我正在编写Security framework crate的更新,这是对Apple Security.framework的绑定.
我添加了一些功能,如SecCertificateAddToKeychain
,没有任何问题,但使用SecTrustSettingsSetTrustSettings
,结果总是
-2070 errSecInternalComponent
.
以下是完整的实施:
use crate::base::SecCertificateRef;
use core_foundation_sys::array::CFArrayRef;
use core_foundation_sys::base::CFTypeRef;
use core_foundation_sys::base::OSStatus;
pub type SecTrustSettingsDomain = u32;
pub const kSecTrustSettingsDomainUser: SecTrustSettingsDomain = 0;
pub const kSecTrustSettingsDomainAdmin: SecTrustSettingsDomain = 1;
pub const kSecTrustSettingsDomainSystem: SecTrustSettingsDomain = 2;
pub type SecTrustSettingsResult = u32;
pub const kSecTrustSettingsResultInvalid: SecTrustSettingsResult = 0;
pub const kSecTrustSettingsResultTrustRoot: SecTrustSettingsResult = 1;
pub const kSecTrustSettingsResultTrustAsRoot: SecTrustSettingsResult = 2;
pub const kSecTrustSettingsResultDeny: SecTrustSettingsResult = 3;
pub const kSecTrustSettingsResultUnspecified: SecTrustSettingsResult = 4;
extern "C" {
pub fn SecTrustSettingsCopyCertificates(
domain: SecTrustSettingsDomain,
certsOut: *mut CFArrayRef,
) -> OSStatus;
pub fn SecTrustSettingsCopyTrustSettings(
certificateRef: SecCertificateRef,
domain: SecTrustSettingsDomain,
trustSettings: *mut CFArrayRef,
) -> OSStatus;
pub fn SecTrustSettingsSetTrustSettings(
certificateRef: SecCertificateRef,
domain: SecTrustSettingsDomain,
trustSettingsDictOrArray: CFTypeRef,
) -> OSStatus;
}
这是我调用该函数的方式:
pub fn set_trust_settings(cert: &SecCertificate) -> Result<()>{
let domain = kSecTrustSettingsDomainAdmin;
let trust_settings: CFTypeRef = ptr::null_mut();
cvt(unsafe {
SecTrustSettingsSetTrustSettings(
cert.as_CFTypeRef() as *mut _,
domain,
trust_settings,
)
})
}
Notes个
-
sudo security add-trusted-certs [..]
正常工作,没有任何问题 - 我想添加此功能,以允许用户以编程方式添加我的应用程序证书,而不是每次手动添加它,我也想实现删除证书,以便在会话后删除它们
- 我使用的是带有M2的MacOS 13
-
sudo security authorizationdb write com.apple.trust-settings.admin allow
美元不管用