lib3mf_core/model/secure_content.rs
1use serde::{Deserialize, Serialize};
2use uuid::Uuid;
3
4/// Represents the Secure Content KeyStore, managing keys and access rights.
5/// In 3MF, this holds info about Consumers (recipients) and which resources they can decrypt.
6/// Typical flow: Resource is encrypted -> ResourceDataGroup.
7/// ResourceDataGroup key is wrapped for each Consumer.
8#[derive(Debug, Clone, Default, Serialize, Deserialize)]
9pub struct KeyStore {
10 pub uuid: Uuid,
11 pub consumers: Vec<Consumer>,
12 pub resource_data_groups: Vec<ResourceDataGroup>,
13}
14
15#[derive(Debug, Clone, Default, Serialize, Deserialize)]
16pub struct Consumer {
17 pub id: String, // Consumer ID (e.g. email or unique string)
18 pub key_id: Option<String>, // Key ID used to wrap the content key
19 pub key_value: Option<String>, // Wrapped Key Value usage (if applicable)
20 // Detailed spec has more fields for X.509 certificates etc.
21 // For now, we store basic identifiers.
22}
23
24#[derive(Debug, Clone, Default, Serialize, Deserialize)]
25pub struct ResourceDataGroup {
26 pub key_uuid: Uuid, // UUID of the content encryption key
27 pub access_rights: Vec<AccessRight>,
28 // This group logically contains resources. The resources themselves (Objects, Textures)
29 // refer to this group or are implicitly part of it via relationships.
30}
31
32#[derive(Debug, Clone, Default, Serialize, Deserialize)]
33pub struct AccessRight {
34 pub consumer_id: String,
35 pub algorithm: String, // Parsing algorithm (e.g. RSA-OAEP)
36 pub wrapped_key: Vec<u8>, // The encrypted content key for this consumer
37}
38
39// Note: In 3MF Secure Content, the actual resources are encrypted in the OPC (ZIP) container.
40// The XML metadata describes HOW to decrypt them.