[apple/security.git] / OSX / libsecurity_keychain / lib / SecKeychain.h

/*
 * Copyright (c) 2000-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
	@header SecKeychain
	SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
*/

#ifndef _SECURITY_SECKEYCHAIN_H_
#define _SECURITY_SECKEYCHAIN_H_

#include <Security/SecBase.h>
#include <Security/cssmapple.h>
#include <CoreFoundation/CFArray.h>
#include <libkern/OSByteOrder.h>

#if defined(__cplusplus)
extern "C" {
#endif

CF_ASSUME_NONNULL_BEGIN

/*!
	@enum KeychainStatus
	@abstract Defines the current status of a keychain.
	@constant kSecUnlockStateStatus Indicates the keychain is unlocked.
	@constant kSecReadPermStatus Indicates the keychain is readable.
	@constant kSecWritePermStatus Indicates the keychain is writable.
*/
CF_ENUM(UInt32)
{
    kSecUnlockStateStatus        = 1,
    kSecReadPermStatus           = 2,
    kSecWritePermStatus          = 4
};

#define SEC_KEYCHAIN_SETTINGS_VERS1 1


/*!
	@typedef SecKeychainSettings
	@abstract Contains keychain settings.
	@field version An unsigned 32-bit integer representing the keychain version.
	@field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
	@field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
	@field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
*/
struct SecKeychainSettings
{ 
	UInt32		version; 
	Boolean		lockOnSleep;
	Boolean		useLockInterval;
	UInt32		lockInterval;
};
typedef struct SecKeychainSettings		SecKeychainSettings;

/*!
	@enum AuthenticationConstants
	@abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
	@constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
	@constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
	@constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
	@constant kSecAuthenticationTypeRPA Specifies Remote Password authentication. 
	@constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication.
	@constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
	@constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication.
	@constant kSecAuthenticationTypeDefault Specifies the default authentication type.
	@constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type.
*/
#ifdef __LITTLE_ENDIAN__
#define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x)
#else
#define AUTH_TYPE_FIX_(x) (x)
#endif

typedef CF_ENUM(FourCharCode, SecAuthenticationType)
{
    kSecAuthenticationTypeNTLM             = AUTH_TYPE_FIX_ ('ntlm'),
    kSecAuthenticationTypeMSN              = AUTH_TYPE_FIX_ ('msna'),
    kSecAuthenticationTypeDPA              = AUTH_TYPE_FIX_ ('dpaa'),
    kSecAuthenticationTypeRPA              = AUTH_TYPE_FIX_ ('rpaa'),
    kSecAuthenticationTypeHTTPBasic        = AUTH_TYPE_FIX_ ('http'),
    kSecAuthenticationTypeHTTPDigest       = AUTH_TYPE_FIX_ ('httd'),
    kSecAuthenticationTypeHTMLForm         = AUTH_TYPE_FIX_ ('form'),
    kSecAuthenticationTypeDefault          = AUTH_TYPE_FIX_ ('dflt'),
    kSecAuthenticationTypeAny              = AUTH_TYPE_FIX_ ( 0 )
};

