Package apple.security.c

Class Security

  • public final class Security
extends java.lang.Object

    • Method Detail

      • SecCertificateGetTypeID

        public static long SecCertificateGetTypeID()
        [@function] SecCertificateGetTypeID Returns the type identifier of SecCertificate instances.
        Returns:
        The CFTypeID of SecCertificate instances.

      • SecCertificateCreateWithData

        public static SecCertificateRef SecCertificateCreateWithData​(CFAllocatorRef allocator,
                                                             CFDataRef data)
        [@function] SecCertificateCreateWithData Create a certificate given it's DER representation as a CFData.
        Parameters:
        allocator - CFAllocator to allocate the certificate with.
        data - DER encoded X.509 certificate.
        Returns:
        Return NULL if the passed-in data is not a valid DER-encoded X.509 certificate, return a SecCertificateRef otherwise.

      • SecCertificateCopyData

        public static CFDataRef SecCertificateCopyData​(SecCertificateRef certificate)
        [@function] SecCertificateCopyData Return the DER representation of an X.509 certificate.
        Parameters:
        certificate - SecCertificate object created with SecCertificateCreateWithData().
        Returns:
        DER encoded X.509 certificate.

      • SecCertificateCopySubjectSummary

        public static CFStringRef SecCertificateCopySubjectSummary​(SecCertificateRef certificate)
        [@function] SecCertificateCopySubjectSummary Return a simple string which hopefully represents a human understandable summary. All the data in this string comes from the certificate itself and thus it's in whatever language the certificate itself is in.
        Parameters:
        certificate - A reference to the certificate from which to derive the subject summary string.
        Returns:
        A CFStringRef which the caller should CFRelease() once it's no longer needed.

      • SecIdentityGetTypeID

        public static long SecIdentityGetTypeID()
        [@function] SecIdentityGetTypeID Returns the type identifier of SecIdentity instances.
        Returns:
        The CFTypeID of SecIdentity instances.

      • SecIdentityCopyCertificate

        public static int SecIdentityCopyCertificate​(SecIdentityRef identityRef,
                                             org.moe.natj.general.ptr.Ptr<SecCertificateRef> certificateRef)
        [@function] SecIdentityCopyCertificate Returns a reference to a certificate for the given identity reference.
        Parameters:
        identityRef - An identity reference.
        certificateRef - On return, a pointer to the found certificate reference. You are responsible for releasing this reference by calling the CFRelease function.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecIdentityCopyPrivateKey

        public static int SecIdentityCopyPrivateKey​(SecIdentityRef identityRef,
                                            org.moe.natj.general.ptr.Ptr<SecKeyRef> privateKeyRef)
        [@function] SecIdentityCopyPrivateKey Returns the private key associated with an identity.
        Parameters:
        identityRef - An identity reference.
        privateKeyRef - On return, a pointer to the private key for the given identity. On iOS, the private key must be of class type kSecAppleKeyItemClass. You are responsible for releasing this reference by calling the CFRelease function.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecPKCS12Import

        public static int SecPKCS12Import​(CFDataRef pkcs12_data,
                                  CFDictionaryRef options,
                                  org.moe.natj.general.ptr.Ptr<CFArrayRef> items)
        [@function] SecPKCS12Import Imports the contents of a PKCS12 formatted blob.
        Parameters:
        pkcs12_data - The PKCS#12 formatted data to be imported.
        options - A dictionary containing import options. A kSecImportExportPassphrase entry is required at minimum. Only password-based PKCS12 blobs are currently supported.
        items - On return, an array containing a dictionary for every item extracted. Use kSecImportItem constants to access specific elements of these dictionaries. Your code must CFRelease the array when it is no longer needed.
        Returns:
        errSecSuccess in case of success. errSecDecode means either the blob can't be read or it is malformed. errSecAuthFailed means an incorrect password was supplied, or data in the container is damaged.

      • SecAccessControlGetTypeID

        public static long SecAccessControlGetTypeID()
        [@function] SecAccessControlGetTypeID Returns the type identifier of SecAccessControl instances.
        Returns:
        The CFTypeID of SecAccessControl instances.

      • SecAccessControlCreateWithFlags

        public static SecAccessControlRef SecAccessControlCreateWithFlags​(CFAllocatorRef allocator,
                                                                  org.moe.natj.general.ptr.ConstVoidPtr protection,
                                                                  long flags,
                                                                  org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecAccessControlCreateWithFlags Creates new access control object based on protection type and additional flags. Created access control object should be used as a value for kSecAttrAccessControl attribute in SecItemAdd, SecItemUpdate or SecKeyGeneratePair functions. Accessing keychain items or performing operations on keys which are protected by access control objects can block the execution because of UI which can appear to satisfy the access control conditions, therefore it is recommended to either move those potentially blocking operations out of the main application thread or use combination of kSecUseAuthenticationContext and kSecUseAuthenticationUI attributes to control where the UI interaction can appear.
        Parameters:
        allocator - Allocator to be used by this instance.
        protection - Protection class to be used for the item. One of kSecAttrAccessible constants.
        flags - If no flags are set then all operations are allowed.
        error - Additional error information filled in case of failure.
        Returns:
        Newly created access control object.

      • SecItemCopyMatching

        public static int SecItemCopyMatching​(CFDictionaryRef query,
                                      org.moe.natj.general.ptr.Ptr<org.moe.natj.general.ptr.ConstVoidPtr> result)
        [@function] SecItemCopyMatching Returns one or more items which match a search query. Attributes defining a search are specified by adding key/value pairs to the query dictionary. A typical query consists of: * a kSecClass key, whose value is a constant from the Class Constants section that specifies the class of item(s) to be searched * one or more keys from the "Attribute Key Constants" section, whose value is the attribute data to be matched * one or more keys from the "Search Constants" section, whose value is used to further refine the search * a key from the "Return Type Key Constants" section, specifying the type of results desired Result types are specified as follows: * To obtain the data of a matching item (CFDataRef), specify kSecReturnData with a value of kCFBooleanTrue. * To obtain the attributes of a matching item (CFDictionaryRef), specify kSecReturnAttributes with a value of kCFBooleanTrue. * To obtain a reference to a matching item (SecKeychainItemRef, SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a value of kCFBooleanTrue. * To obtain a persistent reference to a matching item (CFDataRef), specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that unlike normal references, a persistent reference may be stored on disk or passed between processes. * If more than one of these result types is specified, the result is returned as a CFDictionaryRef containing all the requested data. * If a result type is not specified, no results are returned. By default, this function returns only the first match found. To obtain more than one matching item at a time, specify kSecMatchLimit with a value greater than 1. The result will be a CFArrayRef containing up to that number of matching items; the items' types are described above. To filter a provided list of items down to those matching the query, specify a kSecMatchItemList whose value is a CFArray of SecKeychainItemRef, SecKeyRef, SecCertificateRef, or SecIdentityRef items. The objects in the provided array must be of the same type. On iOS, to convert from a persistent item reference to a normal item reference, specify a kSecValuePersistentRef whose value a CFDataRef (the persistent reference), and a kSecReturnRef whose value is kCFBooleanTrue. On OSX, to convert from persistent item references to normal item references, specify a kSecMatchItemList whose value is a CFArray containing one or more CFDataRef elements (the persistent reference), and a kSecReturnRef whose value is kCFBooleanTrue. The objects in the provided array must be of the same type.
        Parameters:
        query - A dictionary containing an item class specification and optional attributes for controlling the search. See the "Keychain Search Attributes" section for a description of currently defined search attributes.
        result - On return, a CFTypeRef reference to the found item(s). The exact type of the result is based on the search attributes supplied in the query, as discussed below.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecItemAdd

        public static int SecItemAdd​(CFDictionaryRef attributes,
                             org.moe.natj.general.ptr.Ptr<org.moe.natj.general.ptr.ConstVoidPtr> result)
        [@function] SecItemAdd Add one or more items to a keychain. Attributes defining an item are specified by adding key/value pairs to the attributes dictionary. To add multiple items to a keychain at once use the kSecUseItemList key with an array of items as its value. This is currently only supported for non password items. On OSX, To add an item to a particular keychain, supply kSecUseKeychain with a SecKeychainRef as its value. Result types are specified as follows: * To obtain the data of the added item (CFDataRef), specify kSecReturnData with a value of kCFBooleanTrue. * To obtain all the attributes of the added item (CFDictionaryRef), specify kSecReturnAttributes with a value of kCFBooleanTrue. * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef, SecCertiicateRef, or SecIdentityRef), specify kSecReturnRef with a value of kCFBooleanTrue. * To obtain a persistent reference to the added item (CFDataRef), specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that unlike normal references, a persistent reference may be stored on disk or passed between processes. * If more than one of these result types is specified, the result is returned as a CFDictionaryRef containing all the requested data. * On iOS, if a result type is not specified, no results are returned. On OSX, the added item is returned.
        Parameters:
        attributes - A dictionary containing an item class specification and optional entries specifying the item's attribute values. See the "Attribute Key Constants" section for a description of currently defined attributes.
        result - On return, a CFTypeRef reference to the newly added item(s). The exact type of the result is based on the values supplied in attributes, as discussed below. Pass NULL if this result is not required.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecItemUpdate

        public static int SecItemUpdate​(CFDictionaryRef query,
                                CFDictionaryRef attributesToUpdate)
        [@function] SecItemUpdate Modify zero or more items which match a search query. Attributes defining a search are specified by adding key/value pairs to the query dictionary.
        Parameters:
        query - A dictionary containing an item class specification and optional attributes for controlling the search. See the "Attribute Constants" and "Search Constants" sections for a description of currently defined search attributes.
        attributesToUpdate - A dictionary containing one or more attributes whose values should be set to the ones specified. Only real keychain attributes are permitted in this dictionary (no "meta" attributes are allowed.) See the "Attribute Key Constants" section for a description of currently defined value attributes.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecItemDelete

        public static int SecItemDelete​(CFDictionaryRef query)
        [@function] SecItemDelete Delete zero or more items which match a search query. Attributes defining a search are specified by adding key/value pairs to the query dictionary. By default, this function deletes all items matching the specified query. You can change this behavior by specifying one of the follow keys: * To delete an item identified by a transient reference, on iOS, specify kSecValueRef with a item reference. On OS X, give a kSecMatchItemList containing an item reference. * To delete an item identified by a persistent reference, on iOS, specify kSecValuePersistentRef with a persistent reference returned by using the kSecReturnPersistentRef key to SecItemCopyMatching or SecItemAdd. on OSX, use kSecMatchItemList with a persistent reference returned by using the kSecReturnPersistentRef key with SecItemCopyMatching or SecItemAdd. * To delete multiple items specify kSecMatchItemList with an array of references. * If more than one of these result keys is specified, the behavior is undefined.
        Parameters:
        query - A dictionary containing an item class specification and optional attributes for controlling the search. See the "Attribute Constants" and "Search Constants" sections for a description of currently defined search attributes.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyGetTypeID

        public static long SecKeyGetTypeID()
        [@function] SecKeyGetTypeID Returns the type identifier of SecKey instances.
        Returns:
        The CFTypeID of SecKey instances.

      • SecKeyGeneratePair

        public static int SecKeyGeneratePair​(CFDictionaryRef parameters,
                                     org.moe.natj.general.ptr.Ptr<SecKeyRef> publicKey,
                                     org.moe.natj.general.ptr.Ptr<SecKeyRef> privateKey)
        [@function] SecKeyGeneratePair Generate a private/public keypair. In order to generate a keypair the parameters dictionary must at least contain the following keys: * kSecAttrKeyType with a value of kSecAttrKeyTypeRSA or any other kSecAttrKeyType defined in SecItem.h * kSecAttrKeySizeInBits with a value being a CFNumberRef containing the requested key size in bits. Example sizes for RSA keys are: 512, 768, 1024, 2048. The values below may be set either in the top-level dictionary or in a dictionary that is the value of the kSecPrivateKeyAttrs or kSecPublicKeyAttrs key in the top-level dictionary. Setting these attributes explicitly will override the defaults below. See SecItem.h for detailed information on these attributes including the types of the values. * kSecAttrLabel default NULL * kSecUseKeychain default NULL, which specifies the default keychain * kSecAttrIsPermanent default false if this key is present and has a Boolean value of true, the key or key pair will be added to the keychain. * kSecAttrTokenID default NULL The CFStringRef ID of the token to generate the key or keypair on. This attribute can contain CFStringRef and can be present only in the top-level parameters dictionary. * kSecAttrApplicationTag default NULL * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits * kSecAttrCanEncrypt default false for private keys, true for public keys * kSecAttrCanDecrypt default true for private keys, false for public keys * kSecAttrCanDerive default true * kSecAttrCanSign default true for private keys, false for public keys * kSecAttrCanVerify default false for private keys, true for public keys * kSecAttrCanWrap default false for private keys, true for public keys * kSecAttrCanUnwrap default true for private keys, false for public keys NOTE: The function always saves keys in the keychain on macOS and as such attribute kSecAttrIsPermanent is ignored. The function respects attribute kSecAttrIsPermanent on iOS, tvOS and watchOS. It is recommended to use SecKeyCreateRandomKey() which respects kSecAttrIsPermanent on all platforms.
        Parameters:
        parameters - A dictionary containing one or more key-value pairs. See the discussion sections below for a complete overview of options.
        publicKey - On return, a SecKeyRef reference to the public key.
        privateKey - On return, a SecKeyRef reference to the private key.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyRawSign

        public static int SecKeyRawSign​(SecKeyRef key,
                                int padding,
                                java.lang.String dataToSign,
                                long dataToSignLen,
                                org.moe.natj.general.ptr.BytePtr sig,
                                org.moe.natj.general.ptr.NUIntPtr sigLen)
        [@function] SecKeyRawSign Given a private key and data to sign, generate a digital signature. If the padding argument is kSecPaddingPKCS1, PKCS1 padding will be performed prior to signing. If this argument is kSecPaddingNone, the incoming data will be signed "as is". When PKCS1 padding is performed, the maximum length of data that can be signed is the value returned by SecKeyGetBlockSize() - 11. NOTE: The behavior this function with kSecPaddingNone is undefined if the first byte of dataToSign is zero; there is no way to verify leading zeroes as they are discarded during the calculation. If you want to generate a proper PKCS1 style signature with DER encoding of the digest type - and the dataToSign is a SHA1 digest - use kSecPaddingPKCS1SHA1.
        Parameters:
        key - Private key with which to sign.
        padding - See Padding Types above, typically kSecPaddingPKCS1SHA1.
        dataToSign - The data to be signed, typically the digest of the actual data.
        dataToSignLen - Length of dataToSign in bytes.
        sig - Pointer to buffer in which the signature will be returned.
        sigLen - IN/OUT maximum length of sig buffer on input, actualy length of sig on output.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyRawVerify

        public static int SecKeyRawVerify​(SecKeyRef key,
                                  int padding,
                                  java.lang.String signedData,
                                  long signedDataLen,
                                  java.lang.String sig,
                                  long sigLen)
        [@function] SecKeyRawVerify Given a public key, data which has been signed, and a signature, verify the signature. If the padding argument is kSecPaddingPKCS1, PKCS1 padding will be checked during verification. If this argument is kSecPaddingNone, the incoming data will be compared directly to sig. If you are verifying a proper PKCS1-style signature, with DER encoding of the digest type - and the signedData is a SHA1 digest - use kSecPaddingPKCS1SHA1.
        Parameters:
        key - Public key with which to verify the signature.
        padding - See Padding Types above, typically kSecPaddingPKCS1SHA1.
        signedData - The data over which sig is being verified, typically the digest of the actual data.
        signedDataLen - Length of signedData in bytes.
        sig - Pointer to the signature to verify.
        sigLen - Length of sig in bytes.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyEncrypt

        public static int SecKeyEncrypt​(SecKeyRef key,
                                int padding,
                                java.lang.String plainText,
                                long plainTextLen,
                                org.moe.natj.general.ptr.BytePtr cipherText,
                                org.moe.natj.general.ptr.NUIntPtr cipherTextLen)
        [@function] SecKeyEncrypt Encrypt a block of plaintext. If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, PKCS1 (respectively kSecPaddingOAEP) padding will be performed prior to encryption. If this argument is kSecPaddingNone, the incoming data will be encrypted "as is". kSecPaddingOAEP is the recommended value. Other value are not recommended for security reason (Padding attack or malleability). When PKCS1 padding is performed, the maximum length of data that can be encrypted is the value returned by SecKeyGetBlockSize() - 11. When memory usage is a critical issue, note that the input buffer (plainText) can be the same as the output buffer (cipherText).
        Parameters:
        key - Public key with which to encrypt the data.
        padding - See Padding Types above, typically kSecPaddingPKCS1.
        plainText - The data to encrypt.
        plainTextLen - Length of plainText in bytes, this must be less or equal to the value returned by SecKeyGetBlockSize().
        cipherText - Pointer to the output buffer.
        cipherTextLen - On input, specifies how much space is available at cipherText; on return, it is the actual number of cipherText bytes written.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyDecrypt

        public static int SecKeyDecrypt​(SecKeyRef key,
                                int padding,
                                java.lang.String cipherText,
                                long cipherTextLen,
                                org.moe.natj.general.ptr.BytePtr plainText,
                                org.moe.natj.general.ptr.NUIntPtr plainTextLen)
        [@function] SecKeyDecrypt Decrypt a block of ciphertext. If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, the corresponding padding will be removed after decryption. If this argument is kSecPaddingNone, the decrypted data will be returned "as is". When memory usage is a critical issue, note that the input buffer (plainText) can be the same as the output buffer (cipherText).
        Parameters:
        key - Private key with which to decrypt the data.
        padding - See Padding Types above, typically kSecPaddingPKCS1.
        cipherText - The data to decrypt.
        cipherTextLen - Length of cipherText in bytes, this must be less or equal to the value returned by SecKeyGetBlockSize().
        plainText - Pointer to the output buffer.
        plainTextLen - On input, specifies how much space is available at plainText; on return, it is the actual number of plainText bytes written.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecKeyGetBlockSize

        public static long SecKeyGetBlockSize​(SecKeyRef key)
        [@function] SecKeyGetBlockSize Returns block length of the key in bytes. If for example key is an RSA key the value returned by this function is the size of the modulus.
        Parameters:
        key - The key for which the block length is requested.
        Returns:
        The block length of the key in bytes.

      • SecKeyCreateRandomKey

        public static SecKeyRef SecKeyCreateRandomKey​(CFDictionaryRef parameters,
                                              org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCreateRandomKey Generates a new public/private key pair. In order to generate a keypair the parameters dictionary must at least contain the following keys: * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other kSecAttrKeyType defined in SecItem.h * kSecAttrKeySizeInBits with a value being a CFNumberRef or CFStringRef containing the requested key size in bits. Example sizes for RSA keys are: 512, 768, 1024, 2048. The values below may be set either in the top-level dictionary or in a dictionary that is the value of the kSecPrivateKeyAttrs or kSecPublicKeyAttrs key in the top-level dictionary. Setting these attributes explicitly will override the defaults below. See SecItem.h for detailed information on these attributes including the types of the values. * kSecAttrLabel default NULL * kSecAttrIsPermanent if this key is present and has a Boolean value of true, the key or key pair will be added to the default keychain. * kSecAttrTokenID if this key should be generated on specified token. This attribute can contain CFStringRef and can be present only in the top-level parameters dictionary. * kSecAttrApplicationTag default NULL * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits * kSecAttrCanEncrypt default false for private keys, true for public keys * kSecAttrCanDecrypt default true for private keys, false for public keys * kSecAttrCanDerive default true * kSecAttrCanSign default true for private keys, false for public keys * kSecAttrCanVerify default false for private keys, true for public keys * kSecAttrCanWrap default false for private keys, true for public keys * kSecAttrCanUnwrap default true for private keys, false for public keys
        Parameters:
        parameters - A dictionary containing one or more key-value pairs. See the discussion sections below for a complete overview of options.
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        Newly generated private key. To get associated public key, use SecKeyCopyPublicKey().

