Show Menu
TOPICS×

Policy Manager Command-line usage

java -jar AdobePolicyManager.jar  
<i class="+ topic ph hi-d="" i "="">
  command filename [options] 
</i class="+ topic>

Table 1: Commands
Command
Description
new
Creates a new DRM policy
detail
Describes an existing DRM policy
update
Updates an existing DRM policy
Table 2: Options
Command-line option
Description
-c configfile
Specifies the name and location of the configuration file.
If you do not specify a name or a location, the DRM Policy Manager searches for flashaccesstools.properties in the current working directory.
Note: Options that you specify on the command line take precedence over the options you specify in the configuration file.
-o
If the destination file exists, you can overwrite the file without being prompted.
-noprompt
Do not ask if the destination file should be overwritten. If the destination file exists and -o is not set, an error occurs.
-root
Indicates that the DRM policy has a root license.
This option is not available for updates.
-e date
The date before licenses becomes valid.
You can specify the date in yyyy-mm-dd or yyyy-mm-dd-h24:min:sec format. For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008.
  • The value must be greater than the value of -s if present.
  • You cannot apply this option with -r .
  • To remove the end date when you update a DRM policy, apply -e without specifying a date.
-r minutes
The duration in minutes that the protected content is valid.
The DRM policy becomes valid when the content is protected with the packager.
  • The value must be non-negative.
  • You cannot apply this option along with -e .
  • To remove or delete the duration when you update a DRM policy, apply -r without specifying any minutes.
-s date
The date that the licenses become valid.
You can specify the date in the yyyy-mm-dd or yyyy-mm-dd-h24:min:sec format. For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008.
  • The value must be less than the value of -e , if present.
  • You cannot apply this option along with -r .
  • To remove or delete the start date when you update a DRM policy, use -s without specifying a date.
-w [<minutes>[,enableHS|disableHS]]
Playback window, which is the number of minutes the content can be viewed from the first playback.
If unspecified, or if -w is used without specifying a number of minutes, there is no playback window limitation. The value must be non-negative.
The optional enableHS or disableHS flag signals whether to enable or disable hard stop. The flag indicates whether the decryption context is destroyed at the end of the playback window (enabled) or not destroyed (disabled).
For example, to specify that the content may only be viewed for 60 minutes and requires hard stop:
       -w&nbsp;60,enableHS 
     

Note: Hard stop is not currently supported in Flash Player, Android, and iOS.
-l minutes
The license caching duration is the time in minutes that a license can be cached in the client's License Store after the license has been issued by the server. The value must be non-negative.
You can specify -l 0 to indicate that license caching is not permitted. For unlimited license caching, specify -l without any minutes.
-ldate date
The license caching end date.
This indicates the final date that the client can cache licenses in the client's License Store after the Primetime DRM server has issued the license.
You can specify the date in the following formats:
  • yyyy-mm-dd
  • yyyy-mm-dd-h24:min:sec
For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008. You need to apply -l without specifying any minutes for unlimited license caching.
-authNS
The authentication namespace.
If you apply this option, then the client needs to enter a user name and password that was issued by the specified authority.
You cannot apply this option along with -x .
This option is not allowed for updates.
-x
Allow anonymous access.
You cannot apply this option along with -authNS .
This option is not allowed for updates.
-air pubId [: appId [:[ min ]:[ max ]]]
A whitelist of AIR applications that can play protected content.
You can apply this option to restrict which publishers, applications, and versions can access the content that is protected with this DRM policy.
If you do not specify appId , all of the applications for publisher pubId are allowed.
Note: min and max version numbers are optional.
You can specify multiple -air options to allow multiple applications. If you do not specify an AIR or SWF application, all of the applications can access this content. During an update, to remove or delete all entries from the list, apply -air without the remaining arguments .
-drmBlacklist name / value pairs
The DRM clients that are restricted from getting access to protected content.
The value supports comma-separated name:value pairs in the following format:
os | release= stringValue
For example, os=Win,release=2.0.1 . During an update, to remove all entries from the list, apply -drmBlacklist without the remaining arguments.
-drmLevel int
Indicates that DRM clients must have an assigned minimum security level to get access to protected content.
-opAnalog NO_PROTECTION | USE_IF_AVAILABLE | REQUIRED | NO_PLAYBACK | REQUIRED_ACP | REQUIRED_CGMSA | USE_IF_AVAILABLE_ACP | USE_IF_AVAILABLE_CGMSA
Analog output protection constraints
-opDigital NO_PROTECTION | USE_IF_AVAILABLE | REQUIRED | NO_PLAYBACK
Digital output protection constraints
-runtimeBlacklist name / value pairs
The application runtimes that are restricted from accessing protected content.
The value support comma-separated name:value pairs in the following format:
os | application | release= stringValue
For example, os=Win,release=2.0.1,application=AIR . During an update, to remove all entries from the list, apply -runtimeBlacklist without the remaining arguments .
-runtimeLevel int
Indicates that the application runtimes must have a specified minimum security level to access protected content.
-swf url
-swf file= swf_file , time= max_time_to_verify
A whitelist of SWF applications that are allowed to play protected content.
You can specify multiple -swf options to allow multiple applications. If you do not specify any AIR or SWF applications, all of the applications can access this content.
During an update, to remove all entries from the list, apply -swf without the remaining arguments . If you want to identify a SWF by its hash value, you need to specify the SWF file for which to compute the hash and the maximum time to allow for SWF verification to complete (in seconds).
-k name= value
Specifies custom key/values that you want to add to a DRM policy.
You can specify multiple -k options. During update, you can apply -k without the remaining arguments if you want to remove all properties. The interpretation or handling of the data is managed by the Primetime DRM license server.
-p name= value
Adds a custom property that appears in the license generated for each client.
You can specify multiple -p options to add multiple properties. During an update, you need to apply -p without the remaining arguments if you want to remove all properties. The interpretation or handling of this data is managed by the implementation of the client application.
-opOTA whitelist=<connection types> Over the air (OTA) output protection constraints. The whitelist field specifies which connection types to whitelist and the format of <connection types> is [type(,type)*] , where type can be any of the following: MIRACAST, AIRPLAY, WIDI, DLNA
-opResolution <filename>
Resolution-based output protection constraints as defined in the specified file.
The encoding of this file is JSON. The grammar for the formatting can be found in About Resolution-Based Output Protection .
Examples
To create a policy that allows anonymous access to your content, using your own configuration properties file:
java -jar libs\AdobePolicyManager.jar new policy_test.pol -x -c my_configuration.properties