Documentation
¶
Overview ¶
Package tls facilitiates communication with Intel® AMT devices to access and configure TLS Credential Context, TLS Protocol Endpoint Collection, and TLS Setting Data features of AMT
Credential Context: This class represents the credential of the TLSProtocolEndpointCollection, by connecting a certficate to the service. The connected certificate must be a leaf certificate, and must have a matching private key. You can't enable the TLS service without a credential. When TLS is enabled the certificate can be changed using the Put method.
Protocol Endpoint Collection: This class connects the 2 instances of AMT_TLSProtocolEndpoint and can be used in order to enable/disable TLS in the system.
Setting Data: This class represents configuration-related and operational parameters for the TLS service in the Intel® AMT.
Index ¶
- Constants
- type Body
- type CredentialContext
- func (credentialContext CredentialContext) Create(certHandle string) (response Response, err error)
- func (credentialContext CredentialContext) Delete(handle string) (response Response, err error)
- func (credentialContext CredentialContext) Enumerate() (response Response, err error)
- func (credentialContext CredentialContext) Get() (response Response, err error)
- func (credentialContext CredentialContext) Pull(enumerationContext string) (response Response, err error)
- func (credentialContext CredentialContext) Put(certHandle string) (response Response, err error)
- type CredentialContextCreateResponse
- type CredentialContextResponse
- type ElementInContextResponse
- type ElementProvidingContextResponse
- type EndpointReferenceResponse
- type ProtocolEndpointCollection
- type ProtocolEndpointCollectionResponse
- type PullResponse
- type ReferenceParametersResponse
- type Response
- type SelectorResponse
- type SelectorSetResponse
- type SettingData
- func (settingData SettingData) Enumerate() (response Response, err error)
- func (settingData SettingData) Get(instanceID string) (response Response, err error)
- func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)
- func (settingData SettingData) Put(instanceID string, tlsSettingData SettingDataRequest) (response Response, err error)
- type SettingDataRequest
- type SettingDataResponse
Constants ¶
View Source
const ( AMTTLSCredentialContext string = "AMT_TLSCredentialContext" AMTTLSSettingData string = "AMT_TLSSettingData" AMTTLSProtocolEndpointCollection string = "AMT_TLSProtocolEndpointCollection" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Body ¶
type Body struct {
XMLName xml.Name `xml:"Body"`
SettingDataGetAndPutResponse SettingDataResponse `xml:"AMT_TLSSettingData"`
CredentialContextGetResponse CredentialContextResponse `xml:"AMT_TLSCredentialContext"`
CredentialContextCreateResponse CredentialContextCreateResponse `xml:"ResourceCreated"`
ProtocolEndpointCollectionGetResponse ProtocolEndpointCollectionResponse `xml:"AMT_TLSProtocolEndpointCollection"`
EnumerateResponse common.EnumerateResponse
PullResponse PullResponse
}
OUTPUT Response Types.
type CredentialContext ¶
type CredentialContext struct {
// contains filtered or unexported fields
}
func NewTLSCredentialContextWithClient ¶
func NewTLSCredentialContextWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) CredentialContext
NewTLSCredentialContextWithClient instantiates a new CredentialContext.
func (CredentialContext) Create ¶ added in v2.1.0
func (credentialContext CredentialContext) Create(certHandle string) (response Response, err error)
Creates a new instance of this class.
func (CredentialContext) Delete ¶ added in v2.1.0
func (credentialContext CredentialContext) Delete(handle string) (response Response, err error)
Delete removes a the specified instance.
func (CredentialContext) Enumerate ¶
func (credentialContext CredentialContext) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call.
func (CredentialContext) Get ¶
func (credentialContext CredentialContext) Get() (response Response, err error)
Get retrieves the representation of the instance.
type CredentialContextCreateResponse ¶ added in v2.12.0
type CredentialContextCreateResponse struct {
XMLName xml.Name `xml:"ResourceCreated"`
Address string `xml:"Address,omitempty"`
ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}
OUTPUT Response Types.
type CredentialContextResponse ¶
type CredentialContextResponse struct {
XMLName xml.Name `xml:"AMT_TLSCredentialContext"`
ElementInContext ElementInContextResponse `xml:"ElementInContext"`
ElementProvidingContext ElementProvidingContextResponse `xml:"ElementProvidingContext"`
}
OUTPUT Response Types.
