tls

package
v2.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package tls facilitiates communication with Intel® AMT devices to access and configure TLS Credential Context, TLS Protocol Endpoint Collection, and TLS Setting Data features of AMT

Credential Context: This class represents the credential of the TLSProtocolEndpointCollection, by connecting a certficate to the service. The connected certificate must be a leaf certificate, and must have a matching private key. You can't enable the TLS service without a credential. When TLS is enabled the certificate can be changed using the Put method.

Protocol Endpoint Collection: This class connects the 2 instances of AMT_TLSProtocolEndpoint and can be used in order to enable/disable TLS in the system.

Setting Data: This class represents configuration-related and operational parameters for the TLS service in the Intel® AMT.

Index

Constants

View Source 
const (
	AMT_TLSCredentialContext          string = "AMT_TLSCredentialContext"
	AMT_TLSSettingData                string = "AMT_TLSSettingData"
	AMT_TLSProtocolEndpointCollection string = "AMT_TLSProtocolEndpointCollection"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Body 

type Body struct {
	XMLName                               xml.Name                           `xml:"Body"`
	SettingDataGetAndPutResponse          SettingDataResponse                `xml:"AMT_TLSSettingData"`
	CredentialContextGetResponse          CredentialContextResponse          `xml:"AMT_TLSCredentialContext"`
	ProtocolEndpointCollectionGetResponse ProtocolEndpointCollectionResponse `xml:"AMT_TLSProtocolEndpointCollection"`
	EnumerateResponse                     common.EnumerateResponse
	PullResponse                          PullResponse
}

OUTPUT Response Types

type CredentialContext 

type CredentialContext struct {
	// contains filtered or unexported fields
}

func NewTLSCredentialContextWithClient 

func NewTLSCredentialContextWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) CredentialContext

NewTLSCredentialContextWithClient instantiates a new CredentialContext

func (CredentialContext) Create added in v2.1.0 

func (credentialContext CredentialContext) Create(certHandle string) (response Response, err error)

Creates a new instance of this class

func (CredentialContext) Delete added in v2.1.0 

func (credentialContext CredentialContext) Delete(handle string) (response Response, err error)

Delete removes a the specified instance

func (CredentialContext) Enumerate 

func (credentialContext CredentialContext) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call

func (CredentialContext) Get 

func (credentialContext CredentialContext) Get() (response Response, err error)

Get retrieves the representation of the instance

func (CredentialContext) Pull 

func (credentialContext CredentialContext) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

type CredentialContextResponse 

type CredentialContextResponse struct {
	XMLName xml.Name `xml:"AMT_TLSCredentialContext"`
}

OUTPUT Response Types

type ProtocolEndpointCollection 

type ProtocolEndpointCollection struct {
	// contains filtered or unexported fields
}

func NewTLSProtocolEndpointCollectionWithClient 

func NewTLSProtocolEndpointCollectionWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) ProtocolEndpointCollection

NewTLSProtocolEndpointCollectionWithClient instantiates a new ProtocolEndpointCollection

func (ProtocolEndpointCollection) Enumerate 

func (collection ProtocolEndpointCollection) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call

func (ProtocolEndpointCollection) Get 

func (collection ProtocolEndpointCollection) Get() (response Response, err error)

Get retrieves the representation of the instance

func (ProtocolEndpointCollection) Pull 

func (collection ProtocolEndpointCollection) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

type ProtocolEndpointCollectionResponse 

type ProtocolEndpointCollectionResponse struct {
	XMLName     xml.Name `xml:"AMT_TLSProtocolEndpointCollection"`
	ElementName string   `xml:"ElementName"`
}

OUTPUT Response Types

type PullResponse 

type PullResponse struct {
	XMLName                         xml.Name                             `xml:"PullResponse"`
	SettingDataItems                []SettingDataResponse                `xml:"Items>AMT_TLSSettingData"`
	ProtocolEndpointCollectionItems []ProtocolEndpointCollectionResponse `xml:"Items>AMT_TLSProtocolEndpointCollection"`
	CredentialContextItems          []CredentialContextResponse          `xml:"Items>AMT_TLSCredentialContext"`
}

OUTPUT Response Types

type Response 

type Response struct {
	*client.Message
	XMLName xml.Name       `xml:"Envelope"`
	Header  message.Header `xml:"Header"`
	Body    Body           `xml:"Body"`
}

OUTPUT Response Types

func (*Response) JSON 

func (r *Response) JSON() string

JSON marshals the type into JSON format

func (*Response) YAML 

func (r *Response) YAML() string

YAML marshals the type into YAML format

type SettingData 

type SettingData struct {
	// contains filtered or unexported fields
}

func NewTLSSettingDataWithClient 

func NewTLSSettingDataWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) SettingData

NewTLSSettingDataWithClient instantiates a new SettingData

func (SettingData) Enumerate 

func (settingData SettingData) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call

func (SettingData) Get 

func (settingData SettingData) Get(instanceID string) (response Response, err error)

Get retrieves the representation of the instance

func (SettingData) Pull 

func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

func (SettingData) Put 

func (settingData SettingData) Put(instanceID string, tlsSettingData SettingDataRequest) (response Response, err error)

Put changes properties of the selected instance. The following properties must be included in any representation of SettingDataRequest:

- ElementName(cannot be modified)

- InstanceID (cannot be modified)

- Enabled.

