Documentation ¶
Overview ¶
Package publickey facilitiates communication with Intel® AMT devices to access and configure Public Key Certificates and Public Key Management Service classes for AMT
Certificate: This class represents a X.509 Certificate in the Intel® AMT CertStore. Instances of this class can be created using the AMT_PublicKeyManagementService.AddCertificate and AMT_PublicKeyManagementService.AddTrustedRootCertificate methods. A certificate cannot be deleted while it is being used by any service (TLS/EAC).
Management Service: This service contains the information necessary to represent and manage the functionality provided by the Intel® AMT CertStore.
Index ¶
- Constants
- type AddCertificate_INPUT
- type AddCertificate_OUTPUT
- type AddKey_INPUT
- type AddKey_OUTPUT
- type AddTrustedRootCertificate_INPUT
- type AddTrustedRootCertificate_OUTPUT
- type Body
- type Certificate
- func (certificate Certificate) Delete(instanceID string) (response Response, err error)
- func (certificate Certificate) Enumerate() (response Response, err error)
- func (certificate Certificate) Get(instanceID string) (response Response, err error)
- func (certificate Certificate) Pull(enumerationContext string) (response Response, err error)
- func (certificate Certificate) Put(instanceId string, cert string) (response Response, err error)
- type CreatedCertificateResponse
- type CreatedKeyResponse
- type EnabledDefault
- type EnabledState
- type GenerateKeyPair_INPUT
- type GenerateKeyPair_OUTPUT
- type GeneratePKCS10RequestEx_OUTPUT
- type KeyAlgorithm
- type KeyLength
- type KeyManagementResponse
- type KeyPair
- type KeyPairResponse
- type ManagementService
- func (managementService ManagementService) AddCertificate(certificateBlob string) (response Response, err error)
- func (managementService ManagementService) AddKey(keyBlob string) (response Response, err error)
- func (managementService ManagementService) AddTrustedRootCertificate(certificateBlob string) (response Response, err error)
- func (managementService ManagementService) Delete(instanceID string) (response Response, err error)
- func (managementService ManagementService) Enumerate() (response Response, err error)
- func (managementService ManagementService) GenerateKeyPair(keyAlgorithm KeyAlgorithm, keyLength KeyLength) (response Response, err error)
- func (managementService ManagementService) GeneratePKCS10RequestEx(keyPair, nullSignedCertificateRequest string, ...) (response Response, err error)
- func (managementService ManagementService) Get() (response Response, err error)
- func (managementService ManagementService) Pull(enumerationContext string) (response Response, err error)
- type OperationalStatus
- type PKCS10Request
- type PublicKeyCertificateRequest
- type PublicKeyCertificateResponse
- type PullResponse
- type ReferenceParametersRequest
- type ReferenceParametersResponse
- type RequestedState
- type Response
- type ReturnValue
- type SelectorRequest
- type SelectorResponse
- type SelectorSetRequest
- type SelectorSetResponse
- type SigningAlgorithm
Constants ¶
const ( AMT_PublicKeyCertificate string = "AMT_PublicKeyCertificate" AMT_PublicKeyManagementService string = "AMT_PublicKeyManagementService" GeneratePKCS10RequestEx string = "GeneratePKCS10RequestEx" AddTrustedRootCertificate string = "AddTrustedRootCertificate" AddCertificate string = "AddCertificate" GenerateKeyPair string = "GenerateKeyPair" AddKey string = "AddKey" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddCertificate_INPUT ¶
type AddCertificate_INPUT struct { XMLName xml.Name `xml:"h:AddCertificate_INPUT"` H string `xml:"xmlns:h,attr"` CertificateBlob string `xml:"h:CertificateBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0. }
INPUTS Request Types
type AddCertificate_OUTPUT ¶