type ElementInContextResponse ¶ added in v2.5.1
type ElementInContextResponse struct {
XMLName xml.Name `xml:"ElementInContext"`
Address string `xml:"Address,omitempty"`
ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}
OUTPUT Response Types.
type ElementProvidingContextResponse ¶ added in v2.5.1
type ElementProvidingContextResponse struct {
XMLName xml.Name `xml:"ElementProvidingContext"`
Address string `xml:"Address,omitempty"`
ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}
OUTPUT Response Types.
type EndpointReferenceResponse ¶ added in v2.12.0
type EndpointReferenceResponse struct {
XMLName xml.Name `xml:"EndpointReference"`
Address string `xml:"Address,omitempty"`
ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}
OUTPUT Response Types.
type ProtocolEndpointCollection ¶
type ProtocolEndpointCollection struct {
// contains filtered or unexported fields
}
func NewTLSProtocolEndpointCollectionWithClient ¶
func NewTLSProtocolEndpointCollectionWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) ProtocolEndpointCollection
NewTLSProtocolEndpointCollectionWithClient instantiates a new ProtocolEndpointCollection.
func (ProtocolEndpointCollection) Enumerate ¶
func (collection ProtocolEndpointCollection) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call.
func (ProtocolEndpointCollection) Get ¶
func (collection ProtocolEndpointCollection) Get() (response Response, err error)
Get retrieves the representation of the instance.
type ProtocolEndpointCollectionResponse ¶
type ProtocolEndpointCollectionResponse struct {
XMLName xml.Name `xml:"AMT_TLSProtocolEndpointCollection"`
ElementName string `xml:"ElementName"`
}
OUTPUT Response Types.
type PullResponse ¶
type PullResponse struct {
XMLName xml.Name `xml:"PullResponse"`
SettingDataItems []SettingDataResponse `xml:"Items>AMT_TLSSettingData"`
ProtocolEndpointCollectionItems []ProtocolEndpointCollectionResponse `xml:"Items>AMT_TLSProtocolEndpointCollection"`
CredentialContextItems []CredentialContextResponse `xml:"Items>AMT_TLSCredentialContext"`
}
OUTPUT Response Types.
type ReferenceParametersResponse ¶ added in v2.5.1
type ReferenceParametersResponse struct {
XMLName xml.Name `xml:"ReferenceParameters,omitempty"`
ResourceURI string `xml:"ResourceURI,omitempty"`
SelectorSet SelectorSetResponse `xml:"SelectorSet,omitempty"`
}
OUTPUT Response Types.
type Response ¶
type Response struct {
*client.Message
XMLName xml.Name `xml:"Envelope"`
Header message.Header `xml:"Header"`
Body Body `xml:"Body"`
}
OUTPUT Response Types.
type SelectorResponse ¶ added in v2.5.1
type SelectorResponse struct {
XMLName xml.Name `xml:"Selector,omitempty"`
Name string `xml:"Name,attr,omitempty"`
Text string `xml:"Text,omitempty"`
EndpointReference EndpointReferenceResponse `xml:"EndpointReference,omitempty"`
}
OUTPUT Response Types.
type SelectorSetResponse ¶ added in v2.5.1
type SelectorSetResponse struct {
XMLName xml.Name `xml:"SelectorSet,omitempty"`
Selectors []SelectorResponse `xml:"Selector,omitempty"`
}
OUTPUT Response Types.
type SettingData ¶
type SettingData struct {
// contains filtered or unexported fields
}
func NewTLSSettingDataWithClient ¶
func NewTLSSettingDataWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) SettingData
NewTLSSettingDataWithClient instantiates a new SettingData.
func (SettingData) Enumerate ¶
func (settingData SettingData) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call.
func (SettingData) Get ¶
func (settingData SettingData) Get(instanceID string) (response Response, err error)
Get retrieves the representation of the instance.
func (SettingData) Pull ¶
func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)
Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.
func (SettingData) Put ¶
func (settingData SettingData) Put(instanceID string, tlsSettingData SettingDataRequest) (response Response, err error)
Put changes properties of the selected instance. The following properties must be included in any representation of SettingDataRequest:
- ElementName(cannot be modified)
- InstanceID (cannot be modified)
- Enabled.
