security_framework/
passwords_options.rsuse core_foundation::{string::CFString, base::{CFType, TCFType, CFOptionFlags}, number::CFNumber};
use security_framework_sys::{keychain::{SecProtocolType, SecAuthenticationType}, access_control::*};
use security_framework_sys::item::{
kSecAttrAccessControl, kSecAttrAccount, kSecAttrAuthenticationType, kSecAttrPath, kSecAttrPort, kSecAttrProtocol,
kSecAttrSecurityDomain, kSecAttrServer, kSecAttrService, kSecClass, kSecClassGenericPassword,
kSecClassInternetPassword,
};
use crate::access_control::SecAccessControl;
pub struct PasswordOptions {
pub query: Vec<(CFString, CFType)>,
}
bitflags::bitflags! {
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct AccessControlOptions: CFOptionFlags {
const USER_PRESENCE = kSecAccessControlUserPresence;
#[cfg(feature = "OSX_10_13")]
const BIOMETRY_ANY = kSecAccessControlBiometryAny;
#[cfg(feature = "OSX_10_13")]
const BIOMETRY_CURRENT_SET = kSecAccessControlBiometryCurrentSet;
const DEVICE_PASSCODE = kSecAccessControlDevicePasscode;
#[cfg(feature = "OSX_10_15")]
const WATCH = kSecAccessControlWatch;
const OR = kSecAccessControlOr;
const AND = kSecAccessControlAnd;
const PRIVATE_KEY_USAGE = kSecAccessControlPrivateKeyUsage;
const APPLICATION_PASSWORD = kSecAccessControlApplicationPassword;
}
}
impl PasswordOptions {
#[must_use] pub fn new_generic_password(service: &str, account: &str) -> Self {
let query = vec![
(
unsafe { CFString::wrap_under_get_rule(kSecClass) },
unsafe { CFString::wrap_under_get_rule(kSecClassGenericPassword).into_CFType() },
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrService) },
CFString::from(service).into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrAccount) },
CFString::from(account).into_CFType(),
),
];
Self { query }
}
#[must_use] pub fn new_internet_password(
server: &str,
security_domain: Option<&str>,
account: &str,
path: &str,
port: Option<u16>,
protocol: SecProtocolType,
authentication_type: SecAuthenticationType,
) -> Self {
let mut query = vec![
(
unsafe { CFString::wrap_under_get_rule(kSecClass) },
unsafe { CFString::wrap_under_get_rule(kSecClassInternetPassword) }.into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrServer) },
CFString::from(server).into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrPath) },
CFString::from(path).into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrAccount) },
CFString::from(account).into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrProtocol) },
CFNumber::from(protocol as i32).into_CFType(),
),
(
unsafe { CFString::wrap_under_get_rule(kSecAttrAuthenticationType) },
CFNumber::from(authentication_type as i32).into_CFType(),
),
];
if let Some(domain) = security_domain {
query.push((
unsafe { CFString::wrap_under_get_rule(kSecAttrSecurityDomain) },
CFString::from(domain).into_CFType(),
));
}
if let Some(port) = port {
query.push((
unsafe { CFString::wrap_under_get_rule(kSecAttrPort) },
CFNumber::from(i32::from(port)).into_CFType(),
));
}
Self { query }
}
pub fn set_access_control_options(&mut self, options: AccessControlOptions) {
self.query.push((
unsafe { CFString::wrap_under_get_rule(kSecAttrAccessControl) },
SecAccessControl::create_with_flags(options.bits())
.unwrap()
.into_CFType(),
));
}
}