type AddCertificate_OUTPUT struct { XMLName xml.Name `xml:"AddCertificate_OUTPUT"` CreatedCertificate CreatedCertificateResponse `xml:"CreatedCertificate,omitempty"` ReturnValue ReturnValue `xml:"ReturnValue,omitempty"` }
OUTPUTS Response Types
type AddKey_INPUT ¶
type AddKey_INPUT struct { XMLName xml.Name `xml:"h:AddKey_INPUT"` H string `xml:"xmlns:h,attr"` KeyBlob string `xml:"h:KeyBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0. }
INPUTS Request Types
type AddKey_OUTPUT ¶
type AddKey_OUTPUT struct { XMLName xml.Name `xml:"AddKey_OUTPUT,omitempty"` CreatedKey CreatedKeyResponse `xml:"CreatedKey,omitempty"` ReturnValue ReturnValue `xml:"ReturnValue,omitempty"` }
OUTPUTS Response Types
type AddTrustedRootCertificate_INPUT ¶
type AddTrustedRootCertificate_INPUT struct { XMLName xml.Name `xml:"h:AddTrustedRootCertificate_INPUT"` H string `xml:"xmlns:h,attr"` CertificateBlob string `xml:"h:CertificateBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0. }
INPUTS Request Types
type AddTrustedRootCertificate_OUTPUT ¶
type AddTrustedRootCertificate_OUTPUT struct { XMLName xml.Name `xml:"AddTrustedRootCertificate_OUTPUT"` CreatedCertificate CreatedCertificateResponse `xml:"CreatedCertificate,omitempty"` ReturnValue ReturnValue `xml:"ReturnValue,omitempty"` }
OUTPUTS Response Types
type Body ¶
type Body struct { XMLName xml.Name `xml:"Body"` AddTrustedRootCertificate_OUTPUT AddTrustedRootCertificate_OUTPUT `xml:"AddTrustedRootCertificate_OUTPUT,omitempty"` AddCertificate_OUTPUT AddCertificate_OUTPUT `xml:"AddCertificate_OUTPUT,omitempty"` AddKey_OUTPUT AddKey_OUTPUT `xml:"AddKey_OUTPUT,omitempty"` GenerateKeyPair_OUTPUT GenerateKeyPair_OUTPUT `xml:"GenerateKeyPair_OUTPUT,omitempty"` GeneratePKCS10RequestEx_OUTPUT GeneratePKCS10RequestEx_OUTPUT `xml:"GeneratePKCS10RequestEx_OUTPUT,omitempty"` KeyManagementGetResponse KeyManagementResponse `xml:"AMT_PublicKeyManagementService,omitempty"` PublicKeyCertificateGetAndPutResponse PublicKeyCertificateResponse `xml:"AMT_PublicKeyCertificate,omitempty"` EnumerateResponse common.EnumerateResponse PullResponse PullResponse }
OUTPUTS Response Types
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
func NewPublicKeyCertificateWithClient ¶
func NewPublicKeyCertificateWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) Certificate
NewPublicKeyCertificateWithClient instantiates a new Certificate
func (Certificate) Delete ¶
func (certificate Certificate) Delete(instanceID string) (response Response, err error)
Delete removes a the specified instance
func (Certificate) Enumerate ¶
func (certificate Certificate) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call
func (Certificate) Get ¶
func (certificate Certificate) Get(instanceID string) (response Response, err error)
Get retrieves the representation of the instance
type CreatedCertificateResponse ¶
type CreatedCertificateResponse struct { XMLName xml.Name `xml:"CreatedCertificate,omitempty"` Address string `xml:"Address,omitempty"` ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"` }
OUTPUTS Response Types
type CreatedKeyResponse ¶
type CreatedKeyResponse struct { XMLName xml.Name `xml:"CreatedKey,omitempty"` Address string `xml:"Address,omitempty"` ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"` }
OUTPUTS Response Types
type EnabledDefault ¶
type EnabledDefault int
EnabledDefault is an integer enumeration that indicates an administrator's default or startup configuration for the Enabled State of an element.
const ( EnabledDefaultEnabled EnabledDefault = 2 EnabledDefaultDisabled EnabledDefault = 3 EnabledDefaultNotApplicable EnabledDefault = 5 EnabledDefaultEnabledButOffline EnabledDefault = 6 EnabledDefaultNoDefault EnabledDefault = 7 EnabledDefaultQuiesce EnabledDefault = 9 )
func (EnabledDefault) String ¶ added in v2.2.4
func (e EnabledDefault) String() string
String returns the string representation of the EnabledDefault value
type EnabledState ¶
type EnabledState int
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.
