Identity Credential: Require passing applicationId when generating attestation.
Since the attestation format includes the applicationId, we need this
to be passed from credstore. Also clarify other requirements about
what needs to be in the attestation data.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I623849bd61e55752a573002dc7a97c6658d94c91
diff --git a/identity/1.0/vts/functional/VtsHalIdentityCredentialTargetTest.cpp b/identity/1.0/vts/functional/VtsHalIdentityCredentialTargetTest.cpp
index 903e912..88b06df 100644
--- a/identity/1.0/vts/functional/VtsHalIdentityCredentialTargetTest.cpp
+++ b/identity/1.0/vts/functional/VtsHalIdentityCredentialTargetTest.cpp
@@ -201,13 +201,18 @@
ASSERT_NE(writableCredential, nullptr);
string challenge = "attestationChallenge";
+ // TODO: set it to something random and check it's in the cert chain
+ vector<uint8_t> attestationApplicationId = {};
vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end());
vector<uint8_t> attestationCertificate;
writableCredential->getAttestationCertificate(
- attestationChallenge,
- [&](const Result& _result, const hidl_vec<uint8_t>& _attestationCertificate) {
+ attestationApplicationId, attestationChallenge,
+ [&](const Result& _result, const hidl_vec<hidl_vec<uint8_t>>& _splitCertChain) {
result = _result;
- attestationCertificate = _attestationCertificate;
+ vector<vector<uint8_t>> splitCerts;
+ std::copy(_splitCertChain.begin(), _splitCertChain.end(),
+ std::back_inserter(splitCerts));
+ attestationCertificate = support::certificateChainJoin(splitCerts);
});
EXPECT_EQ("", result.message);
ASSERT_EQ(ResultCode::OK, result.code);