3.3.4.1 Precertify
In the Precertify operation, the requestor specifies a recipient's identity and the server returns that recipient's public key certificate.
Figure 6: Precertify operation message sequence
-
<wsdl:operation name="Precertify"> <wsdl:input message="tns:PrecertifySoapIn" /> <wsdl:output message="tns:PrecertifySoapOut" /> </wsdl:operation>
To perform the request validation, the server MUST validate the input parameters upon receiving a Precertify request. The Precertify request includes the following parameters:
|
Parameter |
Description |
|---|---|
|
UserName |
The name of the user, specified as an email address. A request MUST include either UserName or Identification, but it can include both. If both are included, the server SHOULD check that both UserName and Identification identify the same user and, if not, return an UnauthorizedAccessException exception. |
|
Identification.AuthenticationMode |
The authentication mode used by the user during bootstrapping. If Identification is present, both AuthenticationMode and Id SHOULD<4> be present. |
|
Identification.Id |
The identification of the user, based on the AuthenticationMode. If Identification is present, both AuthenticationMode and Id MUST be present. The Id MUST be a security identifier (SID) as defined in [MS-DTYP] section 2.4.2.1. |
|
Identification.Email |
SHOULD be NULL. |
|
Identification.ProxyAddresses |
SHOULD be NULL. |
For a successful request, the server verifies that the user specified in the request can be identified, that the information in the request is not contradictory, and that the server is able to issue an RAC for the user. Once this validation is complete, the server retrieves the user's RAC public key. If the user's RAC public key does not yet exist, the server generates it and then retrieves it. After the server has retrieved the user's RAC public key, the server generates the user's public key certificate, signs the certificate, and returns it in the response.
A successful Precertify response MUST return the public key certificate of the user specified in the request. For an unsuccessful request the server MUST throw an exception.
Exceptions Thrown:
The Precertify operation MUST throw either Common Fault Codes for the RMS: ISV Extension Protocol, as described in section 3.1.4.2, or the following exception.
|
Exception |
Description |
|---|---|
|
ClusterDecommissionedException |
The RMS Server is in decommissioning mode. In this mode, it will only service requests to the Decommissioning interface. All other requests are rejected. |
|
Microsoft.DigitalRightsManagement.Core.DRMSArgumentException |
An argument exception occurred. See the inner exception. |
|
System.UnauthorizedAccessException |
Access is unauthorized. |