[apple/security.git] / libsecurity_keychain / lib / SecKeychain.h

/*
 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
	@header SecKeychain
	SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
*/

#ifndef _SECURITY_SECKEYCHAIN_H_
#define _SECURITY_SECKEYCHAIN_H_

#include <Security/SecBase.h>
#include <Security/cssmapple.h>
#include <CoreFoundation/CFArray.h>
#include <libkern/OSByteOrder.h>

#if defined(__cplusplus)
extern "C" {
#endif

/*!
	@enum KeychainStatus
	@abstract Defines the current status of a keychain.
	@constant kSecUnlockStateStatus Indicates the keychain is unlocked.
	@constant kSecReadPermStatus Indicates the keychain is readable.
	@constant kSecWritePermStatus Indicates the keychain is writable.
*/
enum
{
    kSecUnlockStateStatus        = 1,
    kSecReadPermStatus           = 2,
    kSecWritePermStatus          = 4
};

#define SEC_KEYCHAIN_SETTINGS_VERS1 1


/*!
	@typedef SecKeychainSettings
	@abstract Contains keychain settings.
	@field version An unsigned 32-bit integer representing the keychain version.
	@field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
	@field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
	@field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
*/
struct SecKeychainSettings
{ 
	UInt32		version; 
	Boolean		lockOnSleep;
	Boolean		useLockInterval;
	UInt32		lockInterval;
};
typedef struct SecKeychainSettings		SecKeychainSettings;

/*! 
    @typedef SecAuthenticationType
	@abstract Represents the type of authentication to use for an Internet password.
*/
typedef FourCharCode SecAuthenticationType;

/*!
	@enum AuthenticationConstants
	@abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
	@constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
	@constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
	@constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
	@constant kSecAuthenticationTypeRPA Specifies Remote Password authentication. 
	@constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication.
	@constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
	@constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication.
	@constant kSecAuthenticationTypeDefault Specifies the default authentication type.
	@constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type.
*/
#ifdef __LITTLE_ENDIAN__
#define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x)
#else
#define AUTH_TYPE_FIX_(x) (x)
#endif

enum
{
    kSecAuthenticationTypeNTLM             = AUTH_TYPE_FIX_ ('ntlm'),
    kSecAuthenticationTypeMSN              = AUTH_TYPE_FIX_ ('msna'),
    kSecAuthenticationTypeDPA              = AUTH_TYPE_FIX_ ('dpaa'),
    kSecAuthenticationTypeRPA              = AUTH_TYPE_FIX_ ('rpaa'),
    kSecAuthenticationTypeHTTPBasic        = AUTH_TYPE_FIX_ ('http'),
    kSecAuthenticationTypeHTTPDigest       = AUTH_TYPE_FIX_ ('httd'),
    kSecAuthenticationTypeHTMLForm         = AUTH_TYPE_FIX_ ('form'),
    kSecAuthenticationTypeDefault          = AUTH_TYPE_FIX_ ('dflt'),
    kSecAuthenticationTypeAny              = AUTH_TYPE_FIX_ ( 0 )
};

/*!
	@typedef SecProtocolType
	@abstract Represents the protocol type associated with an AppleShare or Internet password.
*/
typedef FourCharCode SecProtocolType;

