To issue a leaf license to the user, the SDK must decrypt the CEK contained in the content metadata and re-encrypt it for the machine requesting a license. To decrypt the CEK, the server must provide information required to decrypt the key. Call ContentInfo.setKeyRetrievalInfo() and provide an AsymmetricKeyRetrieval object. If the metadata contains multiple policies, the server must determine which policy to use and call LicenseRequestMessage.setSelectedPolicy() . Then call LicenseRequestMessage.generateLicense() to generate the license. Using the License object that is returned, you may modify the expiration or rights in the license.
If an ExternalKeyRetrieval object is specified in the ContentInfo object, then the license server is expected to use the associated CEK ID to fetch the appropriate CEK that will be inserted into the license. For more details on how to use the External CEK workflow, see Adobe Access DRM External CEK Overview