<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[15211] OSXFrameworks/trunk/osx/frameworks/_security_cffi.py</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/15211">15211</a></dd>
<dt>Author</dt> <dd>cdaboo@apple.com</dd>
<dt>Date</dt> <dd>2015-10-22 14:41:51 -0700 (Thu, 22 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Expose more framework APIs.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#OSXFrameworkstrunkosxframeworks_security_cffipy">OSXFrameworks/trunk/osx/frameworks/_security_cffi.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="OSXFrameworkstrunkosxframeworks_security_cffipy"></a>
<div class="modfile"><h4>Modified: OSXFrameworks/trunk/osx/frameworks/_security_cffi.py (15210 => 15211)</h4>
<pre class="diff"><span>
<span class="info">--- OSXFrameworks/trunk/osx/frameworks/_security_cffi.py        2015-10-21 20:10:47 UTC (rev 15210)
+++ OSXFrameworks/trunk/osx/frameworks/_security_cffi.py        2015-10-22 21:41:51 UTC (rev 15211)
</span><span class="lines">@@ -24,9 +24,48 @@
</span><span class="cx"> TYPES = """
</span><span class="cx">
</span><span class="cx"> // SecBase.h
</span><ins>+typedef struct OpaqueSecKeyRef *SecKeyRef;
</ins><span class="cx"> typedef struct OpaqueSecCertificateRef *SecCertificateRef;
</span><span class="cx"> typedef struct OpaqueSecIdentityRef *SecIdentityRef;
</span><ins>+typedef struct OpaqueSecKeychainRef *SecKeychainRef;
</ins><span class="cx">
</span><ins>+// SecImportExport.h
+typedef enum
+{
+ kSecFormatUnknown = 0,
+ kSecFormatOpenSSL,
+ kSecFormatSSH,
+ kSecFormatBSAFE,
+ kSecFormatRawKey,
+ kSecFormatWrappedPKCS8,
+ kSecFormatWrappedOpenSSL,
+ kSecFormatWrappedSSH,
+ kSecFormatWrappedLSH,
+ kSecFormatX509Cert,
+ kSecFormatPEMSequence,
+ kSecFormatPKCS7,
+ kSecFormatPKCS12,
+ kSecFormatNetscapeCertSequence,
+ kSecFormatSSHv2
+} SecExternalFormat;
+
+typedef enum {
+ kSecItemTypeUnknown,
+ kSecItemTypePrivateKey,
+ kSecItemTypePublicKey,
+ kSecItemTypeSessionKey,
+ kSecItemTypeCertificate,
+ kSecItemTypeAggregate
+} SecExternalItemType;
+
+typedef enum SecItemImportExportFlags
+{
+ kSecItemPemArmour = 0x00000001,
+} SecItemImportExportFlags;
+
+struct _SecItemImportExportKeyParameters;
+typedef struct _SecItemImportExportKeyParameters SecItemImportExportKeyParameters;
+
</ins><span class="cx"> // SecureTransport.h
</span><span class="cx"> typedef enum
</span><span class="cx"> {
</span><span class="lines">@@ -41,19 +80,17 @@
</span><span class="cx"> } SSLConnectionType;
</span><span class="cx">
</span><span class="cx"> typedef enum {
</span><del>- kSSLProtocolUnknown = 0, /* no protocol negotiated/specified; use default */
- kSSLProtocol3 = 2, /* SSL 3.0 */
- kTLSProtocol1 = 4, /* TLS 1.0 */
- kTLSProtocol11 = 7, /* TLS 1.1 */
- kTLSProtocol12 = 8, /* TLS 1.2 */
- kDTLSProtocol1 = 9, /* DTLS 1.0 */
</del><ins>+ kSSLProtocolUnknown = 0,
+ kSSLProtocol3 = 2,
+ kTLSProtocol1 = 4,
+ kTLSProtocol11 = 7,
+ kTLSProtocol12 = 8,
+ kDTLSProtocol1 = 9,
+ kSSLProtocol2 = 1,
+ kSSLProtocol3Only = 3,
+ kTLSProtocol1Only = 5,
+ kSSLProtocolAll = 6,
</ins><span class="cx">
</span><del>- /* DEPRECATED on iOS */
- kSSLProtocol2 = 1, /* SSL 2.0 */
- kSSLProtocol3Only = 3, /* SSL 3.0 Only */
- kTLSProtocol1Only = 5, /* TLS 1.0 Only */
- kSSLProtocolAll = 6, /* All TLS supported protocols */
-
</del><span class="cx"> } SSLProtocol;
</span><span class="cx">
</span><span class="cx"> struct SSLContext;
</span><span class="lines">@@ -267,81 +304,93 @@