/*!
	@enum ProtocolTypeConstants
	@abstract Defines the protocol type associated with an AppleShare or Internet password.
	@constant kSecProtocolTypeFTP Indicates FTP.
	@constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated.
	@constant kSecProtocolTypeHTTP Indicates HTTP. 
	@constant kSecProtocolTypeIRC Indicates IRC.
	@constant kSecProtocolTypeNNTP Indicates NNTP.
	@constant kSecProtocolTypePOP3 Indicates POP3.
	@constant kSecProtocolTypeSMTP Indicates SMTP.
	@constant kSecProtocolTypeSOCKS Indicates SOCKS.
	@constant kSecProtocolTypeIMAP Indicates IMAP.
	@constant kSecProtocolTypeLDAP Indicates LDAP.
	@constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
	@constant kSecProtocolTypeAFP Indicates AFP over TCP.
	@constant kSecProtocolTypeTelnet Indicates Telnet.
	@constant kSecProtocolTypeSSH Indicates SSH.
	@constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL).
	@constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL).
	@constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy.
	@constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy.
	@constant kSecProtocolTypeFTPProxy Indicates FTP proxy.
	@constant kSecProtocolTypeSMB Indicates SMB.
	@constant kSecProtocolTypeRTSP Indicates RTSP.
	@constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy.
	@constant kSecProtocolTypeDAAP Indicates DAAP.
	@constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events).
	@constant kSecProtocolTypeIPP Indicates IPP.
	@constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL).
	@constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL).
	@constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL.
	@constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL).
	@constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL).
	@constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL).
	@constant kSecProtocolTypeCVSpserver Indicates CVS pserver.
	@constant kSecProtocolTypeSVN Indicates Subversion.
	@constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol.
*/
enum
{
    kSecProtocolTypeFTP         = 'ftp ',
    kSecProtocolTypeFTPAccount  = 'ftpa',
    kSecProtocolTypeHTTP        = 'http',
    kSecProtocolTypeIRC         = 'irc ',
    kSecProtocolTypeNNTP        = 'nntp',
    kSecProtocolTypePOP3        = 'pop3',
    kSecProtocolTypeSMTP        = 'smtp',
    kSecProtocolTypeSOCKS       = 'sox ',
    kSecProtocolTypeIMAP        = 'imap',
    kSecProtocolTypeLDAP        = 'ldap',
    kSecProtocolTypeAppleTalk   = 'atlk',
    kSecProtocolTypeAFP         = 'afp ',
    kSecProtocolTypeTelnet      = 'teln',
    kSecProtocolTypeSSH         = 'ssh ',
    kSecProtocolTypeFTPS        = 'ftps',
    kSecProtocolTypeHTTPS       = 'htps',
    kSecProtocolTypeHTTPProxy   = 'htpx',
    kSecProtocolTypeHTTPSProxy  = 'htsx',
    kSecProtocolTypeFTPProxy    = 'ftpx',
    kSecProtocolTypeCIFS        = 'cifs',
    kSecProtocolTypeSMB         = 'smb ',
    kSecProtocolTypeRTSP        = 'rtsp',
    kSecProtocolTypeRTSPProxy   = 'rtsx',
    kSecProtocolTypeDAAP        = 'daap',
    kSecProtocolTypeEPPC        = 'eppc',
    kSecProtocolTypeIPP         = 'ipp ',
    kSecProtocolTypeNNTPS       = 'ntps',
    kSecProtocolTypeLDAPS       = 'ldps',
    kSecProtocolTypeTelnetS     = 'tels',
    kSecProtocolTypeIMAPS       = 'imps',
    kSecProtocolTypeIRCS        = 'ircs',
    kSecProtocolTypePOP3S       = 'pops',
    kSecProtocolTypeCVSpserver  = 'cvsp',
    kSecProtocolTypeSVN         = 'svn ',
    kSecProtocolTypeAny         =  0
};

/*!
	@typedef SecKeychainEvent
	@abstract Represents an event in which the state of a keychain or one of its items changed.
*/
typedef UInt32 SecKeychainEvent;

/*!
	@enum KeychainEventConstants
	@abstract Defines the keychain-related event.
	@constant kSecLockEvent Indicates a keychain was locked.
	@constant kSecUnlockEvent Indicates a keychain was unlocked.
	@constant kSecAddEvent Indicates an item was added to a keychain.
	@constant kSecDeleteEvent Indicates an item was deleted from a keychain.
	@constant kSecUpdateEvent Indicates a keychain item was updated.
	@constant kSecPasswordChangedEvent Indicates the keychain password was changed.
	@constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
	@constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
	@constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
	@constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed.
*/
enum
{
    kSecLockEvent                 = 1,
    kSecUnlockEvent               = 2,
    kSecAddEvent                  = 3,
    kSecDeleteEvent               = 4,
    kSecUpdateEvent               = 5,
    kSecPasswordChangedEvent      = 6,
    kSecDefaultChangedEvent       = 9,
    kSecDataAccessEvent           = 10,
    kSecKeychainListChangedEvent  = 11,
	kSecTrustSettingsChangedEvent = 12
};

/*!
	@typedef SecKeychainEventMask
	@abstract Represents a bit mask of keychain events
*/
typedef UInt32 SecKeychainEventMask;

