foundation_sys::string::CFStringRef;\n\nuse cr"
},
{
"path": "security-framework-sys/src/random.rs",
"chars": 262,
"preview": "use std::os::raw::{c_int, c_void};\n\npub enum __SecRandom {}\npub type SecRandomRef = *const __SecRandom;\n\nextern \"C\" {\n "
},
{
"path": "security-framework-sys/src/secure_transport.rs",
"chars": 11028,
"preview": "use core_foundation_sys::array::CFArrayRef;\n#[cfg(target_os = \"macos\")]\nuse core_foundation_sys::base::CFTypeRef;\nuse co"
},
{
"path": "security-framework-sys/src/transform.rs",
"chars": 879,
"preview": "use core_foundation_sys::base::{Boolean, CFTypeID, CFTypeRef};\nuse core_foundation_sys::error::CFErrorRef;\nuse core_foun"
},
{
"path": "security-framework-sys/src/trust.rs",
"chars": 3445,
"preview": "use crate::base::{SecCertificateRef, SecKeyRef};\nuse core_foundation_sys::array::CFArrayRef;\nuse core_foundation_sys::ba"
},
{
"path": "security-framework-sys/src/trust_settings.rs",
"chars": 1312,
"preview": "use crate::base::SecCertificateRef;\nuse core_foundation_sys::array::CFArrayRef;\nuse core_foundation_sys::base::{CFTypeRe"
},
{
"path": "systest/Cargo.toml",
"chars": 407,
"preview": "[package]\nname = \"systest\"\nversion = \"0.1.0\"\nauthors = [\"Steven Fackler <sfackler@palantir.com>\"]\nedition = \"2021\"\npubli"
},
{
"path": "systest/build.rs",
"chars": 1646,
"preview": "use std::env;\n\nfn main() {\n let mut test = ctest2::TestGenerator::new();\n\n if env::var(\"TARGET\").unwrap().contains"
},
{
"path": "systest/src/main.rs",
"chars": 1665,
"preview": "#![allow(bad_style)]\n#![allow(unused)]\n#![allow(clippy::all)]\n#![allow(deprecated)]\n#![allow(deref_nullptr)]\n#![allow(in"
}
]
// ... and 9 more files (download for full content)
About this extraction
This page contains the full source code of the kornelski/rust-security-framework GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 102 files (532.4 KB), approximately 138.7k tokens, and a symbol index with 1402 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.