      • SecKeyCreateWithData

        public static SecKeyRef SecKeyCreateWithData​(CFDataRef keyData,
                                             CFDictionaryRef attributes,
                                             org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCreateWithData Create a SecKey from a well-defined external representation. This function does not add keys to any keychain, but the SecKey object it returns can be added to keychain using the SecItemAdd function. The requested data format depend on the type of key (kSecAttrKeyType) being created: * kSecAttrKeyTypeRSA PKCS#1 format, public key can be also in x509 public key format * kSecAttrKeyTypeECSECPrimeRandom ANSI X9.63 format (04 || X || Y [ || K])
        Parameters:
        keyData - CFData representing the key. The format of the data depends on the type of key being created.
        attributes - Dictionary containing attributes describing the key to be imported. The keys in this dictionary are kSecAttr* constants from SecItem.h. Mandatory attributes are: * kSecAttrKeyType * kSecAttrKeyClass
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        A SecKey object representing the key, or NULL on failure.

      • SecKeyCopyExternalRepresentation

        public static CFDataRef SecKeyCopyExternalRepresentation​(SecKeyRef key,
                                                         org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCopyExternalRepresentation Create an external representation for the given key suitable for the key's type. This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave). The format in which the key will be exported depends on the type of key: * kSecAttrKeyTypeRSA PKCS#1 format * kSecAttrKeyTypeECSECPrimeRandom ANSI X9.63 format (04 || X || Y [ || K])
        Parameters:
        key - The key to be exported.
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        A CFData representing the key in a format suitable for that key type.

      • SecKeyCopyAttributes

        public static CFDictionaryRef SecKeyCopyAttributes​(SecKeyRef key)
        [@function] SecKeyCopyAttributes Retrieve keychain attributes of a key. The attributes provided by this function are: * kSecAttrCanEncrypt * kSecAttrCanDecrypt * kSecAttrCanDerive * kSecAttrCanSign * kSecAttrCanVerify * kSecAttrKeyClass * kSecAttrKeyType * kSecAttrKeySizeInBits * kSecAttrTokenID * kSecAttrApplicationLabel The set of values is not fixed. Future versions may return more values in this dictionary.
        Parameters:
        key - The key whose attributes are to be retrieved.
        Returns:
        Dictionary containing attributes of the key. The keys that populate this dictionary are defined and discussed in SecItem.h.

      • SecKeyCopyPublicKey

        public static SecKeyRef SecKeyCopyPublicKey​(SecKeyRef key)
        [@function] SecKeyCopyPublicKey Retrieve the public key from a key pair or private key. Fails if key does not contain a public key or no public key can be computed from it.
        Parameters:
        key - The key from which to retrieve a public key.
        Returns:
        The public key or NULL if public key is not available for specified key.

      • SecKeyCreateSignature

        public static CFDataRef SecKeyCreateSignature​(SecKeyRef key,
                                              CFStringRef algorithm,
                                              CFDataRef dataToSign,
                                              org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCreateSignature Given a private key and data to sign, generate a digital signature. Computes digital signature using specified key over input data. The operation algorithm further defines the exact format of input data, operation to be performed and output signature.
        Parameters:
        key - Private key with which to sign.
        algorithm - One of SecKeyAlgorithm constants suitable to generate signature with this key.
        dataToSign - The data to be signed, typically the digest of the actual data.
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        The signature over dataToSign represented as a CFData, or NULL on failure.

      • SecKeyVerifySignature

        public static byte SecKeyVerifySignature​(SecKeyRef key,
                                         CFStringRef algorithm,
                                         CFDataRef signedData,
                                         CFDataRef signature,
                                         org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyVerifySignature Given a public key, data which has been signed, and a signature, verify the signature. Verifies digital signature operation using specified key and signed data. The operation algorithm further defines the exact format of input data, signature and operation to be performed.
        Parameters:
        key - Public key with which to verify the signature.
        algorithm - One of SecKeyAlgorithm constants suitable to verify signature with this key.
        signedData - The data over which sig is being verified, typically the digest of the actual data.
        signature - The signature to verify.
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        True if the signature was valid, False otherwise.

      • SecKeyCreateEncryptedData

        public static CFDataRef SecKeyCreateEncryptedData​(SecKeyRef key,
                                                  CFStringRef algorithm,
                                                  CFDataRef plaintext,
                                                  org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCreateEncryptedData Encrypt a block of plaintext. Encrypts plaintext data using specified key. The exact type of the operation including the format of input and output data is specified by encryption algorithm.
        Parameters:
        key - Public key with which to encrypt the data.
        algorithm - One of SecKeyAlgorithm constants suitable to perform encryption with this key.
        plaintext - The data to encrypt. The length and format of the data must conform to chosen algorithm, typically be less or equal to the value returned by SecKeyGetBlockSize().
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        The ciphertext represented as a CFData, or NULL on failure.

      • SecKeyCreateDecryptedData

        public static CFDataRef SecKeyCreateDecryptedData​(SecKeyRef key,
                                                  CFStringRef algorithm,
                                                  CFDataRef ciphertext,
                                                  org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCreateDecryptedData Decrypt a block of ciphertext. Decrypts ciphertext data using specified key. The exact type of the operation including the format of input and output data is specified by decryption algorithm.
        Parameters:
        key - Private key with which to decrypt the data.
        algorithm - One of SecKeyAlgorithm constants suitable to perform decryption with this key.
        ciphertext - The data to decrypt. The length and format of the data must conform to chosen algorithm, typically be less or equal to the value returned by SecKeyGetBlockSize().
        error - On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h).
        Returns:
        The plaintext represented as a CFData, or NULL on failure.

      • SecKeyCopyKeyExchangeResult

        public static CFDataRef SecKeyCopyKeyExchangeResult​(SecKeyRef privateKey,
                                                    CFStringRef algorithm,
                                                    SecKeyRef publicKey,
                                                    CFDictionaryRef parameters,
                                                    org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecKeyCopyKeyExchangeResult Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps.
        Parameters:
        algorithm - One of SecKeyAlgorithm constants suitable to perform this operation.
        publicKey - Remote party's public key.
        parameters - Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm determines the set of required and optional parameters to be used.
        error - Pointer to an error object on failure. See "Security Error Codes" (SecBase.h).
        Returns:
        Result of key exchange operation as a CFDataRef, or NULL on failure.

      • SecKeyIsAlgorithmSupported

        public static byte SecKeyIsAlgorithmSupported​(SecKeyRef key,
                                              long operation,
                                              CFStringRef algorithm)
        [@function] SecKeyIsAlgorithmSupported Checks whether key supports specified algorithm for specified operation.
        Parameters:
        key - Key to query
        operation - Operation type for which the key is queried
        algorithm - Algorithm which is queried
        Returns:
        True if key supports specified algorithm for specified operation, False otherwise.

      • SecPolicyGetTypeID

        public static long SecPolicyGetTypeID()
        [@function] SecPolicyGetTypeID Returns the type identifier of SecPolicy instances.
        Returns:
        The CFTypeID of SecPolicy instances.

      • SecPolicyCopyProperties

        public static CFDictionaryRef SecPolicyCopyProperties​(SecPolicyRef policyRef)
        [@function] SecPolicyCopyProperties Returns a dictionary of this policy's properties. This function returns the properties for a policy, as set by the policy's construction function or by a prior call to SecPolicySetProperties.
        Parameters:
        policyRef - A policy reference.
        Returns:
        A properties dictionary. See "Policy Value Constants" for a list of currently defined property keys. It is the caller's responsibility to CFRelease this reference when it is no longer needed.

      • SecPolicyCreateBasicX509

        public static SecPolicyRef SecPolicyCreateBasicX509()
        [@function] SecPolicyCreateBasicX509 Returns a policy object for the default X.509 policy.
        Returns:
        A policy object. The caller is responsible for calling CFRelease on this when it is no longer needed.

      • SecPolicyCreateSSL

        public static SecPolicyRef SecPolicyCreateSSL​(byte server,
                                              CFStringRef hostname)
        [@function] SecPolicyCreateSSL Returns a policy object for evaluating SSL certificate chains.
        Parameters:
        server - Passing true for this parameter creates a policy for SSL server certificates.
        hostname - (Optional) If present, the policy will require the specified hostname to match the hostname in the leaf certificate.
        Returns:
        A policy object. The caller is responsible for calling CFRelease on this when it is no longer needed.

      • SecPolicyCreateRevocation

        public static SecPolicyRef SecPolicyCreateRevocation​(long revocationFlags)
        [@function] SecPolicyCreateRevocation Returns a policy object for checking revocation of certificates. Use this function to create a revocation policy with behavior specified by revocationFlags. See the "Revocation Policy Constants" section for a description of these flags. Note: it is usually not necessary to create a revocation policy yourself unless you wish to override default system behavior (e.g. to force a particular method, or to disable revocation checking entirely.)
        Parameters:
        revocationFlags - Flags to specify revocation checking options.
        Returns:
        A policy object. The caller is responsible for calling CFRelease on this when it is no longer needed.

      • SecPolicyCreateWithProperties

        public static SecPolicyRef SecPolicyCreateWithProperties​(org.moe.natj.general.ptr.ConstVoidPtr policyIdentifier,
                                                         CFDictionaryRef properties)
        [@function] SecPolicyCreateWithProperties Returns a policy object based on an object identifier for the policy type. See the "Policy Constants" section for a list of defined policy object identifiers.
        Parameters:
        policyIdentifier - The identifier for the desired policy type.
        properties - (Optional) A properties dictionary. See "Policy Value Constants" for a list of currently defined property keys.
        Returns:
        The returned policy reference, or NULL if the policy could not be created.

      • SecRandomCopyBytes

        public static int SecRandomCopyBytes​(SecRandomRef rnd,
                                     long count,
                                     org.moe.natj.general.ptr.VoidPtr bytes)
        [@function] SecRandomCopyBytes Return count random bytes in *bytes, allocated by the caller. It is critical to check the return value for error. If @p rnd is unrecognized or unsupported, @p kSecRandomDefault is used.
        Parameters:
        rnd - Only @p kSecRandomDefault is supported.
        count - The number of bytes to generate.
        bytes - A buffer to fill with random output.
        Returns:
        Return 0 on success, any other value on failure.

      • SecAddSharedWebCredential

        public static void SecAddSharedWebCredential​(CFStringRef fqdn,
                                             CFStringRef account,
                                             CFStringRef password,
                                             Security.Block_SecAddSharedWebCredential completionHandler)
        [@function] SecAddSharedWebCredential Asynchronously store (or update) a shared password for a website. This function adds a shared password item which will be accessible by Safari and applications that have the specified fully-qualified domain name in their 'com.apple.developer.associated-domains' entitlement. If a shared password item already exists for the specified website and account, it will be updated with the provided password. To remove a password, pass NULL for the password parameter. Note: since a request involving shared web credentials may potentially require user interaction or other verification to be approved, this function is dispatched asynchronously; your code provides a completion handler that will be called once the results (if any) are available.
        Parameters:
        fqdn - The fully qualified domain name of the website requiring the password.
        account - The account name associated with this password.
        password - The password to be stored. Pass NULL to remove a shared password if it exists.
        completionHandler - A block which will be invoked when the function has completed. If the shared password was successfully added (or removed), the CFErrorRef parameter passed to the block will be NULL. If the error parameter is non-NULL, an error occurred and the error reference will hold the result. Note: the error reference will be automatically released after this handler is called, though you may optionally retain it for as long as needed.

      • SecRequestSharedWebCredential

        public static void SecRequestSharedWebCredential​(CFStringRef fqdn,
                                                 CFStringRef account,
                                                 Security.Block_SecRequestSharedWebCredential completionHandler)
        [@function] SecRequestSharedWebCredential Asynchronously obtain one or more shared passwords for a website. This function requests one or more shared passwords for a given website, depending on whether the optional account parameter is supplied. To obtain results, the website specified in the fqdn parameter must be one which matches an entry in the calling application's 'com.apple.developer.associated-domains' entitlement. If matching shared password items are found, the credentials provided to the completionHandler will be a CFArrayRef containing CFDictionaryRef entries. Each dictionary entry will contain the following pairs (see Security/SecItem.h): key: kSecAttrServer value: CFStringRef (the website) key: kSecAttrAccount value: CFStringRef (the account) key: kSecSharedPassword value: CFStringRef (the password) If the found item specifies a non-standard port number (i.e. other than 443 for https), the following key may also be present: key: kSecAttrPort value: CFNumberRef (the port number) Note: since a request involving shared web credentials may potentially require user interaction or other verification to be approved, this function is dispatched asynchronously; your code provides a completion handler that will be called once the results (if any) are available.
        Parameters:
        fqdn - (Optional) Fully qualified domain name of the website for which passwords are being requested. If NULL is passed in this argument, the domain name(s) listed in the calling application's 'com.apple.developer.associated-domains' entitlement are searched implicitly.
        account - (Optional) Account name for which passwords are being requested. The account may be NULL to request all shared credentials which are available for the site, allowing the caller to discover an existing account.
        completionHandler - A block which will be called to deliver the requested credentials. If no matching items were found, the credentials array will be empty, and the CFErrorRef parameter will provide the error result. Note: the credentials and error references will be automatically released after this handler is called, though you may optionally retain either for as long as needed.

      • SecCreateSharedWebCredentialPassword

        public static CFStringRef SecCreateSharedWebCredentialPassword()
        [@function] SecCreateSharedWebCredentialPassword Returns a randomly generated password.
        Returns:
        CFStringRef password in the form xxx-xxx-xxx-xxx where x is taken from the sets "abcdefghkmnopqrstuvwxy", "ABCDEFGHJKLMNPQRSTUVWXYZ", "3456789" with at least one character from each set being present.

      • SecTrustGetTypeID

        public static long SecTrustGetTypeID()
        [@function] SecTrustGetTypeID Returns the type identifier of SecTrust instances.
        Returns:
        The CFTypeID of SecTrust instances.

      • SecTrustCreateWithCertificates

        public static int SecTrustCreateWithCertificates​(org.moe.natj.general.ptr.ConstVoidPtr certificates,
                                                 org.moe.natj.general.ptr.ConstVoidPtr policies,
                                                 org.moe.natj.general.ptr.Ptr<SecTrustRef> trust)
        [@function] SecTrustCreateWithCertificates Creates a trust object based on the given certificates and policies. If multiple policies are passed in, all policies must verify for the chain to be considered valid.
        Parameters:
        certificates - The group of certificates to verify. This can either be a CFArrayRef of SecCertificateRef objects or a single SecCertificateRef
        policies - An array of one or more policies. You may pass a SecPolicyRef to represent a single policy.
        trust - On return, a pointer to the trust management reference.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetPolicies

        public static int SecTrustSetPolicies​(SecTrustRef trust,
                                      org.moe.natj.general.ptr.ConstVoidPtr policies)
        [@function] SecTrustSetPolicies Set the policies for which trust should be verified. This function will invalidate the existing trust result, requiring a fresh evaluation for the newly-set policies.
        Parameters:
        trust - A trust reference.
        policies - An array of one or more policies. You may pass a SecPolicyRef to represent a single policy.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustCopyPolicies

        public static int SecTrustCopyPolicies​(SecTrustRef trust,
                                       org.moe.natj.general.ptr.Ptr<CFArrayRef> policies)
        [@function] SecTrustCopyPolicies Returns an array of policies used for this evaluation.
        Parameters:
        trust - A reference to a trust object.
        policies - On return, an array of policies used by this trust. Call the CFRelease function to release this reference.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetNetworkFetchAllowed

        public static int SecTrustSetNetworkFetchAllowed​(SecTrustRef trust,
                                                 byte allowFetch)
        [@function] SecTrustSetNetworkFetchAllowed Specifies whether a trust evaluation is permitted to fetch missing intermediate certificates from the network. By default, network fetch of missing certificates is enabled if the trust evaluation includes the SSL policy, otherwise it is disabled.
        Parameters:
        trust - A trust reference.
        allowFetch - If true, and a certificate's issuer is not present in the trust reference but its network location is known, the evaluation is permitted to attempt to download it automatically. Pass false to disable network fetch for this trust evaluation.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustGetNetworkFetchAllowed

        public static int SecTrustGetNetworkFetchAllowed​(SecTrustRef trust,
                                                 org.moe.natj.general.ptr.BytePtr allowFetch)
        [@function] SecTrustGetNetworkFetchAllowed Returns whether a trust evaluation is permitted to fetch missing intermediate certificates from the network. By default, network fetch of missing certificates is enabled if the trust evaluation includes the SSL policy, otherwise it is disabled.
        Parameters:
        trust - A trust reference.
        allowFetch - On return, the boolean pointed to by this parameter is set to true if the evaluation is permitted to download missing certificates.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetAnchorCertificates

        public static int SecTrustSetAnchorCertificates​(SecTrustRef trust,
                                                CFArrayRef anchorCertificates)
        [@function] SecTrustSetAnchorCertificates Sets the anchor certificates for a given trust. Calling this function without also calling SecTrustSetAnchorCertificatesOnly() will disable trusting any anchors other than the ones in anchorCertificates.
        Parameters:
        trust - A reference to a trust object.
        anchorCertificates - An array of anchor certificates. Pass NULL to restore the default set of anchor certificates.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetAnchorCertificatesOnly

        public static int SecTrustSetAnchorCertificatesOnly​(SecTrustRef trust,
                                                    byte anchorCertificatesOnly)
        [@function] SecTrustSetAnchorCertificatesOnly Reenables trusting anchor certificates in addition to those passed in via the SecTrustSetAnchorCertificates API.
        Parameters:
        trust - A reference to a trust object.
        anchorCertificatesOnly - If true, disables trusting any anchors other than the ones passed in via SecTrustSetAnchorCertificates(). If false, the built in anchor certificates are also trusted.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustCopyCustomAnchorCertificates

        public static int SecTrustCopyCustomAnchorCertificates​(SecTrustRef trust,
                                                       org.moe.natj.general.ptr.Ptr<CFArrayRef> anchors)
        [@function] SecTrustCopyCustomAnchorCertificates Returns an array of custom anchor certificates used by a given trust, as set by a prior call to SecTrustSetAnchorCertificates, or NULL if no custom anchors have been specified.
        Parameters:
        trust - A reference to a trust object.
        anchors - On return, an array of custom anchor certificates (roots) used by this trust, or NULL if no custom anchors have been specified. Call the CFRelease function to release this reference.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetVerifyDate

        public static int SecTrustSetVerifyDate​(SecTrustRef trust,
                                        CFDateRef verifyDate)
        [@function] SecTrustSetVerifyDate Set the date for which the trust should be verified. This function lets you evaluate certificate validity for a given date (for example, to determine if a signature was valid on the date it was signed, even if the certificate has since expired.) If this function is not called, the time at which SecTrustEvaluate() is called is used implicitly as the verification time.
        Parameters:
        trust - A reference to a trust object.
        verifyDate - The date for which to verify trust.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustGetVerifyTime

        public static double SecTrustGetVerifyTime​(SecTrustRef trust)
        [@function] SecTrustGetVerifyTime Returns the verify time. This function retrieves the verification time for the given trust reference, as set by a prior call to SecTrustSetVerifyDate(). If the verification time has not been set, this function returns a value of 0, indicating that the current date/time is implicitly used for verification.
        Parameters:
        trust - A reference to the trust object being verified.
        Returns:
        A CFAbsoluteTime value representing the time at which certificates should be checked for validity.

      • SecTrustEvaluate

        public static int SecTrustEvaluate​(SecTrustRef trust,
                                   org.moe.natj.general.ptr.IntPtr result)
        [@function] SecTrustEvaluate Evaluates a trust reference synchronously. This function will completely evaluate trust before returning, possibly including network access to fetch intermediate certificates or to perform revocation checking. Since this function can block during those operations, you should call it from within a function that is placed on a dispatch queue, or in a separate thread from your application's main run loop. Alternatively, you can use the SecTrustEvaluateAsync function.
        Parameters:
        trust - A reference to the trust object to evaluate.
        result - A pointer to a result type.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustEvaluateAsync

        public static int SecTrustEvaluateAsync​(SecTrustRef trust,
                                        NSObject queue,
                                        Security.Block_SecTrustEvaluateAsync result)
        [@function] SecTrustEvaluateAsync Evaluates a trust reference asynchronously.
        Parameters:
        trust - A reference to the trust object to evaluate.
        queue - A dispatch queue on which the result callback should be executed. Pass NULL to use the current dispatch queue.
        result - A SecTrustCallback block which will be executed when the trust evaluation is complete.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustGetTrustResult

        public static int SecTrustGetTrustResult​(SecTrustRef trust,
                                         org.moe.natj.general.ptr.IntPtr result)
        [@function] SecTrustGetTrustResult This function replaces SecTrustGetResult for the purpose of obtaining the current evaluation result of a given trust reference.
        Parameters:
        trust - A reference to a trust object.
        result - A pointer to the result from the most recent call to SecTrustEvaluate for this trust reference. If SecTrustEvaluate has not been called or trust parameters have changed, the result is kSecTrustResultInvalid.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustCopyPublicKey

        public static SecKeyRef SecTrustCopyPublicKey​(SecTrustRef trust)
        [@function] SecTrustCopyPublicKey Return the public key for a leaf certificate after it has been evaluated.
        Parameters:
        trust - A reference to the trust object which has been evaluated.
        Returns:
        The certificate's public key, or NULL if it the public key could not be extracted (this can happen if the public key algorithm is not supported). The caller is responsible for calling CFRelease on the returned key when it is no longer needed.

