Skip to content

Commit

Permalink
Merge branch 'main' into add-visionos-support
Browse files Browse the repository at this point in the history
  • Loading branch information
simlay authored May 21, 2024
2 parents 6a7c1d1 + f27b7f3 commit ce824b5
Show file tree
Hide file tree
Showing 9 changed files with 47 additions and 6 deletions.
2 changes: 1 addition & 1 deletion security-framework-sys/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "security-framework-sys"
version = "2.10.0"
version = "2.11.0"
authors = ["Steven Fackler <[email protected]>", "Kornel <[email protected]>"]
license = "MIT OR Apache-2.0"
description = "Apple `Security.framework` low-level FFI bindings"
Expand Down
3 changes: 3 additions & 0 deletions security-framework-sys/src/item.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ extern "C" {
pub static kSecMatchLimitAll: CFStringRef;

pub static kSecMatchTrustedOnly: CFStringRef;
pub static kSecMatchCaseInsensitive: CFStringRef;
#[cfg(target_os = "macos")]
pub static kSecMatchSubjectWholeString: CFStringRef;

pub static kSecReturnData: CFStringRef;
pub static kSecReturnAttributes: CFStringRef;
Expand Down
10 changes: 5 additions & 5 deletions security-framework/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "security-framework"
version = "2.10.0"
version = "2.11.0"
authors = ["Steven Fackler <[email protected]>", "Kornel <[email protected]>"]
license = "MIT OR Apache-2.0"
description = "Security.framework bindings for macOS and iOS"
Expand All @@ -15,10 +15,10 @@ edition = "2021"
rust-version = "1.60"

[dependencies]
security-framework-sys = { version = "2.10.0", default-features = false, path = "../security-framework-sys" }
core-foundation = "0.9.3"
core-foundation-sys = "0.8.3"
bitflags = "1.3.2"
security-framework-sys = { version = "2.11.0", default-features = false, path = "../security-framework-sys" }
bitflags = "2.5"
core-foundation = "0.9.4"
core-foundation-sys = "0.8.6"
libc = "0.2.139"
log = { version = "0.4.17", optional = true }
num-bigint = { version = "0.4.3", optional = true }
Expand Down
1 change: 1 addition & 0 deletions security-framework/src/authorization.rs
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ macro_rules! cstring_or_err {

bitflags::bitflags! {
/// The flags used to specify authorization options.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct Flags: sys::AuthorizationFlags {
/// An empty flag set that you use as a placeholder when you don't want
/// any of the other flags.
Expand Down
33 changes: 33 additions & 0 deletions security-framework/src/item.rs
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ pub struct ItemSearchOptions {
keychains: Option<CFArray<SecKeychain>>,
#[cfg(not(target_os = "macos"))]
keychains: Option<CFArray<CFType>>,
case_insensitive: Option<bool>,
class: Option<ItemClass>,
key_class: Option<KeyClass>,
load_refs: bool,
Expand All @@ -140,6 +141,7 @@ pub struct ItemSearchOptions {
trusted_only: Option<bool>,
label: Option<CFString>,
service: Option<CFString>,
subject: Option<CFString>,
account: Option<CFString>,
access_group: Option<CFString>,
pub_key_hash: Option<CFData>,
Expand Down Expand Up @@ -170,6 +172,13 @@ impl ItemSearchOptions {
self
}

/// Whether search for an item should be case insensitive or not.
#[inline(always)]
pub fn case_insensitive(&mut self, case_insensitive: Option<bool>) -> &mut Self {
self.case_insensitive = case_insensitive;
self
}

/// Search only for keys of the specified class. Also sets self.class to
/// `ItemClass::key()`.
#[inline(always)]
Expand Down Expand Up @@ -232,6 +241,13 @@ impl ItemSearchOptions {
self.service = Some(CFString::new(service));
self
}

/// Search for an item with exactly the given subject.
#[inline(always)]
pub fn subject(&mut self, subject: &str) -> &mut Self {
self.subject = Some(CFString::new(subject));
self
}

/// Search for an item with the given account.
#[inline(always)]
Expand Down Expand Up @@ -291,6 +307,13 @@ impl ItemSearchOptions {
params.push((CFString::wrap_under_get_rule(kSecClass), class.to_value()));
}

if let Some(case_insensitive) = self.case_insensitive {
params.push((
CFString::wrap_under_get_rule(kSecMatchCaseInsensitive),
CFBoolean::from(case_insensitive).as_CFType()
));
}

if let Some(key_class) = self.key_class {
params.push((CFString::wrap_under_get_rule(kSecAttrKeyClass), key_class.to_value()));
}
Expand Down Expand Up @@ -343,6 +366,16 @@ impl ItemSearchOptions {
service.as_CFType(),
));
}

#[cfg(target_os = "macos")]
{
if let Some(ref subject) = self.subject {
params.push((
CFString::wrap_under_get_rule(kSecMatchSubjectWholeString),
subject.as_CFType(),
));
}
}

if let Some(ref account) = self.account {
params.push((
Expand Down
1 change: 1 addition & 0 deletions security-framework/src/os/macos/code_signing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ bitflags::bitflags! {

/// Values that can be used in the flags parameter to most code signing
/// functions.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct Flags: u32 {
/// Use the default behaviour.
const NONE = 0;
Expand Down
1 change: 1 addition & 0 deletions security-framework/src/passwords_options.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ pub struct PasswordOptions {

bitflags::bitflags! {
/// The option flags used to configure the evaluation of a `SecAccessControl`.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct AccessControlOptions: CFOptionFlags {
/** Constraint to access an item with either biometry or passcode. */
const USER_PRESENCE = kSecAccessControlUserPresence;
Expand Down
1 change: 1 addition & 0 deletions security-framework/src/policy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ impl fmt::Debug for SecPolicy {
#[cfg(any(feature = "OSX_10_9", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
bitflags::bitflags! {
/// The flags used to specify revocation policy options.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct RevocationPolicy: CFOptionFlags {
/// Perform revocation checking using OCSP (Online Certificate Status Protocol).
const OCSP_METHOD = kSecRevocationOCSPMethod;
Expand Down
1 change: 1 addition & 0 deletions security-framework/src/trust.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ unsafe impl Send for SecTrust {}
#[cfg(target_os = "macos")]
bitflags::bitflags! {
/// The option flags used to configure the evaluation of a `SecTrust`.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct TrustOptions: SecTrustOptionFlags {
/// Allow expired certificates (except for the root certificate).
const ALLOW_EXPIRED = kSecTrustOptionAllowExpired;
Expand Down

0 comments on commit ce824b5

Please sign in to comment.