// Copyright (c) 2007-2010, Intel Corporation. All rights reserved. 
   [Version ( "7.0.0" ), 
    Description ( 
       "The IPS_TLSProvisioningRecord provides information "
       "related to a single Intel (R) AMT provisioning occurrence that "
       "was performed using a TLS provisioning method - PSK or PKI" )]
class IPS_TLSProvisioningRecord : IPS_ProvisioningAuditRecord {

      [Description ( 
          "Specifies the TLS provisioning method that was used to "
          "provision Intel(R) AMT" ), 
       ValueMap { "0", "1", "2", ".." }, 
       Values { "Unknown", "TLS-PSK", "TLS-PKI", "Reserved" }]
   uint8 ProvisioningTLSMode;

      [Description ( 
          "True, if the DNS Suffix used to authorize the "
          "provisioning entityWas set via the MEBx, false if value "
          "was read from the DHCP Server\'s option 15 valueValid "
          "only if TLSProvisioningMethod=\"TLS-PKI\"" )]
   boolean SecureDNS;

      [Description ( 
          "True if provisioning was initiated by a host agent. "
          "Valid only if TLSProvisioningMethod=\"TLS-PKI\"" )]
   boolean HostInitiated;

      [Description ( 
          "Specifies the CN value in the SSL certificate used by "
          "the provisioning server. Valid only if "
          "TLSProvisioningMethod=\"TLS-PKI\"" ), 
       MaxLen ( 255 )]
   string ProvServerFQDN;

      [Description ( 
          "The hash algorithm used for SelectedHashData. Valid only "
          "if TLSProvisioningMethod=\"TLS-PKI\"" ), 
       valueMap { "0", "1", "2", "3", ".." }, 
       values { "Unknown", "SHA-1-160", "SHA-2-256", "SHA-2-384", 
          "Reserved" }]
   uint8 SelectedHashType;

      [Description ( 
         "Hash data - The hash of the root certificate used in the "
         "configuration process. Valid only if TLSProvisioningMethod"
         "=\"TLS-PKI\""
           ), 
       OctetString]
   uint8 SelectedHashData[];

      [Description ( 
          "Notice: the values of this array are actually base64 "
          "encoded values. A list of a maximum of three serial "
          "numbers of the issuing CA certificates. If the "
          "certificate chain has more than three certificates, this "
          "field contains the serial numbers of the last three "
          "certificates. This field has a value only if "
          "TLSProvisioningMethod=\"TLS-PKI\"" ), 
       OctetString, MaxLen ( 16 )]
   string CaCertificateSerials[];

      [Description ( "Valid only if TLSProvisioningMethod=\"TLS-PKI\""
           )]
   boolean AdditionalCaSerialNums;

      [Description ( 
          "True if the certificate hash data was set by OEM. Valid "
          "only if TLSProvisioningMethod=\"TLS-PKI\"" )]
   boolean HashIsOemDefault;

      [Description ( 
          "Specifies whether the SSL cert validity period was "
          "successfully verified.The host RTC is used as the "
          "reference clock. Note that Intel(R) AMT will not cause a "
          "Provisioning operation to fail even if the certificate "
          "has expired.Valid only if "
          "TLSProvisioningMethod=\"TLS-PKI\"" )]
   boolean IsTimeValid;

      [Description ( 
          "The IP address of the Provisioning server that issued "
          "the AMT_SetupAndConfigurationService.CommitChanges() "
          "command, both IPv4 & IPv6 addresses are supported." )]
   string ProvServerIP;


};