      • SecTrustGetCertificateCount

        public static long SecTrustGetCertificateCount​(SecTrustRef trust)
        [@function] SecTrustGetCertificateCount Returns the number of certificates in an evaluated certificate chain. Important: if the trust reference has not yet been evaluated, this function will evaluate it first before returning. If speed is critical, you may want to call SecTrustGetTrustResult first to make sure that a result other than kSecTrustResultInvalid is present for the trust object.
        Parameters:
        trust - A reference to a trust object.
        Returns:
        The number of certificates in the trust chain, including the anchor.

      • SecTrustGetCertificateAtIndex

        public static SecCertificateRef SecTrustGetCertificateAtIndex​(SecTrustRef trust,
                                                              long ix)
        [@function] SecTrustGetCertificateAtIndex Returns a certificate from the trust chain.
        Parameters:
        trust - Reference to a trust object.
        ix - The index of the requested certificate. Indices run from 0 (leaf) to the anchor (or last certificate found if no anchor was found). The leaf cert (index 0) is always present regardless of whether the trust reference has been evaluated or not.
        Returns:
        A SecCertificateRef for the requested certificate.

      • SecTrustCopyExceptions

        public static CFDataRef SecTrustCopyExceptions​(SecTrustRef trust)
        [@function] SecTrustCopyExceptions Returns an opaque cookie which will allow future evaluations of the current certificate to succeed. Normally this API should only be called once the errors have been presented to the user and the user decided to trust the current certificate chain regardless of the errors being presented, for the current application/server/protocol combination.
        Parameters:
        trust - A reference to an evaluated trust object.
        Returns:
        An opaque cookie which when passed to SecTrustSetExceptions() will cause a call to SecTrustEvaluate() return kSecTrustResultProceed. This will happen upon subsequent evaluation of the current certificate unless some new error starts happening that wasn't being reported when the cookie was returned from this function (for example, if the certificate expires then evaluation will start failing again until a new cookie is obtained.)

      • SecTrustSetExceptions

        public static boolean SecTrustSetExceptions​(SecTrustRef trust,
                                            CFDataRef exceptions)
        [@function] SecTrustSetExceptions Set a trust cookie to be used for evaluating this certificate chain. Clients of this interface will need to establish the context of this exception to later decide when this exception cookie is to be used. Examples of this context would be the server we are connecting to, the ssid of the wireless network for which this cert is needed, the account for which this cert should be considered valid, and so on.
        Parameters:
        trust - A reference to a trust object.
        exceptions - An exceptions cookie as returned by a call to SecTrustCopyExceptions() in the past. You may pass NULL to clear any exceptions which have been previously set on this trust reference.
        Returns:
        Upon calling SecTrustEvaluate(), any failures that were present at the time the exceptions object was created are ignored, and instead of returning kSecTrustResultRecoverableTrustFailure, kSecTrustResultProceed will be returned (if the certificate for which exceptions was created matches the current leaf certificate).

      • SecTrustCopyProperties

        public static CFArrayRef SecTrustCopyProperties​(SecTrustRef trust)
        [@function] SecTrustCopyProperties Return a property array for this trust evaluation. This function returns an ordered array of CFDictionaryRef instances for each certificate in the chain. Indices run from 0 (leaf) to the anchor (or last certificate found if no anchor was found.) See the "Trust Property Constants" section for a list of currently defined keys.
        Parameters:
        trust - A reference to a trust object. If the trust has not been evaluated, the returned property array will be empty.
        Returns:
        A property array. It is the caller's responsibility to CFRelease the returned array when it is no longer needed.

      • SecTrustCopyResult

        public static CFDictionaryRef SecTrustCopyResult​(SecTrustRef trust)
        [@function] SecTrustCopyResult Returns a dictionary containing information about the evaluated certificate chain for use by clients. Returns a dictionary for the overall trust evaluation. See the "Trust Result Constants" section for a list of currently defined keys.
        Parameters:
        trust - A reference to a trust object.
        Returns:
        A dictionary with various fields that can be displayed to the user, or NULL if no additional info is available or the trust has not yet been validated. The caller is responsible for calling CFRelease on the value returned when it is no longer needed.

      • SecTrustSetOCSPResponse

        public static int SecTrustSetOCSPResponse​(SecTrustRef trust,
                                          org.moe.natj.general.ptr.ConstVoidPtr responseData)
        [@function] SecTrustSetOCSPResponse Attach OCSPResponse data to a trust object. Allows the caller to provide OCSPResponse data (which may be obtained during a TLS/SSL handshake, per RFC 3546) as input to a trust evaluation. If this data is available, it can obviate the need to contact an OCSP server for current revocation information.
        Parameters:
        trust - A reference to a trust object.
        responseData - This may be either a CFData object containing a single DER-encoded OCSPResponse (per RFC 2560), or a CFArray of these.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SSLContextGetTypeID

        public static long SSLContextGetTypeID()
        [@function] SSLContextGetTypeID Return the CFTypeID for SSLContext objects.
        Returns:
        CFTypeId for SSLContext objects.

      • SSLCreateContext

        public static SSLContextRef SSLCreateContext​(CFAllocatorRef alloc,
                                             int protocolSide,
                                             int connectionType)
        [@function] SSLCreateContext Create a new instance of an SSLContextRef using the specified allocator.
        Parameters:
        alloc - Allocator to use for memory.
        protooclSide - Client or server indication.
        connectionType - Type of connection.
        Returns:
        A newly allocated SSLContextRef, or NULL on error.

      • SSLGetSessionState

        public static int SSLGetSessionState​(SSLContextRef context,
                                     org.moe.natj.general.ptr.IntPtr state)
        [@function] SSLGetSessionState Determine the state of an SSL/DTLS session.
        Parameters:
        context - A valid SSLContextRef.
        state - Output pointer to store the SSLSessionState.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetSessionOption

        public static int SSLSetSessionOption​(SSLContextRef context,
                                      int option,
                                      byte value)
        [@function] SSLSetSessionOption Set options for an SSL session. Must be called prior to SSLHandshake(); subsequently cannot be called while session is active.
        Parameters:
        context - A valid SSLContextRef.
        option - An option enumeration value.
        value - Value of the SSLSessionOption.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetSessionOption

        public static int SSLGetSessionOption​(SSLContextRef context,
                                      int option,
                                      org.moe.natj.general.ptr.BytePtr value)
        [@function] SSLGetSessionOption Determine current value for the specified option in a given SSL session.
        Parameters:
        context - A valid SSLContextRef.
        option - An option enumeration value.
        value - Pointer to a Boolean where the SSLSessionOption value is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetIOFuncs

        public static int SSLSetIOFuncs​(SSLContextRef context,
                                Security.Function_SSLSetIOFuncs_1 readFunc,
                                Security.Function_SSLSetIOFuncs_2 writeFunc)
        [@function] SSLSetIOFuncs Specify functions which do the network I/O. Must be called prior to SSLHandshake(); subsequently cannot be called while a session is active.
        Parameters:
        context - A valid SSLContextRef.
        readFunc - Pointer to a SSLReadFunc.
        writeFunc - Pointer to a SSLWriteFunc.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetSessionConfig

        public static int SSLSetSessionConfig​(SSLContextRef context,
                                      CFStringRef config)
        [@function] SSLSetSessionConfig [@absttact] Set a predefined configuration for the SSL Session [@note] This currently affect enabled protocol versions, enabled ciphersuites, and the kSSLSessionOptionFallback session option.
        Parameters:
        context - A valid SSLContextRef.
        config - String name of constant TLS handshake configuration, e.g., kSSLSessionConfig_standard.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetProtocolVersionMin

        public static int SSLSetProtocolVersionMin​(SSLContextRef context,
                                           int minVersion)
        [@function] SSLSetProtocolVersionMin Set the minimum SSL protocol version allowed. Optional. The default is the lower supported protocol. [@note] This can only be called when no session is active. For TLS contexts, legal values for minVersion are : kSSLProtocol3 kTLSProtocol1 kTLSProtocol11 kTLSProtocol12 For DTLS contexts, legal values for minVersion are : kDTLSProtocol1
        Parameters:
        context - A valid SSLContextRef.
        minVersion - Minimum TLS protocol version.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetProtocolVersionMin

        public static int SSLGetProtocolVersionMin​(SSLContextRef context,
                                           org.moe.natj.general.ptr.IntPtr minVersion)
        [@function] SSLGetProtocolVersionMin Get minimum protocol version allowed
        Parameters:
        context - A valid SSLContextRef.
        minVersion - Pointer to SSLProtocol value where the minimum protocol version is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetProtocolVersionMax

        public static int SSLSetProtocolVersionMax​(SSLContextRef context,
                                           int maxVersion)
        [@function] SSLSetProtocolVersionMax Set the maximum SSL protocol version allowed. Optional. The default is the highest supported protocol. [@note] This can only be called when no session is active. For TLS contexts, legal values for maxVersion are : kSSLProtocol3 kTLSProtocol1 kTLSProtocol11 kTLSProtocol12 For DTLS contexts, legal values for maxVersion are : kDTLSProtocol1
        Parameters:
        context - A valid SSLContextRef.
        maxVersion - Maximum TLS protocol version.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetProtocolVersionMax

        public static int SSLGetProtocolVersionMax​(SSLContextRef context,
                                           org.moe.natj.general.ptr.IntPtr maxVersion)
        [@function] SSLGetProtocolVersionMax Get maximum protocol version allowed
        Parameters:
        context - A valid SSLContextRef.
        maxVersion - Pointer to SSLProtocol value where the maximum protocol version is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetCertificate

        public static int SSLSetCertificate​(SSLContextRef context,
                                    CFArrayRef certRefs)
        [@function] SSLSetCertificate Specify this connection's certificate(s). This is mandatory for server connections,and optional for clients. Specifying a certificate for a client enables SSL client-side authentication. The end-entity cert is in certRefs[0]. Specifying a root cert is optional; if it's not specified, the root cert which verifies the cert chain specified here must be present in the system-wide set of trusted anchor certs. The certRefs argument is a CFArray containing SecCertificateRefs, except for certRefs[0], which is a SecIdentityRef. Must be called prior to SSLHandshake(), or immediately after SSLHandshake has returned errSSLClientCertRequested (i.e. before the handshake is resumed by calling SSLHandshake again.) SecureTransport assumes the following: -- The certRef references remain valid for the lifetime of the session. -- The certificate specified in certRefs[0] is capable of signing. -- The required capabilities of the certRef[0], and of the optional cert specified in SSLSetEncryptionCertificate (see below), are highly dependent on the application. For example, to work as a server with Netscape clients, the cert specified here must be capable of both signing and encrypting.
        Parameters:
        context - A valid SSLContextRef.
        certRefs - An array of SecCertificateRef instances.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetConnection

        public static int SSLSetConnection​(SSLContextRef context,
                                   org.moe.natj.general.ptr.ConstVoidPtr connection)
        [@function] SSLSetConnection Specify I/O connection - a socket, endpoint, etc., which is managed by caller. On the client side, it's assumed that communication has been established with the desired server on this connection. On the server side, it's assumed that an incoming client request has been established. Must be called prior to SSLHandshake(); subsequently can only be called when no session is active.
        Parameters:
        context - A valid SSLContextRef.
        connection - A SSLConnectionRef.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetConnection

        public static int SSLGetConnection​(SSLContextRef context,
                                   org.moe.natj.general.ptr.Ptr<org.moe.natj.general.ptr.ConstVoidPtr> connection)
        [@function] SSLGetConnection Retrieve the I/O connection managed managed by the caller.
        Parameters:
        context - A valid SSLContextRef.
        connection - A SSLConnectionRef pointer.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetPeerDomainName

        public static int SSLSetPeerDomainName​(SSLContextRef context,
                                       java.lang.String peerName,
                                       long peerNameLen)
        [@function] SSLSetPeerDomainName Specify the fully qualified doman name of the peer, e.g., "store.apple.com." Optional; used to verify the common name field in peer's certificate. Name is in the form of a C string; NULL termination optional, i.e., peerName[peerNameLen+1] may or may not have a NULL. In any case peerNameLen is the number of bytes of the peer domain name.
        Parameters:
        context - A valid SSLContextRef.
        peerName - A C string carrying the peer domain name.
        peerNameLen - Length of the peer domain name string.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetPeerDomainNameLength

        public static int SSLGetPeerDomainNameLength​(SSLContextRef context,
                                             org.moe.natj.general.ptr.NUIntPtr peerNameLen)
        [@function] SSLGetPeerDomainNameLength Determine the buffer size needed for SSLGetPeerDomainName().
        Parameters:
        context - A valid SSLContextRef.
        peerNameLen - Pointer to where the length of the peer domain name string is stored
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetPeerDomainName

        public static int SSLGetPeerDomainName​(SSLContextRef context,
                                       org.moe.natj.general.ptr.BytePtr peerName,
                                       org.moe.natj.general.ptr.NUIntPtr peerNameLen)
        [@function] SSLGetPeerDomainName Obtain the value specified in SSLSetPeerDomainName().
        Parameters:
        context - A valid SSLContextRef.
        peerName - Pointer to where the peer domain name is stored.
        peerNameLen - Pointer to where the length of the peer domain name string is stored, up to the length specified by peerNameLen (on input).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLCopyRequestedPeerName

        public static int SSLCopyRequestedPeerName​(SSLContextRef context,
                                           org.moe.natj.general.ptr.BytePtr peerName,
                                           org.moe.natj.general.ptr.NUIntPtr peerNameLen)
        [@function] SSLCopyRequestedPeerName Determine the buffer size needed for SSLCopyRequestedPeerNameLength().
        Parameters:
        context - A valid SSLContextRef.
        peerName - Pointer to where the requested peer domain name is stored.
        peerNameLen - Pointer to where the length of the requested peer domain name string is stored, up to the length specified by peerNameLen (on input).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLCopyRequestedPeerNameLength

        public static int SSLCopyRequestedPeerNameLength​(SSLContextRef ctx,
                                                 org.moe.natj.general.ptr.NUIntPtr peerNameLen)
        [@function] SSLCopyRequestedPeerNameLength [Server Only] obtain the hostname specified by the client in the ServerName extension (SNI)
        Parameters:
        context - A valid SSLContextRef.
        peerNameLen - Pointer to where the length of the requested peer domain name string is stored, up to the length specified by peerNameLen (on input).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetDatagramHelloCookie

        public static int SSLSetDatagramHelloCookie​(SSLContextRef dtlsContext,
                                            org.moe.natj.general.ptr.ConstVoidPtr cookie,
                                            long cookieLen)
        [@function] SSLSetDatagramHelloCookie Specify the Datagram TLS Hello Cookie. This is to be called for server side only and is optional. The default is a zero len cookie. The maximum cookieLen is 32 bytes.
        Parameters:
        context - A valid SSLContextRef.
        cookie - Pointer to opaque cookie data.
        cookieLen - Length of cookie data.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetMaxDatagramRecordSize

        public static int SSLSetMaxDatagramRecordSize​(SSLContextRef dtlsContext,
                                              long maxSize)
        [@function] SSLSetMaxDatagramRecordSize Specify the maximum record size, including all DTLS record headers. This should be set appropriately to avoid fragmentation of Datagrams during handshake, as fragmented datagrams may be dropped by some network. [@note] This is for Datagram TLS only
        Parameters:
        context - A valid SSLContextRef.
        maxSize - Maximum size of datagram record(s).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetMaxDatagramRecordSize

        public static int SSLGetMaxDatagramRecordSize​(SSLContextRef dtlsContext,
                                              org.moe.natj.general.ptr.NUIntPtr maxSize)
        [@function] SSLGetMaxDatagramRecordSize Get the maximum record size, including all Datagram TLS record headers. [@note] This is for Datagram TLS only
        Parameters:
        context - A valid SSLContextRef.
        maxSize - Pointer where maximum size of datagram record(s) is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetNegotiatedProtocolVersion

        public static int SSLGetNegotiatedProtocolVersion​(SSLContextRef context,
                                                  org.moe.natj.general.ptr.IntPtr protocol)
        [@function] SSLGetNegotiatedProtocolVersion Obtain the actual negotiated protocol version of the active session, which may be different that the value specified in SSLSetProtocolVersion(). Returns kSSLProtocolUnknown if no SSL session is in progress.
        Parameters:
        context - A valid SSLContextRef.
        protocol - Pointer where negotiated SSLProtocol is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetNumberSupportedCiphers

        public static int SSLGetNumberSupportedCiphers​(SSLContextRef context,
                                               org.moe.natj.general.ptr.NUIntPtr numCiphers)
        [@function] SSLGetNumberSupportedCiphers Determine number and values of all of the SSLCipherSuites we support. Caller allocates output buffer for SSLGetSupportedCiphers() and passes in its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow will be returned.
        Parameters:
        context - A valid SSLContextRef.
        numCiphers - Pointer where number of supported ciphers is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetSupportedCiphers

        public static int SSLGetSupportedCiphers​(SSLContextRef context,
                                         org.moe.natj.general.ptr.CharPtr ciphers,
                                         org.moe.natj.general.ptr.NUIntPtr numCiphers)
        [@function] SSLGetSupportedCiphers Get the supported ciphers.
        Parameters:
        context - A valid SSLContextRef.
        ciphers - Pointer to array of SSLCipherSuite values where supported ciphersuites are stored. This array size is specified by the input value of numCiphers.
        numCiphers - Pointer where number of supported ciphers is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetEnabledCiphers

        public static int SSLSetEnabledCiphers​(SSLContextRef context,
                                       org.moe.natj.general.ptr.ConstCharPtr ciphers,
                                       long numCiphers)
        [@function] SSLSetEnabledCiphers Specify a (typically) restricted set of SSLCipherSuites to be enabled by the current SSLContext. Can only be called when no session is active. Default set of enabled SSLCipherSuites is the same as the complete set of supported SSLCipherSuites as obtained by SSLGetSupportedCiphers().
        Parameters:
        context - A valid SSLContextRef.
        ciphers - Array of enabled SSLCipherSuite values. This array size is specified by the input value of numCiphers.
        numCiphers - Pointer where number of enabled ciphers is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetNumberEnabledCiphers

        public static int SSLGetNumberEnabledCiphers​(SSLContextRef context,
                                             org.moe.natj.general.ptr.NUIntPtr numCiphers)
        [@function] SSLGetNumberEnabledCiphers Determine number and values of all of the SSLCipherSuites currently enabled. Caller allocates output buffer for SSLGetEnabledCiphers() and passes in its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow will be returned.
        Parameters:
        context - A valid SSLContextRef.
        numCiphers - Pointer where number of enabled ciphers is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetEnabledCiphers

        public static int SSLGetEnabledCiphers​(SSLContextRef context,
                                       org.moe.natj.general.ptr.CharPtr ciphers,
                                       org.moe.natj.general.ptr.NUIntPtr numCiphers)
        [@function] SSLGetEnabledCiphers Get the set of supported ciphersuites.
        Parameters:
        context - A valid SSLContextRef.
        ciphers - Pointer to array of SSLCipherSuite values where enabled ciphersuites are stored. This array size is specified by the input value of numCiphers.
        numCiphers - Pointer where number of enabled ciphers is stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLCopyPeerTrust

        public static int SSLCopyPeerTrust​(SSLContextRef context,
                                   org.moe.natj.general.ptr.Ptr<SecTrustRef> trust)
        [@function] SSLCopyPeerTrust Obtain a SecTrustRef representing peer certificates. Valid anytime, subsequent to a handshake attempt. Caller must CFRelease the returned trust reference. The returned trust reference will have already been evaluated for you, unless one of the following is true: - Your code has disabled automatic certificate verification, by calling SSLSetSessionOption to set kSSLSessionOptionBreakOnServerAuth to true. - Your code has called SSLSetPeerID, and this session has been resumed from an earlier cached session. In these cases, your code should call SecTrustEvaluate prior to examining the peer certificate chain or trust results (see SecTrust.h). [@note] If you have not called SSLHandshake at least once prior to calling this function, the returned trust reference will be NULL.
        Parameters:
        context - A valid SSLContextRef.
        trust - Pointer to SecTrustRef where peer's SecTrustRef is copied (retained).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetPeerID

        public static int SSLSetPeerID​(SSLContextRef context,
                               org.moe.natj.general.ptr.ConstVoidPtr peerID,
                               long peerIDLen)
        [@function] SSLSetPeerID Specify some data, opaque to this library, which is sufficient to uniquely identify the peer of the current session. An example would be IP address and port, stored in some caller-private manner. To be optionally called prior to SSLHandshake for the current session. This is mandatory if this session is to be resumable. SecureTransport allocates its own copy of the incoming peerID. The data provided in *peerID, while opaque to SecureTransport, is used in a byte-for-byte compare to other previous peerID values set by the current application. Matching peerID blobs result in SecureTransport attempting to resume an SSL session with the same parameters as used in the previous session which specified the same peerID bytes.
        Parameters:
        context - A valid SSLContextRef.
        peerID - Opaque peer ID.
        peerIDLen - Length of opaque peer ID.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetPeerID

        public static int SSLGetPeerID​(SSLContextRef context,
                               org.moe.natj.general.ptr.Ptr<org.moe.natj.general.ptr.ConstVoidPtr> peerID,
                               org.moe.natj.general.ptr.NUIntPtr peerIDLen)
        [@function] SSLGetPeerID Obtain current PeerID. Returns NULL pointer, zero length if SSLSetPeerID has not been called for this context.
        Parameters:
        context - A valid SSLContextRef.
        peerID - Pointer to storage for the peer ID.
        peerIDLen - Pointer to storage for the peer ID length.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetNegotiatedCipher

        public static int SSLGetNegotiatedCipher​(SSLContextRef context,
                                         org.moe.natj.general.ptr.CharPtr cipherSuite)
        [@function] SSLGetNegotiatedCipher Obtain the SSLCipherSuite (e.g., SSL_RSA_WITH_DES_CBC_SHA) negotiated for this session. Only valid when a session is active.
        Parameters:
        context - A valid SSLContextRef.
        cipherSuite - Pointer to storage for negotiated SSLCipherSuite.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetEncryptionCertificate

        @Deprecated
public static int SSLSetEncryptionCertificate​(SSLContextRef context,
                                              CFArrayRef certRefs)
        Deprecated.
        [@function] SSLSetEncryptionCertificate This function is deprecated in OSX 10.11 and iOS 9.0 and has no effect on the TLS handshake since OSX 10.10 and iOS 8.0. Using separate RSA certificates for encryption and signing is no longer supported.
        Parameters:
        context - A valid SSLContextRef.
        certRefs - Array of certificates.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetClientSideAuthenticate

        public static int SSLSetClientSideAuthenticate​(SSLContextRef context,
                                               int auth)
        [@function] SSLSetClientSideAuthenticate Specify requirements for client-side authentication.
        Parameters:
        context - A valid SSLContextRef.
        auth - A SSLAuthenticate enumeration value.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLAddDistinguishedName

        public static int SSLAddDistinguishedName​(SSLContextRef context,
                                          org.moe.natj.general.ptr.ConstVoidPtr derDN,
                                          long derDNLen)
        [@function] SSLAddDistinguishedName Add a DER-encoded distinguished name to list of acceptable names to be specified in requests for client certificates.
        Parameters:
        context - A valid SSLContextRef.
        derDN - A DER-encoded Distinguished Name blob.
        derDNLen - Length of the Distinguished Name blob.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLCopyDistinguishedNames

        public static int SSLCopyDistinguishedNames​(SSLContextRef context,
                                            org.moe.natj.general.ptr.Ptr<CFArrayRef> names)
        [@function] SSLCopyDistinguishedNames Obtain the list of acceptable distinguished names as provided by a server (if the SSLContextRef is configured as a client), or as specified by SSLSetCertificateAuthorities (if the SSLContextRef is configured as a server). The returned array contains CFDataRefs, each of which represents one DER-encoded RDN. Caller must CFRelease the returned array.
        Parameters:
        context - A valid SSLContextRef.
        names - Pointer to CFArrayRef storage for retained copy of Distinguished Names.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetClientCertificateState

        public static int SSLGetClientCertificateState​(SSLContextRef context,
                                               org.moe.natj.general.ptr.IntPtr clientState)
        [@function] SSLGetClientCertificateState Obtain client certificate exchange status. Can be called any time. Reflects the *last* client certificate state change; subsequent to a renegotiation attempt by either peer, the state is reset to kSSLClientCertNone.
        Parameters:
        context - A valid SSLContextRef.
        clientState - Pointer to SSLClientCertificateState storage.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLHandshake

        public static int SSLHandshake​(SSLContextRef context)
        [@function] SSLHandshake Perform the SSL handshake. On successful return, session is ready for normal secure application I/O via SSLWrite and SSLRead. Interesting error returns: errSSLUnknownRootCert: Peer had a valid cert chain, but the root of the chain is unknown. errSSLNoRootCert: Peer had a cert chain which did not end in a root. errSSLCertExpired: Peer's cert chain had one or more expired certs. errSSLXCertChainInvalid: Peer had an invalid cert chain (i.e., signature verification within the chain failed, or no certs were found). In all of the above errors, the handshake was aborted; the peer's cert chain is available via SSLCopyPeerTrust or SSLCopyPeerCertificates. Other interesting result codes: errSSLPeerAuthCompleted: Peer's cert chain is valid, or was ignored if cert verification was disabled via SSLSetEnableCertVerify. The application may decide to continue with the handshake (by calling SSLHandshake again), or close the connection at this point. errSSLClientCertRequested: The server has requested a client certificate. The client may choose to examine the server's certificate and distinguished name list, then optionally call SSLSetCertificate prior to resuming the handshake by calling SSLHandshake again. A return value of errSSLWouldBlock indicates that SSLHandshake has to be called again (and again and again until something else is returned).
        Parameters:
        context - A valid SSLContextRef.
        Returns:
        errSecSuccess on success, alternative error on failure or incomplete state.

      • SSLReHandshake

        public static int SSLReHandshake​(SSLContextRef context)
        [@function] SSLReHandshake Server Only: Request renegotation. This will return an error if the server is already renegotiating, or if the session is closed. After this return without error, the application should call SSLHandshake() and/or SSLRead() as for the original handshake.
        Parameters:
        context - A valid SSLContextRef.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLWrite

        public static int SSLWrite​(SSLContextRef context,
                           org.moe.natj.general.ptr.ConstVoidPtr data,
                           long dataLength,
                           org.moe.natj.general.ptr.NUIntPtr processed)
        [@function] SSLWrite Normal application-level write. On both of these, a errSSLWouldBlock return and a partially completed transfer - or even zero bytes transferred - are NOT mutually exclusive.
        Parameters:
        context - A valid SSLContextRef.
        data - Pointer to data to write.
        dataLength - Length of data to write.
        processed - Pointer to storage indicating how much data was written.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLRead

        public static int SSLRead​(SSLContextRef context,
                          org.moe.natj.general.ptr.VoidPtr data,
                          long dataLength,
                          org.moe.natj.general.ptr.NUIntPtr processed)
        [@function] SSLRead * @abstract Normal application-level write. Data is mallocd by caller; available size specified in dataLength; actual number of bytes read returned in *processed.
        Parameters:
        context - A valid SSLContextRef.
        data - Pointer to storage where data can be read.
        dataLength - Length of data storage.
        processed - Pointer to storage indicating how much data was read.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetBufferedReadSize

        public static int SSLGetBufferedReadSize​(SSLContextRef context,
                                         org.moe.natj.general.ptr.NUIntPtr bufferSize)
        [@function] SSLGetBufferedReadSize Determine how much data the client can be guaranteed to obtain via SSLRead() without blocking or causing any low-level read operations to occur.
        Parameters:
        context - A valid SSLContextRef.
        bufferSize - Pointer to store the amount of buffered data to be read.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLGetDatagramWriteSize

        public static int SSLGetDatagramWriteSize​(SSLContextRef dtlsContext,
                                          org.moe.natj.general.ptr.NUIntPtr bufSize)
        [@function] SSLGetDatagramWriteSize Determine how much data the application can be guaranteed to write with SSLWrite() without causing fragmentation. The value is based on the maximum Datagram Record size defined by the application with SSLSetMaxDatagramRecordSize(), minus the DTLS Record header size.
        Parameters:
        context - A valid SSLContextRef (for DTLS).
        bufferSize - Pointer to store the amount of data that can be written.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLClose

        public static int SSLClose​(SSLContextRef context)
        [@function] SSLClose Terminate current SSL session.
        Parameters:
        context - A valid SSLContextRef.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • kSecImportExportPassphrase

        public static CFStringRef kSecImportExportPassphrase()
        [@enum] Import/Export options Predefined key constants used when passing dictionary-based arguments to import/export functions. [@constant] kSecImportExportPassphrase Specifies a passphrase represented by a CFStringRef to be used when exporting to (or importing from) PKCS#12 format. [@constant] kSecImportExportKeychain On OSX, specifies a keychain represented by a SecKeychainRef to be used as the target when importing from PKCS#12 format. [@constant] kSecImportExportAccess On OSX, specifies an access represented by a SecAccessRef for the initial access (ACL) of a key imported from PKCS#12 format.

      • kSecImportItemLabel

        public static CFStringRef kSecImportItemLabel()
        [@enum] Import/Export item description Predefined key constants used to pass back a CFArray with a CFDictionary per item. [@constant] kSecImportItemLabel a CFStringRef representing the item label. This implementation specific identifier cannot be expected to have any format. [@constant] kSecImportItemKeyID a CFDataRef representing the key id. Often the SHA-1 digest of the public key. [@constant] kSecImportItemIdentity a SecIdentityRef representing the identity. [@constant] kSecImportItemTrust a SecTrustRef set up with all relevant certificates. Not guaranteed to succesfully evaluate. [@constant] kSecImportItemCertChain a CFArrayRef holding all relevant certificates for this item's identity

      • kSecImportItemKeyID

        public static CFStringRef kSecImportItemKeyID()

      • kSecImportItemTrust

        public static CFStringRef kSecImportItemTrust()

      • kSecImportItemCertChain

        public static CFStringRef kSecImportItemCertChain()

      • kSecImportItemIdentity

        public static CFStringRef kSecImportItemIdentity()

      • kSecClass

        public static CFStringRef kSecClass()
        [@enum] Class Key Constant Predefined key constant used to get or set item class values in a dictionary. Its value is one of the constants defined in the Value Constants for kSecClass. [@constant] kSecClass Specifies a dictionary key whose value is the item's class code. You use this key to get or set a value of type CFTypeRef that contains the item class code.

      • kSecClassGenericPassword

        public static CFStringRef kSecClassGenericPassword()

      • kSecClassInternetPassword

        public static CFStringRef kSecClassInternetPassword()
        [@enum] Class Value Constants Predefined item class constants used to get or set values in a dictionary. The kSecClass constant is the key and its value is one of the constants defined here. Note: on Mac OS X 10.6, only items of class kSecClassInternetPassword are supported. [@constant] kSecClassInternetPassword Specifies Internet password items. [@constant] kSecClassGenericPassword Specifies generic password items. [@constant] kSecClassCertificate Specifies certificate items. [@constant] kSecClassKey Specifies key items. [@constant] kSecClassIdentity Specifies identity items.

      • kSecClassCertificate

        public static CFStringRef kSecClassCertificate()

      • kSecClassKey

        public static CFStringRef kSecClassKey()

      • kSecClassIdentity

        public static CFStringRef kSecClassIdentity()

      • kSecAttrAccessible

        public static CFStringRef kSecAttrAccessible()
        [@enum] Attribute Key Constants Predefined item attribute keys used to get or set values in a dictionary. Not all attributes apply to each item class. The table below lists the currently defined attributes for each item class: kSecClassGenericPassword item attributes: kSecAttrAccess (OS X only) kSecAttrAccessControl kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrCreationDate kSecAttrModificationDate kSecAttrDescription kSecAttrComment kSecAttrCreator kSecAttrType kSecAttrLabel kSecAttrIsInvisible kSecAttrIsNegative kSecAttrAccount kSecAttrService kSecAttrGeneric kSecAttrSynchronizable kSecClassInternetPassword item attributes: kSecAttrAccess (OS X only) kSecAttrAccessControl kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrCreationDate kSecAttrModificationDate kSecAttrDescription kSecAttrComment kSecAttrCreator kSecAttrType kSecAttrLabel kSecAttrIsInvisible kSecAttrIsNegative kSecAttrAccount kSecAttrSecurityDomain kSecAttrServer kSecAttrProtocol kSecAttrAuthenticationType kSecAttrPort kSecAttrPath kSecAttrSynchronizable kSecClassCertificate item attributes: kSecAttrAccessible (iOS only) kSecAttrAccessControl (iOS only) kSecAttrAccessGroup (iOS only) kSecAttrCertificateType kSecAttrCertificateEncoding kSecAttrLabel kSecAttrSubject kSecAttrIssuer kSecAttrSerialNumber kSecAttrSubjectKeyID kSecAttrPublicKeyHash kSecAttrSynchronizable kSecClassKey item attributes: kSecAttrAccess (OS X only) kSecAttrAccessControl kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable and/or kSecUseDataProtectionKeychain set) kSecAttrKeyClass kSecAttrLabel kSecAttrApplicationLabel kSecAttrIsPermanent kSecAttrApplicationTag kSecAttrKeyType kSecAttrPRF (OS X only) kSecAttrSalt (OS X only) kSecAttrRounds (OS X only) kSecAttrKeySizeInBits kSecAttrEffectiveKeySize kSecAttrCanEncrypt kSecAttrCanDecrypt kSecAttrCanDerive kSecAttrCanSign kSecAttrCanVerify kSecAttrCanWrap kSecAttrCanUnwrap kSecAttrSynchronizable Note that the attributes kSecAttrCan* describe attributes of the key itself at relatively high level. Some of these attributes are mathematical -- for example, a DSA key cannot encrypt. Others are key-level policy issues -- for example, it is good cryptographic hygiene to use an RSA key either for encryption or signing but not both. Compare these to the certificate-level policy values in SecPolicy.h. kSecClassIdentity item attributes: Since an identity is the combination of a private key and a certificate, this class shares attributes of both kSecClassKey and kSecClassCertificate. [@constant] kSecAttrAccessible Specifies a dictionary key whose value indicates when your application needs access to an item's data. You should choose the most restrictive option that meets your application's needs to allow the system to protect that item in the best way possible. See the "kSecAttrAccessible Value Constants" section for a list of values which can be specified. IMPORTANT: This attribute is currently not supported for OS X keychain items, unless the kSecAttrSynchronizable attribute is also present. If both attributes are specified on either OS X or iOS, the value for the kSecAttrAccessible key may only be one whose name does not end with "ThisDeviceOnly", as those cannot sync to another device. [@constant] kSecAttrAccessControl Specifies a dictionary key whose value is SecAccessControl instance which contains access control conditions for item. IMPORTANT: This attribute is mutually exclusive with kSecAttrAccess attribute. [@constant] kSecAttrAccess Specifies a dictionary key whose value is a SecAccessRef describing the access control settings for this item. This key is available on OS X only. [@constant] kSecAttrAccessGroup Specifies a dictionary key whose value is a CFStringRef indicating which access group a item is in. The access groups that a particular application has membership in are determined by two entitlements for that application. The application-identifier entitlement contains the application's single access group, unless there is a keychain-access-groups entitlement present. The latter has as its value a list of access groups; the first item in this list is the default access group. Unless a specific access group is provided as the value of kSecAttrAccessGroup when SecItemAdd is called, new items are created in the application's default access group. Specifying this attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls limits the search to the specified access group (of which the calling application must be a member to obtain matching results.) To share keychain items between multiple applications, each application must have a common group listed in its keychain-access-groups entitlement, and each must specify this shared access group name as the value for the kSecAttrAccessGroup key in the dictionary passed to SecItem functions. [@constant] kSecAttrSynchronizable Specifies a dictionary key whose value is a CFBooleanRef indicating whether the item in question can be synchronized. To add a new item which can be synced to other devices, or to obtain synchronizable results from a query, supply this key with a value of kCFBooleanTrue. If the key is not supplied, or has a value of kCFBooleanFalse, then no synchronizable items will be added or returned. A predefined value, kSecAttrSynchronizableAny, may be provided instead of kCFBooleanTrue if both synchronizable and non-synchronizable results are desired. IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats: - Updating or deleting items using the kSecAttrSynchronizable key will affect all copies of the item, not just the one on your local device. Be sure that it makes sense to use the same password on all devices before deciding to make a password synchronizable. - Only password items can currently be synchronized. Keychain syncing is not supported for certificates or cryptographic keys. - Items stored or obtained using the kSecAttrSynchronizable key cannot specify SecAccessRef-based access control with kSecAttrAccess. If a password is intended to be shared between multiple applications, the kSecAttrAccessGroup key must be specified, and each application using this password must have a 'keychain-access-groups' entitlement with the specified access group value. - Items stored or obtained using the kSecAttrSynchronizable key may not also specify a kSecAttrAccessible value which is incompatible with syncing (namely, those whose names end with "ThisDeviceOnly".) - Items stored or obtained using the kSecAttrSynchronizable key cannot be specified by reference. You must pass kSecReturnAttributes and/or kSecReturnData to retrieve results; kSecReturnRef is currently not supported for synchronizable items. - Persistent references to synchronizable items should be avoided; while they may work locally, they cannot be moved between devices, and may not resolve if the item is modified on some other device. - When specifying a query that uses the kSecAttrSynchronizable key, search keys are limited to the item's class and attributes. The only search constant which may be used is kSecMatchLimit; other constants using the kSecMatch prefix are not supported at this time. [@constant] kSecAttrSynchronizableAny Specifies that both synchronizable and non-synchronizable results should be returned from this query. This may be used as a value for the kSecAttrSynchronizable dictionary key in a call to SecItemCopyMatching, SecItemUpdate, or SecItemDelete. [@constant] kSecAttrCreationDate (read-only) Specifies a dictionary key whose value is the item's creation date. You use this key to get a value of type CFDateRef that represents the date the item was created. [@constant] kSecAttrModificationDate (read-only) Specifies a dictionary key whose value is the item's modification date. You use this key to get a value of type CFDateRef that represents the last time the item was updated. [@constant] kSecAttrDescription Specifies a dictionary key whose value is the item's description attribute. You use this key to set or get a value of type CFStringRef that represents a user-visible string describing this particular kind of item (e.g., "disk image password"). [@constant] kSecAttrComment Specifies a dictionary key whose value is the item's comment attribute. You use this key to set or get a value of type CFStringRef containing the user-editable comment for this item. [@constant] kSecAttrCreator Specifies a dictionary key whose value is the item's creator attribute. You use this key to set or get a value of type CFNumberRef that represents the item's creator. This number is the unsigned integer representation of a four-character code (e.g., 'aCrt'). [@constant] kSecAttrType Specifies a dictionary key whose value is the item's type attribute. You use this key to set or get a value of type CFNumberRef that represents the item's type. This number is the unsigned integer representation of a four-character code (e.g., 'aTyp'). [@constant] kSecAttrLabel Specifies a dictionary key whose value is the item's label attribute. You use this key to set or get a value of type CFStringRef containing the user-visible label for this item. [@constant] kSecAttrIsInvisible Specifies a dictionary key whose value is the item's invisible attribute. You use this key to set or get a value of type CFBooleanRef that indicates whether the item is invisible (i.e., should not be displayed.) [@constant] kSecAttrIsNegative Specifies a dictionary key whose value is the item's negative attribute. You use this key to set or get a value of type CFBooleanRef that indicates whether there is a valid password associated with this keychain item. This is useful if your application doesn't want a password for some particular service to be stored in the keychain, but prefers that it always be entered by the user. [@constant] kSecAttrAccount Specifies a dictionary key whose value is the item's account attribute. You use this key to set or get a CFStringRef that contains an account name. (Items of class kSecClassGenericPassword, kSecClassInternetPassword have this attribute.) [@constant] kSecAttrService Specifies a dictionary key whose value is the item's service attribute. You use this key to set or get a CFStringRef that represents the service associated with this item. (Items of class kSecClassGenericPassword have this attribute.) [@constant] kSecAttrGeneric Specifies a dictionary key whose value is the item's generic attribute. You use this key to set or get a value of CFDataRef that contains a user-defined attribute. (Items of class kSecClassGenericPassword have this attribute.) [@constant] kSecAttrSecurityDomain Specifies a dictionary key whose value is the item's security domain attribute. You use this key to set or get a CFStringRef value that represents the Internet security domain. (Items of class kSecClassInternetPassword have this attribute.) [@constant] kSecAttrServer Specifies a dictionary key whose value is the item's server attribute. You use this key to set or get a value of type CFStringRef that contains the server's domain name or IP address. (Items of class kSecClassInternetPassword have this attribute.) [@constant] kSecAttrProtocol Specifies a dictionary key whose value is the item's protocol attribute. You use this key to set or get a value of type CFNumberRef that denotes the protocol for this item (see the SecProtocolType enum in SecKeychainItem.h). (Items of class kSecClassInternetPassword have this attribute.) [@constant] kSecAttrAuthenticationType Specifies a dictionary key whose value is the item's authentication type attribute. You use this key to set or get a value of type CFNumberRef that denotes the authentication scheme for this item (see the kSecAttrAuthenticationType value constants below). [@constant] kSecAttrPort Specifies a dictionary key whose value is the item's port attribute. You use this key to set or get a CFNumberRef value that represents an Internet port number. (Items of class kSecClassInternetPassword have this attribute.) [@constant] kSecAttrPath Specifies a dictionary key whose value is the item's path attribute, typically this is the path component of the URL. You use this key to set or get a CFStringRef value that represents a path. (Items of class kSecClassInternetPassword have this attribute.) [@constant] kSecAttrSubject (read-only) Specifies a dictionary key whose value is the item's subject. You use this key to get a value of type CFDataRef that contains the X.500 subject name of a certificate. (Items of class kSecClassCertificate have this attribute.) [@constant] kSecAttrIssuer (read-only) Specifies a dictionary key whose value is the item's issuer. You use this key to get a value of type CFDataRef that contains the X.500 issuer name of a certificate. (Items of class kSecClassCertificate have this attribute.) [@constant] kSecAttrSerialNumber (read-only) Specifies a dictionary key whose value is the item's serial number. You use this key to get a value of type CFDataRef that contains the serial number data of a certificate. (Items of class kSecClassCertificate have this attribute.) [@constant] kSecAttrSubjectKeyID (read-only) Specifies a dictionary key whose value is the item's subject key ID. You use this key to get a value of type CFDataRef that contains the subject key ID of a certificate. (Items of class kSecClassCertificate have this attribute.) [@constant] kSecAttrPublicKeyHash (read-only) Specifies a dictionary key whose value is the item's public key hash. You use this key to get a value of type CFDataRef that contains the hash of a certificate's public key. (Items of class kSecClassCertificate have this attribute.) [@constant] kSecAttrCertificateType (read-only) Specifies a dictionary key whose value is the item's certificate type. You use this key to get a value of type CFNumberRef that denotes the certificate type (On iOS, currently the value of this attribute must be equal to the version of the X509 certificate. So, 1 for v1, 2 for v2, and 3 for v3 certificates). (On OSX, see the CSSM_CERT_TYPE enum in cssmtype.h). Only items of class kSecClassCertificate have this attribute. [@constant] kSecAttrCertificateEncoding (read-only) Specifies a dictionary key whose value is the item's certificate encoding. You use this key to get a value of type CFNumberRef that denotes the certificate encoding (On iOS, currently only the value 3 meaning kSecAttrCertificateEncodingDER is supported). On OSX, see the CSSM_CERT_ENCODING enum in cssmtype.h. Only items of class kSecClassCertificate have this attribute. [@constant] kSecAttrKeyClass (read only) Specifies a dictionary key whose value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or kSecAttrKeyClassSymmetric. [@constant] kSecAttrApplicationLabel Specifies a dictionary key whose value is the key's application label attribute. This is different from the kSecAttrLabel (which is intended to be human-readable). This attribute is used to look up a key programmatically; in particular, for keys of class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of this attribute is the hash of the public key. This item is a type of CFDataRef. Legacy keys may contain a UUID in this field as a CFStringRef. [@constant] kSecAttrIsPermanent Specifies a dictionary key whose value is a CFBooleanRef indicating whether the key in question will be stored permanently. [@constant] kSecAttrIsSensitive Specifies a dictionary key whose value is a CFBooleanRef indicating that the key in question can only be exported in a wrapped (encrypted) format. OS X only. [@constant] kSecAttrIsExtractable Specifies a dictionary key whose value is a CFBooleanRef indicating whether the key in question can be exported from its keychain container. OS X only. [@constant] kSecAttrApplicationTag Specifies a dictionary key whose value is a CFDataRef containing private tag data. [@constant] kSecAttrKeyType Specifies a dictionary key whose value is a CFNumberRef indicating the algorithm associated with this key (On iOS, currently only the value 42 is supported, alternatively you can use kSecAttrKeyTypeRSA). (On OSX, see the CSSM_ALGORITHMS enum in cssmtype.h). [@constant] kSecAttrPRF Specifies a dictionary key whose value is the PRF (pseudo-random function) for this key (see "kSecAttrPRF Value Constants".) OS X only. [@constant] kSecAttrSalt Specifies a dictionary key whose value is a CFData containing the salt to use for this key. OS X only. [@constant] kSecAttrRounds Specifies a dictionary key whose value is the number of rounds for the pseudo-random function specified by kSecAttrPRF. OS X only. [@constant] kSecAttrKeySizeInBits Specifies a dictionary key whose value is a CFNumberRef indicating the number of bits in this key. [@constant] kSecAttrEffectiveKeySize Specifies a dictionary key whose value is a CFNumberRef indicating the effective number of bits in this key. For example, a DES key has a kSecAttrKeySizeInBits of 64, but a kSecAttrEffectiveKeySize of 56 bits. [@constant] kSecAttrCanEncrypt Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to encrypt data. [@constant] kSecAttrCanDecrypt Specifies a dictionary key whose value is a CFBooleanRef indicating whether the key in question can be used to decrypt data. [@constant] kSecAttrCanDerive Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to derive another key. [@constant] kSecAttrCanSign Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to create a digital signature. [@constant] kSecAttrCanVerify Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to verify a digital signature. [@constant] kSecAttrCanWrap Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to wrap another key. [@constant] kSecAttrCanUnwrap Specifies a dictionary key whole value is a CFBooleanRef indicating whether the key in question can be used to unwrap another key. [@constant] kSecAttrSyncViewHint Specifies a dictionary key whose value is a CFStringRef. This value is part of the primary key of each item, and can be used to help distiguish Sync Views when defining their queries. iOS and sychronizable items only. [@constant] kSecAttrTokenID Specifies a dictionary key whose presence indicates that item is backed by external token. Value of this attribute is CFStringRef uniquely identifying containing token. When this attribute is not present, item is stored in internal keychain database. Note that once item is created, this attribute cannot be changed - in other words it is not possible to migrate existing items to, from or between tokens. Currently the only available value for this attribute is kSecAttrTokenIDSecureEnclave, which indicates that item (private key) is backed by device's Secure Enclave.

