Identity Credential: Require passing applicationId when generating attestation.

Since the attestation format includes the applicationId, we need this
to be passed from credstore. Also clarify other requirements about
what needs to be in the attestation data.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I623849bd61e55752a573002dc7a97c6658d94c91
diff --git a/identity/1.0/default/WritableIdentityCredential.cpp b/identity/1.0/default/WritableIdentityCredential.cpp
index 548b4c0..4c39f85 100644
--- a/identity/1.0/default/WritableIdentityCredential.cpp
+++ b/identity/1.0/default/WritableIdentityCredential.cpp
@@ -108,7 +108,12 @@
     return true;
 }
 
+// TODO: use |attestationApplicationId| and |attestationChallenge| and also
+//       ensure the returned certificate chain satisfy the requirements listed in
+//       the docs for IWritableIdentityCredential::getAttestationCertificate()
+//
 Return<void> WritableIdentityCredential::getAttestationCertificate(
+        const hidl_vec<uint8_t>& /* attestationApplicationId */,
         const hidl_vec<uint8_t>& /* attestationChallenge */,
         getAttestationCertificate_cb _hidl_cb) {
     // For now, we dynamically generate an attestion key on each and every
@@ -181,7 +186,16 @@
     certificateChain.insert(certificateChain.end(), attestationKeyCertificate.value().begin(),
                             attestationKeyCertificate.value().end());
 
-    _hidl_cb(support::resultOK(), certificateChain);
+    optional<vector<vector<uint8_t>>> splitCertChain =
+            support::certificateChainSplit(certificateChain);
+    if (!splitCertChain) {
+        _hidl_cb(support::result(ResultCode::FAILED, "Error splitting certificate chain"), {});
+        return Void();
+    }
+    hidl_vec<hidl_vec<uint8_t>> ret;
+    ret.resize(splitCertChain.value().size());
+    std::copy(splitCertChain.value().begin(), splitCertChain.value().end(), ret.begin());
+    _hidl_cb(support::resultOK(), ret);
     return Void();
 }
 
diff --git a/identity/1.0/default/WritableIdentityCredential.h b/identity/1.0/default/WritableIdentityCredential.h
index 9f4e303..b1deb16 100644
--- a/identity/1.0/default/WritableIdentityCredential.h
+++ b/identity/1.0/default/WritableIdentityCredential.h
@@ -51,7 +51,8 @@
 
     // Methods from ::android::hardware::identity::IWritableIdentityCredential
     // follow.
-    Return<void> getAttestationCertificate(const hidl_vec<uint8_t>& attestationChallenge,
+    Return<void> getAttestationCertificate(const hidl_vec<uint8_t>& attestationApplicationId,
+                                           const hidl_vec<uint8_t>& attestationChallenge,
                                            getAttestationCertificate_cb _hidl_cb) override;
 
     Return<void> startPersonalization(uint16_t accessControlProfileCount,