const ( EnabledStateUnknown EnabledState = iota EnabledStateOther EnabledStateEnabled EnabledStateDisabled EnabledStateShuttingDown EnabledStateNotApplicable EnabledStateEnabledButOffline EnabledStateInTest EnabledStateDeferred EnabledStateQuiesce EnabledStateStarting )
func (EnabledState) String ¶ added in v2.2.4
func (e EnabledState) String() string
String returns the string representation of the EnabledState value
type GenerateKeyPair_INPUT ¶
type GenerateKeyPair_INPUT struct { XMLName xml.Name `xml:"h:GenerateKeyPair_INPUT"` H string `xml:"xmlns:h,attr"` KeyAlgorithm KeyAlgorithm `xml:"h:KeyAlgorithm"` // The algorithm of the generated key. KeyLength KeyLength `xml:"h:KeyLength"` // The length of the generatd key in bits. }
INPUTS Request Types
type GenerateKeyPair_OUTPUT ¶
type GenerateKeyPair_OUTPUT struct { XMLName xml.Name `xml:"GenerateKeyPair_OUTPUT,omitempty"` KeyPair KeyPairResponse `xml:"KeyPair,omitempty"` ReturnValue ReturnValue `xml:"ReturnValue,omitempty"` }
OUTPUTS Response Types
type GeneratePKCS10RequestEx_OUTPUT ¶ added in v2.1.7
type GeneratePKCS10RequestEx_OUTPUT struct { XMLName xml.Name `xml:"GeneratePKCS10RequestEx_OUTPUT,omitempty"` SignedCertificateRequest string `xml:"SignedCertificateRequest,omitempty"` ReturnValue ReturnValue `xml:"ReturnValue,omitempty"` }
OUTPUTS Response Types
type KeyAlgorithm ¶
type KeyAlgorithm int
The algorithm of the generated key.
Required ¶
ValueMap={0, ..}
Values={RSA, Reserved}
const (
RSA KeyAlgorithm = 0
)
type KeyLength ¶
type KeyLength int
The length of the generatd key in bits
const (
KeyLength2048 KeyLength = 2048
)
type KeyManagementResponse ¶
type KeyManagementResponse struct { XMLName xml.Name `xml:"AMT_PublicKeyManagementService,omitempty"` CreationClassName string `xml:"CreationClassName,omitempty"` // CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. ElementName string `xml:"ElementName,omitempty"` // A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class. EnabledDefault EnabledDefault `xml:"EnabledDefault"` // An enumerated value indicating an administrator's default or startup configuration for the Enabled State of an element. By default, the element is "Enabled" (value=2). EnabledState EnabledState `xml:"EnabledState"` // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. Name string `xml:"Name,omitempty"` // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object. OperationalStatus []OperationalStatus `xml:"OperationalStatus,omitempty"` // Indicates the current statuses of the element. RequestedState RequestedState `xml:"RequestedState"` // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. SystemCreationClassName string `xml:"SystemCreationClassName,omitempty"` // The CreationClassName of the scoping System. SystemName string `xml:"SystemName,omitempty"` // The Name of the scoping System. }
OUTPUTS Response Types
type KeyPair ¶ added in v2.1.7
type KeyPair struct { XMLName xml.Name `xml:"h:KeyPair,omitempty"` Address string `xml:"a:Address,omitempty"` ReferenceParameters ReferenceParametersRequest `xml:"a:ReferenceParameters,omitempty"` }
INPUTS Request Types
type KeyPairResponse ¶
type KeyPairResponse struct { XMLName xml.Name `xml:"KeyPair,omitempty"` Address string `xml:"Address,omitempty"` ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"` }
OUTPUTS Response Types
type ManagementService ¶
type ManagementService struct {
// contains filtered or unexported fields
}
func NewPublicKeyManagementServiceWithClient ¶
func NewPublicKeyManagementServiceWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) ManagementService
NewPublicKeyManagementServiceWithClient instantiates a new ManagementService
func (ManagementService) AddCertificate ¶
func (managementService ManagementService) AddCertificate(certificateBlob string) (response Response, err error)
This function adds new certificate to the Intel® AMT CertStore. A certificate cannot be removed if it is referenced (for example, used by TLS, 802.1X or EAC).
func (ManagementService) AddKey ¶
func (managementService ManagementService) AddKey(keyBlob string) (response Response, err error)
This function adds new certificate key to the Intel® AMT CertStore. A key cannot be removed if its corresponding certificate is referenced (for example, used by TLS, 802.1X or EAC). After the method succeeds, a new instance of AMT_PublicPrivateKeyPair will be created. Possible return values are: PT_STATUS_SUCCESS(0), PT_STATUS_INTERNAL_ERROR(1), PT_STATUS_MAX_LIMIT_REACHED(23), PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED(38), PT_STATUS_DUPLICATE(2068), PT_STATUS_INVALID_KEY(2062).
