Module org.jetbrains.nativecerts

Package org.jetbrains.nativecerts.mac

Interface SecurityFramework

All Superinterfaces:

com.sun.jna.Library

public interface SecurityFramework
extends com.sun.jna.Library

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	SecurityFramework.OSStatus	Result codes common to many Security framework functions.
static class	SecurityFramework.SecCertificateRef	An abstract Core Foundation-type object representing an X.509 certificate.
static class	SecurityFramework.SecKeychainRef	An opaque type that represents a keychain.
static class	SecurityFramework.SecKeychainRefByReference
static class	SecurityFramework.SecPolicyRef	An object that represents a trust policy.
static class	SecurityFramework.SecTrustRef	An object used to evaluate trust.
static class	SecurityFramework.SecTrustRefByReference
static class	SecurityFramework.SecTrustSettingsDomain	The trust settings domains.
static class	SecurityFramework.SecTrustSettingsResult	Trust settings returned in usage constraints dictionaries.

Nested classes/interfaces inherited from interface com.sun.jna.Library

com.sun.jna.Library.Handler

Field Summary

Fields

Modifier and Type	Field	Description
static final SecurityFramework	INSTANCE
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecClass	A dictionary key whose value is the item’s class.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecClassCertificate	The value that indicates a certificate item.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecMatchLimit	A key whose value indicates the match limit.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecMatchLimitAll	A value that corresponds to matching an unlimited number of items.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecMatchSearchList	A key whose value indicates a list of items to search.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecPolicyAppleSSL	Basic X509 plus host name verification per RFC 2818.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecPolicyOid	The object identifier that defines the policy type (CFStringRef).
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecReturnRef	A key whose value is a Boolean indicating whether or not to return a reference to an item.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecTrustSettingsAllowedError	A number which, if encountered during certificate verification, is ignored for that certificate.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecTrustSettingsPolicy	A policy object specifying the certificate verification policy.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecTrustSettingsPolicyName	Specifies a cert verification policy, e.g., sslServer, eapClient, etc. using policy names.
static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef	kSecTrustSettingsResult	A number indicating the effective trust setting for this usage constraints dictionary.
static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SEC_CERTIFICATE_TYPE_ID
static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SEC_KEYCHAIN_REF_TYPE_ID
static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SEC_POLICY_TYPE_ID
static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SEC_TRUST_TYPE_ID

Fields inherited from interface com.sun.jna.Library

OPTION_ALLOW_OBJECTS, OPTION_CALLING_CONVENTION, OPTION_CLASSLOADER, OPTION_FUNCTION_MAPPER, OPTION_INVOCATION_MAPPER, OPTION_OPEN_FLAGS, OPTION_STRING_ENCODING, OPTION_STRUCTURE_ALIGNMENT, OPTION_SYMBOL_PROVIDER, OPTION_TYPE_MAPPER