/*!
	@enum ProtocolTypeConstants
	@abstract Defines the protocol type associated with an AppleShare or Internet password.
	@constant kSecProtocolTypeFTP Indicates FTP.
	@constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated.
	@constant kSecProtocolTypeHTTP Indicates HTTP. 
	@constant kSecProtocolTypeIRC Indicates IRC.
	@constant kSecProtocolTypeNNTP Indicates NNTP.
	@constant kSecProtocolTypePOP3 Indicates POP3.
	@constant kSecProtocolTypeSMTP Indicates SMTP.
	@constant kSecProtocolTypeSOCKS Indicates SOCKS.
	@constant kSecProtocolTypeIMAP Indicates IMAP.
	@constant kSecProtocolTypeLDAP Indicates LDAP.
	@constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
	@constant kSecProtocolTypeAFP Indicates AFP over TCP.
	@constant kSecProtocolTypeTelnet Indicates Telnet.
	@constant kSecProtocolTypeSSH Indicates SSH.
	@constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL).
	@constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL).
	@constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy.
	@constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy.
	@constant kSecProtocolTypeFTPProxy Indicates FTP proxy.
	@constant kSecProtocolTypeSMB Indicates SMB.
	@constant kSecProtocolTypeRTSP Indicates RTSP.
	@constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy.
	@constant kSecProtocolTypeDAAP Indicates DAAP.
	@constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events).
	@constant kSecProtocolTypeIPP Indicates IPP.
	@constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL).
	@constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL).
	@constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL.
	@constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL).
	@constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL).
	@constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL).
	@constant kSecProtocolTypeCVSpserver Indicates CVS pserver.
	@constant kSecProtocolTypeSVN Indicates Subversion.
	@constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol.
*/
typedef CF_ENUM(FourCharCode, SecProtocolType)
{
    kSecProtocolTypeFTP         = 'ftp ',
    kSecProtocolTypeFTPAccount  = 'ftpa',
    kSecProtocolTypeHTTP        = 'http',
    kSecProtocolTypeIRC         = 'irc ',
    kSecProtocolTypeNNTP        = 'nntp',
    kSecProtocolTypePOP3        = 'pop3',
    kSecProtocolTypeSMTP        = 'smtp',
    kSecProtocolTypeSOCKS       = 'sox ',
    kSecProtocolTypeIMAP        = 'imap',
    kSecProtocolTypeLDAP        = 'ldap',
    kSecProtocolTypeAppleTalk   = 'atlk',
    kSecProtocolTypeAFP         = 'afp ',
    kSecProtocolTypeTelnet      = 'teln',
    kSecProtocolTypeSSH         = 'ssh ',
    kSecProtocolTypeFTPS        = 'ftps',
    kSecProtocolTypeHTTPS       = 'htps',
    kSecProtocolTypeHTTPProxy   = 'htpx',
    kSecProtocolTypeHTTPSProxy  = 'htsx',
    kSecProtocolTypeFTPProxy    = 'ftpx',
    kSecProtocolTypeCIFS        = 'cifs',
    kSecProtocolTypeSMB         = 'smb ',
    kSecProtocolTypeRTSP        = 'rtsp',
    kSecProtocolTypeRTSPProxy   = 'rtsx',
    kSecProtocolTypeDAAP        = 'daap',
    kSecProtocolTypeEPPC        = 'eppc',
    kSecProtocolTypeIPP         = 'ipp ',
    kSecProtocolTypeNNTPS       = 'ntps',
    kSecProtocolTypeLDAPS       = 'ldps',
    kSecProtocolTypeTelnetS     = 'tels',
    kSecProtocolTypeIMAPS       = 'imps',
    kSecProtocolTypeIRCS        = 'ircs',
    kSecProtocolTypePOP3S       = 'pops',
    kSecProtocolTypeCVSpserver  = 'cvsp',
    kSecProtocolTypeSVN         = 'svn ',
    kSecProtocolTypeAny         =  0
};

/*!
	@enum KeychainEventConstants
	@abstract Defines the keychain-related event.
	@constant kSecLockEvent Indicates a keychain was locked.
	@constant kSecUnlockEvent Indicates a keychain was unlocked.
	@constant kSecAddEvent Indicates an item was added to a keychain.
	@constant kSecDeleteEvent Indicates an item was deleted from a keychain.
	@constant kSecUpdateEvent Indicates a keychain item was updated.
	@constant kSecPasswordChangedEvent Indicates the keychain password was changed.
	@constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
	@constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
	@constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
	@constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed.
*/
typedef CF_ENUM(UInt32, SecKeychainEvent)
{
    kSecLockEvent                 = 1,
    kSecUnlockEvent               = 2,
    kSecAddEvent                  = 3,
    kSecDeleteEvent               = 4,
    kSecUpdateEvent               = 5,
    kSecPasswordChangedEvent      = 6,
    kSecDefaultChangedEvent       = 9,
    kSecDataAccessEvent           = 10,
    kSecKeychainListChangedEvent  = 11,
	kSecTrustSettingsChangedEvent = 12
};