</span><span class="cx"> const CFStringRef kSecValuePersistentRef;
</span><span class="cx">
</span><span class="cx"> enum {
</span><del>- errSSLProtocol = -9800, /* SSL protocol error */
- errSSLNegotiation = -9801, /* Cipher Suite negotiation failure */
- errSSLFatalAlert = -9802, /* Fatal alert */
- errSSLWouldBlock = -9803, /* I/O would block (not fatal) */
- errSSLSessionNotFound = -9804, /* attempt to restore an unknown session */
- errSSLClosedGraceful = -9805, /* connection closed gracefully */
- errSSLClosedAbort = -9806, /* connection closed via error */
- errSSLXCertChainInvalid = -9807, /* invalid certificate chain */
- errSSLBadCert = -9808, /* bad certificate format */
- errSSLCrypto = -9809, /* underlying cryptographic error */
- errSSLInternal = -9810, /* Internal error */
- errSSLModuleAttach = -9811, /* module attach failure */
- errSSLUnknownRootCert = -9812, /* valid cert chain, untrusted root */
- errSSLNoRootCert = -9813, /* cert chain not verified by root */
- errSSLCertExpired = -9814, /* chain had an expired cert */
- errSSLCertNotYetValid = -9815, /* chain had a cert not yet valid */
- errSSLClosedNoNotify = -9816, /* server closed session with no notification */
- errSSLBufferOverflow = -9817, /* insufficient buffer provided */
- errSSLBadCipherSuite = -9818, /* bad SSLCipherSuite */
</del><ins>+ errSSLProtocol = -9800,
+ errSSLNegotiation = -9801,
+ errSSLFatalAlert = -9802,
+ errSSLWouldBlock = -9803,
+ errSSLSessionNotFound = -9804,
+ errSSLClosedGraceful = -9805,
+ errSSLClosedAbort = -9806,
+ errSSLXCertChainInvalid = -9807,
+ errSSLBadCert = -9808,
+ errSSLCrypto = -9809,
+ errSSLInternal = -9810,
+ errSSLModuleAttach = -9811,
+ errSSLUnknownRootCert = -9812,
+ errSSLNoRootCert = -9813,
+ errSSLCertExpired = -9814,
+ errSSLCertNotYetValid = -9815,
+ errSSLClosedNoNotify = -9816,
+ errSSLBufferOverflow = -9817,
+ errSSLBadCipherSuite = -9818,
</ins><span class="cx">
</span><del>- /* fatal errors detected by peer */
- errSSLPeerUnexpectedMsg = -9819, /* unexpected message received */
- errSSLPeerBadRecordMac = -9820, /* bad MAC */
- errSSLPeerDecryptionFail = -9821, /* decryption failed */
- errSSLPeerRecordOverflow = -9822, /* record overflow */
- errSSLPeerDecompressFail = -9823, /* decompression failure */
- errSSLPeerHandshakeFail = -9824, /* handshake failure */
- errSSLPeerBadCert = -9825, /* misc. bad certificate */
- errSSLPeerUnsupportedCert = -9826, /* bad unsupported cert format */
- errSSLPeerCertRevoked = -9827, /* certificate revoked */
- errSSLPeerCertExpired = -9828, /* certificate expired */
- errSSLPeerCertUnknown = -9829, /* unknown certificate */
- errSSLIllegalParam = -9830, /* illegal parameter */
- errSSLPeerUnknownCA = -9831, /* unknown Cert Authority */
- errSSLPeerAccessDenied = -9832, /* access denied */
- errSSLPeerDecodeError = -9833, /* decoding error */
- errSSLPeerDecryptError = -9834, /* decryption error */
- errSSLPeerExportRestriction = -9835, /* export restriction */
- errSSLPeerProtocolVersion = -9836, /* bad protocol version */
- errSSLPeerInsufficientSecurity = -9837, /* insufficient security */
- errSSLPeerInternalError = -9838, /* internal error */
- errSSLPeerUserCancelled = -9839, /* user canceled */
- errSSLPeerNoRenegotiation = -9840, /* no renegotiation allowed */
</del><ins>+ errSSLPeerUnexpectedMsg = -9819,
+ errSSLPeerBadRecordMac = -9820,
+ errSSLPeerDecryptionFail = -9821,
+ errSSLPeerRecordOverflow = -9822,
+ errSSLPeerDecompressFail = -9823,
+ errSSLPeerHandshakeFail = -9824,
