feat(ips): adds calls for configuring 802.1x

open-amt-cloud-toolkit · Oct 18, 2022 · 6e7728a · 6e7728a
1 parent d813195
commit 6e7728a
Show file tree

Hide file tree

Showing 12 changed files with 227 additions and 59 deletions.
diff --git a/src/WSMan.ts b/src/WSMan.ts
@@ -29,7 +29,10 @@ export enum WSManErrors {
   MP_SERVER = 'missing mpServer',
   REMOTE_ACCESS_POLICY_RULE = 'missing remoteAccessPolicyRule',
   BOOT_SETTING_DATA = 'missing bootSettingData',
-  ADD_ALARM_DATA = 'missing alarmClockOccurrence'
+  ADD_ALARM_DATA = 'missing alarmClockOccurrence',
+  IEEE8021X_SETTINGS = 'missing ieee8021xSettings',
+  OPT_IN_SERVICE_RESPONSE = 'missing OptInServiceResponse',
+  OPT_IN_CODE = 'missing OptInCode'
 }
 
 export class WSManMessageCreator {

diff --git a/src/amt/messages.ts b/src/amt/messages.ts
@@ -7,7 +7,7 @@ import { Selector, WSManMessageCreator, WSManErrors } from '../WSMan'
 import { EthernetPortSettings, MPServer, RemoteAccessPolicyRule, EnvironmentDetectionSettingData, BootSettingData, RedirectionResponse, TLSSettingData, GenerateKeyPair, AddCertificate, GeneralSettings, TLSCredentialContext, RemoteAccessPolicyAppliesToMPS } from './models'
 import { REQUEST_STATE_CHANGE } from './actions'
 import { Classes, Methods, Actions } from './'
-import { WiFiEndpointSettings } from '../models/cim_models'
+import { WiFiEndpointSettings } from '../cim/models'
 import { AlarmClockOccurrence } from '../ips/models'
 
 type AllActions = Actions

diff --git a/src/amt/models.ts b/src/amt/models.ts
@@ -272,25 +272,13 @@ export interface RedirectionResponse {
   AMT_RedirectionService: RedirectionService
 }
 export interface PublicKeyCertificate{
-  // A user-friendly name for the object . . .
- ElementName:string
-  // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class.
- InstanceID :string
-  // The X.509 Certificate blob.
-   X509Certificate: string // uint8[4100]
-
-  // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true.
-  TrustedRootCertficate:boolean
-
-  // The Issuer field of this certificate.
-  Issuer:string
-
-  // The Subject field of this certificate.
-  Subject:string
-
-  // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted.
-  ReadOnlyCertificate:boolean
-
+  ElementName:string // A user-friendly name for the object . . .
+  InstanceID :string // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class.
+  X509Certificate: string // uint8[4100] // The X.509 Certificate blob.
+  TrustedRootCertficate:boolean // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true.
+  Issuer:string // The Issuer field of this certificate.
+  Subject:string // The Subject field of this certificate.
+  ReadOnlyCertificate:boolean // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted.
 }
 export interface TLSProtocolEndpointCollection extends CIM.Models.Collection {
 

diff --git a/src/cim/messages.test.ts b/src/cim/messages.test.ts
@@ -7,8 +7,12 @@ import { WSManErrors } from '../WSMan'
 import { Classes, Methods, Messages } from '.'
 
 describe('CIM Tests', () => {
-  let messageId = 0
-  const cimClass = new Messages()
+  let messageId: number
+  let cimClass: Messages
+  beforeEach(() => {
+    messageId = 0
+    cimClass = new Messages()
+  })
   const xmlHeader = '<?xml version="1.0" encoding="utf-8"?>'
   const envelope = '<Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope"><Header><a:Action>'
   const enumerationContext = 'AC070000-0000-0000-0000-000000000000'

diff --git a/src/cim/models.ts b/src/cim/models.ts
@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: Apache-2.0
  **********************************************************************/
 
-import { CIM_ManagedElement } from '../models/cim_models'
 import { ReturnValue } from '../models/common'
 
 export interface ManagedElement {
@@ -118,6 +117,7 @@ export interface BIOSElement extends SoftwareElement {
   PrimaryBIOS?: boolean
   ReleaseDate?: Date
 }
+
 export interface Job extends LogicalElement {
   InstanceId?: string
   CommunicationStatus?: number
@@ -145,12 +145,14 @@ export interface Job extends LogicalElement {
   RecoveryAction?: number
   OtherRecoveryAction?: string
 }
+
 export interface ConcreteJob extends Job {
   UntilTime?: Date
   JobState?: number
   TimeOfLastStateChange?: Date
   TimeBeforeRemoval?: Date
 }
+
 export interface EnabledLogicalElement extends LogicalElement {
   EnabledState?: number
   OtherEnabledState?: string
@@ -272,23 +274,24 @@ export interface Role extends Collection {
 
 export interface AuthenticationService extends SecurityService {
 }
+
 export interface CredentialManagementService extends AuthenticationService {
   // InstanceID is an optional property that may be used to opaquely and uniquely identify an instance of this class within the scope of the instantiating Namespace . . .
   InstanceID: string
 }
 