/*!
	@enum KeychainEventConstants
	@abstract Defines keychain event constants
	@constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
	@constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
	@constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
	@constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
	@constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
	@constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
	@constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
	@constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
	@constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings. 
	@constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
*/
typedef CF_OPTIONS(UInt32, SecKeychainEventMask)
{
    kSecLockEventMask            		= 1 << kSecLockEvent,
    kSecUnlockEventMask          		= 1 << kSecUnlockEvent,
    kSecAddEventMask             		= 1 << kSecAddEvent,
    kSecDeleteEventMask          		= 1 << kSecDeleteEvent,
    kSecUpdateEventMask          		= 1 << kSecUpdateEvent,
    kSecPasswordChangedEventMask 		= 1 << kSecPasswordChangedEvent,
    kSecDefaultChangedEventMask  		= 1 << kSecDefaultChangedEvent,
    kSecDataAccessEventMask     		= 1 << kSecDataAccessEvent,
    kSecKeychainListChangedMask  		= 1 << kSecKeychainListChangedEvent,
	kSecTrustSettingsChangedEventMask 	= 1 << kSecTrustSettingsChangedEvent,
    kSecEveryEventMask 			        = 0xffffffff
};

/*!
	@typedef SecKeychainCallbackInfo
	@abstract Contains information about a keychain event. 
	@field version The version of this structure.
	@field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
	@field keychain A reference to the keychain in which the event occurred.
	@field pid The id of the process that generated this event.
	@discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback. 
*/
struct SecKeychainCallbackInfo 
{
    UInt32                          version;
    SecKeychainItemRef __nonnull	item;
    SecKeychainRef __nonnull		keychain;
	pid_t                           pid;
};
typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
									
/*!
	@function SecKeychainGetTypeID
	@abstract Returns the type identifier of SecKeychain instances.
	@result The CFTypeID of SecKeychain instances.
*/
CFTypeID SecKeychainGetTypeID(void);

