// Copyright (c) 2007-2011, Intel Corporation. All rights reserved. 
   [Version ( "11.0.0" ), 
    Description ( 
       "This service contains the information necessary to represent "
       "and manage the functionality provided by the Intel(R) AMT "
       "CertStore." )]
class AMT_PublicKeyManagementService : CIM_CredentialManagementService {


      [Description ( 
          "This call adds a Certificate revocation list to be used "
          "by the Intel(R) AMT device." ), 
       ValueMap { "0", "1", "23", "36", "38" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_MAX_LIMIT_REACHED", 
          "PT_STATUS_INVALID_PARAMETER", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED" }]
   uint32 AddCRL(
         [IN, Description ( 
             "The issuer URL of the revoked certificates." )]
      string Url, 
         [IN, Description ( 
             "Notice: the values of this array are actually "
             "base64 encoded values. A list of serial numbers "
             "removed by the CA which is specified in the Url "
             "variable." ), 
          EOBase64]
      string SerialNumbers[], 
         [OUT, Description ( 
             "Reference to the new AMT_CRL instance." )]
      AMT_CRL REF CRL);

      [Description ( 
          "Remove the usage of CRL during the authentication process" ), 
       ValueMap { "0", "1", "38" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED" }]
   uint32 ResetCRLList(
);

      [Description ( 
          "This function adds new certificate to the Intel(R) AMT "
          "CertStore. A certificate cannot be removed if it is "
          "referenced (for example, used by TLS, 802.1X or EAC)." ), 
       ValueMap { "0", "1", "23", "38", "2058", "2063" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_MAX_LIMIT_REACHED", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", 
          "PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_CERT" }]
   uint32 AddCertificate(
         [Required, IN, OctetString]
      uint8 CertificateBlob[], 
         [Description ( 
          "Certificate encoded in X.509 format" ),
          OUT]
      AMT_PublicKeyCertificate REF CreatedCertificate);

      [Description ( 
          "This function adds new root certificate to the Intel(R) "
          "AMT CertStore. A certificate cannot be removed if it is "
          "referenced (for example, used by TLS, 802.1X or EAC)." ), 
       ValueMap { "0", "1", "16", "23", "38", "2058", "2063" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_NOT_PERMITTED", "PT_STATUS_MAX_LIMIT_REACHED", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", 
          "PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_CERT" }]
   uint32 AddTrustedRootCertificate(
         [Required, IN, OctetString]
      uint8 CertificateBlob[], 
         [Description ( 
          "Certificate encoded in X.509 format" ),
          OUT]
      AMT_PublicKeyCertificate REF CreatedCertificate);

      [Description ( 
          "This function adds new certificate key to the Intel(R) "
          "AMT CertStore. A key cannot be removed if its "
          "corresponding certificate is referenced (for example, "
          "used by TLS, 802.1X or EAC)." ), 
       ValueMap { "0", "1", "23", "38", "2058", "2062" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_MAX_LIMIT_REACHED", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", 
          "PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_KEY" }]
   uint32 AddKey(
         [Description ( 
          "RSA Key encoded as DES PKCS#1"),
           Required, IN, OctetString]
      uint8 KeyBlob[], 
         [OUT]
      AMT_PublicPrivateKeyPair REF CreatedKey);


      [Description ( 
          "This API is used to create a PKCS#10 certificate "
          "signing request based on a key from the key "
          "store."	), 
       ValueMap { "0", "1", "36", "2066" }, 
       Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_INVALID_PARAMETER", "PT_STATUS_UNSUPPORTED" }]
   uint32 GeneratePKCS10RequestEx(
         [Required, IN, Description ( "An EPR to a key pair." )]
      AMT_PublicPrivateKeyPair REF KeyPair, 
	    [Required, IN, Description (
               "The signing algorithm that the FW should use "
               "for signing the certificate request"),
		ValueMap {"0", "1", "2",".."},
           Values {"SHA1", "SHA256", "SHA384", "Reserved"}]
      uint32 SigningAlgorithm,
         [Required, IN, Description ( 
             "A binary representation of the null-signed PKCS#10 request." 
	     "the request must include a valid PKCS10RequestInfo, "
             "that will be signed by AMT FW.  The Public Key specified in the "
             "request must match the public key of the referenced KeyPair parameter. "), 
          OctetString]
      uint8 NullSignedCertificateRequest[],


         [OUT, Description ( 
             "A binary representation of the PKCS#10 request, signed by FW." ), 
          OctetString]
      uint8 SignedCertificateRequest[]);



      [Description ( 
          "This API is used to generate a key in the FW"), 
       ValueMap { "0", "1", "23", "36", "38", "2066", "2082" }, 
       Values { "PT_STATUS_SUCCESS", 			   
          "PT_STATUS_INTERNAL_ERROR", 
          "PT_STATUS_MAX_LIMIT_REACHED",
          "PT_STATUS_INVALID_PARAMETER", 
          "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", 
          "PT_STATUS_UNSUPPORTED",
          "PT_STATUS_OPERATION_IN_PROGRESS"}]
   uint32 GenerateKeyPair(
         [Required, IN, Description ( 
             "The algorithm of the generated key." ),
			 ValueMap {"0", "1", ".."},
             Values {"RSA", "ECC", "Reserved"}]
      uint32 KeyAlgorithm,
         [Required, IN, Description ( 
             "The length of the generatd key in bits." )]
      uint32 KeyLength,
         [OUT, Description ( "An EPR to a key pair." )]
      AMT_PublicPrivateKeyPair REF KeyPair);


};