3.2.5.3 DRM Version 11 Server Message Processing Events and Sequencing Rules
The Digital Rights Management (DRM) Version 11 License Response packet is used by the license server to send a license for protected media content to a client.
The version 11 processing sequence is identical to the version 7 license response processing sequence.
Request Validation
A version 11 server MUST validate the request using the rules given for a version 7 server in DRM Version 7 Server Message Processing Events and Sequencing Rules (section 3.2.5.2).
/c:LICENSEREQUEST/CLIENTINFO/MACHINECERTIFICATE MUST be validated according to the following rules:
Validate /c:CertificateCollection
If the /c:CertificateCollection element is missing or does not have a "c:Version", "xmlns:c" attribute, the server MUST return E_FAIL (0x80000008L).
If the "c:Version" attribute value is not "2.0", the server MUST return DRM_E_INVALID_CERTCHAIN_VERSION (0xC0042945L).
If the "xmlns:c" attribute value is not http://schemas.microsoft.com/DRM/2004/02/cert, the server MUST return DRM_E_INVALID_CERTCHAIN_NAMESPACE (0xC0042954L).
There MUST be at least one child c:Certificate element. If not, the server MUST return E_FAIL (0x80000008L).
Validate /c:CertificateCollection/c:Certificate
If the inner text of this element does not contain either "<c:Data" or "</c:Data>", the server MUST return DRM_E_MACHINE_CERT_DATATAG_MISSING (0xC0042961L).
Validate /c:CertificateCollection/c:Certificate/c:Data/c:PublicKey/KeyValue/RSAKeyValue/Exponent
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
If the value of this element is not "AQAB", the server MUST return DRM_E_INVALID_EXPONENT (0xC0042959L).
Validate /c:CertificateCollection/c:Certificate/c:Data/c:PublicKey/KeyValue/RSAKeyValue/Modulus
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
If the value of this element is blank, the server MUST return DRM_E_INVALID_MODULUS (0xC0042953L).
Validate /c:CertificateCollection/c:Certificate/c:Data/c:SecurityLevel
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignedInfo/CanonicalizationMethod
If this element does not exist or does not have the attribute "Algorithm", the server MUST return E_FAIL (0x80000008L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignedInfo/SignatureMethod
If this element does not exist or does not have the attribute "Algorithm", the server MUST return E_FAIL (0x80000008L).
If the value for the attribute "Algorithm" is not "http://www.w3.org/2000/09/xmldsig#rsa-sha1", then the server MUST return DRM_E_INVALID_SIGNATURE_METHOD_ALG (0xC0042949L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignedInfo/Reference/DigestMethod
If this element does not exist or does not have the attribute "Algorithm", the server MUST return E_FAIL (0x80000008L).
If the value for the attribute "Algorithm" is not "http://www.w3.org/2000/09/xmldsig#sha1", then the server MUST return DRM_E_INVALID_DIGEST_ALG (0xC0042948L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignedInfo/Reference/Transforms/Transform
If there are not exactly two instances of this element, or if either instance does not have the attribute "Algorithm", the server MUST return E_FAIL (0x80000008L).
If the value of the attribute "Algorithm" for the first instance is not "http://www.microsoft.com/DRM/CERT/v2/Data", then the server MUST return DRM_E_INVALID_TRANSFORM_ALG (0xC0042947L).
If the value of the attribute "Algorithm" for the second instance is not "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", then the server MUST return DRM_E_INVALID_TRANSFORM_ALG (0xC0042947L).
Validate /c:CertificaetCollection/c:Certificate/Signature/SignedInfo/Reference/DigestValue
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
If the value of this element does not match the computed digest as described in section 2.2.4.1.1 <MACHINECERTIFICATE>, the server MUST return DRM_E_INVALID_DIGEST (0xC0042958L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignatureValue
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
If the value of this element does not match the computed signature as described in section 2.2.4.1.1 <MACHINECERTIFICATE>, the server MUST return E_FAIL (0x80000008L).
Validate /c:CertificateCollection/c:Certificate/Signature/SignedInfo
If this element does not exist, the server MUST return E_FAIL (0x80000008L).
Validate /c:CertificateCollection/c:Certificate/c:Data/c:ManufacturerData
If this element is present, c:ManufacturerName must be present. If it is not present, the server MUST return E_FAIL (0x80000008L).
Response Generation
The version 11 license response is generated in the same manner as the version 7 license response.