/*!
	@function SecKeychainGetVersion
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*!
	25	@header SecKeychain
	26	SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
	27	*/
	28
	29	#ifndef _SECURITY_SECKEYCHAIN_H_
	30	#define _SECURITY_SECKEYCHAIN_H_
	31
	32	#include <Security/SecBase.h>
	33	#include <Security/cssmapple.h>
	34	#include <CoreFoundation/CFArray.h>
	35	#include <libkern/OSByteOrder.h>
	36
	37	#if defined(__cplusplus)
	38	extern "C" {
	39	#endif
	40
5c19dc3a A	41	CF_ASSUME_NONNULL_BEGIN
5c19dc3a A	42
b1ab9ed8 A	43	/*!
	44	@enum KeychainStatus
	45	@abstract Defines the current status of a keychain.
	46	@constant kSecUnlockStateStatus Indicates the keychain is unlocked.
	47	@constant kSecReadPermStatus Indicates the keychain is readable.
	48	@constant kSecWritePermStatus Indicates the keychain is writable.
	49	*/
5c19dc3a	50	CF_ENUM(UInt32)
b1ab9ed8 A	51	{
	52	kSecUnlockStateStatus = 1,
	53	kSecReadPermStatus = 2,
	54	kSecWritePermStatus = 4
	55	};
	56
	57	#define SEC_KEYCHAIN_SETTINGS_VERS1 1
	58
	59
	60	/*!
	61	@typedef SecKeychainSettings
	62	@abstract Contains keychain settings.
	63	@field version An unsigned 32-bit integer representing the keychain version.
	64	@field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
	65	@field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
	66	@field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
	67	*/
	68	struct SecKeychainSettings
	69	{
	70	UInt32 version;
	71	Boolean lockOnSleep;
	72	Boolean useLockInterval;
	73	UInt32 lockInterval;
	74	};
	75	typedef struct SecKeychainSettings SecKeychainSettings;
	76
b1ab9ed8 A	77	/*!
	78	@enum AuthenticationConstants
	79	@abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
	80	@constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
	81	@constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
	82	@constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
	83	@constant kSecAuthenticationTypeRPA Specifies Remote Password authentication.
	84	@constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication.
	85	@constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
	86	@constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication.
	87	@constant kSecAuthenticationTypeDefault Specifies the default authentication type.
	88	@constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type.
	89	*/
	90	#ifdef __LITTLE_ENDIAN__
	91	#define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x)
	92	#else
	93	#define AUTH_TYPE_FIX_(x) (x)
	94	#endif
	95
5c19dc3a	96	typedef CF_ENUM(FourCharCode, SecAuthenticationType)
b1ab9ed8 A	97	{
	98	kSecAuthenticationTypeNTLM = AUTH_TYPE_FIX_ ('ntlm'),
	99	kSecAuthenticationTypeMSN = AUTH_TYPE_FIX_ ('msna'),
	100	kSecAuthenticationTypeDPA = AUTH_TYPE_FIX_ ('dpaa'),
	101	kSecAuthenticationTypeRPA = AUTH_TYPE_FIX_ ('rpaa'),
	102	kSecAuthenticationTypeHTTPBasic = AUTH_TYPE_FIX_ ('http'),
	103	kSecAuthenticationTypeHTTPDigest = AUTH_TYPE_FIX_ ('httd'),
	104	kSecAuthenticationTypeHTMLForm = AUTH_TYPE_FIX_ ('form'),
	105	kSecAuthenticationTypeDefault = AUTH_TYPE_FIX_ ('dflt'),
	106	kSecAuthenticationTypeAny = AUTH_TYPE_FIX_ ( 0 )
	107	};
	108
b1ab9ed8 A	109	/*!
	110	@enum ProtocolTypeConstants
	111	@abstract Defines the protocol type associated with an AppleShare or Internet password.
	112	@constant kSecProtocolTypeFTP Indicates FTP.
	113	@constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated.
	114	@constant kSecProtocolTypeHTTP Indicates HTTP.
	115	@constant kSecProtocolTypeIRC Indicates IRC.
	116	@constant kSecProtocolTypeNNTP Indicates NNTP.
	117	@constant kSecProtocolTypePOP3 Indicates POP3.
	118	@constant kSecProtocolTypeSMTP Indicates SMTP.
	119	@constant kSecProtocolTypeSOCKS Indicates SOCKS.
	120	@constant kSecProtocolTypeIMAP Indicates IMAP.
	121	@constant kSecProtocolTypeLDAP Indicates LDAP.
	122	@constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
	123	@constant kSecProtocolTypeAFP Indicates AFP over TCP.
	124	@constant kSecProtocolTypeTelnet Indicates Telnet.
	125	@constant kSecProtocolTypeSSH Indicates SSH.
	126	@constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL).
	127	@constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL).
	128	@constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy.
	129	@constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy.
	130	@constant kSecProtocolTypeFTPProxy Indicates FTP proxy.
	131	@constant kSecProtocolTypeSMB Indicates SMB.
	132	@constant kSecProtocolTypeRTSP Indicates RTSP.
	133	@constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy.
	134	@constant kSecProtocolTypeDAAP Indicates DAAP.
	135	@constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events).
	136	@constant kSecProtocolTypeIPP Indicates IPP.
	137	@constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL).
	138	@constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL).
	139	@constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL.
	140	@constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL).
	141	@constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL).
	142	@constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL).
	143	@constant kSecProtocolTypeCVSpserver Indicates CVS pserver.
	144	@constant kSecProtocolTypeSVN Indicates Subversion.
	145	@constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol.
	146	*/
5c19dc3a	147	typedef CF_ENUM(FourCharCode, SecProtocolType)
b1ab9ed8 A	148	{
	149	kSecProtocolTypeFTP = 'ftp ',
	150	kSecProtocolTypeFTPAccount = 'ftpa',
	151	kSecProtocolTypeHTTP = 'http',
	152	kSecProtocolTypeIRC = 'irc ',
	153	kSecProtocolTypeNNTP = 'nntp',
	154	kSecProtocolTypePOP3 = 'pop3',
	155	kSecProtocolTypeSMTP = 'smtp',
	156	kSecProtocolTypeSOCKS = 'sox ',
	157	kSecProtocolTypeIMAP = 'imap',
	158	kSecProtocolTypeLDAP = 'ldap',
	159	kSecProtocolTypeAppleTalk = 'atlk',
	160	kSecProtocolTypeAFP = 'afp ',
	161	kSecProtocolTypeTelnet = 'teln',
	162	kSecProtocolTypeSSH = 'ssh ',
	163	kSecProtocolTypeFTPS = 'ftps',
	164	kSecProtocolTypeHTTPS = 'htps',
	165	kSecProtocolTypeHTTPProxy = 'htpx',
	166	kSecProtocolTypeHTTPSProxy = 'htsx',
	167	kSecProtocolTypeFTPProxy = 'ftpx',
	168	kSecProtocolTypeCIFS = 'cifs',
	169	kSecProtocolTypeSMB = 'smb ',
	170	kSecProtocolTypeRTSP = 'rtsp',
	171	kSecProtocolTypeRTSPProxy = 'rtsx',
	172	kSecProtocolTypeDAAP = 'daap',
	173	kSecProtocolTypeEPPC = 'eppc',
	174	kSecProtocolTypeIPP = 'ipp ',
	175	kSecProtocolTypeNNTPS = 'ntps',
	176	kSecProtocolTypeLDAPS = 'ldps',
	177	kSecProtocolTypeTelnetS = 'tels',
	178	kSecProtocolTypeIMAPS = 'imps',
	179	kSecProtocolTypeIRCS = 'ircs',
	180	kSecProtocolTypePOP3S = 'pops',
	181	kSecProtocolTypeCVSpserver = 'cvsp',
	182	kSecProtocolTypeSVN = 'svn ',
	183	kSecProtocolTypeAny = 0
	184	};
	185
b1ab9ed8 A	186	/*!
	187	@enum KeychainEventConstants
	188	@abstract Defines the keychain-related event.
	189	@constant kSecLockEvent Indicates a keychain was locked.
	190	@constant kSecUnlockEvent Indicates a keychain was unlocked.
	191	@constant kSecAddEvent Indicates an item was added to a keychain.
	192	@constant kSecDeleteEvent Indicates an item was deleted from a keychain.
	193	@constant kSecUpdateEvent Indicates a keychain item was updated.
	194	@constant kSecPasswordChangedEvent Indicates the keychain password was changed.
	195	@constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
	196	@constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
	197	@constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
	198	@constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed.
	199	*/
5c19dc3a	200	typedef CF_ENUM(UInt32, SecKeychainEvent)
b1ab9ed8 A	201	{
	202	kSecLockEvent = 1,
	203	kSecUnlockEvent = 2,
	204	kSecAddEvent = 3,
	205	kSecDeleteEvent = 4,
	206	kSecUpdateEvent = 5,
	207	kSecPasswordChangedEvent = 6,
	208	kSecDefaultChangedEvent = 9,
	209	kSecDataAccessEvent = 10,
	210	kSecKeychainListChangedEvent = 11,
	211	kSecTrustSettingsChangedEvent = 12
	212	};
	213
b1ab9ed8 A	214	/*!
	215	@enum KeychainEventConstants
	216	@abstract Defines keychain event constants
	217	@constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
	218	@constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
	219	@constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
	220	@constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
	221	@constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
	222	@constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
	223	@constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
	224	@constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
	225	@constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings.
	226	@constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
	227	*/
5c19dc3a	228	typedef CF_OPTIONS(UInt32, SecKeychainEventMask)
b1ab9ed8 A	229	{
	230	kSecLockEventMask = 1 << kSecLockEvent,
	231	kSecUnlockEventMask = 1 << kSecUnlockEvent,
	232	kSecAddEventMask = 1 << kSecAddEvent,
	233	kSecDeleteEventMask = 1 << kSecDeleteEvent,
	234	kSecUpdateEventMask = 1 << kSecUpdateEvent,
	235	kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent,
	236	kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent,
	237	kSecDataAccessEventMask = 1 << kSecDataAccessEvent,
	238	kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent,
	239	kSecTrustSettingsChangedEventMask = 1 << kSecTrustSettingsChangedEvent,
	240	kSecEveryEventMask = 0xffffffff
	241	};
	242
	243	/*!
	244	@typedef SecKeychainCallbackInfo
	245	@abstract Contains information about a keychain event.
	246	@field version The version of this structure.
	247	@field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
	248	@field keychain A reference to the keychain in which the event occurred.
	249	@field pid The id of the process that generated this event.
	250	@discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback.
	251	*/
	252	struct SecKeychainCallbackInfo
	253	{
5c19dc3a A	254	UInt32 version;
	255	SecKeychainItemRef __nonnull item;
	256	SecKeychainRef __nonnull keychain;
	257	pid_t pid;
b1ab9ed8 A	258	};
	259	typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
	260
	261	/*!
	262	@function SecKeychainGetTypeID
	263	@abstract Returns the type identifier of SecKeychain instances.
	264	@result The CFTypeID of SecKeychain instances.
	265	*/
	266	CFTypeID SecKeychainGetTypeID(void);
	267
	268	/*!
	269	@function SecKeychainGetVersion
	270