Method Summary

Modifier and Type	Method	Description
@NotNull SecurityFramework.OSStatus	SecCertificateCopyCommonName(@NotNull SecurityFramework.SecCertificateRef certificate, @NotNull CoreFoundationExt.CFStringRefByReference commonName)	Retrieves the common name of the subject of a certificate.
com.sun.jna.platform.mac.CoreFoundation.CFDataRef	SecCertificateCopyData(SecurityFramework.SecCertificateRef certificate)	Returns a DER representation of a certificate given a certificate object.
com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SecCertificateGetTypeID()
com.sun.jna.platform.mac.CoreFoundation.CFStringRef	SecCopyErrorMessageString(@NotNull SecurityFramework.OSStatus status, @Nullable com.sun.jna.Pointer reserved)	Returns a string explaining the meaning of a security result code.
@NotNull SecurityFramework.OSStatus	SecItemCopyMatching(com.sun.jna.platform.mac.CoreFoundation.CFDictionaryRef query, CoreFoundationExt.CFArrayRefByReference result)	Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.
SecurityFramework.OSStatus	SecKeychainCopyDomainSearchList(SecurityFramework.SecTrustSettingsDomain domain, CoreFoundationExt.CFArrayRefByReference searchList)	Retrieves the keychain search list for a specified preference domain.
com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SecKeychainGetTypeID()
SecurityFramework.OSStatus	SecKeychainOpen(String pathName, SecurityFramework.SecKeychainRefByReference keychain)	Opens a keychain.
com.sun.jna.platform.mac.CoreFoundation.CFDictionaryRef	SecPolicyCopyProperties(SecurityFramework.SecPolicyRef policyRef)	Returns a dictionary containing a policy’s properties.
SecurityFramework.SecPolicyRef	SecPolicyCreateSSL(boolean server, com.sun.jna.platform.mac.CoreFoundation.CFStringRef hostname)	Returns a policy object for evaluating SSL certificate chains.
com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SecPolicyGetTypeID()
SecurityFramework.OSStatus	SecTrustCreateWithCertificates(com.sun.jna.platform.mac.CoreFoundation.CFArrayRef certificates, SecurityFramework.SecPolicyRef policies, SecurityFramework.SecTrustRefByReference trust)	Creates a trust management object based on certificates and policies.
boolean	SecTrustEvaluateWithError(SecurityFramework.SecTrustRef trust, CoreFoundationExt.CFErrorRef.ByReference error)	Evaluates trust for the specified certificate and policies.
com.sun.jna.platform.mac.CoreFoundation.CFTypeID	SecTrustGetTypeID()
@NotNull SecurityFramework.OSStatus	SecTrustSettingsCopyCertificates(@NotNull SecurityFramework.SecTrustSettingsDomain domain, @NotNull CoreFoundationExt.CFArrayRefByReference certArray)	Obtains an array of all certificates that have trust settings in a specific trust settings domain.
SecurityFramework.OSStatus	SecTrustSettingsCopyTrustSettings(SecurityFramework.SecCertificateRef certRef, SecurityFramework.SecTrustSettingsDomain domain, CoreFoundationExt.CFArrayRefByReference trustSettings)	Obtains the trust settings for a certificate.

Field Details

INSTANCE

static final SecurityFramework INSTANCE

kSecClass

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecClass

A dictionary key whose value is the item’s class.

See Also:

• https://developer.apple.com/documentation/security/ksecclass

kSecMatchLimit

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecMatchLimit

A key whose value indicates the match limit.

See Also:

• https://developer.apple.com/documentation/security/kSecMatchLimit

kSecMatchSearchList

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecMatchSearchList

A key whose value indicates a list of items to search.

See Also:

• https://developer.apple.com/documentation/security/kSecMatchSearchList

kSecMatchLimitAll

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecMatchLimitAll

A value that corresponds to matching an unlimited number of items.

See Also:

• https://developer.apple.com/documentation/security/kSecMatchLimitAll

kSecReturnRef

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecReturnRef

A key whose value is a Boolean indicating whether or not to return a reference to an item.

See Also:

• https://developer.apple.com/documentation/security/kSecReturnRef

kSecClassCertificate

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecClassCertificate

The value that indicates a certificate item.

See Also:

• https://developer.apple.com/documentation/security/kSecClassCertificate

SEC_CERTIFICATE_TYPE_ID

static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID SEC_CERTIFICATE_TYPE_ID

SEC_KEYCHAIN_REF_TYPE_ID

static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID SEC_KEYCHAIN_REF_TYPE_ID

SEC_POLICY_TYPE_ID

static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID SEC_POLICY_TYPE_ID

SEC_TRUST_TYPE_ID

static final com.sun.jna.platform.mac.CoreFoundation.CFTypeID SEC_TRUST_TYPE_ID

kSecPolicyAppleSSL

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecPolicyAppleSSL

Basic X509 plus host name verification per RFC 2818.

See Also:

• developer.apple.com

kSecPolicyOid

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecPolicyOid

The object identifier that defines the policy type (CFStringRef). All policies have a value for this key.

See Also:

• developer.apple.com

kSecTrustSettingsResult

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecTrustSettingsResult

A number indicating the effective trust setting for this usage constraints dictionary.

See Also:

• developer.apple.com

kSecTrustSettingsAllowedError

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecTrustSettingsAllowedError

A number which, if encountered during certificate verification, is ignored for that certificate.

See Also:

• developer.apple.com

kSecTrustSettingsPolicyName

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecTrustSettingsPolicyName

Specifies a cert verification policy, e.g., sslServer, eapClient, etc. using policy names. This entry can be used to restrict the policy where the same Policy Constant is used for multiple policyNames

kSecTrustSettingsPolicy

static final com.sun.jna.platform.mac.CoreFoundation.CFStringRef kSecTrustSettingsPolicy

A policy object specifying the certificate verification policy.

