feat: adds support for E2E TLS connection between AMT and RPS

[rsdmike]

PR Checklist

• Unit Tests have been added for new changes
• API tests have been updated if applicable
• All commented code has been removed
• If you've added a dependency, you've ensured license is compatible with Apache 2.0 and clearly outlined the added dependency.

What are you changing?

Anything the reviewer should know when reviewing this PR?

requires #2594 and wsman-messages update before being merged.

If the there are associated PRs in other repositories, please link them here (i.e. device-management-toolkit/repo#365 )

[Copilot]

Pull request overview

Adds secure activation support to enable end-to-end TLS connectivity between AMT and RPS, including a port-switch handshake with rpc-go and additional TLS certificate handling needed for that flow.

Changes:

• Introduces port_switch / port_switch_ack messaging and parsing to coordinate switching to TLS (16993).
• Extends activation + TLS state machines to support “secure activation” (generate/store certs, switch port, then continue over TLS tunnel).
• Adjusts WSMAN timeouts for TLS-enforced devices in selected configuration steps.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
src/utils/ClientResponseMsg.ts	Adds port_switch response message type handling.
src/utils/ClientMsgJsonParser.ts	Adds PORT_SWITCH_ACK payload decoding behavior.
src/stateMachines/wiredNetworkConfiguration.ts	Uses longer WSMAN timeout for TLS-enforced devices during 802.1x Put.
src/stateMachines/tls.ts	Secure-activation TLS cert generation/storage and new PUT_TLS_CREDENTIAL_CONTEXT path.
src/stateMachines/networkConfiguration.ts	Minor formatting-only import change.
src/stateMachines/featuresConfiguration.ts	Uses longer WSMAN timeout for TLS-enforced devices for Put operations.
src/stateMachines/error.ts	Adds a new logger instance (currently unused).
src/stateMachines/common.ts	Adds import for CONNECTION_RESET_ERROR (currently unused).
src/stateMachines/activation.ts	Implements secure activation flow (vault cert storage, port switch handshake, secure TLS tunnel init, upgrade continuation).
src/stateMachines/activation.test.ts	Updates test context to include secureCCMComplete.
src/models/RCS.Config.ts	Adds secure-activation flags, TLS cert fields, and new client methods.
src/interfaces/ISecretManagerService.ts	Extends device credentials schema to store TLS certs.
src/Validator.ts	Extracts secure activation flag from client payload.
src/DataProcessor.ts	Adds handler for PORT_SWITCH_ACK.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.