func (ManagementService) AddTrustedRootCertificate ¶
func (managementService ManagementService) AddTrustedRootCertificate(certificateBlob string) (response Response, err error)
This function adds new root certificate to the Intel® AMT CertStore. A certificate cannot be removed if it is referenced (for example, used by TLS, 802.1X or EAC).
func (ManagementService) Delete ¶
func (managementService ManagementService) Delete(instanceID string) (response Response, err error)
Delete removes a the specified instance
func (ManagementService) Enumerate ¶
func (managementService ManagementService) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call
func (ManagementService) GenerateKeyPair ¶
func (managementService ManagementService) GenerateKeyPair(keyAlgorithm KeyAlgorithm, keyLength KeyLength) (response Response, err error)
This API is used to generate a key in the FW
func (ManagementService) GeneratePKCS10RequestEx ¶
func (managementService ManagementService) GeneratePKCS10RequestEx(keyPair, nullSignedCertificateRequest string, signingAlgorithm SigningAlgorithm) (response Response, err error)
This API is used to create a PKCS#10 certificate signing request based on a key from the key store.
func (ManagementService) Get ¶
func (managementService ManagementService) Get() (response Response, err error)
Get retrieves the representation of the instance
type OperationalStatus ¶
type OperationalStatus int
OperationalStatus is an integer enumeration that indicates the current statuses of the element.
const ( OperationalStatusUnknown OperationalStatus = iota OperationalStatusOther OperationalStatusOK OperationalStatusDegraded OperationalStatusStressed OperationalStatusPredictiveFailure OperationalStatusError OperationalStatusNonRecoverableError OperationalStatusStarting OperationalStatusStopping OperationalStatusStopped OperationalStatusInService OperationalStatusNoContact OperationalStatusLostCommunication OperationalStatusAborted OperationalStatusDormant OperationalStatusSupportingEntityInError OperationalStatusCompleted OperationalStatusPowerMode OperationalStatusRelocating )
func (OperationalStatus) String ¶ added in v2.2.4
func (o OperationalStatus) String() string
String returns the string representation of the OperationalStatus value
type PKCS10Request ¶
type PKCS10Request struct { XMLName xml.Name `xml:"h:GeneratePKCS10RequestEx_INPUT"` H string `xml:"xmlns:h,attr"` KeyPair KeyPair `xml:"h:KeyPair"` SigningAlgorithm SigningAlgorithm `xml:"h:SigningAlgorithm"` // The signing algorithm that the FW should use for signing the certificate request NullSignedCertificateRequest string `xml:"h:NullSignedCertificateRequest"` // A binary representation of the null-signed PKCS#10 request.the request must include a valid PKCS10RequestInfo, that will be signed by AMT FW. The Public Key specified in the request must match the public key of the referenced KeyPair parameter. }
INPUTS Request Types
type PublicKeyCertificateRequest ¶
type PublicKeyCertificateRequest struct { XMLName xml.Name `xml:"h:AMT_PublicKeyCertificate"` H string `xml:"xmlns:h,attr"` ElementName string `xml:"h:ElementName"` // A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class. InstanceID string `xml:"h:InstanceID"` // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. X509Certificate string `xml:"h:X509Certificate"` // uint8[4100] // The X.509 Certificate blob. TrustedRootCertificate bool `xml:"h:TrustedRootCertificate"` // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true. Issuer string `xml:"h:Issuer"` // The Issuer field of this certificate. Subject string `xml:"h:Subject"` // The Subject field of this certificate. ReadOnlyCertificate bool `xml:"h:ReadOnlyCertificate"` // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted. }
INPUTS Request Types
type PublicKeyCertificateResponse ¶
type PublicKeyCertificateResponse struct { XMLName xml.Name `xml:"AMT_PublicKeyCertificate,omitempty"` ElementName string `xml:"ElementName,omitempty"` // A user-friendly name for the object . . . InstanceID string `xml:"InstanceID,omitempty"` // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. X509Certificate string `xml:"X509Certificate,omitempty"` // uint8[4100] // The X.509 Certificate blob. TrustedRootCertificate bool `xml:"TrustedRootCertficate"` // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true. FYI Certificate is spelled wrong comimg from AMT. Issuer string `xml:"Issuer,omitempty"` // The Issuer field of this certificate. Subject string `xml:"Subject,omitempty"` // The Subject field of this certificate. ReadOnlyCertificate bool `xml:"ReadOnlyCertificate"` // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted. }
OUTPUTS Response Types
type PullResponse ¶
type PullResponse struct { XMLName xml.Name `xml:"PullResponse,omitempty"` KeyManagementItems []KeyManagementResponse `xml:"Items>AMT_PublicKeyManagementService,omitempty"` PublicKeyCertificateItems []PublicKeyCertificateResponse `xml:"Items>AMT_PublicKeyCertificate,omitempty"` }
OUTPUTS Response Types
type ReferenceParametersRequest ¶ added in v2.1.7
type ReferenceParametersRequest struct { XMLName xml.Name `xml:"a:ReferenceParameters,omitempty"` ResourceURI string `xml:"w:ResourceURI"` SelectorSet SelectorSetRequest `xml:"w:SelectorSet,omitempty"` }
INPUTS Request Types
type ReferenceParametersResponse ¶
type ReferenceParametersResponse struct { XMLName xml.Name `xml:"ReferenceParameters,omitempty"` ResourceURI string `xml:"ResourceURI,omitempty"` SelectorSet SelectorSetResponse `xml:"SelectorSet,omitempty"` }
OUTPUTS Response Types
type RequestedState ¶
type RequestedState int
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.