This method will not modify the flash ("Enabled" property) until setupandconfiguration.CommitChanges() is issued and performed successfully.

type SettingDataRequest 

type SettingDataRequest struct {
	XMLName                       xml.Name `xml:"h:AMT_TLSSettingData"`
	H                             string   `xml:"xmlns:h,attr"`
	ElementName                   string   `xml:"h:ElementName,omitempty"`         // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
	InstanceID                    string   `xml:"h:InstanceID,omitempty"`          // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID>	Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.	<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.	For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
	MutualAuthentication          bool     `xml:"h:MutualAuthentication"`          // Adminstrator-settable property that determines whether or not mutual authentication is used at the TLS layer is used on the associated service access point. If False, then only the server authenticates itself at the TLS layer. Use of Mutual Authentication on the local interface is deprecated in Release 6.0. The feature will be removed in a future release. This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm. This property must be supplied if Enabled property is True.
	Enabled                       bool     `xml:"h:Enabled"`                       // Administrator-settable property that determines whether or not TLS is used on the associated service access point.
	TrustedCN                     []string `xml:"h:TrustedCN,omitempty"`           // An array of strings, used to validate the CN subfield of the subject field in X.509 certificates presented to Intel® AMT in the TLS handshake. This value must comply with the requirements of RFC 1035.
	AcceptNonSecureConnections    bool     `xml:"h:AcceptNonSecureConnections"`    // This setting defines once TLS is enabled and configured whether non-secure EOI/WSMAN connections are still accepted by FW on ports 16992 and 623. If AcceptNonSecureConnections is set to TRUE then non-secure connections are still accepted. If set to FALSE then non-secure connections are rejected. This setting may be set per interface for the local and network interfaces. AMT_TLSSettingData.AcceptNonSecureConnections may only be modified for the remote interface. It is a read-only property for the local interface instance.
	NonSecureConnectionsSupported bool     `xml:"h:NonSecureConnectionsSupported"` // Indicates the removal of support for the non-TLS WS-MAN ports for the remote interface. Available starting Intel CSME 16.1 firmware on Raptor Lake platforms. If this read-only field exists and its value is True, changing the value of the AcceptNonSecureConnections field is allowed only for the local interface. Note that this class and field can be accessed locally as well as remotely. Invoking the AMT_TLSSettingData.Put() command on the remote instance with AcceptNonSecureConnections set to True will fail with error code AMT_STATUS_NOT_PERMITTED. Setting AMT_TLSSettingData.Enabled to False will also fail for the remote interface.
}

type SettingDataResponse 

type SettingDataResponse struct {
	XMLName                       xml.Name `xml:"AMT_TLSSettingData"`
	ElementName                   string   `xml:"ElementName,omitempty"`         // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
	InstanceID                    string   `xml:"InstanceID,omitempty"`          // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID>	Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.	<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.	For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
	MutualAuthentication          bool     `xml:"MutualAuthentication"`          // Adminstrator-settable property that determines whether or not mutual authentication is used at the TLS layer is used on the associated service access point. If False, then only the server authenticates itself at the TLS layer. Use of Mutual Authentication on the local interface is deprecated in Release 6.0. The feature will be removed in a future release. This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm. This property must be supplied if Enabled property is True.
	Enabled                       bool     `xml:"Enabled"`                       // Administrator-settable property that determines whether or not TLS is used on the associated service access point.
	TrustedCN                     []string `xml:"TrustedCN,omitempty"`           // An array of strings, used to validate the CN subfield of the subject field in X.509 certificates presented to Intel® AMT in the TLS handshake. This value must comply with the requirements of RFC 1035.
	AcceptNonSecureConnections    bool     `xml:"AcceptNonSecureConnections"`    // This setting defines once TLS is enabled and configured whether non-secure EOI/WSMAN connections are still accepted by FW on ports 16992 and 623. If AcceptNonSecureConnections is set to TRUE then non-secure connections are still accepted. If set to FALSE then non-secure connections are rejected. This setting may be set per interface for the local and network interfaces. AMT_TLSSettingData.AcceptNonSecureConnections may only be modified for the remote interface. It is a read-only property for the local interface instance.
	NonSecureConnectionsSupported bool     `xml:"NonSecureConnectionsSupported"` // Indicates the removal of support for the non-TLS WS-MAN ports for the remote interface. Available starting Intel CSME 16.1 firmware on Raptor Lake platforms. If this read-only field exists and its value is True, changing the value of the AcceptNonSecureConnections field is allowed only for the local interface. Note that this class and field can be accessed locally as well as remotely. Invoking the AMT_TLSSettingData.Put() command on the remote instance with AcceptNonSecureConnections set to True will fail with error code AMT_STATUS_NOT_PERMITTED. Setting AMT_TLSSettingData.Enabled to False will also fail for the remote interface.
}

OUTPUT Response Types

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.