3.2.4.1 AcquireContentKey

In the AcquireContentKey operation, the requestor submits a publishing license and the server returns the content key from that publishing license.

Figure 5: AcquireContentKey operation message sequence

 <wsdl:operation name="AcquireContentKey">
   <wsdl:input message="tns:AcquireContentKeySoapIn" /> 
   <wsdl:output message="tns:AcquireContentKeySoapOut" /> 
 </wsdl:operation>

To perform the request validation, the server MUST validate the input parameters upon receiving an AcquireContentKey request and the server MUST be configured to accept decommissioning requests.

If a request includes more than one publishing license, the server SHOULD ignore all but the first PL. The server decrypts the base-64 content key from the publishing license, determines its type, and returns both the key and its type in the response.

For a successful response, the server SHOULD determine whether the PRINCIPAL element in the ISSUEDPRINCIPALS element of the publishing license matches the PRINCIPAL in the ISSUEDPRINCIPALS of the SLC certificate chain of the ServerState element, as defined in [MS-RMPR] section 3.1.1.2.1, or in one of the elements in the trustedLicensingServers element set in the ServerState, as defined in [MS-RMPR] section 3.1.1.1. A match is determined by comparing the OBJECT ID as well as the size and value of the modulus parameter in the PUBLICKEY element of the ISSUEDPRINCIPALS elements being compared. If there is a match, the server MUST return the decrypted content key from the publishing license that was submitted in the request. The content key type MUST be "AES" or "DES" based on the content key itself. The response SHOULD contain a single content key.

For an unsuccessful request, if the server determines that the PRINCIPAL in the ISSUEDPRINCIPALS of the publishing license does not match the PRINCIPAL in the ISSUEDPRINCIPALS of the SLC certificate chain in ServerState or in one of the elements of the trustedLicensingServers set in the ServerState, the server SHOULD return a Microsoft.DigitalRightsManagement.UnsignedIssuanceLicenseNoMatchingIssuedPrincipalException SOAP fault code. If the value of the serverDecommissioned field, as defined in [MS-RMPR] section 3.1.1.1, of the ServerState is False on the requested server, the server SHOULD return a Microsoft.DigitalRightsManagement.Utilities.ClusterNotDecommissionedException SOAP fault code.

Exceptions Thrown: The AcquireContentKey operation MUST throw Common Fault Codes for the RMS: ISV Extension Protocol, as described in section 3.1.4.2, or one of the following exceptions.

Exception	Description
ClusterNotDecommissionedException	A decommission request was received, but Active Directory RMS is not in a decommissioned state and cannot honor the request.
UnsignedIssuanceLicenseNoMatchingIssuedPrincipalException	None of the issued principals match this server.