This method will not modify the flash ("Enabled" property) until setupandconfiguration.CommitChanges() is issued and performed successfully.
type SettingDataRequest ¶
type SettingDataRequest struct {
XMLName xml.Name `xml:"h:AMT_TLSSettingData"`
H string `xml:"xmlns:h,attr"`
ElementName string `xml:"h:ElementName,omitempty"` // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
InstanceID string `xml:"h:InstanceID,omitempty"` // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID> Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>. <LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance. For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
MutualAuthentication bool `xml:"h:MutualAuthentication"` // Administrator-settable property that determines whether or not mutual authentication is used at the TLS layer is used on the associated service access point. If False, then only the server authenticates itself at the TLS layer. Use of Mutual Authentication on the local interface is deprecated in Release 6.0. The feature will be removed in a future release. This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm. This property must be supplied if Enabled property is True.
Enabled bool `xml:"h:Enabled"` // Administrator-settable property that determines whether or not TLS is used on the associated service access point.
TrustedCN []string `xml:"h:TrustedCN,omitempty"` // An array of strings, used to validate the CN subfield of the subject field in X.509 certificates presented to Intel® AMT in the TLS handshake. This value must comply with the requirements of RFC 1035.
AcceptNonSecureConnections bool `xml:"h:AcceptNonSecureConnections"` // This setting defines once TLS is enabled and configured whether non-secure EOI/WSMAN connections are still accepted by FW on ports 16992 and 623. If AcceptNonSecureConnections is set to TRUE then non-secure connections are still accepted. If set to FALSE then non-secure connections are rejected. This setting may be set per interface for the local and network interfaces. AMT_TLSSettingData.AcceptNonSecureConnections may only be modified for the remote interface. It is a read-only property for the local interface instance.
NonSecureConnectionsSupported bool `xml:"h:NonSecureConnectionsSupported"` // Indicates the removal of support for the non-TLS WS-MAN ports for the remote interface. Available starting Intel CSME 16.1 firmware on Raptor Lake platforms. If this read-only field exists and its value is True, changing the value of the AcceptNonSecureConnections field is allowed only for the local interface. Note that this class and field can be accessed locally as well as remotely. Invoking the AMT_TLSSettingData.Put() command on the remote instance with AcceptNonSecureConnections set to True will fail with error code AMT_STATUS_NOT_PERMITTED. Setting AMT_TLSSettingData.Enabled to False will also fail for the remote interface.
}
type SettingDataResponse ¶
type SettingDataResponse struct {
XMLName xml.Name `xml:"AMT_TLSSettingData"`
ElementName string `xml:"ElementName,omitempty"` // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
InstanceID string `xml:"InstanceID,omitempty"` // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID> Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>. <LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance. For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
MutualAuthentication bool `xml:"MutualAuthentication"` // Administrator-settable property that determines whether or not mutual authentication is used at the TLS layer is used on the associated service access point. If False, then only the server authenticates itself at the TLS layer. Use of Mutual Authentication on the local interface is deprecated in Release 6.0. The feature will be removed in a future release. This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm. This property must be supplied if Enabled property is True.
Enabled bool `xml:"Enabled"` // Administrator-settable property that determines whether or not TLS is used on the associated service access point.
TrustedCN []string `xml:"TrustedCN,omitempty"` // An array of strings, used to validate the CN subfield of the subject field in X.509 certificates presented to Intel® AMT in the TLS handshake. This value must comply with the requirements of RFC 1035.
AcceptNonSecureConnections bool `xml:"AcceptNonSecureConnections"` // This setting defines once TLS is enabled and configured whether non-secure EOI/WSMAN connections are still accepted by FW on ports 16992 and 623. If AcceptNonSecureConnections is set to TRUE then non-secure connections are still accepted. If set to FALSE then non-secure connections are rejected. This setting may be set per interface for the local and network interfaces. AMT_TLSSettingData.AcceptNonSecureConnections may only be modified for the remote interface. It is a read-only property for the local interface instance.
NonSecureConnectionsSupported *bool `xml:"NonSecureConnectionsSupported"` // Indicates the removal of support for the non-TLS WS-MAN ports for the remote interface. Available starting Intel CSME 16.1 firmware on Raptor Lake platforms. If this read-only field exists and its value is True, changing the value of the AcceptNonSecureConnections field is allowed only for the local interface. Note that this class and field can be accessed locally as well as remotely. Invoking the AMT_TLSSettingData.Put() command on the remote instance with AcceptNonSecureConnections set to True will fail with error code AMT_STATUS_NOT_PERMITTED. Setting AMT_TLSSettingData.Enabled to False will also fail for the remote interface.
}
OUTPUT Response Types.
Source Files
Click to show internal directories.
Click to hide internal directories.