See Also:

• developer.apple.com

Method Details

SecCopyErrorMessageString

@Nullable
com.sun.jna.platform.mac.CoreFoundation.CFStringRef SecCopyErrorMessageString(@NotNull
 @NotNull SecurityFramework.OSStatus status,
 @Nullable
 @Nullable com.sun.jna.Pointer reserved)

Returns a string explaining the meaning of a security result code.

Parameters:

status - A result code of type OSStatus returned by a security function. See Security Framework Result Codes for a list of codes.

reserved - Reserved for future use. Pass NULL for this parameter.

Returns:

A human-readable string describing the result, or NULL if no string is available for the specified result code. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished using it.

See Also:

• https://developer.apple.com/documentation/security/seccopyerrormessagestring(_:_:)

SecTrustSettingsCopyCertificates

@NotNull
@NotNull SecurityFramework.OSStatus SecTrustSettingsCopyCertificates(@NotNull
 @NotNull SecurityFramework.SecTrustSettingsDomain domain,
 @NotNull
 @NotNull CoreFoundationExt.CFArrayRefByReference certArray)

Obtains an array of all certificates that have trust settings in a specific trust settings domain.

Parameters:

domain - The trust settings domain for which you want a list of certificates. For possible values, see SecurityFramework.SecTrustSettingsDomain.

certArray - On return, an array of SecurityFramework.SecCertificateRef objects representing the certificates that have trust settings in the specified domain. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished with it.

Returns:

A result code. See Security Framework Result Codes. Returns SecurityFramework.OSStatus.errSecNoTrustSettings if no trust settings exist for the specified domain.

See Also:

• developer.apple.com

SecItemCopyMatching

@NotNull
@NotNull SecurityFramework.OSStatus SecItemCopyMatching(@NotNull
 com.sun.jna.platform.mac.CoreFoundation.CFDictionaryRef query,
 CoreFoundationExt.CFArrayRefByReference result)

Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.

See Also:

• https://developer.apple.com/documentation/security/secitemcopymatching(_:_:)

SecKeychainOpen

SecurityFramework.OSStatus SecKeychainOpen(String pathName,
 SecurityFramework.SecKeychainRefByReference keychain)

Opens a keychain.

Parameters:

pathName - A constant character string representing the POSIX path to the keychain to open.

keychain - On return, a pointer to the keychain object. You must call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished using it.

Returns:

A result code. See SecurityFramework.OSStatus

See Also:

• https://developer.apple.com/documentation/security/seckeychainopen(_:_:)

SecCertificateCopyCommonName

@NotNull
@NotNull SecurityFramework.OSStatus SecCertificateCopyCommonName(@NotNull
 @NotNull SecurityFramework.SecCertificateRef certificate,
 @NotNull
 @NotNull CoreFoundationExt.CFStringRefByReference commonName)

Retrieves the common name of the subject of a certificate.

Parameters:

certificate - The certificate object from which to retrieve the common name.

commonName - On return, points to the common name. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished with it.

Returns:

A result code. See SecurityFramework.OSStatus

See Also:

• developer.apple.com

SecCertificateGetTypeID

com.sun.jna.platform.mac.CoreFoundation.CFTypeID SecCertificateGetTypeID()

SecPolicyGetTypeID

com.sun.jna.platform.mac.CoreFoundation.CFTypeID SecPolicyGetTypeID()

SecKeychainGetTypeID

com.sun.jna.platform.mac.CoreFoundation.CFTypeID SecKeychainGetTypeID()

SecTrustGetTypeID

com.sun.jna.platform.mac.CoreFoundation.CFTypeID SecTrustGetTypeID()

SecPolicyCreateSSL

SecurityFramework.SecPolicyRef SecPolicyCreateSSL(boolean server,
 com.sun.jna.platform.mac.CoreFoundation.CFStringRef hostname)

Returns a policy object for evaluating SSL certificate chains.

Parameters:

server - Specify true on the client side to return a policy for SSL server certificates.

hostname - If you specify a value for this parameter, the policy will require the specified value to match the host name in the leaf certificate.

Returns:

The policy object. In Objective-C, call the CFRelease function to release the object when you are finished with it.

See Also:

• https://developer.apple.com/documentation/security/secpolicycreatessl(_:_:)

SecPolicyCopyProperties

com.sun.jna.platform.mac.CoreFoundation.CFDictionaryRef SecPolicyCopyProperties(SecurityFramework.SecPolicyRef policyRef)

Returns a dictionary containing a policy’s properties.