/*!
	@enum KeychainEventConstants
	@abstract Defines keychain event constants
	@constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
	@constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
	@constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
	@constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
	@constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
	@constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
	@constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
	@constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
	@constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings. 
	@constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
*/
enum
{
    kSecLockEventMask            		= 1 << kSecLockEvent,
    kSecUnlockEventMask          		= 1 << kSecUnlockEvent,
    kSecAddEventMask             		= 1 << kSecAddEvent,
    kSecDeleteEventMask          		= 1 << kSecDeleteEvent,
    kSecUpdateEventMask          		= 1 << kSecUpdateEvent,
    kSecPasswordChangedEventMask 		= 1 << kSecPasswordChangedEvent,
    kSecDefaultChangedEventMask  		= 1 << kSecDefaultChangedEvent,
    kSecDataAccessEventMask     		= 1 << kSecDataAccessEvent,
    kSecKeychainListChangedMask  		= 1 << kSecKeychainListChangedEvent,
	kSecTrustSettingsChangedEventMask 	= 1 << kSecTrustSettingsChangedEvent,
    kSecEveryEventMask 			        = 0xffffffff
};

/*!
	@typedef SecKeychainCallbackInfo
	@abstract Contains information about a keychain event. 
	@field version The version of this structure.
	@field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
	@field keychain A reference to the keychain in which the event occurred.
	@field pid The id of the process that generated this event.
	@discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback. 
*/
struct SecKeychainCallbackInfo 
{
    UInt32				version;
    SecKeychainItemRef	item;
    SecKeychainRef		keychain;
	pid_t				pid;
};
typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
									
/*!
	@function SecKeychainGetTypeID
	@abstract Returns the type identifier of SecKeychain instances.
	@result The CFTypeID of SecKeychain instances.
*/
CFTypeID SecKeychainGetTypeID(void);

