Pre-generating licenses

If you use Adobe Primetime DRM Professional, you can pre-generate licenses and embed licenses in content. This feature can be combined with Enhanced License Chaining, such that a Leaf license is pre-generated and embedded in the content, and the client can request a Root license (bound to a machine or domain) from a license server. Alternatively, client applications can implement a workflow where the device pre-registers with a server, the server pre-generates licenses that are bound to that device, and the client retrieves its licenses from a simple HTTP web server.

If you want to pre-generate licenses, you must use com.adobe.flashaccess.sdk.license.pregen.LicenseFactory.getInstance() to obtain an instance of LicenseFactory. You must specify a License Server credential to sign the licenses generated by this factory. This class supports generating Leaf licenses without license chaining and Leaf and Root licenses with the Enhanced license chaining.

When you generate a Leaf license, you must specify the content metadata that applies initContentInfo(). If the metadata includes multiple DRM policies, or if you want to use a DRM policy that has not been included in the metadata, you must use setSelectedPolicy() to specify the DRM policy to generate a license. If you use a DRM Policy Update List to track updates to DRM policies, you can provide the DRM Policy Update List to the License Factory before you initialize the metadata with setPolicyUpdateList().

When you generate a Root license, you must specify the content metadata as described above. Alternatively, you can generate a Root license by applying a DRM policy ( setSelectedPolicy()) and a license server URL ( setLicenseServerURL()) instead of metadata.


A License Server URL is required even if there is no Adobe Primetime DRM License Server from which the clients can request a license. In this case, the License Server URL should specify a URL identifying the license issuer.

If the DRM policy uses Enhanced License Chaining, you must specify a License Server credential to decrypt the Root Encryption Key in the DRM policy ( setRootKeyRetrievalInfo()).

If the DRM policy requires a domain bound license, you must use setDomainCAs() to specify the Domain issuers from which the license server accepts domain tokens. One or more Domain CA certificates must be provided to validate the license recipient.

If the DRM policy requires remote key delivery for iOS devices, you must provide the Key Server Certificate by applying setKeyServerCertificate() unless a chained Leaf is being generated.

If you want to generate a license, you must invoke generateLicense() and specify the license type (Leaf or Root) and one or more recipient certificates. The recipient certificate represents either a machine certificate or domain certificate, depending on the requirements that are specified in the DRM policy. If you generate a chained Leaf, a recipient is not required. After the license has been generated, you can override the usage rules that have been specified in the DRM policy. Finally, you need to invoke signLicense() to sign the license and obtain an instance of PreGeneratedLicense. The license can now be saved (use getBytes() to retrieve the serialized license or embedded in encrypted content.

See Embedding Licenses.

See com.adobe.flashaccess.samples.licensegen.GenerateLicense in the Reference Implementation Command Line Tools “samples” directory for sample code on how to demonstrate pre-generated licenses.

On this page