Parameters:

policyRef - The policy from which properties should be copied.

Returns:

A dictionary with the policy's properties. See Security Policy Keys for a list of valid keys. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to free the dictionary's memory when you are done with it.

See Also:

• developer.apple.com

SecCertificateCopyData

com.sun.jna.platform.mac.CoreFoundation.CFDataRef SecCertificateCopyData(SecurityFramework.SecCertificateRef certificate)

Returns a DER representation of a certificate given a certificate object.

Parameters:

certificate - The certificate object for which you wish to return the DER (Distinguished Encoding Rules) representation of the X.509 certificate.

Returns:

The DER representation of the certificate. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished with it. Returns NULL if the data passed in the certificate parameter is not a valid certificate object.

See Also:

• developer.apple.com

SecTrustSettingsCopyTrustSettings

SecurityFramework.OSStatus SecTrustSettingsCopyTrustSettings(SecurityFramework.SecCertificateRef certRef,
 SecurityFramework.SecTrustSettingsDomain domain,
 CoreFoundationExt.CFArrayRefByReference trustSettings)

Obtains the trust settings for a certificate.

Parameters:

certRef - The certificate for which you want the trust settings. Pass the value kSecTrustSettingsDefaultRootCertSetting to obtain the default root certificate trust settings for the domain.

domain - The trust settings domain of the trust settings that you wish to obtain. For possible values, see SecurityFramework.SecTrustSettingsDomain.

trustSettings - On return, an array of CoreFoundation.CFDictionaryRef objects specifying the trust settings for the certificate. For the contents of the dictionaries, see the discussion below. Call the CoreFoundation.CFRelease(CoreFoundation.CFTypeRef) function to release this object when you are finished with it.

Returns:

A result code. See SecurityFramework.OSStatus. Returns SecurityFramework.OSStatus.errSecItemNotFound if no trust settings exist for the specified certificate and domain.

See Also:

• developer.apple.com

SecTrustCreateWithCertificates

SecurityFramework.OSStatus SecTrustCreateWithCertificates(com.sun.jna.platform.mac.CoreFoundation.CFArrayRef certificates,
 SecurityFramework.SecPolicyRef policies,
 SecurityFramework.SecTrustRefByReference trust)

Creates a trust management object based on certificates and policies.

Parameters:

certificates - The certificate to be verified, plus any other certificates you think might be useful for verifying the certificate. The certificate to be verified must be the first in the array. If you want to specify only one certificate, you can pass a SecCertificateRef object; otherwise, pass an array of SecCertificateRef objects.

policies - References to one or more policies to be evaluated. You can pass a single SecPolicyRef object, or an array of one or more SecPolicyRef objects. If you pass in multiple policies, all policies must verify for the certificate chain to be considered valid. You typically use one of the standard policies, like the one returned by SecPolicyCreateBasicX509.

trust - On return, points to the newly created trust management object. In Objective-C, call the CFRelease function to release this object when you are finished with it.

Returns:

A result code. See Security Framework Result Codes.

See Also:

• https://developer.apple.com/documentation/security/sectrustcreatewithcertificates(_:_:_:)

SecTrustEvaluateWithError

boolean SecTrustEvaluateWithError(SecurityFramework.SecTrustRef trust,
 CoreFoundationExt.CFErrorRef.ByReference error)

Evaluates trust for the specified certificate and policies.

Parameters:

trust - The trust management object to evaluate. A trust management object includes the certificate to be verified plus the policy or policies to be used in evaluating trust. It can optionally also include other certificates to be used in verifying the first certificate. Use the SecTrustCreateWithCertificates function to create a trust management object.

error - An error pointer the method uses to return an error when trust evaluation fails. Set to nil to ignore the error.

Returns:

true if the certificate is trusted; otherwise, false.

SecKeychainCopyDomainSearchList

SecurityFramework.OSStatus SecKeychainCopyDomainSearchList(SecurityFramework.SecTrustSettingsDomain domain,
 CoreFoundationExt.CFArrayRefByReference searchList)

Retrieves the keychain search list for a specified preference domain.

Parameters:

domain - The preference domain from which you wish to retrieve the keychain search list. See SecurityFramework.SecTrustSettingsDomain for possible domain values.

searchList - On return, a pointer to the keychain search list of the specified preference domain.

Returns:

A result code. See SecurityFramework.OSStatus

See Also:

• https://developer.apple.com/documentation/security/seckeychaincopydomainsearchlist(_:_: