From 55fe4fe62233a03fc7fcf1f73a57730615f9ad3b Mon Sep 17 00:00:00 2001 From: Oliver Lorenz <567429+olvrlrnz@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:37:58 +0100 Subject: [PATCH] ItemSearchOptions: Allow searching for certificates by serial number --- security-framework-sys/src/item.rs | 1 + security-framework/src/item.rs | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/security-framework-sys/src/item.rs b/security-framework-sys/src/item.rs index 5faa121e..d7dcb67c 100644 --- a/security-framework-sys/src/item.rs +++ b/security-framework-sys/src/item.rs @@ -28,6 +28,7 @@ extern "C" { pub static kSecAttrLabel: CFStringRef; pub static kSecAttrIsPermanent: CFStringRef; pub static kSecAttrPublicKeyHash: CFStringRef; + pub static kSecAttrSerialNumber: CFStringRef; pub static kSecPrivateKeyAttrs: CFStringRef; pub static kSecPublicKeyAttrs: CFStringRef; diff --git a/security-framework/src/item.rs b/security-framework/src/item.rs index 383ebf21..1eca1447 100644 --- a/security-framework/src/item.rs +++ b/security-framework/src/item.rs @@ -137,6 +137,7 @@ pub struct ItemSearchOptions { account: Option, access_group: Option, pub_key_hash: Option, + serial_number: Option, app_label: Option, } @@ -272,6 +273,15 @@ impl ItemSearchOptions { self } + /// Search for a certificate with the given serial number. + /// + /// This is only compatible with [`ItemClass::certificate`]. + #[inline(always)] + pub fn serial_number(&mut self, serial_number: &[u8]) -> &mut Self { + self.serial_number = Some(CFData::from_buffer(serial_number)); + self + } + /// Search for a key with the given public key hash. /// /// This is only compatible with [`ItemClass::key`], to search for a @@ -399,6 +409,13 @@ impl ItemSearchOptions { ); } + if let Some(ref serial_number) = self.serial_number { + params.add( + &kSecAttrSerialNumber.to_void(), + &serial_number.to_void(), + ); + } + if let Some(ref app_label) = self.app_label { params.add( &kSecAttrApplicationLabel.to_void(),