      • kSecAttrAccessControl

        public static CFStringRef kSecAttrAccessControl()

      • kSecAttrAccessGroup

        public static CFStringRef kSecAttrAccessGroup()

      • kSecAttrSynchronizable

        public static CFStringRef kSecAttrSynchronizable()

      • kSecAttrCreationDate

        public static CFStringRef kSecAttrCreationDate()

      • kSecAttrModificationDate

        public static CFStringRef kSecAttrModificationDate()

      • kSecAttrDescription

        public static CFStringRef kSecAttrDescription()

      • kSecAttrComment

        public static CFStringRef kSecAttrComment()

      • kSecAttrCreator

        public static CFStringRef kSecAttrCreator()

      • kSecAttrType

        public static CFStringRef kSecAttrType()

      • kSecAttrLabel

        public static CFStringRef kSecAttrLabel()

      • kSecAttrIsInvisible

        public static CFStringRef kSecAttrIsInvisible()

      • kSecAttrIsNegative

        public static CFStringRef kSecAttrIsNegative()

      • kSecAttrAccount

        public static CFStringRef kSecAttrAccount()

      • kSecAttrService

        public static CFStringRef kSecAttrService()

      • kSecAttrGeneric

        public static CFStringRef kSecAttrGeneric()

      • kSecAttrSecurityDomain

        public static CFStringRef kSecAttrSecurityDomain()

      • kSecAttrServer

        public static CFStringRef kSecAttrServer()

      • kSecAttrProtocol

        public static CFStringRef kSecAttrProtocol()

      • kSecAttrAuthenticationType

        public static CFStringRef kSecAttrAuthenticationType()

      • kSecAttrPort

        public static CFStringRef kSecAttrPort()

      • kSecAttrPath

        public static CFStringRef kSecAttrPath()

      • kSecAttrSubject

        public static CFStringRef kSecAttrSubject()

      • kSecAttrIssuer

        public static CFStringRef kSecAttrIssuer()

      • kSecAttrSerialNumber

        public static CFStringRef kSecAttrSerialNumber()

      • kSecAttrSubjectKeyID

        public static CFStringRef kSecAttrSubjectKeyID()

      • kSecAttrPublicKeyHash

        public static CFStringRef kSecAttrPublicKeyHash()

      • kSecAttrCertificateType

        public static CFStringRef kSecAttrCertificateType()

      • kSecAttrCertificateEncoding

        public static CFStringRef kSecAttrCertificateEncoding()

      • kSecAttrKeyClass

        public static CFStringRef kSecAttrKeyClass()

      • kSecAttrApplicationLabel

        public static CFStringRef kSecAttrApplicationLabel()

      • kSecAttrIsPermanent

        public static CFStringRef kSecAttrIsPermanent()

      • kSecAttrApplicationTag

        public static CFStringRef kSecAttrApplicationTag()

      • kSecAttrKeyType

        public static CFStringRef kSecAttrKeyType()

      • kSecAttrKeySizeInBits

        public static CFStringRef kSecAttrKeySizeInBits()

      • kSecAttrEffectiveKeySize

        public static CFStringRef kSecAttrEffectiveKeySize()

      • kSecAttrCanEncrypt

        public static CFStringRef kSecAttrCanEncrypt()

      • kSecAttrCanDecrypt

        public static CFStringRef kSecAttrCanDecrypt()

      • kSecAttrCanDerive

        public static CFStringRef kSecAttrCanDerive()

      • kSecAttrCanSign

        public static CFStringRef kSecAttrCanSign()

      • kSecAttrCanVerify

        public static CFStringRef kSecAttrCanVerify()

      • kSecAttrCanWrap

        public static CFStringRef kSecAttrCanWrap()

      • kSecAttrCanUnwrap

        public static CFStringRef kSecAttrCanUnwrap()

      • kSecAttrSyncViewHint

        public static CFStringRef kSecAttrSyncViewHint()

      • kSecAttrTokenID

        public static CFStringRef kSecAttrTokenID()

      • kSecAttrAccessibleWhenUnlocked

        public static CFStringRef kSecAttrAccessibleWhenUnlocked()
        [@enum] kSecAttrAccessible Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecAttrAccessible constant is the key and its value is one of the constants defined here. When asking SecItemCopyMatching to return the item's data, the error errSecInteractionNotAllowed will be returned if the item's data is not available until a device unlock occurs. [@constant] kSecAttrAccessibleWhenUnlocked Item data can only be accessed while the device is unlocked. This is recommended for items that only need be accesible while the application is in the foreground. Items with this attribute will migrate to a new device when using encrypted backups. [@constant] kSecAttrAccessibleAfterFirstUnlock Item data can only be accessed once the device has been unlocked after a restart. This is recommended for items that need to be accesible by background applications. Items with this attribute will migrate to a new device when using encrypted backups. [@constant] kSecAttrAccessibleAlways Item data can always be accessed regardless of the lock state of the device. This is not recommended for anything except system use. Items with this attribute will migrate to a new device when using encrypted backups. [@constant] kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly Item data can only be accessed while the device is unlocked. This is recommended for items that only need to be accessible while the application is in the foreground and requires a passcode to be set on the device. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing. This attribute will not be available on devices without a passcode. Disabling the device passcode will cause all previously protected items to be deleted. [@constant] kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only be accessed while the device is unlocked. This is recommended for items that only need be accesible while the application is in the foreground. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing. [@constant] kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly Item data can only be accessed once the device has been unlocked after a restart. This is recommended for items that need to be accessible by background applications. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device these items will be missing. [@constant] kSecAttrAccessibleAlwaysThisDeviceOnly Item data can always be accessed regardless of the lock state of the device. This option is not recommended for anything except system use. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing.

      • kSecAttrAccessibleAfterFirstUnlock

        public static CFStringRef kSecAttrAccessibleAfterFirstUnlock()

      • kSecAttrAccessibleAlways

        public static CFStringRef kSecAttrAccessibleAlways()

      • kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly

        public static CFStringRef kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly()

      • kSecAttrAccessibleWhenUnlockedThisDeviceOnly

        public static CFStringRef kSecAttrAccessibleWhenUnlockedThisDeviceOnly()

      • kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly

        public static CFStringRef kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly()

      • kSecAttrAccessibleAlwaysThisDeviceOnly

        public static CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnly()

      • kSecAttrProtocolFTP

        public static CFStringRef kSecAttrProtocolFTP()
        [@enum] kSecAttrProtocol Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecAttrProtocol constant is the key and its value is one of the constants defined here. [@constant] kSecAttrProtocolFTP. [@constant] kSecAttrProtocolFTPAccount. [@constant] kSecAttrProtocolHTTP. [@constant] kSecAttrProtocolIRC. [@constant] kSecAttrProtocolNNTP. [@constant] kSecAttrProtocolPOP3. [@constant] kSecAttrProtocolSMTP. [@constant] kSecAttrProtocolSOCKS. [@constant] kSecAttrProtocolIMAP. [@constant] kSecAttrProtocolLDAP. [@constant] kSecAttrProtocolAppleTalk. [@constant] kSecAttrProtocolAFP. [@constant] kSecAttrProtocolTelnet. [@constant] kSecAttrProtocolSSH. [@constant] kSecAttrProtocolFTPS. [@constant] kSecAttrProtocolHTTPS. [@constant] kSecAttrProtocolHTTPProxy. [@constant] kSecAttrProtocolHTTPSProxy. [@constant] kSecAttrProtocolFTPProxy. [@constant] kSecAttrProtocolSMB. [@constant] kSecAttrProtocolRTSP. [@constant] kSecAttrProtocolRTSPProxy. [@constant] kSecAttrProtocolDAAP. [@constant] kSecAttrProtocolEPPC. [@constant] kSecAttrProtocolIPP. [@constant] kSecAttrProtocolNNTPS. [@constant] kSecAttrProtocolLDAPS. [@constant] kSecAttrProtocolTelnetS. [@constant] kSecAttrProtocolIMAPS. [@constant] kSecAttrProtocolIRCS. [@constant] kSecAttrProtocolPOP3S.

      • kSecAttrProtocolFTPAccount

        public static CFStringRef kSecAttrProtocolFTPAccount()

      • kSecAttrProtocolHTTP

        public static CFStringRef kSecAttrProtocolHTTP()

      • kSecAttrProtocolIRC

        public static CFStringRef kSecAttrProtocolIRC()

      • kSecAttrProtocolNNTP

        public static CFStringRef kSecAttrProtocolNNTP()

      • kSecAttrProtocolPOP3

        public static CFStringRef kSecAttrProtocolPOP3()

      • kSecAttrProtocolSMTP

        public static CFStringRef kSecAttrProtocolSMTP()

      • kSecAttrProtocolSOCKS

        public static CFStringRef kSecAttrProtocolSOCKS()

      • kSecAttrProtocolIMAP

        public static CFStringRef kSecAttrProtocolIMAP()

      • kSecAttrProtocolLDAP

        public static CFStringRef kSecAttrProtocolLDAP()

      • kSecAttrProtocolAppleTalk

        public static CFStringRef kSecAttrProtocolAppleTalk()

      • kSecAttrProtocolAFP

        public static CFStringRef kSecAttrProtocolAFP()

      • kSecAttrProtocolTelnet

        public static CFStringRef kSecAttrProtocolTelnet()

      • kSecAttrProtocolSSH

        public static CFStringRef kSecAttrProtocolSSH()

      • kSecAttrProtocolFTPS

        public static CFStringRef kSecAttrProtocolFTPS()

      • kSecAttrProtocolHTTPS

        public static CFStringRef kSecAttrProtocolHTTPS()

      • kSecAttrProtocolHTTPProxy

        public static CFStringRef kSecAttrProtocolHTTPProxy()

      • kSecAttrProtocolHTTPSProxy

        public static CFStringRef kSecAttrProtocolHTTPSProxy()

      • kSecAttrProtocolFTPProxy

        public static CFStringRef kSecAttrProtocolFTPProxy()

      • kSecAttrProtocolSMB

        public static CFStringRef kSecAttrProtocolSMB()

      • kSecAttrProtocolRTSP

        public static CFStringRef kSecAttrProtocolRTSP()

      • kSecAttrProtocolRTSPProxy

        public static CFStringRef kSecAttrProtocolRTSPProxy()

      • kSecAttrProtocolDAAP

        public static CFStringRef kSecAttrProtocolDAAP()

      • kSecAttrProtocolEPPC

        public static CFStringRef kSecAttrProtocolEPPC()

      • kSecAttrProtocolIPP

        public static CFStringRef kSecAttrProtocolIPP()

      • kSecAttrProtocolNNTPS

        public static CFStringRef kSecAttrProtocolNNTPS()

      • kSecAttrProtocolLDAPS

        public static CFStringRef kSecAttrProtocolLDAPS()

      • kSecAttrProtocolTelnetS

        public static CFStringRef kSecAttrProtocolTelnetS()

      • kSecAttrProtocolIMAPS

        public static CFStringRef kSecAttrProtocolIMAPS()

      • kSecAttrProtocolIRCS

        public static CFStringRef kSecAttrProtocolIRCS()

      • kSecAttrProtocolPOP3S

        public static CFStringRef kSecAttrProtocolPOP3S()

      • kSecAttrAuthenticationTypeNTLM

        public static CFStringRef kSecAttrAuthenticationTypeNTLM()
        [@enum] kSecAttrAuthenticationType Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecAttrAuthenticationType constant is the key and its value is one of the constants defined here. [@constant] kSecAttrAuthenticationTypeNTLM. [@constant] kSecAttrAuthenticationTypeMSN. [@constant] kSecAttrAuthenticationTypeDPA. [@constant] kSecAttrAuthenticationTypeRPA. [@constant] kSecAttrAuthenticationTypeHTTPBasic. [@constant] kSecAttrAuthenticationTypeHTTPDigest. [@constant] kSecAttrAuthenticationTypeHTMLForm. [@constant] kSecAttrAuthenticationTypeDefault.

      • kSecAttrAuthenticationTypeMSN

        public static CFStringRef kSecAttrAuthenticationTypeMSN()

      • kSecAttrAuthenticationTypeDPA

        public static CFStringRef kSecAttrAuthenticationTypeDPA()

      • kSecAttrAuthenticationTypeRPA

        public static CFStringRef kSecAttrAuthenticationTypeRPA()

      • kSecAttrAuthenticationTypeHTTPBasic

        public static CFStringRef kSecAttrAuthenticationTypeHTTPBasic()

      • kSecAttrAuthenticationTypeHTTPDigest

        public static CFStringRef kSecAttrAuthenticationTypeHTTPDigest()

      • kSecAttrAuthenticationTypeHTMLForm

        public static CFStringRef kSecAttrAuthenticationTypeHTMLForm()

      • kSecAttrAuthenticationTypeDefault

        public static CFStringRef kSecAttrAuthenticationTypeDefault()

      • kSecAttrKeyClassPublic

        public static CFStringRef kSecAttrKeyClassPublic()
        [@enum] kSecAttrKeyClass Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecAttrKeyClass constant is the key and its value is one of the constants defined here. [@constant] kSecAttrKeyClassPublic. [@constant] kSecAttrKeyClassPrivate. [@constant] kSecAttrKeyClassSymmetric.

