getAuthKeyChainsNeedingCertification
Gets a collection of dynamic authentication keys that need certification.
When there aren't enough certified dynamic authentication keys (either because the key count has been increased, one or more keys have reached their usage count, or keys have expired), this method will generate replacement keys and certificates and return them for issuer certification. The issuer certificates and associated static authentication data must then be provided back to the IdentityCredential using storeStaticAuthenticationData.
Each X.509 certificate chain is signed by ultimately signed by Keystore Root and the keystore extensions can be found on the leaf certificate.
Return
A collection of X.509 certificates chains for dynamic authentication keys that need issuer certification.
Parameters
a byte array whose contents should be unique, fresh and provided by the issuing authority. The value provided is embedded in the keystore attestation extension and enables the issuing authority to verify that the returned attestation is for this transaction. If Optional.empty() is provided the challenge value will not be set.