Skip to main content

lib3mf_core/model/
secure_content.rs

1use serde::{Deserialize, Serialize};
2use uuid::Uuid;
3
4/// Represents the Secure Content KeyStore, managing keys and access rights.
5/// In 3MF, this holds info about Consumers (recipients) and which resources they can decrypt.
6/// Typical flow: Resource is encrypted -> ResourceDataGroup.
7/// ResourceDataGroup key is wrapped for each Consumer.
8#[derive(Debug, Clone, Default, Serialize, Deserialize)]
9pub struct KeyStore {
10    /// Unique identifier for this key store.
11    pub uuid: Uuid,
12    /// List of authorized consumers (recipients) who can decrypt resources.
13    pub consumers: Vec<Consumer>,
14    /// List of resource data groups, each protecting one or more encrypted resources.
15    pub resource_data_groups: Vec<ResourceDataGroup>,
16}
17
18/// An authorized recipient who can decrypt protected resources.
19#[derive(Debug, Clone, Default, Serialize, Deserialize)]
20pub struct Consumer {
21    /// Consumer ID (e.g., email address or a UUID string).
22    pub id: String, // Consumer ID (e.g. email or unique string)
23    /// Key ID used to wrap (encrypt) the content key for this consumer.
24    pub key_id: Option<String>, // Key ID used to wrap the content key
25    /// Wrapped (encrypted) content key value, if applicable.
26    pub key_value: Option<String>, // Wrapped Key Value usage (if applicable)
27                                   // Detailed spec has more fields for X.509 certificates etc.
28                                   // For now, we store basic identifiers.
29}
30
31/// A group of encrypted resources sharing a single content encryption key.
32#[derive(Debug, Clone, Default, Serialize, Deserialize)]
33pub struct ResourceDataGroup {
34    /// UUID of the content encryption key (CEK) protecting this group's resources.
35    pub key_uuid: Uuid, // UUID of the content encryption key
36    /// Per-consumer access rights specifying how each consumer's wrapped key is provided.
37    pub access_rights: Vec<AccessRight>,
38    // This group logically contains resources. The resources themselves (Objects, Textures)
39    // refer to this group or are implicitly part of it via relationships.
40}
41
42/// Per-consumer access right specifying the wrapped content key.
43#[derive(Debug, Clone, Default, Serialize, Deserialize)]
44pub struct AccessRight {
45    /// ID of the consumer this access right is for.
46    pub consumer_id: String,
47    /// Key wrapping algorithm URI (e.g., RSA-OAEP).
48    pub algorithm: String, // Parsing algorithm (e.g. RSA-OAEP)
49    /// The content encryption key encrypted for this consumer.
50    pub wrapped_key: Vec<u8>, // The encrypted content key for this consumer
51}
52
53// Note: In 3MF Secure Content, the actual resources are encrypted in the OPC (ZIP) container.
54// The XML metadata describes HOW to decrypt them.