Revocation Workflow for Sentinel RMS
|
This section describes the steps involved in revoking an activation on a machine by using the REST API endpoints for Sentinel RMS (excluding cloud-served lease mode and connected mode). |
Step 1: Create permission tickets
Use the endpoint, POST /ems/api/v5/activations/{activationId}/generatePermissionTickets to create a revocation request. In the input, specify the unique activation identifier and the version of target Sentinel RMS licenses to be revoked. The output is one or more permission tickets, where each permission ticket is in the form of a byte array.
For the Cloud LM mode, the permission tickets are not generated. The revocation request is created and submitted to the cloud.
NOTE
>If you misplace a permission ticket, you can generate another ticket by using the above endpoint.
>The above endpoint replaces the previous endpoint that was used for generating a permission ticket POST /ems/api/v5/activations/{activationId}/generatePermissionTicket.
To create a permission ticket, your application needs to use the Sentinel RMS API (described in the step 4 of the revocation workflow).
Step 2: Convert each permission ticket to a binary string
Your application needs to have a mechanism to convert and store each permission ticket from a byte array to a binary string. In case of multiple permission tickets, you need to repeat this step for each permission ticket.
The following C code sample converts a byte array to a binary string:
/*This function converts the data in byte array format string to binary format string*/
int convertByteArrayToBinary(char *binary, char* byteArrayString, int* length)
{
unsigned int iLen = 0;
char * pch;
char pucPermissionTicket[MAX_PERMISSION_TKT_LEN];
/*Logic To convert Byte Array to Binary String*/
pch = strtok (byteArrayString,",");
while (pch != NULL)
{
pucPermissionTicket[iLen++] = atoi(pch);
pch = strtok (NULL, ",");
}
*length = iLen;
memcpy(binary, pucPermissionTicket, iLen);
return EMS_SUCCESS;
}
For the Cloud LM mode, this step is not relevant.
Step 3: Revoke the activation on the target machine
To revoke an activation on the target machine, your application needs to use the Sentinel RMS API (described in the step 6 of the revocation workflow).
For the Cloud LM mode, this step is not relevant.
Step 4: Convert each revocation ticket to a byte array
Your application needs to have a mechanism to convert each revocation ticket from a binary string to a byte array. In case of multiple revocation tickets, you need to repeat this step for each revocation ticket.
The following C code sample converts a binary string to a byte array:
/*This function converts the data in binary format string to byte array format string */
int convertBinaryToByteArray(char* byteArrayString, char *binary, int* length)
{
int iLen = 0;
int charValue = 0;
char pch[10];
strcpy(byteArrayString, "");
/*Logic To convert Byte Array to Binary String*/
for(iLen = 0; iLen < *length; iLen++)
{
charValue = binary[iLen];
itoa(charValue, pch, 10);
if(byteArrayString == '\0')
strcpy(byteArrayString, pch);
else
strcat(byteArrayString, pch);
strcat(byteArrayString, ",");
}
iLen = strlen(byteArrayString);
*(byteArrayString + iLen - 1)='\0';
*length = iLen;
return EMS_SUCCESS;
}
For the Cloud LM mode, this step is not relevant.
Step 5: Upload revocation tickets
Use the POST /ems/api/v5/activations/{activationId}/submitRevokeProofs endpoint to upload the converted revocation tickets (in byte array) to Sentinel EMS. In case there are multiple revocation tickets for an activation ID, you need to specify all revocation tickets in the input.
NOTE The above endpoint replaces the previous endpoint that was used for generating a revocation ticket - POST /ems/api/v5/activations/{activationId}/submitRevokeProof.
For the Cloud LM mode, this step is not relevant.
Step 6: Confirm or reject the revocation
NOTE You need to perform this step only if the Auto Confirm Revocation flag is false in the Administration Console. If this flag is true, Sentinel EMS automatically confirms all revocations after the upload of revocation tickets.
To confirm the revocation, use the POST /ems/api/v5/activations/{activationId}/confirmRevoke endpoint.
To reject the revocation, use the POST /ems/api/v5/activations/{activationId}/rejectRevocation endpoint.
For the Cloud LM mode, rejecting a revocation is not supported.