Skip to main content

lib3mf_core/model/
crypto.rs

1use serde::{Deserialize, Serialize};
2
3/// Represents an XML-DSIG Signature element.
4/// Namespace: <http://www.w3.org/2000/09/xmldsig#>
5#[derive(Debug, Clone, Default, Serialize, Deserialize)]
6pub struct Signature {
7    /// Signed content metadata including canonicalization and digest references.
8    pub signed_info: SignedInfo,
9    /// The base64-encoded cryptographic signature value.
10    pub signature_value: SignatureValue,
11    /// Key identification information (certificate, key name, or RSA public key).
12    pub key_info: Option<KeyInfo>,
13    // Object element is not typically used for simple 3MF signatures but spec allows it?
14    // We'll stick to core elements first.
15}
16
17/// XML-DSIG `SignedInfo` element containing the canonicalization algorithm, signature method, and references.
18#[derive(Debug, Clone, Default, Serialize, Deserialize)]
19pub struct SignedInfo {
20    /// The XML canonicalization algorithm URI.
21    pub canonicalization_method: CanonicalizationMethod,
22    /// The signature algorithm URI (e.g., RSA-SHA256).
23    pub signature_method: SignatureMethod,
24    /// List of references to signed content with their digest values.
25    pub references: Vec<Reference>,
26}
27
28/// XML canonicalization method, identified by an algorithm URI.
29#[derive(Debug, Clone, Default, Serialize, Deserialize)]
30pub struct CanonicalizationMethod {
31    /// Algorithm URI (e.g., `"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"`).
32    pub algorithm: String,
33}
34
35/// Signature algorithm specification.
36#[derive(Debug, Clone, Default, Serialize, Deserialize)]
37pub struct SignatureMethod {
38    /// Algorithm URI (e.g., `"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"`).
39    pub algorithm: String,
40}
41
42/// A single XML-DSIG reference pointing to a signed resource with its digest.
43#[derive(Debug, Clone, Default, Serialize, Deserialize)]
44pub struct Reference {
45    /// URI of the referenced resource (e.g., `/3D/3dmodel.model`).
46    pub uri: String,
47    /// The digest (hash) algorithm used.
48    pub digest_method: DigestMethod,
49    /// The base64-encoded digest value of the referenced resource.
50    pub digest_value: DigestValue,
51    // Transforms are optional in 3MF restricted profile (usually C14N is implicit or specified)
52    /// Optional list of transforms applied before digesting.
53    pub transforms: Option<Vec<Transform>>,
54}
55
56/// An XML transform applied to a reference before computing its digest.
57#[derive(Debug, Clone, Default, Serialize, Deserialize)]
58pub struct Transform {
59    /// Algorithm URI identifying the transform.
60    pub algorithm: String,
61}
62
63/// Digest algorithm specification.
64#[derive(Debug, Clone, Default, Serialize, Deserialize)]
65pub struct DigestMethod {
66    /// Algorithm URI (e.g., `"http://www.w3.org/2001/04/xmlenc#sha256"`).
67    pub algorithm: String,
68}
69
70/// Base64-encoded digest value from an XML-DSIG reference.
71#[derive(Debug, Clone, Default, Serialize, Deserialize)]
72pub struct DigestValue {
73    // Base64 encoded value usually. We store as simple String or bytes?
74    // String for XML mapping, bytes for logic?
75    // Let's store raw string here to match XML, decode later.
76    /// Base64-encoded digest string as it appears in the XML.
77    pub value: String,
78}
79
80/// Base64-encoded XML-DSIG signature value.
81#[derive(Debug, Clone, Default, Serialize, Deserialize)]
82pub struct SignatureValue {
83    /// Base64-encoded signature bytes as they appear in the XML.
84    pub value: String,
85}
86
87/// Key identification information for verifying or locating the signing key.
88#[derive(Debug, Clone, Default, Serialize, Deserialize)]
89pub struct KeyInfo {
90    // For 3MF, usually KeyName (UUID) or KeyValue (RSA Public Key)
91    /// Optional key name or UUID identifying the signing key.
92    pub key_name: Option<String>,
93    /// Optional RSA public key value embedded in the signature.
94    pub key_value: Option<KeyValue>,
95    /// Optional X.509 certificate data for the signing key.
96    pub x509_data: Option<X509Data>,
97}
98
99/// X.509 certificate container for signature verification.
100#[derive(Debug, Clone, Default, Serialize, Deserialize)]
101pub struct X509Data {
102    /// Base64-encoded PEM or DER certificate bytes.
103    pub certificate: Option<String>, // Base64 encoded PEM/DER
104}
105
106/// RSA or other asymmetric public key value embedded in a signature.
107#[derive(Debug, Clone, Default, Serialize, Deserialize)]
108pub struct KeyValue {
109    /// RSA key parameters (modulus and exponent).
110    pub rsa_key_value: Option<RSAKeyValue>,
111}
112
113/// RSA public key parameters.
114#[derive(Debug, Clone, Default, Serialize, Deserialize)]
115pub struct RSAKeyValue {
116    /// Base64-encoded RSA modulus.
117    pub modulus: String,
118    /// Base64-encoded RSA public exponent.
119    pub exponent: String,
120}
121
122// Helper types for Keystore mapping
123/// Parsed metadata from an X.509 certificate used for signing.
124#[derive(Debug, Clone)]
125pub struct CertificateInfo {
126    /// Certificate subject distinguished name.
127    pub subject: String,
128    /// Certificate issuer distinguished name.
129    pub issuer: String,
130    /// Certificate serial number.
131    pub serial_number: String,
132    // Real parsed data could be stored if we hold the X509Certificate object,
133    // but usually we just parse on demand from the PEM/DER bytes.
134}