      • kSecAttrKeyClassPrivate

        public static CFStringRef kSecAttrKeyClassPrivate()

      • kSecAttrKeyClassSymmetric

        public static CFStringRef kSecAttrKeyClassSymmetric()

      • kSecAttrKeyTypeRSA

        public static CFStringRef kSecAttrKeyTypeRSA()
        [@enum] kSecAttrKeyType Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecAttrKeyType constant is the key and its value is one of the constants defined here. [@constant] kSecAttrKeyTypeECSECPrimeRandom. The used curve is P-192, P-256, P-384 or P-521. The size is specified by kSecAttrKeySizeInBits attribute. Curves are defined in FIPS PUB 186-4 standard. [@constant] kSecAttrKeyTypeEC This is the legacy name for kSecAttrKeyTypeECSECPrimeRandom, new applications should not use it. [@constant] kSecAttrKeyTypeDSA (OSX only) [@constant] kSecAttrKeyTypeAES (OSX only) [@constant] kSecAttrKeyType3DES (OSX only) [@constant] kSecAttrKeyTypeRC4 (OSX only) [@constant] kSecAttrKeyTypeRC2 (OSX only) [@constant] kSecAttrKeyTypeCAST (OSX only) [@constant] kSecAttrKeyTypeECDSA (deprecated; use kSecAttrKeyTypeECSECPrimeRandom instead.) (OSX only)

      • kSecAttrKeyTypeEC

        public static CFStringRef kSecAttrKeyTypeEC()

      • kSecAttrKeyTypeECSECPrimeRandom

        public static CFStringRef kSecAttrKeyTypeECSECPrimeRandom()

      • kSecAttrSynchronizableAny

        public static CFStringRef kSecAttrSynchronizableAny()

      • kSecMatchPolicy

        public static CFStringRef kSecMatchPolicy()
        [@enum] Search Constants Predefined search constants used to set values in a query dictionary. You can specify a combination of search attributes and item attributes when looking for matching items with the SecItemCopyMatching function. [@constant] kSecMatchPolicy Specifies a dictionary key whose value is a SecPolicyRef. If provided, returned certificates or identities must verify with this policy. [@constant] kSecMatchItemList OS X only. Specifies a dictionary key whose value is a CFArray of SecKeychainItemRef items. If provided, returned items will be limited to the subset which are contained in this list. [@constant] kSecMatchSearchList Specifies a dictionary key whose value is a CFArray of SecKeychainRef items. If provided, the search will be limited to the keychains contained in this list. [@constant] kSecMatchIssuers Specifies a dictionary key whose value is a CFArray of X.500 names (of type CFDataRef). If provided, returned certificates or identities will be limited to those whose certificate chain contains one of the issuers provided in this list. [@constant] kSecMatchEmailAddressIfPresent Specifies a dictionary key whose value is a CFStringRef containing an RFC822 email address. If provided, returned certificates or identities will be limited to those that contain the address, or do not contain any email address. [@constant] kSecMatchSubjectContains Specifies a dictionary key whose value is a CFStringRef. If provided, returned certificates or identities will be limited to those containing this string in the subject. [@constant] kSecMatchSubjectStartsWith OS X only. Specifies a dictionary key whose value is a CFStringRef. If provided, returned certificates or identities will be limited to those with subject names that start with this string. [@constant] kSecMatchSubjectEndsWith OS X only. Specifies a dictionary key whose value is a CFStringRef. If provided, returned certificates or identities will be limited to those with subject names that end with this string. [@constant] kSecMatchSubjectWholeString OS X only. Specifies a dictionary key whose value is a CFStringRef. If provided, returned certificates or identities will be limited to those matching this string exactly in the subject. [@constant] kSecMatchCaseInsensitive Specifies a dictionary key whose value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not provided, then case-sensitive string matching is performed. [@constant] kSecMatchDiacriticInsensitive OS X only. Specifies a dictionary key whose value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not provided, then diacritic-sensitive string matching is performed. [@constant] kSecMatchWidthInsensitive OS X only. Specifies a dictionary key whose value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not provided, then string matching is width-sensitive (e.g. 'a' != 0xFF41). [@constant] kSecMatchTrustedOnly Specifies a dictionary key whose value is a CFBooleanRef. If provided with a value of kCFBooleanTrue, only certificates which can be verified back to a trusted anchor will be returned. If this value is kCFBooleanFalse, or is not provided, then both trusted and untrusted certificates may be returned. [@constant] kSecMatchValidOnDate Specifies a dictionary key whose value is of type CFDateRef. If provided, returned keys, certificates or identities will be limited to those which are valid for the given date. Pass a value of kCFNull to indicate the current date. [@constant] kSecMatchLimit Specifies a dictionary key whose value is a CFNumberRef. If provided, this value specifies the maximum number of results to return. If not provided, results are limited to the first item found. Predefined values are provided for a single item (kSecMatchLimitOne) and all matching items (kSecMatchLimitAll). [@constant] kSecMatchLimitOne Specifies that results are limited to the first item found; used as a value for the kSecMatchLimit dictionary key. [@constant] kSecMatchLimitAll Specifies that an unlimited number of results may be returned; used as a value for the kSecMatchLimit dictionary key.

      • kSecMatchItemList

        public static CFStringRef kSecMatchItemList()

      • kSecMatchSearchList

        public static CFStringRef kSecMatchSearchList()

      • kSecMatchIssuers

        public static CFStringRef kSecMatchIssuers()

      • kSecMatchEmailAddressIfPresent

        public static CFStringRef kSecMatchEmailAddressIfPresent()

      • kSecMatchSubjectContains

        public static CFStringRef kSecMatchSubjectContains()

      • kSecMatchCaseInsensitive

        public static CFStringRef kSecMatchCaseInsensitive()

      • kSecMatchTrustedOnly

        public static CFStringRef kSecMatchTrustedOnly()

      • kSecMatchValidOnDate

        public static CFStringRef kSecMatchValidOnDate()

      • kSecMatchLimit

        public static CFStringRef kSecMatchLimit()

      • kSecMatchLimitOne

        public static CFStringRef kSecMatchLimitOne()

      • kSecMatchLimitAll

        public static CFStringRef kSecMatchLimitAll()

      • kSecReturnData

        public static CFStringRef kSecReturnData()
        [@enum] Return Type Key Constants Predefined return type keys used to set values in a dictionary. You use these keys to specify the type of results which should be returned by the SecItemCopyMatching or SecItemAdd function. You can specify zero or more of these return types. If more than one of these result types is specified, the result is returned as a CFDictionaryRef whose keys are the result types and values are the requested data. [@constant] kSecReturnData Specifies a dictionary key whose value is of type CFBooleanRef. A value of kCFBooleanTrue indicates that the data of an item (CFDataRef) should be returned. For keys and password items, data is secret (encrypted) and may require the user to enter a password for access. [@constant] kSecReturnAttributes Specifies a dictionary key whose value is of type CFBooleanRef. A value of kCFBooleanTrue indicates that the (non-encrypted) attributes of an item (CFDictionaryRef) should be returned. [@constant] kSecReturnRef Specifies a dictionary key whose value is a CFBooleanRef. A value of kCFBooleanTrue indicates that a reference should be returned. Depending on the item class requested, the returned reference(s) may be of type SecKeychainItemRef, SecKeyRef, SecCertificateRef, or SecIdentityRef. [@constant] kSecReturnPersistentRef Specifies a dictionary key whose value is of type CFBooleanRef. A value of kCFBooleanTrue indicates that a persistent reference to an item (CFDataRef) should be returned.

      • kSecReturnAttributes

        public static CFStringRef kSecReturnAttributes()

      • kSecReturnRef

        public static CFStringRef kSecReturnRef()

      • kSecReturnPersistentRef

        public static CFStringRef kSecReturnPersistentRef()

      • kSecValueData

        public static CFStringRef kSecValueData()
        [@enum] Value Type Key Constants Predefined value type keys used to pass values in a dictionary. You can specify zero or more of these types depending on the function you are calling. For SecItemCopyMatching or SecItemAdd these are used as keys in the results dictionary. [@constant] kSecValueData Specifies a dictionary key whose value is of type CFDataRef. For keys and password items, data is secret (encrypted) and may require the user to enter a password for access. [@constant] kSecValueRef Specifies a dictionary key whose value, depending on the item class requested, is of type SecKeychainItemRef, SecKeyRef, SecCertificateRef, or SecIdentityRef. [@constant] kSecValuePersistentRef Specifies a dictionary key whose value is of type CFDataRef. The bytes in this CFDataRef can be stored by the caller and used on a subsequent invocation of the application (or even a different application) to retrieve the item referenced by it.

      • kSecValueRef

        public static CFStringRef kSecValueRef()

      • kSecValuePersistentRef

        public static CFStringRef kSecValuePersistentRef()

      • kSecUseItemList

        public static CFStringRef kSecUseItemList()
        [@enum] Other Constants Predefined constants used to set values in a dictionary. [@constant] kSecUseItemList Specifies a dictionary key whose value is a CFArray of items. If provided, this array is treated as the set of all possible items to search, or add if the API being called is SecItemAdd. The items in this array may be of type SecKeyRef, SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent item reference.) The items in the array must all be of the same type. When this attribute is provided, no keychains are searched. [@constant] kSecUseKeychain OS X only. Specifies a dictionary key whose value is a keychain reference. You use this key to specify a value of type SecKeychainRef to which SecItemAdd will add the provided item(s). [@constant] kSecUseOperationPrompt Specifies a dictionary key whose value is a CFStringRef that represents a user-visible string describing the operation for which the application is attempting to authenticate. The application is responsible for the text localization. [@constant] kSecUseNoAuthenticationUI OS X only. Specifies a dictionary key whose value is a CFBooleanRef. If provided with a value of kCFBooleanTrue, the error errSecInteractionNotAllowed will be returned if the item is attempting to authenticate with UI. [@constant] kSecUseAuthenticationUI Specifies a dictionary key whose value is one of kSecUseAuthenticationUIAllow, kSecUseAuthenticationUIFail, kSecUseAuthenticationUISkip. [@constant] kSecUseAuthenticationContext Specifies a dictionary key whose value is LAContext to be used for keychain item authentication. * If the item requires authentication and this key is omitted, a new context will be created just for the purpose of the single call. * If the specified context has been previously authenticated, the operation will succeed without asking user for authentication. * If the specified context has not been previously authenticated, the new authentication will be started on this context, allowing caller to eventually reuse the successfully authenticated context in subsequent keychain operations. [@constant] kSecUseDataProtectionKeychain Specifies a dictionary key whose value is a CFBooleanRef. Set to kCFBooleanTrue to use kSecAttrAccessGroup and/or kSecAttrAccessible on macOS without requiring the item to be marked synchronizable.

      • kSecUseOperationPrompt

        public static CFStringRef kSecUseOperationPrompt()

      • kSecUseNoAuthenticationUI

        public static CFStringRef kSecUseNoAuthenticationUI()

      • kSecUseAuthenticationUI

        public static CFStringRef kSecUseAuthenticationUI()

      • kSecUseAuthenticationContext

        public static CFStringRef kSecUseAuthenticationContext()

      • kSecUseAuthenticationUIAllow

        public static CFStringRef kSecUseAuthenticationUIAllow()
        [@enum] kSecUseAuthenticationUI Value Constants Predefined item attribute constants used to get or set values in a dictionary. The kSecUseAuthenticationUI constant is the key and its value is one of the constants defined here. If the key kSecUseAuthenticationUI not provided then kSecUseAuthenticationUIAllow is used as default. [@constant] kSecUseAuthenticationUIAllow Specifies that authenticate UI can appear. [@constant] kSecUseAuthenticationUIFail Specifies that the error errSecInteractionNotAllowed will be returned if an item needs to authenticate with UI [@constant] kSecUseAuthenticationUIAllowSkip Specifies that all items which need to authenticate with UI will be silently skipped. This value can be used only with SecItemCopyMatching.

      • kSecUseAuthenticationUIFail

        public static CFStringRef kSecUseAuthenticationUIFail()

      • kSecUseAuthenticationUISkip

        public static CFStringRef kSecUseAuthenticationUISkip()

      • kSecAttrTokenIDSecureEnclave

        public static CFStringRef kSecAttrTokenIDSecureEnclave()
        [@enum] kSecAttrTokenID Value Constants Predefined item attribute constant used to get or set values in a dictionary. The kSecAttrTokenID constant is the key and its value can be kSecAttrTokenIDSecureEnclave. [@constant] kSecAttrTokenIDSecureEnclave Specifies well-known identifier of the token implemented using device's Secure Enclave. The only keychain items supported by the Secure Enclave token are 256-bit elliptic curve keys (kSecAttrKeyTypeECSecPrimeRandom). Keys must be generated on the secure enclave using SecKeyGenerateKeyPair call with kSecAttrTokenID set to kSecAttrTokenIDSecureEnclave in the parameters dictionary, it is not possible to import pregenerated keys to kSecAttrTokenIDSecureEnclave token.

      • kSecAttrAccessGroupToken

        public static CFStringRef kSecAttrAccessGroupToken()
        [@enum] kSecAttrAccessGroup Value Constants [@constant] kSecAttrAccessGroupToken Represents well-known access group which contains items provided by external token (typically smart card). This may be used as a value for kSecAttrAccessGroup attribute. Every application has access to this access group so it is not needed to explicitly list it in keychain-access-groups entitlement, but application must explicitly state this access group in keychain queries in order to be able to access items from external tokens.

      • kSecPrivateKeyAttrs

        public static CFStringRef kSecPrivateKeyAttrs()
        [@enum] Key Parameter Constants Predefined key constants used to get or set values in a dictionary. These are used to provide explicit parameters to key generation functions when non-default values are desired. See the description of the SecKeyGeneratePair API for usage information. [@constant] kSecPrivateKeyAttrs The value for this key is a CFDictionaryRef containing attributes specific for the private key to be generated. [@constant] kSecPublicKeyAttrs The value for this key is a CFDictionaryRef containing attributes specific for the public key to be generated.

      • kSecPublicKeyAttrs

        public static CFStringRef kSecPublicKeyAttrs()

      • kSecKeyAlgorithmRSASignatureRaw

        public static CFStringRef kSecKeyAlgorithmRSASignatureRaw()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384()

      • kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512()

      • kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1()

      • kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224()

      • kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256()

      • kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384()

      • kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512()

      • kSecKeyAlgorithmECDSASignatureRFC4754

        public static CFStringRef kSecKeyAlgorithmECDSASignatureRFC4754()

      • kSecKeyAlgorithmECDSASignatureDigestX962

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962()

      • kSecKeyAlgorithmECDSASignatureDigestX962SHA1

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962SHA1()

      • kSecKeyAlgorithmECDSASignatureDigestX962SHA224

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962SHA224()

      • kSecKeyAlgorithmECDSASignatureDigestX962SHA256

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962SHA256()

      • kSecKeyAlgorithmECDSASignatureDigestX962SHA384

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962SHA384()

      • kSecKeyAlgorithmECDSASignatureDigestX962SHA512

        public static CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962SHA512()

      • kSecKeyAlgorithmECDSASignatureMessageX962SHA1

        public static CFStringRef kSecKeyAlgorithmECDSASignatureMessageX962SHA1()

      • kSecKeyAlgorithmECDSASignatureMessageX962SHA224

        public static CFStringRef kSecKeyAlgorithmECDSASignatureMessageX962SHA224()

      • kSecKeyAlgorithmECDSASignatureMessageX962SHA256

        public static CFStringRef kSecKeyAlgorithmECDSASignatureMessageX962SHA256()

      • kSecKeyAlgorithmECDSASignatureMessageX962SHA384

        public static CFStringRef kSecKeyAlgorithmECDSASignatureMessageX962SHA384()

      • kSecKeyAlgorithmECDSASignatureMessageX962SHA512

        public static CFStringRef kSecKeyAlgorithmECDSASignatureMessageX962SHA512()

      • kSecKeyAlgorithmRSAEncryptionRaw

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionRaw()

      • kSecKeyAlgorithmRSAEncryptionPKCS1

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionPKCS1()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA1

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA224

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA256

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA384

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA512

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM()

      • kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM

        public static CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM()

      • kSecKeyAlgorithmECDHKeyExchangeStandard

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandard()

      • kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1()

      • kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224()

      • kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256()

      • kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384()

      • kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512()

      • kSecKeyAlgorithmECDHKeyExchangeCofactor

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactor()

      • kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1()

      • kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224()

      • kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256()

      • kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384()

      • kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512

        public static CFStringRef kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512()

      • kSecKeyKeyExchangeParameterRequestedSize

        public static CFStringRef kSecKeyKeyExchangeParameterRequestedSize()

      • kSecKeyKeyExchangeParameterSharedInfo

        public static CFStringRef kSecKeyKeyExchangeParameterSharedInfo()

      • kSecPolicyAppleX509Basic

        public static CFStringRef kSecPolicyAppleX509Basic()
        [@enum] Policy Constants Predefined constants used to specify a policy. [@constant] kSecPolicyAppleX509Basic [@constant] kSecPolicyAppleSSL [@constant] kSecPolicyAppleSMIME [@constant] kSecPolicyAppleEAP [@constant] kSecPolicyAppleiChat [@constant] kSecPolicyAppleIPsec [@constant] kSecPolicyApplePKINITClient [@constant] kSecPolicyApplePKINITServer [@constant] kSecPolicyAppleCodeSigning [@constant] kSecPolicyMacAppStoreReceipt [@constant] kSecPolicyAppleIDValidation [@constant] kSecPolicyAppleTimeStamping [@constant] kSecPolicyAppleRevocation [@constant] kSecPolicyApplePassbookSigning [@constant] kSecPolicyApplePayIssuerEncryption

      • kSecPolicyAppleSSL

        public static CFStringRef kSecPolicyAppleSSL()

      • kSecPolicyAppleSMIME

        public static CFStringRef kSecPolicyAppleSMIME()

      • kSecPolicyAppleEAP

        public static CFStringRef kSecPolicyAppleEAP()

      • kSecPolicyAppleIPsec

        public static CFStringRef kSecPolicyAppleIPsec()

      • kSecPolicyAppleCodeSigning

        public static CFStringRef kSecPolicyAppleCodeSigning()

      • kSecPolicyMacAppStoreReceipt

        public static CFStringRef kSecPolicyMacAppStoreReceipt()

      • kSecPolicyAppleIDValidation

        public static CFStringRef kSecPolicyAppleIDValidation()

      • kSecPolicyAppleTimeStamping

        public static CFStringRef kSecPolicyAppleTimeStamping()

      • kSecPolicyAppleRevocation

        public static CFStringRef kSecPolicyAppleRevocation()

      • kSecPolicyApplePassbookSigning

        public static CFStringRef kSecPolicyApplePassbookSigning()

      • kSecPolicyApplePayIssuerEncryption

        public static CFStringRef kSecPolicyApplePayIssuerEncryption()

      • kSecPolicyOid

        public static CFStringRef kSecPolicyOid()
        [@enum] Policy Value Constants Predefined property key constants used to get or set values in a dictionary for a policy instance. All policies will have the following read-only value: kSecPolicyOid (the policy object identifier) Additional policy values which your code can optionally set: kSecPolicyName (name which must be matched) kSecPolicyClient (evaluate for client, rather than server) kSecPolicyRevocationFlags (only valid for a revocation policy) kSecPolicyTeamIdentifier (only valid for a Passbook signing policy) [@constant] kSecPolicyOid Specifies the policy OID (value is a CFStringRef) [@constant] kSecPolicyName Specifies a CFStringRef (or CFArrayRef of same) containing a name which must be matched in the certificate to satisfy this policy. For SSL/TLS, EAP, and IPSec policies, this specifies the server name which must match the common name of the certificate. For S/MIME, this specifies the RFC822 email address. For Passbook signing, this specifies the pass signer. [@constant] kSecPolicyClient Specifies a CFBooleanRef value that indicates this evaluation should be for a client certificate. If not set (or false), the policy evaluates the certificate as a server certificate. [@constant] kSecPolicyRevocationFlags Specifies a CFNumberRef that holds a kCFNumberCFIndexType bitmask value. See "Revocation Policy Constants" for a description of individual bits in this value. [@constant] kSecPolicyTeamIdentifier Specifies a CFStringRef containing a team identifier which must be matched in the certificate to satisfy this policy. For the Passbook signing policy, this string must match the Organizational Unit field of the certificate subject.

