Revocation_GetSecureEnvironment.cpp

[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]

The following example shows how to create a secure environment. The environment handle is used in the DRMCreateLicenseStorageSession function to create a license storage session that is used to retrieve the revocation list from the certificate store.

#include "RevocationList.h"

/*===================================================================
File:      Revocation_GetSecureEnvironment.cpp

THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.

Copyright (C) Microsoft.  All rights reserved.
===================================================================*/

/////////////////////////////////////////////////////////////////////
// The GetSecureEnvironment function retrieves a handle to a secure
// environment lockbox.
//
HRESULT GetSecureEnvironment(
                 PWSTR          pwszMachineCert,
                 PWSTR          pwszManifest,
                 DRMENVHANDLE*  phEnv,
                 DRMHANDLE*     phLib)
{
  HRESULT       hr = S_OK;                // Return code
  UINT          uiSecProvTypeLgth = 0;    // Provider type length
  UINT          uiSecProvPathLgth = 0;    // Provider path length
  PWSTR         pwszSecProvType  = NULL;  // Secure provider type
  PWSTR         pwszSecProvPath  = NULL;  // Path to the provider

  // Call DRMGetSecurityProvider once to retrieve the number of
  // characters, including the null terminator, needed to allocate
  // memory for the provider type and path strings.
  hr = DRMGetSecurityProvider( 
            0,                      // Reserved
            &uiSecProvTypeLgth,     // Length of the type string
            NULL,                   // Type string - NULL on input
            &uiSecProvPathLgth,     // Length of the path string
            NULL);                  // Path string - NULL on input
  if(FAILED(hr)) return hr;

  // Allocate memory for the type and path strings.
  pwszSecProvType = new WCHAR[uiSecProvTypeLgth];
  pwszSecProvPath = new WCHAR[uiSecProvPathLgth];
  if(NULL==pwszSecProvType || NULL == pwszSecProvPath)
  {
    hr = E_OUTOFMEMORY;
    return hr;
  }

  // Call DRMGetSecurityProvider again to retrieve the secure
  // provider type and path information.
  hr = DRMGetSecurityProvider( 
            0,                      // Reserved
            &uiSecProvTypeLgth,     // Length of the type string
            pwszSecProvType,        // Return type string
            &uiSecProvPathLgth,     // Length of the path string
            pwszSecProvPath );      // Path string
  if(FAILED(hr))goto e_Exit;

  // Initialize a secure environment. This requires a lockbox,
  // a signed manifest, and the machine certificate associated
  // with the user.
  hr = DRMInitEnvironment( 
          DRMSECURITYPROVIDERTYPE_SOFTWARESECREP, 
          DRMSPECTYPE_FILENAME,       // Provider is in a file
          pwszSecProvPath,            // Path to the lockbox
          pwszManifest,               // Application manifest
          pwszMachineCert,            // Machine certificate
          phEnv,                      // Return environment handle
          phLib);                     // Return library

e_Exit:
  if (NULL != pwszSecProvType)
  {
    delete [] pwszSecProvType;
    pwszSecProvType = NULL;
  }
  if (NULL != pwszSecProvPath)
  {
    delete [] pwszSecProvPath;
    pwszSecProvPath = NULL;
  }

  return hr;
}

Revocation Code Example

Revoking a Certificate