+ errSSLPeerBadCert = -9825,
+ errSSLPeerUnsupportedCert = -9826,
+ errSSLPeerCertRevoked = -9827,
+ errSSLPeerCertExpired = -9828,
+ errSSLPeerCertUnknown = -9829,
+ errSSLIllegalParam = -9830,
+ errSSLPeerUnknownCA = -9831,
+ errSSLPeerAccessDenied = -9832,
+ errSSLPeerDecodeError = -9833,
+ errSSLPeerDecryptError = -9834,
+ errSSLPeerExportRestriction = -9835,
+ errSSLPeerProtocolVersion = -9836,
+ errSSLPeerInsufficientSecurity = -9837,
+ errSSLPeerInternalError = -9838,
+ errSSLPeerUserCancelled = -9839,
+ errSSLPeerNoRenegotiation = -9840,
</ins><span class="cx">
</span><del>- /* non-fatal result codes */
- errSSLPeerAuthCompleted = -9841, /* peer cert is valid, or was ignored if verification disabled */
- errSSLClientCertRequested = -9842, /* server has requested a client cert */
</del><ins>+ errSSLPeerAuthCompleted = -9841,
+ errSSLClientCertRequested = -9842,
</ins><span class="cx">
</span><del>- /* more errors detected by us */
- errSSLHostNameMismatch = -9843, /* peer host name mismatch */
- errSSLConnectionRefused = -9844, /* peer dropped connection before responding */
- errSSLDecryptionFail = -9845, /* decryption failure */
- errSSLBadRecordMac = -9846, /* bad MAC */
- errSSLRecordOverflow = -9847, /* record overflow */
- errSSLBadConfiguration = -9848, /* configuration error */
- errSSLUnexpectedRecord = -9849, /* unexpected (skipped) record in DTLS */
- errSSLWeakPeerEphemeralDHKey = -9850, /* weak ephemeral dh key */
</del><ins>+ errSSLHostNameMismatch = -9843,
+ errSSLConnectionRefused = -9844,
+ errSSLDecryptionFail = -9845,
+ errSSLBadRecordMac = -9846,
+ errSSLRecordOverflow = -9847,
+ errSSLBadConfiguration = -9848,
+ errSSLUnexpectedRecord = -9849,
+ errSSLWeakPeerEphemeralDHKey = -9850,
</ins><span class="cx">
</span><del>- /* non-fatal result codes */
- errSSLClientHelloReceived = -9851, /* SNI */
</del><ins>+ errSSLClientHelloReceived = -9851,
</ins><span class="cx"> };
</span><span class="cx"> """
</span><span class="cx">
</span><span class="cx"> FUNCTIONS = """
</span><span class="cx">
</span><span class="cx"> // SecCertificate.h
</span><ins>+CFTypeID SecCertificateGetTypeID(void);
</ins><span class="cx"> SecCertificateRef SecCertificateCopyPreferred(CFStringRef name, CFArrayRef keyUsage);
</span><span class="cx"> CFDictionaryRef SecCertificateCopyValues(SecCertificateRef certificate, CFArrayRef keys, CFErrorRef *error);
</span><span class="cx">
</span><span class="cx"> // SecIdentity.h
</span><span class="cx"> OSStatus SecIdentityCopyCertificate ( SecIdentityRef identityRef, SecCertificateRef *certificateRef );
</span><ins>+SecIdentityRef SecIdentityCopyPreferred ( CFStringRef name, CFArrayRef keyUsage, CFArrayRef validIssuers );
</ins><span class="cx">
</span><ins>+// SecImportExport.h
+OSStatus SecItemImport(
+ CFDataRef importedData,
+ CFStringRef fileNameOrExtension,
+ SecExternalFormat * inputFormat,
+ SecExternalItemType * itemType,
+ SecItemImportExportFlags flags,
+ const SecItemImportExportKeyParameters * keyParams,
+ SecKeychainRef importKeychain,
+ CFArrayRef * outItems);
+
</ins><span class="cx"> // SecItem.h
</span><span class="cx"> OSStatus SecItemCopyMatching ( CFDictionaryRef query, CFTypeRef *result );
</span><span class="cx">
</span><ins>+// SecKey.h
+CFTypeID SecKeyGetTypeID(void);
+
</ins><span class="cx"> // SecKeychain.h
</span><span class="cx"> OSStatus SecKeychainSetUserInteractionAllowed ( Boolean state );
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>