      • kSecPolicyName

        public static CFStringRef kSecPolicyName()

      • kSecPolicyClient

        public static CFStringRef kSecPolicyClient()

      • kSecPolicyRevocationFlags

        public static CFStringRef kSecPolicyRevocationFlags()

      • kSecPolicyTeamIdentifier

        public static CFStringRef kSecPolicyTeamIdentifier()

      • kSecRandomDefault

        public static SecRandomRef kSecRandomDefault()
        This is a synonym for NULL, if you'd rather use a named constant. This refers to a cryptographically secure random number generator.

      • kSecSharedPassword

        public static CFStringRef kSecSharedPassword()
        [@enum] Credential Key Constants Predefined key constants used to get values in a dictionary of credentials returned by SecRequestWebCredential. [@constant] kSecSharedPassword Specifies a dictionary key whose value is a shared password. You use this key to get a value of type CFStringRef that contains a password.

      • kSecPropertyTypeTitle

        public static CFStringRef kSecPropertyTypeTitle()
        [@enum] Trust Property Constants Predefined key constants used to obtain values in a per-certificate dictionary of trust evaluation results, as retrieved from a call to SecTrustCopyProperties. [@constant] kSecPropertyTypeTitle Specifies a key whose value is a CFStringRef containing the title (display name) of this certificate. [@constant] kSecPropertyTypeError Specifies a key whose value is a CFStringRef containing the reason for a trust evaluation failure.

      • kSecPropertyTypeError

        public static CFStringRef kSecPropertyTypeError()

      • kSecTrustEvaluationDate

        public static CFStringRef kSecTrustEvaluationDate()
        [@enum] Trust Result Constants Predefined key constants used to obtain values in a dictionary of trust evaluation results for a certificate chain, as retrieved from a call to SecTrustCopyResult. [@constant] kSecTrustEvaluationDate This key will be present if a trust evaluation has been performed and results are available. Its value is a CFDateRef representing when the evaluation for this trust object took place. [@constant] kSecTrustExtendedValidation This key will be present and have a value of kCFBooleanTrue if this chain was validated for EV. [@constant] kSecTrustOrganizationName Organization name field of subject of leaf certificate. This field is meant to be displayed to the user as the validated name of the company or entity that owns the certificate if the kSecTrustExtendedValidation key is present. [@constant] kSecTrustResultValue This key will be present if a trust evaluation has been performed. Its value is a CFNumberRef representing the SecTrustResultType result for the evaluation. [@constant] kSecTrustRevocationChecked This key will be present iff this chain had its revocation checked. The value will be a kCFBooleanTrue if revocation checking was successful and none of the certificates in the chain were revoked. The value will be kCFBooleanFalse if no current revocation status could be obtained for one or more certificates in the chain due to connection problems or timeouts. This is a hint to a client to retry revocation checking at a later time. [@constant] kSecTrustRevocationValidUntilDate This key will be present iff kSecTrustRevocationChecked has a value of kCFBooleanTrue. The value will be a CFDateRef representing the earliest date at which the revocation info for one of the certificates in this chain might change. [@constant] kSecTrustCertificateTransparency This key will be present and have a value of kCFBooleanTrue if this chain is CT qualified. [@constant] kSecTrustCertificateTransparencyWhiteList This key will be present and have a value of kCFBooleanTrue if this chain is EV, not CT qualified, but included of the CT WhiteList.

      • kSecTrustExtendedValidation

        public static CFStringRef kSecTrustExtendedValidation()

      • kSecTrustOrganizationName

        public static CFStringRef kSecTrustOrganizationName()

      • kSecTrustResultValue

        public static CFStringRef kSecTrustResultValue()

      • kSecTrustRevocationChecked

        public static CFStringRef kSecTrustRevocationChecked()

      • kSecTrustRevocationValidUntilDate

        public static CFStringRef kSecTrustRevocationValidUntilDate()

      • kSecTrustCertificateTransparency

        public static CFStringRef kSecTrustCertificateTransparency()

      • kSecTrustCertificateTransparencyWhiteList

        public static CFStringRef kSecTrustCertificateTransparencyWhiteList()

      • kSSLSessionConfig_default

        public static CFStringRef kSSLSessionConfig_default()
        Default configuration (has 3DES, no RC4)

      • kSSLSessionConfig_ATSv1

        public static CFStringRef kSSLSessionConfig_ATSv1()
        ATS v1 Config: TLS v1.2, only PFS ciphersuites

      • kSSLSessionConfig_ATSv1_noPFS

        public static CFStringRef kSSLSessionConfig_ATSv1_noPFS()
        ATS v1 Config without PFS: TLS v1.2, include non PFS ciphersuites

      • kSSLSessionConfig_standard

        public static CFStringRef kSSLSessionConfig_standard()
        TLS v1.2 to TLS v1.0, with default ciphersuites (no 3DES, no RC4)

      • kSSLSessionConfig_RC4_fallback

        public static CFStringRef kSSLSessionConfig_RC4_fallback()
        TLS v1.2 to TLS v1.0, with default ciphersuites + RC4 + 3DES

      • kSSLSessionConfig_TLSv1_fallback

        public static CFStringRef kSSLSessionConfig_TLSv1_fallback()
        TLS v1.0 only, with default ciphersuites + fallback SCSV

      • kSSLSessionConfig_TLSv1_RC4_fallback

        public static CFStringRef kSSLSessionConfig_TLSv1_RC4_fallback()
        TLS v1.0, with default ciphersuites + RC4 + 3DES + fallback SCSV

      • kSSLSessionConfig_legacy

        public static CFStringRef kSSLSessionConfig_legacy()
        TLS v1.2 to TLS v1.0, defaults + RC4 + DHE ciphersuites

      • kSSLSessionConfig_legacy_DHE

        public static CFStringRef kSSLSessionConfig_legacy_DHE()
        TLS v1.2 to TLS v1.0, default + RC4 + DHE ciphersuites

      • kSSLSessionConfig_anonymous

        public static CFStringRef kSSLSessionConfig_anonymous()
        TLS v1.2, anonymous ciphersuites only

      • kSSLSessionConfig_3DES_fallback

        public static CFStringRef kSSLSessionConfig_3DES_fallback()
        TLS v1.2 to TLS v1.0, has 3DES, no RC4

      • kSSLSessionConfig_TLSv1_3DES_fallback

        public static CFStringRef kSSLSessionConfig_TLSv1_3DES_fallback()
        TLS v1.0, with default ciphersuites + 3DES, no RC4

      • SecCertificateCopyCommonName

        public static int SecCertificateCopyCommonName​(SecCertificateRef certificate,
                                               org.moe.natj.general.ptr.Ptr<CFStringRef> commonName)
        [@function] SecCertificateCopyCommonName Retrieves the common name of the subject of a given certificate. All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. Note that the certificate's common name field may not be present, or may be inadequate to describe the certificate; for display purposes, you should consider using SecCertificateCopySubjectSummary instead of this function.
        Parameters:
        certificate - A reference to the certificate from which to retrieve the common name.
        commonName - On return, a reference to the common name. Your code must release this reference by calling the CFRelease function.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecCertificateCopyEmailAddresses

        public static int SecCertificateCopyEmailAddresses​(SecCertificateRef certificate,
                                                   org.moe.natj.general.ptr.Ptr<CFArrayRef> emailAddresses)
        [@function] SecCertificateCopyEmailAddresses Returns an array of zero or more email addresses for the subject of a given certificate.
        Parameters:
        certificate - A reference to the certificate from which to retrieve the email addresses.
        emailAddresses - On return, an array of zero or more CFStringRef elements corresponding to each email address found. Your code must release this array reference by calling the CFRelease function.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecCertificateCopyNormalizedIssuerSequence

        public static CFDataRef SecCertificateCopyNormalizedIssuerSequence​(SecCertificateRef certificate)
        [@function] SecCertificateCopyNormalizedIssuerSequence Return the certificate's normalized issuer The issuer is a sequence in the format used by SecItemCopyMatching. The content returned is a DER-encoded X.509 distinguished name. For a display version of the issuer, call SecCertificateCopyValues. The caller must CFRelease the value returned.
        Parameters:
        certificate - The certificate from which to get values

      • SecCertificateCopyNormalizedSubjectSequence

        public static CFDataRef SecCertificateCopyNormalizedSubjectSequence​(SecCertificateRef certificate)
        [@function] SecCertificateCopyNormalizedSubjectSequence Return the certificate's normalized subject The subject is a sequence in the format used by SecItemCopyMatching. The content returned is a DER-encoded X.509 distinguished name. For a display version of the subject, call SecCertificateCopyValues. The caller must CFRelease the value returned.
        Parameters:
        certificate - The certificate from which to get values

      • SecCertificateCopyPublicKey

        public static SecKeyRef SecCertificateCopyPublicKey​(SecCertificateRef certificate)
        [@function] SecCertificateCopyPublicKey Retrieves the public key for a given certificate. NOTE: Deprecated in iOS 12.0; use SecCertificateCopyKey instead for cross-platform availability.
        Parameters:
        certificate - A reference to the certificate from which to retrieve the public key.
        Returns:
        A reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function.

      • SecCertificateCopySerialNumberData

        public static CFDataRef SecCertificateCopySerialNumberData​(SecCertificateRef certificate,
                                                           org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecCertificateCopySerialNumberData Return the certificate's serial number. Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned.
        Parameters:
        certificate - The certificate from which to get values.
        error - An optional pointer to a CFErrorRef which will be set on return from the function if an error occurred. If not NULL, the caller is responsible for releasing the CFErrorRef.

      • SecCertificateCopySerialNumber

        public static CFDataRef SecCertificateCopySerialNumber​(SecCertificateRef certificate)
        [@function] SecCertificateCopySerialNumber Return the certificate's serial number. Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned. NOTE: Deprecated in iOS 11.0; use SecCertificateCopySerialNumberData instead for cross-platform availability.
        Parameters:
        certificate - The certificate from which to get values.

      • SSLSetSessionTicketsEnabled

        public static int SSLSetSessionTicketsEnabled​(SSLContextRef context,
                                              byte enabled)
        [@function] SSLSetSessionTicketsEnabled Forcibly enable or disable session ticket resumption. [@note] By default, session tickets are disabled.
        Parameters:
        context - A valid SSLContextRef.
        enabled - Boolean indicating if ticket support is enabled (true) or not (false).
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetALPNProtocols

        public static int SSLSetALPNProtocols​(SSLContextRef context,
                                      CFArrayRef protocols)
        [@function] SSLSetALPNProtocols Set the ALPN protocols to be passed in the ALPN negotiation. This is the list of supported application-layer protocols supported. The protocols parameter must be an array of CFStringRef values with ASCII-encoded reprensetations of the supported protocols, e.g., "http/1.1". [@note] See RFC 7301 for more information.
        Parameters:
        context - A valid SSLContextRef.
        protocols - Array of CFStringRefs carrying application protocols.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLCopyALPNProtocols

        public static int SSLCopyALPNProtocols​(SSLContextRef context,
                                       org.moe.natj.general.ptr.Ptr<CFArrayRef> protocols)
        [@function] SSLCopyALPNProtocols Get the ALPN protocols associated with this SSL context. This is the list of supported application-layer protocols supported. The resultant protocols array will contain CFStringRef values containing ASCII-encoded representations of the supported protocols, e.g., "http/1.1". See RFC 7301 for more information. [@note] The `protocols` pointer must be NULL, otherwise the copy will fail. This function will allocate memory for the CFArrayRef container if there is data to provide. Otherwise, the pointer will remain NULL.
        Parameters:
        context - A valid SSLContextRef.
        protocols - Pointer to a CFArrayRef where peer ALPN protocols are stored.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetOCSPResponse

        public static int SSLSetOCSPResponse​(SSLContextRef context,
                                     CFDataRef response)
        [@function] SSLSetOCSPResponse Set the OCSP response for the given SSL session. The response parameter must be a non-NULL CFDataRef containing the bytes of the OCSP response.
        Parameters:
        context - A valid SSLContextRef.
        response - CFDataRef carrying OCSP response.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • SSLSetError

        public static int SSLSetError​(SSLContextRef context,
                              int status)
        [@function] SSLSetError Set the status of a SSLContextRef. This is to be done after handling steps of the SSL handshake such as server certificate validation.
        Parameters:
        context - A valid SSLContextRef.
        status - Error status to set internally, which will be translated to an alert.
        Returns:
        errSecSuccess on success, alternative error on failure.

      • kSecAttrIsSensitive

        public static CFStringRef kSecAttrIsSensitive()

      • kSecAttrIsExtractable

        public static CFStringRef kSecAttrIsExtractable()

      • kSecAttrPersistantReference

        public static CFStringRef kSecAttrPersistantReference()

      • kSecAttrPersistentReference

        public static CFStringRef kSecAttrPersistentReference()

      • kSecKeyAlgorithmRSASignatureDigestPSSSHA1

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA1()

      • kSecKeyAlgorithmRSASignatureDigestPSSSHA224

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA224()

      • kSecKeyAlgorithmRSASignatureDigestPSSSHA256

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA256()

      • kSecKeyAlgorithmRSASignatureDigestPSSSHA384

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA384()

      • kSecKeyAlgorithmRSASignatureDigestPSSSHA512

        public static CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA512()

      • kSecKeyAlgorithmRSASignatureMessagePSSSHA1

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePSSSHA1()

      • kSecKeyAlgorithmRSASignatureMessagePSSSHA224

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePSSSHA224()

      • kSecKeyAlgorithmRSASignatureMessagePSSSHA256

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePSSSHA256()

      • kSecKeyAlgorithmRSASignatureMessagePSSSHA384

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePSSSHA384()

      • kSecKeyAlgorithmRSASignatureMessagePSSSHA512

        public static CFStringRef kSecKeyAlgorithmRSASignatureMessagePSSSHA512()

      • kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM()

      • kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM()

      • kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM

        public static CFStringRef kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM()

      • SecCopyErrorMessageString

        public static CFStringRef SecCopyErrorMessageString​(int status,
                                                    org.moe.natj.general.ptr.VoidPtr reserved)
        [@function] SecCopyErrorMessageString Returns a string describing the specified error result code. [@reserved] Reserved for future use. Your code should pass NULL in this parameter.
        Parameters:
        status - An error result code of type OSStatus or CSSM_RETURN, as returned by a Security or CSSM function.
        Returns:
        A reference to an error string, or NULL if no error string is available for the specified result code. Your code must release this reference by calling the CFRelease function.

      • SecCertificateCopyKey

        public static SecKeyRef SecCertificateCopyKey​(SecCertificateRef certificate)
        [@function] SecCertificateCopyKey Retrieves the public key for a given certificate. RSA and ECDSA public keys are supported. All other public key algorithms are unsupported.
        Parameters:
        certificate - A reference to the certificate from which to retrieve the public key.
        Returns:
        A reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. If the public key has an encoding issue or uses an unsupported algorithm, the returned reference will be null.

      • SecTrustEvaluateWithError

        public static boolean SecTrustEvaluateWithError​(SecTrustRef trust,
                                                org.moe.natj.general.ptr.Ptr<CFErrorRef> error)
        [@function] SecTrustEvaluateWithError Evaluates a trust reference synchronously. This function will completely evaluate trust before returning, possibly including network access to fetch intermediate certificates or to perform revocation checking. Since this function can block during those operations, you should call it from within a function that is placed on a dispatch queue, or in a separate thread from your application's main run loop. If the certificate is trusted and the result is true, the error will be set to NULL. If the certificate is not trusted or the evaluation was unable to complete, the result will be false and the error will be set with a description of the failure. The error contains a code for the most serious error encountered (if multiple trust failures occurred). The localized description indicates the certificate with the most serious problem and the type of error. The underlying error contains a localized description of each certificate in the chain that had an error and all errors found with that certificate.
        Parameters:
        trust - A reference to the trust object to evaluate.
        error - A pointer to an error object
        Returns:
        A boolean value indicating whether the certificate is trusted

      • SecTrustEvaluateAsyncWithError

        public static int SecTrustEvaluateAsyncWithError​(SecTrustRef trust,
                                                 NSObject queue,
                                                 Security.Block_SecTrustEvaluateAsyncWithError result)
        [@function] SecTrustEvaluateAsyncWithError Evaluates a trust reference asynchronously. If the certificate is trusted, the callback will return a result parameter of true and the error will be set to NULL. If the certificate is not trusted or the evaluation was unable to complete, the result parameter will be false and the error will be set with a description of the failure. The error contains a code for the most serious error encountered (if multiple trust failures occurred). The localized description indicates the certificate with the most serious problem and the type of error. The underlying error contains a localized description of each certificate in the chain that had an error and all errors found with that certificate.
        Parameters:
        trust - A reference to the trust object to evaluate.
        queue - A dispatch queue on which the result callback will be executed. Note that this function MUST be called from that queue.
        result - A SecTrustWithErrorCallback block which will be executed when the trust evaluation is complete. The block is guaranteed to be called exactly once when the result code is errSecSuccess, and not called otherwise. Note that this block may be called synchronously inline if no asynchronous operations are required.
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • SecTrustSetSignedCertificateTimestamps

        public static int SecTrustSetSignedCertificateTimestamps​(SecTrustRef trust,
                                                         CFArrayRef sctArray)
        [@function] SecTrustSignedCertificateTimestamps Attach SignedCertificateTimestamp data to a trust object. Allows the caller to provide SCT data (which may be obtained during a TLS/SSL handshake, per RFC 6962) as input to a trust evaluation.
        Parameters:
        trust - A reference to a trust object.
        sctArray - is a CFArray of CFData objects each containing a SCT (per RFC 6962).
        Returns:
        A result code. See "Security Error Codes" (SecBase.h).

      • sec_trust_create

        public static NSObject sec_trust_create​(SecTrustRef trust)
        [@function] sec_trust_create Create an ARC-able `sec_trust_t` instance from a `SecTrustRef`.
        Parameters:
        trust - A `SecTrustRef` instance.
        Returns:
        a `sec_trust_t` instance.

      • sec_trust_copy_ref

        public static SecTrustRef sec_trust_copy_ref​(NSObject trust)
        [@function] sec_trust_copy_ref Copy a retained reference to the underlying `SecTrustRef` instance.
        Parameters:
        trust - A `sec_trust_t` instance.
        Returns:
        The underlying `SecTrustRef` instance.

      • sec_identity_create

        public static NSObject sec_identity_create​(SecIdentityRef identity)
        [@function] sec_identity_create Create an ARC-able `sec_identity_t` instance from a `SecIdentityRef`.
        Parameters:
        identity - A `SecIdentityRef` instance.
        Returns:
        a `sec_identity_t` instance.

      • sec_identity_create_with_certificates

        public static NSObject sec_identity_create_with_certificates​(SecIdentityRef identity,
                                                             CFArrayRef certificates)
        [@function] sec_identity_create_with_certificates Create an ARC-able `sec_identity_t` instance from a `SecIdentityRef` and array of SecCertificateRef instances.
        Parameters:
        identity - A `SecIdentityRef` instance.
        certificates - An array of `SecCertificateRef` instances.
        Returns:
        a `sec_identity_t` instance.

      • sec_identity_access_certificates

        public static boolean sec_identity_access_certificates​(NSObject identity,
                                                       Security.Block_sec_identity_access_certificates handler)
        [@function] sec_identity_access_certificates Access the certificates associated with the `sec_identity_t` instance.
        Parameters:
        identity - A `sec_identity_t` instance.
        handler - A block to invoke one or more times with `sec_certificate_t` instances.
        Returns:
        Returns true if the peer certificates were accessible, false otherwise.

      • sec_identity_copy_ref

        public static SecIdentityRef sec_identity_copy_ref​(NSObject identity)
        [@function] sec_identity_copy_ref Copy a retained reference to the underlying `SecIdentityRef` instance.
        Parameters:
        identity - A `sec_identity_t` instance.
        Returns:
        The underlying `SecIdentityRef` instance.

      • sec_identity_copy_certificates_ref

        public static CFArrayRef sec_identity_copy_certificates_ref​(NSObject identity)
        [@function] sec_identity_copy_certificates_ref Copy a retained reference to the underlying `CFArrayRef` container of `SecCertificateRef` types.
        Parameters:
        identity - A `sec_identity_t` instance.
        Returns:
        The underlying `CFArrayRef` container with `SecCertificateRef` instances.

      • sec_certificate_create

        public static NSObject sec_certificate_create​(SecCertificateRef certificate)
        [@function] sec_certificate_create Create an ARC-able `sec_certificate_t` instance from a `SecCertificateRef`.
        Parameters:
        certificate - A `SecCertificateRef` instance.
        Returns:
        a `sec_certificate_t` instance.

      • sec_certificate_copy_ref

        public static SecCertificateRef sec_certificate_copy_ref​(NSObject certificate)
        [@function] sec_certificate_copy_ref Copy a retained reference to the underlying `SecCertificateRef` instance.
        Parameters:
        certificate - A `sec_certificate_t` instance.
        Returns:
        The underlying `SecCertificateRef` instance.

      • sec_protocol_metadata_get_negotiated_protocol

        public static java.lang.String sec_protocol_metadata_get_negotiated_protocol​(NSObject metadata)
        [@function] sec_protocol_metadata_get_negotiated_protocol Get the application protocol negotiated, e.g., via the TLS ALPN extension.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A NULL-terminated string carrying the negotiated protocol.

      • sec_protocol_metadata_copy_peer_public_key

        public static NSObject sec_protocol_metadata_copy_peer_public_key​(NSObject metadata)
        [@function] sec_protocol_metadata_copy_peer_public_key Get the protocol instance peer's public key.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A `dispatch_data_t` containing the peer's raw public key.

      • sec_protocol_metadata_get_negotiated_tls_protocol_version

        public static short sec_protocol_metadata_get_negotiated_tls_protocol_version​(NSObject metadata)
        [@function] sec_protocol_metadata_get_negotiated_tls_protocol_version Get the negotiated TLS version.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A `tls_protocol_version_t` value.

      • sec_protocol_metadata_get_negotiated_protocol_version

        public static int sec_protocol_metadata_get_negotiated_protocol_version​(NSObject metadata)
        [@function] sec_protocol_metadata_get_negotiated_protocol_version Get the negotiated TLS version.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A SSLProtocol enum of the TLS version.

      • sec_protocol_metadata_get_negotiated_tls_ciphersuite

        public static short sec_protocol_metadata_get_negotiated_tls_ciphersuite​(NSObject metadata)
        [@function] sec_protocol_metadata_get_negotiated_tls_ciphersuite Get the negotiated TLS ciphersuite.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A `tls_ciphersuite_t`.

      • sec_protocol_metadata_get_negotiated_ciphersuite

        public static char sec_protocol_metadata_get_negotiated_ciphersuite​(NSObject metadata)
        [@function] sec_protocol_metadata_get_negotiated_ciphersuite Get the negotiated TLS ciphersuite.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A SSLCipherSuite.

      • sec_protocol_metadata_get_early_data_accepted

        public static boolean sec_protocol_metadata_get_early_data_accepted​(NSObject metadata)
        [@function] sec_protocol_metadata_get_early_data_accepted Determine if early data was accepted by the peer.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        A bool indicating if early data was accepted.

      • sec_protocol_metadata_access_peer_certificate_chain

        public static boolean sec_protocol_metadata_access_peer_certificate_chain​(NSObject metadata,
                                                                          Security.Block_sec_protocol_metadata_access_peer_certificate_chain handler)
        [@function] sec_protocol_metadata_access_peer_certificate_chain Get the certificate chain of the protocol instance peer.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        handler - A block to invoke one or more times with sec_certificate_t objects
        Returns:
        Returns true if the peer certificates were accessible, false otherwise.

      • sec_protocol_metadata_access_ocsp_response

        public static boolean sec_protocol_metadata_access_ocsp_response​(NSObject metadata,
                                                                 Security.Block_sec_protocol_metadata_access_ocsp_response handler)
        [@function] sec_protocol_metadata_copy_ocsp_response Get the OCSP response from the protocol instance peer.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        handler - A block to invoke one or more times with OCSP data
        Returns:
        Returns true if the OSCP response was accessible, false otherwise.

      • sec_protocol_metadata_access_supported_signature_algorithms

        public static boolean sec_protocol_metadata_access_supported_signature_algorithms​(NSObject metadata,
                                                                                  Security.Block_sec_protocol_metadata_access_supported_signature_algorithms handler)
        [@function] sec_protocol_metadata_access_supported_signature_algorithms Get the signature algorithms supported by the peer. Clients may call this in response to a challenge block.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        handler - A block to invoke one or more times with OCSP data
        Returns:
        Returns true if the supported signature list was accessible, false otherwise.

      • sec_protocol_metadata_access_distinguished_names

        public static boolean sec_protocol_metadata_access_distinguished_names​(NSObject metadata,
                                                                       Security.Block_sec_protocol_metadata_access_distinguished_names handler)
        [@function] sec_protocol_metadata_access_distinguished_names Get the X.509 Distinguished Names from the protocol instance peer.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        handler - A block to invoke one or more times with distinguished_name data
        Returns:
        Returns true if the distinguished names were accessible, false otherwise.

      • sec_protocol_metadata_access_pre_shared_keys

        public static boolean sec_protocol_metadata_access_pre_shared_keys​(NSObject metadata,
                                                                   Security.Block_sec_protocol_metadata_access_pre_shared_keys handler)
        [@function] sec_protocol_metadata_access_pre_shared_keys Get the PSKs supported by the local instance.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        handler - A block to invoke one or more times with tuples of dispatch_data_t objects carrying PSKs and their corresponding identities.
        Returns:
        Returns true if the PSKs were accessible, false otherwise.

      • sec_protocol_metadata_get_server_name

        public static java.lang.String sec_protocol_metadata_get_server_name​(NSObject metadata)
        [@function] sec_protocol_metadata_get_server_name Obtain the server name offered by a client or server during connection establishmet. This is the value commonly carried in the TLS SNI extesion.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        Returns:
        Returns A NULL-terminated string carrying the server name, or NULL if none was provided.

      • sec_protocol_metadata_peers_are_equal

        public static boolean sec_protocol_metadata_peers_are_equal​(NSObject metadataA,
                                                            NSObject metadataB)
        [@function] sec_protocol_metadata_peers_are_equal Compare peer information for two `sec_protocol_metadata` instances. This comparison does not include protocol configuration options, e.g., ciphersuites.
        Parameters:
        metadataA - A `sec_protocol_metadata_t` instance.
        metadataB - A `sec_protocol_metadata_t` instance.
        Returns:
        Returns true if both metadata values refer to the same peer, and false otherwise.

      • sec_protocol_metadata_challenge_parameters_are_equal

        public static boolean sec_protocol_metadata_challenge_parameters_are_equal​(NSObject metadataA,
                                                                           NSObject metadataB)
        [@function] sec_protocol_metadata_challenge_parameters_are_equal Compare challenge-relevant information for two `sec_protocol_metadata` instances. This comparison includes all information relevant to a challenge request, including: distinguished names, signature algorithms, and supported certificate types. See Section 7.4.4 of RFC5246 for more details.
        Parameters:
        metadataA - A `sec_protocol_metadata_t` instance.
        metadataB - A `sec_protocol_metadata_t` instance.
        Returns:
        Returns true if both metadata values have the same challenge parameters.

      • sec_protocol_metadata_create_secret

        public static NSObject sec_protocol_metadata_create_secret​(NSObject metadata,
                                                           long label_len,
                                                           java.lang.String label,
                                                           long exporter_length)
        [@function] sec_protocol_metadata_create_secret Export a secret, e.g., a cryptographic key, derived from the protocol metadata using a label string.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        label_len - Length of the KDF label string.
        label - KDF label string.
        exporter_length - Length of the secret to be exported.
        Returns:
        Returns a dispatch_data_t object carrying the exported secret.

      • sec_protocol_metadata_create_secret_with_context

        public static NSObject sec_protocol_metadata_create_secret_with_context​(NSObject metadata,
                                                                        long label_len,
                                                                        java.lang.String label,
                                                                        long context_len,
                                                                        java.lang.String context,
                                                                        long exporter_length)
        [@function] sec_protocol_metadata_create_secret_with_context Export a secret, e.g., a cryptographic key, derived from the protocol metadata using a label and context string.
        Parameters:
        metadata - A `sec_protocol_metadata_t` instance.
        label_len - Length of the KDF label string.
        label - KDF label string.
        context_len - Length of the KDF context string.
        context - Constant opaque context value
        exporter_length - Length of the secret to be exported.
        Returns:
        Returns a dispatch_data_t object carrying the exported secret.

      • sec_protocol_options_are_equal

        public static boolean sec_protocol_options_are_equal​(NSObject optionsA,
                                                     NSObject optionsB)
        [@function] sec_protocol_options_are_equal Compare two `sec_protocol_options_t` instances.
        Parameters:
        optionsA - A `sec_protocol_options_t` instance.
        optionsB - A `sec_protocol_options_t` instance.
        Returns:
        True if equal, and false otherwise.

      • sec_protocol_options_set_local_identity

        public static void sec_protocol_options_set_local_identity​(NSObject options,
                                                           NSObject identity)
        [@function] sec_protocol_options_set_local_identity Set the local identity to be used for this protocol instance.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        identity - A `sec_identity_t` instance carrying the private key and certificate.

      • sec_protocol_options_append_tls_ciphersuite

        public static void sec_protocol_options_append_tls_ciphersuite​(NSObject options,
                                                               short ciphersuite)
        [@function] sec_protocol_options_append_tls_ciphersuite Append a TLS ciphersuite to the set of enabled ciphersuites.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        ciphersuite - A `tls_ciphersuite_t` value.

      • sec_protocol_options_add_tls_ciphersuite

        public static void sec_protocol_options_add_tls_ciphersuite​(NSObject options,
                                                            char ciphersuite)
        [@function] sec_protocol_options_add_tls_ciphersuite Add a TLS ciphersuite to the set of enabled ciphersuites.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        ciphersuite - A SSLCipherSuite value.

      • sec_protocol_options_append_tls_ciphersuite_group

        public static void sec_protocol_options_append_tls_ciphersuite_group​(NSObject options,
                                                                     short group)
        [@function] sec_protocol_options_append_tls_ciphersuite_group Append a TLS ciphersuite group to the set of enabled ciphersuites.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        group - A SSLCipherSuiteGroup value.

      • sec_protocol_options_add_tls_ciphersuite_group

        public static void sec_protocol_options_add_tls_ciphersuite_group​(NSObject options,
                                                                  int group)
        [@function] sec_protocol_options_add_tls_ciphersuite_group Add a TLS ciphersuite group to the set of enabled ciphersuites.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        group - A SSLCipherSuiteGroup value.

      • sec_protocol_options_set_tls_min_version

        public static void sec_protocol_options_set_tls_min_version​(NSObject options,
                                                            int version)
        [@function] sec_protocol_options_set_tls_min_version Set the minimum support TLS version.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        version - A SSLProtocol enum value.

      • sec_protocol_options_set_min_tls_protocol_version

        public static void sec_protocol_options_set_min_tls_protocol_version​(NSObject options,
                                                                     short version)
        [@function] sec_protocol_options_set_min_tls_protocol_version Set the minimum support TLS version.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        version - A tls_protocol_version_t enum value.

      • sec_protocol_options_get_default_min_tls_protocol_version

        public static short sec_protocol_options_get_default_min_tls_protocol_version()
        [@function] sec_protocol_options_get_default_min_tls_protocol_version Get the system default minimum TLS protocol version.
        Returns:
        The default minimum TLS version.

      • sec_protocol_options_get_default_min_dtls_protocol_version

        public static short sec_protocol_options_get_default_min_dtls_protocol_version()
        [@function] sec_protocol_options_get_default_min_dtls_protocol_version Get the system default minimum DTLS protocol version.
        Returns:
        The default minimum DTLS version.

      • sec_protocol_options_set_tls_max_version

        public static void sec_protocol_options_set_tls_max_version​(NSObject options,
                                                            int version)
        [@function] sec_protocol_options_set_tls_max_version Set the maximum support TLS version.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        version - A SSLProtocol enum value.

      • sec_protocol_options_set_max_tls_protocol_version

        public static void sec_protocol_options_set_max_tls_protocol_version​(NSObject options,
                                                                     short version)
        [@function] sec_protocol_options_set_max_tls_protocol_version Set the maximum support TLS version.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        version - A tls_protocol_version_t enum value.

      • sec_protocol_options_get_default_max_tls_protocol_version

        public static short sec_protocol_options_get_default_max_tls_protocol_version()
        [@function] sec_protocol_options_get_default_max_tls_protocol_version Get the system default maximum TLS protocol version.
        Returns:
        The default maximum TLS version.

      • sec_protocol_options_get_default_max_dtls_protocol_version

        public static short sec_protocol_options_get_default_max_dtls_protocol_version()
        [@function] sec_protocol_options_get_default_max_tls_protocol_version Get the system default maximum DTLS protocol version.
        Returns:
        The default maximum DTLS version.

      • sec_protocol_options_add_tls_application_protocol

        public static void sec_protocol_options_add_tls_application_protocol​(NSObject options,
                                                                     java.lang.String application_protocol)
        [@function] sec_protocol_options_add_tls_application_protocol Add an application protocol supported by clients of this protocol instance.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        application_protocol - A NULL-terminated string defining the application protocol.

      • sec_protocol_options_set_tls_server_name

        public static void sec_protocol_options_set_tls_server_name​(NSObject options,
                                                            java.lang.String server_name)
        [@function] sec_protocol_options_set_tls_server_name Set the server name to be used when verifying the peer's certificate. This will override the server name obtained from the endpoint.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        server_name - A NULL-terminated string carrying the server name.

      • sec_protocol_options_set_tls_diffie_hellman_parameters

        public static void sec_protocol_options_set_tls_diffie_hellman_parameters​(NSObject options,
                                                                          NSObject params)
        [@function] sec_protocol_options_set_tls_diffie_hellman_parameters Set the supported Diffie-Hellman parameters.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        params - A dispatch_data_t containing legacy Diffie-Hellman parameters.

      • sec_protocol_options_add_pre_shared_key

        public static void sec_protocol_options_add_pre_shared_key​(NSObject options,
                                                           NSObject psk,
                                                           NSObject psk_identity)
        [@function] sec_protocol_options_add_pre_shared_key Add a pre-shared key (PSK) and its identity to the options.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        psk - A dispatch_data_t containing a PSK blob.
        psk_identity - A dispatch_data_t containing a PSK identity blob.

      • sec_protocol_options_set_tls_pre_shared_key_identity_hint

        public static void sec_protocol_options_set_tls_pre_shared_key_identity_hint​(NSObject options,
                                                                             NSObject psk_identity_hint)
        [@function] sec_protocol_options_set_tls_pre_shared_key_identity_hint Set the PSK identity hint to use by servers when negotiating a PSK ciphersuite. See https://tools.ietf.org/html/rfc4279 for more details.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        psk_identity_hint - A dispatch_data_t containing a PSK identity hint.

      • sec_protocol_options_set_tls_tickets_enabled

        public static void sec_protocol_options_set_tls_tickets_enabled​(NSObject options,
                                                                boolean tickets_enabled)
        [@function] sec_protocol_options_set_tls_tickets_enabled Enable or disable TLS session ticket support.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        tickets_enabled - Flag to enable or disable TLS session ticket support.

      • sec_protocol_options_set_tls_is_fallback_attempt

        public static void sec_protocol_options_set_tls_is_fallback_attempt​(NSObject options,
                                                                    boolean is_fallback_attempt)
        [@function] sec_protocol_options_set_tls_is_fallback_attempt Signal if this is a TLS fallback attempt. A fallback attempt is one following a previously failed TLS connection due to version or parameter incompatibility, e.g., when speaking to a server that does not support a client-offered ciphersuite. Clients MUST NOT enable fallback for fresh connections.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        is_fallback_attempt - Set a flag indicating that this is a TLS fallback attempt.

      • sec_protocol_options_set_tls_resumption_enabled

        public static void sec_protocol_options_set_tls_resumption_enabled​(NSObject options,
                                                                   boolean resumption_enabled)
        [@function] sec_protocol_options_set_tls_resumption_enabled Enable or disable TLS session resumption.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        resumption_enabled - Flag to enable or disable TLS session resumption.

      • sec_protocol_options_set_tls_false_start_enabled

        public static void sec_protocol_options_set_tls_false_start_enabled​(NSObject options,
                                                                    boolean false_start_enabled)
        [@function] sec_protocol_options_set_tls_false_start_enabled Enable or disable TLS False Start.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        false_start_enabled - Flag to enable or disable TLS False Start.

      • sec_protocol_options_set_tls_ocsp_enabled

        public static void sec_protocol_options_set_tls_ocsp_enabled​(NSObject options,
                                                             boolean ocsp_enabled)
        [@function] nw_protocol_options_set_tls_ocsp_enabled Enable or disable OCSP support.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        ocsp_enabled - Flag to enable or disable OCSP support.

      • sec_protocol_options_set_tls_sct_enabled

        public static void sec_protocol_options_set_tls_sct_enabled​(NSObject options,
                                                            boolean sct_enabled)
        [@function] sec_protocol_options_set_tls_sct_enabled Enable or disable SCT (signed certificate timestamp) support.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        sct_enabled - Flag to enable or disable SCT support.

      • sec_protocol_options_set_tls_renegotiation_enabled

        public static void sec_protocol_options_set_tls_renegotiation_enabled​(NSObject options,
                                                                      boolean renegotiation_enabled)
        [@function] sec_protocol_options_set_tls_renegotiation_enabled Enable or disable TLS (1.2 and prior) session renegotiation. This defaults to `true`.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        renegotiation_enabled - Flag to enable or disable TLS (1.2 and prior) session renegotiation.

      • sec_protocol_options_set_peer_authentication_required

        public static void sec_protocol_options_set_peer_authentication_required​(NSObject options,
                                                                         boolean peer_authentication_required)
        [@function] sec_protocol_options_set_peer_authentication_required Enable or disable peer authentication. Clients default to true, whereas servers default to false.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        peer_authentication_required - Flag to enable or disable mandatory peer authentication.

      • kSecUseDataProtectionKeychain

        public static CFStringRef kSecUseDataProtectionKeychain()

      • sec_protocol_options_set_pre_shared_key_selection_block

        public static void sec_protocol_options_set_pre_shared_key_selection_block​(NSObject options,
                                                                           Security.Block_sec_protocol_options_set_pre_shared_key_selection_block psk_selection_block,
                                                                           NSObject psk_selection_queue)
        [@function] sec_protocol_options_set_pre_shared_key_selection_block Set the PSK selection block. [@params] psk_selection_queue A `dispatch_queue_t` on which the PSK selection block should be called.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        psk_selection_block - A `sec_protocol_pre_shared_key_selection_t` block.

      • sec_protocol_options_set_key_update_block

        public static void sec_protocol_options_set_key_update_block​(NSObject options,
                                                             Security.Block_sec_protocol_options_set_key_update_block key_update_block,
                                                             NSObject key_update_queue)
        [@function] sec_protocol_options_set_key_update_block Set the key update block. [@params] key_update_queue A `dispatch_queue_t` on which the key update block should be called.
        Parameters:
        options - A `sec_protocol_options_t` instance.
        key_update_block - A `sec_protocol_key_update_t` block.

      • sec_protocol_options_set_challenge_block

        public static void sec_protocol_options_set_challenge_block​(NSObject options,
                                                            Security.Block_sec_protocol_options_set_challenge_block challenge_block,
                                                            NSObject challenge_queue)
        [@function] sec_protocol_options_set_challenge_block Set the challenge block. [@params] challenge_block A `sec_protocol_challenge_t` block. [@params] challenge_queue A `dispatch_queue_t` on which the challenge block should be called.
        Parameters:
        options - A `sec_protocol_options_t` instance.

      • sec_protocol_options_set_verify_block

        public static void sec_protocol_options_set_verify_block​(NSObject options,
                                                         Security.Block_sec_protocol_options_set_verify_block verify_block,
                                                         NSObject verify_block_queue)
        [@function] sec_protocol_options_set_verify_block Set the verify block. [@params] verify_block A `sec_protocol_verify_t` block. [@params] verify_block_queue A `dispatch_queue_t` on which the verify block should be called.
        Parameters:
        options - A `sec_protocol_options_t` instance.

      • SecTrustCopyKey

        public static SecKeyRef SecTrustCopyKey​(SecTrustRef trust)
        [@function] SecTrustCopyKey Return the public key for a leaf certificate after it has been evaluated. RSA and ECDSA public keys are supported. All other public key algorithms are unsupported.
        Parameters:
        trust - A reference to the trust object which has been evaluated.
        Returns:
        The certificate's public key, or NULL if it the public key could not be extracted (this can happen if the public key algorithm is not supported). The caller is responsible for calling CFRelease on the returned key when it is no longer needed.