[The AD RMS SDK leveraging functionality exposed by
the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or
unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1,
which leverages functionality exposed by the client in Msipc.dll.]
The DRMGetSignedIssuanceLicenseEx function acquires a signed issuance license offline. When you call the function, you can pass in the handle to a client licensor certificate (CLC) and the handle to a rights account certificate (RAC), therefore specifying the CLC and the RAC to use when acquiring the signed issuance license.
DRMEXPORT HRESULT UDAPICALL DRMGetSignedIssuanceLicenseEx( DRMENVHANDLE hEnv, DRMPUBHANDLE hIssuanceLicense, UINT uFlags, BYTE *pbSymKey, UINT cbSymKey, PWSTR wszSymKeyType, PVOID pvReserved, DRMHANDLE hEnablingPrincipal, DRMHANDLE hBoundLicenseCLC, DRMCALLBACK pfnCallback, PVOID pvContext );
A handle to a secure environment created by using the DRMInitEnvironment function. The handle is required for offline signing. Applications that do not use a lockbox should pass NULL for this parameter.
A handle to an issuance license to sign, created by using the DRMCreateIssuanceLicense function.
Contains various options for acquiring the signed issuance license. This parameter can be one of the following values (although DRM_AUTO_GENERATE_KEY and DRM_OWNER_LICENSE_NOPERSIST can be combined with other flags). If DRM_AUTO_GENERATE_KEY is not specified, you must provide your own content key with a cryptographic system, such as the CryptoAPI functions from the Platform SDK.
Specifies an offline issuance license signing request. When signing offline, the issuance license is signed by using the client licensor certificate (CLC) obtained during a previous call to DRMAcquireLicense. To get this certificate from the store, use DRMEnumerateLicense. Each CLC is tied to the server that issued it; be sure that you are using the correct client licensor certificate for the issuance license you are publishing.
This flag cannot be combined with the DRM_SIGN_ONLINE or DRM_SERVER_ISSUANCELICENSE flags.
Cancels an online signing request. Offline requests are processed immediately and do not need to be canceled.
Can be used with one of the preceding flags to have the Active Directory Rights Management Services system generate a content key for you. This key is used in encryption functions. Typically, the key type is AES and the cipher mode is ECB. If this flag is not specified, you must provide your own content key with a cryptographic system, such as with the CryptoAPI functions from the Platform SDK.
The owner license is stored in memory instead of the permanent store. The owner license can subsequently be retrieved by the DRMGetOwnerLicense function.
Causes the content key to be reused. The content key is obtained from the signed issuance license associated with the bound license (hBoundLicense) that is passed in to DRMCreateIssuanceLicense. You must ensure that the bound license is bound to either the EDITRIGHTSDATA or OWNER right. This flag is available only in Windows 7.
The content key used to encrypt the document. If this value is NULL, the uFlags parameter must specify DRM_AUTO_GENERATE_KEY or DRM_REUSE_KEY. These uFlags values cause pbSymKey to be ignored.
The size, in bytes, of the content key. Currently, this parameter can only be 16 unless the uFlags parameter specifies DRM_AUTO_GENERATE_KEY or DRM_REUSE_KEY, in which case this parameter can be zero.
The key type. The value AES specifies the Advanced Encryption Standard (AES) algorithm with the electronic code book (ECB) cipher mode. If you are using Windows 7, the value AES_CBC4K can be used to specify the AES algorithm with cipher-block chaining (CBC) cipher mode. See the DRMEncrypt code examples for more information.
Reserved for future use.
A handle to an enabling principal in the end-user license that should be bound. Create this handle by using the DRMCreateEnablingPrincipal function by passing in the rights account certificate. This parameter is required.
A pointer to the callback function used to notify the application of an asynchronous request's progress. For the signature of the callback function you must provide, see Callback Prototype.
A 32-bit, application-defined value that is sent in the pvContext parameter of the callback function. This value can be a pointer to data, a pointer to an event handle, or whatever else the custom callback function is designed to handle. For more information, see Creating a Callback Function.
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following list. For a list of common error codes, see Common HRESULT Values.
To use this function, create an enabling principal from the rights account certificate using DRMCreateEnablingPrincipal. After this, you must parse the client licensor certificate(CLC) to obtain the content ID, in the same manner as you do for the end-user license. Subsequently, call DRMCreateBoundLicense, passing in the hEnablingPrincipal obtained from the call to DRMCreateEnablingPrincipal and the content ID to create an hBoundLicense that corresponds with the CLC. Next, call DRMGetSignedIssuanceLicenseEx, passing in the hEnablingPrincipal obtained from the call to DRMCreateEnablingPrincipal and the hBoundLicense obtained from the call to DRMCreateBoundLicense. Finally, cache the handles obtained from the call to DRMCreateEnablingPrincipal and the call to DRMCreateBoundLicense.
|Windows version||Windows 7 Windows Server 2008 R2|