kornelski · kornelski · Feb 6, 2019 · Feb 6, 2019 · Feb 6, 2019 · Feb 6, 2019
diff --git a/security-framework-sys/src/item.rs b/security-framework-sys/src/item.rs
@@ -22,7 +22,9 @@ extern "C" {
     pub static kSecAttrKeyType: CFStringRef;
     pub static kSecAttrLabel: CFStringRef;
 
-    #[cfg(target_os = "macos")]
+    pub static kSecAttrKeySizeInBits: CFStringRef;
+
+    pub static kSecAttrKeyTypeECSECPrimeRandom: CFStringRef;
     pub static kSecAttrKeyTypeRSA: CFStringRef;
     #[cfg(target_os = "macos")]
     pub static kSecAttrKeyTypeDSA: CFStringRef;

diff --git a/security-framework-sys/src/key.rs b/security-framework-sys/src/key.rs
@@ -1,7 +1,6 @@
 use core_foundation_sys::base::CFTypeID;
 #[cfg(target_os = "macos")]
 use core_foundation_sys::data::CFDataRef;
-#[cfg(target_os = "macos")]
 use core_foundation_sys::dictionary::CFDictionaryRef;
 #[cfg(target_os = "macos")]
 use core_foundation_sys::error::CFErrorRef;
@@ -18,6 +17,8 @@ extern "C" {
         error: *mut CFErrorRef,
     ) -> SecKeyRef;
 
-    #[cfg(feature = "OSX_10_12")]
+    #[cfg(any(feature = "OSX_10_12", target_os = "ios"))]
     pub fn SecKeyCopyExternalRepresentation(key: SecKeyRef, error: *mut CFErrorRef) -> CFDataRef;
+    #[cfg(any(feature = "OSX_10_12", target_os = "ios"))]
+    pub fn SecKeyCopyAttributes(key: SecKeyRef) -> CFDictionaryRef;
 }
diff --git a/security-framework-sys/src/policy.rs b/security-framework-sys/src/policy.rs
@@ -6,4 +6,5 @@ use base::SecPolicyRef;
 extern "C" {
     pub fn SecPolicyCreateSSL(server: Boolean, hostname: CFStringRef) -> SecPolicyRef;
     pub fn SecPolicyGetTypeID() -> CFTypeID;
+    pub fn SecPolicyCreateBasicX509() -> SecPolicyRef;
 }
diff --git a/security-framework-sys/src/trust.rs b/security-framework-sys/src/trust.rs
@@ -1,7 +1,7 @@
 use base::SecCertificateRef;
+use base::SecKeyRef;
 use core_foundation_sys::array::CFArrayRef;
 use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus};
-
 pub type SecTrustResultType = u32;
 
 pub const kSecTrustResultInvalid: SecTrustResultType = 0;
@@ -35,4 +35,5 @@ extern "C" {
         trust: *mut SecTrustRef,
     ) -> OSStatus;
     pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus;
+    pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef;
 }
diff --git a/security-framework/src/item.rs b/security-framework/src/item.rs
@@ -226,7 +226,7 @@ unsafe fn get_item(item: CFTypeRef) -> SearchResult {
         return SearchResult::Data(buf);
     }
 
-    if type_id == CFDictionary::type_id() {
+    if type_id == CFDictionary::<*const u8, *const u8>::type_id() {
         return SearchResult::Dict(CFDictionary::wrap_under_get_rule(item as *mut _));
     }
 

diff --git a/security-framework/src/policy.rs b/security-framework/src/policy.rs
@@ -40,6 +40,14 @@ impl SecPolicy {
             SecPolicy::wrap_under_create_rule(policy)
         }
     }
+
+    /// Returns a policy object for the default X.509 policy.
+    pub fn create_x509() -> SecPolicy {
+        unsafe {
+            let policy = SecPolicyCreateBasicX509();
+            SecPolicy::wrap_under_create_rule(policy)
+        }
+    }
 }
 
 #[cfg(test)]

diff --git a/security-framework/src/trust.rs b/security-framework/src/trust.rs
@@ -10,6 +10,7 @@ use std::ptr;
 use base::Result;
 use certificate::SecCertificate;
 use cvt;
+use key::SecKey;
 use policy::SecPolicy;
 
 /// The result of trust evaluation.
@@ -103,6 +104,15 @@ impl SecTrust {
         unsafe { cvt(SecTrustSetPolicies(self.0, policy.as_CFTypeRef())) }
     }
 
+    /// Returns the public key for a leaf certificate after it has been evaluated.
+    pub fn copy_public_key(&mut self) -> Result<SecKey> {
+        unsafe {
+            Ok(SecKey::wrap_under_create_rule(SecTrustCopyPublicKey(
+                self.0,
+            )))
+        }
+    }
+
     /// Evaluates trust.
     // FIXME should return &mut self
     pub fn evaluate(&self) -> Result<TrustResult> {