/*!
	@function SecKeychainGetVersion
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*!
	25	@header SecKeychain
	26	SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
	27	*/
	28
	29	#ifndef _SECURITY_SECKEYCHAIN_H_
	30	#define _SECURITY_SECKEYCHAIN_H_
	31
	32	#include <Security/SecBase.h>
	33	#include <Security/cssmapple.h>
	34	#include <CoreFoundation/CFArray.h>
	35	#include <libkern/OSByteOrder.h>
	36
	37	#if defined(__cplusplus)
	38	extern "C" {
	39	#endif
	40
	41	/*!
	42	@enum KeychainStatus
	43	@abstract Defines the current status of a keychain.
	44	@constant kSecUnlockStateStatus Indicates the keychain is unlocked.
	45	@constant kSecReadPermStatus Indicates the keychain is readable.
	46	@constant kSecWritePermStatus Indicates the keychain is writable.
	47	*/
	48	enum
	49	{
	50	kSecUnlockStateStatus = 1,
	51	kSecReadPermStatus = 2,
	52	kSecWritePermStatus = 4
	53	};
	54
	55	#define SEC_KEYCHAIN_SETTINGS_VERS1 1
	56
	57
	58	/*!
	59	@typedef SecKeychainSettings
	60	@abstract Contains keychain settings.
	61	@field version An unsigned 32-bit integer representing the keychain version.
	62	@field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
	63	@field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
	64	@field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
65	*/
66	struct SecKeychainSettings
67	{
68	UInt32 version;
69	Boolean lockOnSleep;
70	Boolean useLockInterval;
71	UInt32 lockInterval;
72	};
73	typedef struct SecKeychainSettings SecKeychainSettings;
74
75	/*!
76	@typedef SecAuthenticationType
77	@abstract Represents the type of authentication to use for an Internet password.
78	*/
79	typedef FourCharCode SecAuthenticationType;
80
81	/*!
82	@enum AuthenticationConstants
83	@abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
84	@constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
85	@constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
86	@constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
87	@constant kSecAuthenticationTypeRPA Specifies Remote Password authentication.
88	@constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication.
89	@constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
90	@constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication.
91	@constant kSecAuthenticationTypeDefault Specifies the default authentication type.
92	@constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type.
93	*/
94	#ifdef __LITTLE_ENDIAN__
95	#define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x)
96	#else
97	#define AUTH_TYPE_FIX_(x) (x)
98	#endif
99
100	enum
101	{
102	kSecAuthenticationTypeNTLM = AUTH_TYPE_FIX_ ('ntlm'),
103	kSecAuthenticationTypeMSN = AUTH_TYPE_FIX_ ('msna'),
104	kSecAuthenticationTypeDPA = AUTH_TYPE_FIX_ ('dpaa'),
105	kSecAuthenticationTypeRPA = AUTH_TYPE_FIX_ ('rpaa'),
106	kSecAuthenticationTypeHTTPBasic = AUTH_TYPE_FIX_ ('http'),
107	kSecAuthenticationTypeHTTPDigest = AUTH_TYPE_FIX_ ('httd'),
108	kSecAuthenticationTypeHTMLForm = AUTH_TYPE_FIX_ ('form'),
109	kSecAuthenticationTypeDefault = AUTH_TYPE_FIX_ ('dflt'),
110	kSecAuthenticationTypeAny = AUTH_TYPE_FIX_ ( 0 )
111	};
112
113	/*!
114	@typedef SecProtocolType
115	@abstract Represents the protocol type associated with an AppleShare or Internet password.
116	*/
117	typedef FourCharCode SecProtocolType;
118
119	/*!
120	@enum ProtocolTypeConstants
121	@abstract Defines the protocol type associated with an AppleShare or Internet password.
122	@constant kSecProtocolTypeFTP Indicates FTP.
123	@constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated.
124	@constant kSecProtocolTypeHTTP Indicates HTTP.
125	@constant kSecProtocolTypeIRC Indicates IRC.
126	@constant kSecProtocolTypeNNTP Indicates NNTP.
127	@constant kSecProtocolTypePOP3 Indicates POP3.
128	@constant kSecProtocolTypeSMTP Indicates SMTP.
129	@constant kSecProtocolTypeSOCKS Indicates SOCKS.
130	@constant kSecProtocolTypeIMAP Indicates IMAP.
131	@constant kSecProtocolTypeLDAP Indicates LDAP.
132	@constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
133	@constant kSecProtocolTypeAFP Indicates AFP over TCP.
134	@constant kSecProtocolTypeTelnet Indicates Telnet.
135	@constant kSecProtocolTypeSSH Indicates SSH.
136	@constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL).
137	@constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL).
138	@constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy.
139	@constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy.
140	@constant kSecProtocolTypeFTPProxy Indicates FTP proxy.
141	@constant kSecProtocolTypeSMB Indicates SMB.
142	@constant kSecProtocolTypeRTSP Indicates RTSP.
143	@constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy.
144	@constant kSecProtocolTypeDAAP Indicates DAAP.
145	@constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events).
146	@constant kSecProtocolTypeIPP Indicates IPP.
147	@constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL).
148	@constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL).
149	@constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL.
150	@constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL).
151	@constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL).
