Merge changes from topic "revert-1956689-add rkp to...

     * @return an IWritableIdentityCredential interface that provides operations to

     *     provision a credential.

     */

    IWritableIdentityCredential createCredential(

            in @utf8InCpp String docType, in boolean testCredential);

    IWritableIdentityCredential createCredential(in @utf8InCpp String docType,

                                                 in boolean testCredential);

    /**

     * getCredential retrieves an IIdentityCredential interface which allows use of a stored

     * Credential.

     *

     * The cipher suite used to communicate with the remote verifier must also be specified.

     * Currently only a single cipher-suite is supported. Support for other cipher suites may be

     * added in a future version of this HAL.

     * The cipher suite used to communicate with the remote verifier must also be specified. Currently

     * only a single cipher-suite is supported. Support for other cipher suites may be added in a

     * future version of this HAL.

     *

     * This method fails with STATUS_INVALID_DATA if the passed in credentialData cannot be

     * decoded or decrypted.

     *

     * @return the X.509 certificate chain for the credentialKey

     */

    Certificate[] getAttestationCertificate(

            in byte[] attestationApplicationId, in byte[] attestationChallenge);

    Certificate[] getAttestationCertificate(in byte[] attestationApplicationId, in byte[] attestationChallenge);

    /**

     * Start the personalization process.

     *     in the secure environment. If this requirement is not met the call fails with

     *     STATUS_INVALID_DATA.

     *

     * @return a structure with the passed-in data and MAC created with storageKey for

     *     authenticating the data at a later point in time.

     * @return a structure with the passed-in data and MAC created with storageKey for authenticating

     *     the data at a later point in time.

     */

    SecureAccessControlProfile addAccessControlProfile(in int id, in Certificate readerCertificate,

        in boolean userAuthenticationRequired, in long timeoutMillis, in long secureUserId);

     * chunk sizes must equal the value of the beginAddEntry() entrySize argument. If this

     * requirement is not met the call fails with STATUS_INVALID_DATA.

     *

     * @param content is the entry value, encoded as CBOR. In the case the content exceeds

     *     gcmChunkSize, this may be partial content up to gcmChunkSize bytes long.

     * @param content is the entry value, encoded as CBOR. In the case the content exceeds gcmChunkSize,

     *     this may be partial content up to gcmChunkSize bytes long.

     *

     * @return the encrypted and MACed content.  For directly-available credentials the contents are

     *     implementation-defined. For other credentials, the result contains

     *          }

     */

    @SuppressWarnings(value={"out-array"})

    void finishAddingEntries(out byte[] credentialData, out byte[] proofOfProvisioningSignature);

    void finishAddingEntries(out byte[] credentialData,

        out byte[] proofOfProvisioningSignature);

    /**

     * Sets the expected size of the ProofOfProvisioning returned by finishAddingEntries(). This

     * @param expectedProofOfProvisioningSize the expected size of ProofOfProvisioning.

     */

    void setExpectedProofOfProvisioningSize(in int expectedProofOfProvisioningSize);

}