const ( RequestedStateUnknown RequestedState = 0 RequestedStateEnabled RequestedState = 2 RequestedStateDisabled RequestedState = 3 RequestedStateShutDown RequestedState = 4 RequestedStateNoChange RequestedState = 5 RequestedStateOffline RequestedState = 6 RequestedStateTest RequestedState = 7 RequestedStateDeferred RequestedState = 8 RequestedStateQuiesce RequestedState = 9 RequestedStateReboot RequestedState = 10 RequestedStateReset RequestedState = 11 RequestedStateNotApplicable RequestedState = 12 )
func (RequestedState) String ¶ added in v2.2.4
func (r RequestedState) String() string
String returns the string representation of the RequestedState value
type Response ¶
type Response struct { *client.Message XMLName xml.Name `xml:"Envelope"` Header message.Header `xml:"Header"` Body Body `xml:"Body"` }
OUTPUTS Response Types
type ReturnValue ¶ added in v2.2.4
type ReturnValue int
ReturnValue is an integer enumeration that indicates the return status of the method.
const ( ReturnValueSuccess ReturnValue = 0 ReturnValueInternalError ReturnValue = 1 ReturnValueNotPermitted ReturnValue = 16 ReturnValueMaxLimitReached ReturnValue = 23 ReturnValueInvalidParameter ReturnValue = 36 ReturnValueFlashWriteLimitExceeded ReturnValue = 38 ReturnValueDuplicate ReturnValue = 2058 ReturnValueInvalidKeyLength ReturnValue = 2062 ReturnValueInvalidCert ReturnValue = 2063 ReturnValueUnsupported ReturnValue = 2066 ReturnValueOperationInProgress ReturnValue = 2082 )
func (ReturnValue) String ¶ added in v2.2.4
func (p ReturnValue) String() string
String returns the string representation of the ReturnValue value
type SelectorRequest ¶ added in v2.1.7
type SelectorRequest struct { XMLName xml.Name `xml:"w:Selector,omitempty"` Name string `xml:"Name,attr"` Text string `xml:",chardata"` }
INPUTS Request Types
type SelectorResponse ¶
type SelectorResponse struct { XMLName xml.Name `xml:"Selector,omitempty"` Name string `xml:"Name,attr"` Text string `xml:",chardata"` }
OUTPUTS Response Types
type SelectorSetRequest ¶ added in v2.1.7
type SelectorSetRequest struct { XMLName xml.Name `xml:"w:SelectorSet,omitempty"` Selectors []SelectorRequest `xml:"w:Selector"` }
INPUTS Request Types
type SelectorSetResponse ¶
type SelectorSetResponse struct { XMLName xml.Name `xml:"SelectorSet,omitempty"` Selectors []SelectorResponse `xml:"Selector,omitempty"` }
OUTPUTS Response Types
type SigningAlgorithm ¶
type SigningAlgorithm int
The signing algorithm that the FW should use for signing the certificate request
Required ¶
ValueMap={0, 1, ..}
Values={SHA1-RSA, SHA256-RSA, Reserved} Note: SHA1 is no longer available starting from Intel CSME 18.0.
const ( SHA1RSA SigningAlgorithm = iota SHA256RSA )