Share via


RevocationCondition object

The RevocationCondition object contains the revocation policy for a rights policy template. Revocation is implemented by using revocation lists that are distributed to client computers by an administrator and to a public location such as a web server. Each list is a signed XrML file that specifies the content, application, user, or other principal that has been revoked.

When the user of an RMS-enabled application attempts to open protected content, the application sends a binding request to the AD RMS software installed on the client computer. The AD RMS client:

  • Evaluates the use license for revocation list requirements.
  • Retrieves the list locally or from the public URL.
  • Determines whether the list is current.
  • Verifies that the list signer is identified in the license as a principal that can revoke the license.
  • Determines whether any principals involved in the initial binding requests have been revoked.
  • Verifies the revocation list signature by using the associated public key.

If any of these steps fail, the binding request is denied. You can use the RevocationCondition object to specify the public URL and identify a file that contains the public key. The object can be retrieved by calling the RevocationCondition property on the RightsTemplate object.

Members

The RevocationCondition object has these types of members:

Properties

The RevocationCondition object has these properties.

Property Description
PublicKeyFile
Specifies the path of the file that contains the public key associated with the private key that signed revocation list.
RefreshPerDays
Specifies or retrieves the maximum number of days after a revocation list has been created before it must be refreshed.
Url
Specifies or retrieves the URL or UNC path from which the revocation list can be obtained.

Examples

DIM config_manager
DIM admin_role

' *******************************************************************
' Create and initialize a ConfigurationManager object.

SUB InitObject()

  CALL WScript.Echo( "Create ConfigurationManager object...")
  SET config_manager = CreateObject _
    ("Microsoft.RightsManagementServices.Admin.ConfigurationManager")      
  CheckError()
    
  CALL WScript.Echo( "Initialize...")
  admin_role=config_manager.Initialize(false,"localhost",80,"","","")
  CheckError()

END SUB

' *******************************************************************
' Add revocation information to a template. 

SUB AddRevocation()

  DIM template_manager
  DIM templateColl
  DIM templateObj
  DIM summary
  DIM rights
  DIM appData
  DIM itemIndex

  ' Retrieve the RightsTemplatePolicy object.
  SET template_manager = config_manager.RightsTemplatePolicy
  CheckError()

  ' Retrieve the rights template collection.
  SET templateColl = template_manager.RightsTemplateCollection
  CheckError()

  ' Retrieve the first template in the collection.
  SET templateObj = template_manager.RightsTemplateCollection.Item(0)
  CheckError()
    
  ' Add revocation information to the first template.
  templateObj.RevocationCondition.Url = "https://test"
  templateObj.RevocationCondition.RefreshPerDays = 30
  templateObj.RevocationCondition.PublicKeyFile = "PublicKey.dat"
  CheckError()
  
  ' Update the templates on the server.
  template_manager.RightsTemplateCollection.Update( templateObj )
  CheckError()

END SUB

' *******************************************************************
' Error checking function.

FUNCTION CheckError()
  CheckError = Err.number
  IF Err.number <> 0 THEN
    CALL WScript.Echo( vbTab & "*****Error Number: " _
                       & Err.number _
                       & " Desc:" _
                       & Err.Description _
                       & "*****")
    WScript.StdErr.Write(Err.Description)
    WScript.Quit( Err.number )
  END IF
END FUNCTION

' *******************************************************************
' Generate a runtime error.

SUB RaiseError(errId, desc)
  CALL Err.Raise( errId, "", desc )
  CheckError()
END SUB

Requirements

Minimum supported client
None supported
Minimum supported server
Windows Server 2008
Assembly
Microsoft.RightsManagementServices.Admin.dll

See also

Active Directory Rights Management Services Scripting API Reference

RightsTemplate