-export interface Credential extends CIM_ManagedElement{
-  // The date and time when the credential was issued
-  Issued: Date
-  // The date and time when the credential expires (and is not appropriate for use for authentication/ authorization)
-  Expires: Date
+export interface Credential extends ManagedElement{
+  Issued?: Date // The date and time when the credential was issued.  Default is current time
+  Expires?: Date // The date and time when the credential expires (and is not appropriate for use for authentication/ authorization).  Default is '99991231235959.999999+999'
 }
+
 export interface CredentialContext {
   // A Credential whose context is defined.
   ElementInContext: Credential
   // The ManagedElement that provides context or scope for the Credential.
-  ElementProvidingContext: CIM_ManagedElement
+  ElementProvidingContext: ManagedElement
 }
+
 export interface ServiceAvailableToElement {
   ServiceProvided: {
     Address: string
@@ -316,6 +319,7 @@ export interface AssociatedPowerManagementService extends ServiceAvailableToElem
     PowerState: string
   } & ServiceAvailableToElement
 }
+
 export interface SoftwareIdentity
   extends LogicalElement {
   CIM_SoftwareIdentity: Array<
@@ -326,6 +330,7 @@ export interface SoftwareIdentity
     } & LogicalElement
   >
 }
+
 export interface Log extends EnabledLogicalElement {
   MaxNumberOfRecords: number
   CurrentNumberOfRecords: number
@@ -363,6 +368,7 @@ export interface KVMRedirectionSAP {
   RequestedState: number
   KVMProtocol: number
 }
+
 export interface KVMRedirectionSAPResponse {
   CIM_KVMRedirectionSAP: KVMRedirectionSAP
 }
@@ -371,7 +377,33 @@ export interface PowerActionResponse {
   RequestPowerStateChange_OUTPUT: ReturnValue
 }
 
+export interface WiFiEndpointSettings extends SettingData {
+  ElementName: string
+  // The user-friendly name for this instance of SettingData . . .
+  InstanceID: string
+  // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class . . .
+  Priority: number
+  // Priority shall indicate the priority of the instance among all WiFiEndpointSettings instances.
+  SSID?: string
+  // SSID shall indicate the Service Set Identifier (SSID) that shall be used when the settings are applied to a WiFiEndpoint . . .
+  BSSType?: number
+  // BSSType shall indicate the Basic Service Set (BSS) Type that shall be used when the settings are applied . . .
+  EncryptionMethod: number
+  // EncryptionMethod shall specify the 802.11 encryption method used when the settings are applied . . .
+  AuthenticationMethod: number
+  // AuthenticationMethod shall specify the 802.11 authentication method used when the settings are applied . . .
+  Keys?: string[4]
+  // Keys shall contain the default WEP encryption keys . . .
+  KeyIndex?: number
+  // KeyIndex shall contain the index of the active key in the Keys array property . . .
+  PSKValue?: number
+  // The actual binary value of a PSK (pre-shared key) . . .
+  PSKPassPhrase?: string
+  // An ASCII string of 8-63 printable characters used to generate a PSK (pre-shared key) . . .
+}
+
 export interface NetworkPortConfigurationService extends Service { }
+
 export interface Policy extends ManagedElement {
   CommonName: string
   PolicyKeywords: string[]
@@ -382,7 +414,27 @@ export interface PolicySet extends Policy {
   PolicyRoles: string[]
   Enabled: number
 }
+
 export interface PolicySetAppliesToElement{
   PolicySet: PolicySet
   ManagedElement: ManagedElement
 }
+
+export interface IEEE8021xSettings extends SettingData {
+  AuthenticationProtocol: 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
+  // ValueMap={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ..}
+  // Values={EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, EAP-FAST/MSCHAPv2, EAP-FAST/GTC, EAP-MD5, EAP-PSK, EAP-SIM, EAP-AKA, EAP-FAST/TLS, DMTF Reserved}
+  // MappingStrings={RFC4017.IETF, RFC2716.IETF, draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF, RFC4187.IETF}
+  RoamingIdentity: string // Max Length 80
+  ServerCertificateName?: string // Max Length 80
+  ServerCertificateNameComparison?: 1 | 2 | 3
+  // ValueMap={1, 2, 3, ..}
+  // Values={Other, FullName, DomainSuffix, DMTF Reserved}
+  // ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateName}
+  Username?: string // Max Length 128
+  Password?: string // Max Length 256
+  Domain?: string // Max Length 256
+  ProtectedAccessCredential?: string // OctetString Write-Only
+  PACPassword?: string // Max Length 256 Write-Only
+  PSK?: string // OctetString Write-Only
+}
diff --git a/src/ips/actions.ts b/src/ips/actions.ts
@@ -15,4 +15,5 @@ export enum Actions {
   START_OPT_IN = 'http://intel.com/wbem/wscim/1/ips-schema/1/IPS_OptInService/StartOptIn',
   CANCEL_OPT_IN = 'http://intel.com/wbem/wscim/1/ips-schema/1/IPS_OptInService/CancelOptIn',
   SEND_OPT_IN_CODE = 'http://intel.com/wbem/wscim/1/ips-schema/1/IPS_OptInService/SendOptInCode',
+  SET_CERTIFICATES = 'http://intel.com/wbem/wscim/1/ips-schema/1/IPS_IEEE8021xSettings/SetCertificates'
 }
diff --git a/src/ips/classes.ts b/src/ips/classes.ts
@@ -6,5 +6,6 @@
 export enum Classes {
   IPS_OPT_IN_SERVICE = 'IPS_OptInService',
   IPS_HOST_BASED_SETUP_SERVICE = 'IPS_HostBasedSetupService',
-  IPS_ALARM_CLOCK_OCCURRENCE = 'IPS_AlarmClockOccurrence'
+  IPS_ALARM_CLOCK_OCCURRENCE = 'IPS_AlarmClockOccurrence',
+  IPS_IEEE8021X_SETTINGS = 'IPS_IEEE8021xSettings'
 }