Hello every one once again.
you know sometimes I'm asking my self why am I publishing my work on my blog. and the only answer that comes to my mind I don't want the people to suffer as I suffered. really i spent a lot of my time reinventing the wheel, because the wheel which is available for every one didn't work for me. or i couldn't find any wheel out there to use.
and the funny thing this is exactly what happened to me with AD RMS or Active directory rights management system, and i suffered big time to make it work with some tiny documentation from here and there. :) specially when it comes to their fucked up SDK. so what im going to publish is how exacly RMS works in preproduction environment taking into consideration this is the only environment that you can use if you didn't sign your code from Micro-Fuck-Soft.
what is AD RMS : it is a very unique and powerful infrastructure that you install to be able to protect office documents, but if you extended the functionality you can protect PDFs or any document type you code think of if you know how the header is being organized.
what type of protection does it provide ?? its a very good question.
it gives you the functionality to restrict editing writing reading forwarding printing ... etc and you can configure the document to get expired after sometime. you can assign who should read who should write .... etc per document.
why do you need it : you need it when you have some confidential documents you which to share with some people on private or public network.
don't get me wrong on this i really hate Microsoft pretty much but this product is very fascinating one, and I'm thinking seriously about reverse engineer it and write it for open office. and if any body out there who is interested in doing so. i will be glad if we worked together.
so lets jump to the hardcore stuff since the introduction could be found out there easily and all of them is much better than mine. but what I am about to provide from hardcore point of view will never be found any where :)
how RMS Works from Developer point of view every thing starts by creating a client session to RMS Server : the functions below have a good description in microsoft MSDN so i will not spend the time addressing something which is already addressed there unless I found that I need to.
1. DRMCreateClientSession
DRMEXPORT HRESULT UDAPICALL DRMCreateClientSession(
IN DRMCALLBACK pfnCallback, // Callback
IN UINT uCallbackVersion, // Version of the callback
__in PWSTR wszGroupIDProviderType, // one of WINDOWSAUTH/PASSPORT
__in_opt PWSTR wszGroupID, // Group ID
OUT DRMHSESSION* phClient );
this function will return client session handler to be used later on in a couple of activation routines and a couple of other functions. don't worry I will iterate through all of them :)
2. DoMachineActivation
DRMEXPORT HRESULT UDAPICALL DRMActivate(
IN DRMHSESSION hClient, // Client session
IN UINT uFlags, // One/both: DRM_ACTIVATE_MACHINE/GROUPIDENTITY
IN UINT uLangID, // Language ID
IN DRM_ACTSERV_INFO* pActServInfo, // Optional activation server info
IN VOID* pvContext, // Context used for callback
IN HWND hParentWnd); // Parent window Handle
this fuction will do machine activation by creating a file called CERT-Machine under Users - your username - AppData - Local - Microsoft - DRM this file is XML file hold certificate chain and at the end of the chain is the machine public key signed by RMS Production or Preproduction certificate Hierarchy which allows the RMS Server to uniquely identify the machine is being used.
Machine certificate holds the following attributes
1. issuance date and time.
2. certificate type ID and name.
3. name and ID of the issuer.
4. location from which the certificate was retrieved.
5. principal ID, public key, digest and security processor.
6. signature created by using the private key of the AD RMS activation service.
7. certificate chain that contains the server licensor certificate and one or more CA certificates.
I got bored of writing so i will continue tomorrow stay tuned my friends. :)
No comments:
Post a Comment