152	@constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL).
153	@constant kSecProtocolTypeCVSpserver Indicates CVS pserver.
154	@constant kSecProtocolTypeSVN Indicates Subversion.
155	@constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol.
156	*/
157	enum
158	{
159	kSecProtocolTypeFTP = 'ftp ',
160	kSecProtocolTypeFTPAccount = 'ftpa',
161	kSecProtocolTypeHTTP = 'http',
162	kSecProtocolTypeIRC = 'irc ',
163	kSecProtocolTypeNNTP = 'nntp',
164	kSecProtocolTypePOP3 = 'pop3',
165	kSecProtocolTypeSMTP = 'smtp',
166	kSecProtocolTypeSOCKS = 'sox ',
167	kSecProtocolTypeIMAP = 'imap',
168	kSecProtocolTypeLDAP = 'ldap',
169	kSecProtocolTypeAppleTalk = 'atlk',
170	kSecProtocolTypeAFP = 'afp ',
171	kSecProtocolTypeTelnet = 'teln',
172	kSecProtocolTypeSSH = 'ssh ',
173	kSecProtocolTypeFTPS = 'ftps',
174	kSecProtocolTypeHTTPS = 'htps',
175	kSecProtocolTypeHTTPProxy = 'htpx',
176	kSecProtocolTypeHTTPSProxy = 'htsx',
177	kSecProtocolTypeFTPProxy = 'ftpx',
178	kSecProtocolTypeCIFS = 'cifs',
179	kSecProtocolTypeSMB = 'smb ',
180	kSecProtocolTypeRTSP = 'rtsp',
181	kSecProtocolTypeRTSPProxy = 'rtsx',
182	kSecProtocolTypeDAAP = 'daap',
183	kSecProtocolTypeEPPC = 'eppc',
184	kSecProtocolTypeIPP = 'ipp ',
185	kSecProtocolTypeNNTPS = 'ntps',
186	kSecProtocolTypeLDAPS = 'ldps',
187	kSecProtocolTypeTelnetS = 'tels',
188	kSecProtocolTypeIMAPS = 'imps',
189	kSecProtocolTypeIRCS = 'ircs',
190	kSecProtocolTypePOP3S = 'pops',
191	kSecProtocolTypeCVSpserver = 'cvsp',
192	kSecProtocolTypeSVN = 'svn ',
193	kSecProtocolTypeAny = 0
194	};
195
196	/*!
197	@typedef SecKeychainEvent
198	@abstract Represents an event in which the state of a keychain or one of its items changed.
199	*/
200	typedef UInt32 SecKeychainEvent;
201
202	/*!
203	@enum KeychainEventConstants
204	@abstract Defines the keychain-related event.
205	@constant kSecLockEvent Indicates a keychain was locked.
206	@constant kSecUnlockEvent Indicates a keychain was unlocked.
207	@constant kSecAddEvent Indicates an item was added to a keychain.
208	@constant kSecDeleteEvent Indicates an item was deleted from a keychain.
209	@constant kSecUpdateEvent Indicates a keychain item was updated.
210	@constant kSecPasswordChangedEvent Indicates the keychain password was changed.
211	@constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
212	@constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
213	@constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
214	@constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed.
215	*/
216	enum
217	{
218	kSecLockEvent = 1,
219	kSecUnlockEvent = 2,
220	kSecAddEvent = 3,
221	kSecDeleteEvent = 4,
222	kSecUpdateEvent = 5,
223	kSecPasswordChangedEvent = 6,
224	kSecDefaultChangedEvent = 9,
225	kSecDataAccessEvent = 10,
226	kSecKeychainListChangedEvent = 11,
227	kSecTrustSettingsChangedEvent = 12
228	};
229
230	/*!
231	@typedef SecKeychainEventMask
232	@abstract Represents a bit mask of keychain events
233	*/
234	typedef UInt32 SecKeychainEventMask;
235
236	/*!
237	@enum KeychainEventConstants
238	@abstract Defines keychain event constants
239	@constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
240	@constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
241	@constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
242	@constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
243	@constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
244	@constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
245	@constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
246	@constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
247	@constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings.
248	@constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
249	*/
250	enum
251	{
252	kSecLockEventMask = 1 << kSecLockEvent,
253	kSecUnlockEventMask = 1 << kSecUnlockEvent,
254	kSecAddEventMask = 1 << kSecAddEvent,
255	kSecDeleteEventMask = 1 << kSecDeleteEvent,
256	kSecUpdateEventMask = 1 << kSecUpdateEvent,
257	kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent,
258	kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent,
259	kSecDataAccessEventMask = 1 << kSecDataAccessEvent,
260	kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent,
261	kSecTrustSettingsChangedEventMask = 1 << kSecTrustSettingsChangedEvent,
262	kSecEveryEventMask = 0xffffffff
263	};
264
265	/*!
266	@typedef SecKeychainCallbackInfo
267	@abstract Contains information about a keychain event.
268	@field version The version of this structure.
269	@field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
270	@field keychain A reference to the keychain in which the event occurred.
271	@field pid The id of the process that generated this event.
272	@discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback.
273	*/
274	struct SecKeychainCallbackInfo
275	{
276	UInt32 version;
277	SecKeychainItemRef item;
278	SecKeychainRef keychain;
279	pid_t pid;
280	};
281	typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
282
283	/*!
284	@function SecKeychainGetTypeID
285	@abstract Returns the type identifier of SecKeychain instances.
286	@result The CFTypeID of SecKeychain instances.
287	*/
288	CFTypeID SecKeychainGetTypeID(void);
289
290	/*!
291	@function SecKeychainGetVersion
292