Payment Request Parse

9 years ago · 5f0e15d6ff
25 changed files with 489 additions and 137 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -15,6 +15,7 @@ android {

    packagingOptions {
        exclude 'LICENSE.txt'
+        exclude 'META-INF/LICENSE.txt'
 //        exclude 'app/src/main/jni/breadwallet-core' //for API 19 to work
    }

@ -66,18 +67,21 @@ android {
    }

 }
+
 task buildNative(type: Exec, description: 'Compile JNI source via NDK') {
    android.applicationVariants.all { variant ->
-        def ndkDir = "/Users/Mihail/Library/Android/android-ndk-r10e"
+        Properties properties = new Properties()
+        properties.load(project.rootProject.file('local.properties').newDataInputStream())
+        def ndkDir = properties.getProperty('ndk.dir')
+        println(projectDir)
        commandLine "$ndkDir/ndk-build",
                'NDK_PROJECT_PATH=null',
                'V=1',
                'ndk-build NDK_DEBUG=1',
                'NDK_LOG=1',
-                'APP_BUILD_SCRIPT=src/main/jni/Android.mk',
+                "NDK_APPLICATION_MK=$projectDir/src/main/jni/Application.mk",
                "NDK_OUT=$buildDir/intermediates/ndk/${variant.dirName}/obj",
                "NDK_LIBS_OUT=$buildDir/intermediates/ndk/${variant.dirName}/lib"
-
        copy {
            from "$buildDir/intermediates/ndk/${variant.dirName}/lib"
            into "src/main/jniLibs"
@ -87,10 +91,12 @@ task buildNative(type: Exec, description: 'Compile JNI source via NDK') {

 task cleanNative(type: Exec, description: 'Clean JNI object files') {
    android.applicationVariants.all { variant ->
-        def ndkDir = "/Users/Mihail/Library/Android/android-ndk-r10e"
+        Properties properties = new Properties()
+        properties.load(project.rootProject.file('local.properties').newDataInputStream())
+        def ndkDir = properties.getProperty('ndk.dir')
        commandLine "$ndkDir/ndk-build",
                'NDK_PROJECT_PATH=null',
-                'NDK_APPLICATION_MK=src/main/jni/Application.mk',
+                "NDK_APPLICATION_MK=$projectDir/src/main/jni/Application.mk",
                "NDK_OUT=$buildDir/intermediates/ndk/${variant.dirName}/obj",
                "NDK_LIBS_OUT=$buildDir/intermediates/ndk/${variant.dirName}/lib",
                'clean'
@ -114,6 +120,7 @@ dependencies {
    compile 'com.facebook.rebound:rebound:0.3.8' //spring animation
    compile 'org.json:json:20141113' //JSonParser google
    compile 'com.mcxiaoke.volley:library-aar:1.0.0'
+    compile 'org.apache.httpcomponents:httpclient:4.5.1'

    androidTestCompile 'com.android.support.test:runner:+'
    // Set this dependency to use JUnit 4 rules
--- a/app/src/main/java/com/breadwallet/presenter/activities/IntroActivity.java
+++ b/app/src/main/java/com/breadwallet/presenter/activities/IntroActivity.java
@ -5,7 +5,6 @@ import android.app.Activity;
 import android.app.FragmentTransaction;
 import android.content.Intent;
 import android.os.Bundle;
-import android.os.Handler;
 import android.support.v4.app.FragmentActivity;
 import android.util.Log;
 import android.view.View;
@ -13,7 +12,6 @@ import android.widget.Button;
 import android.widget.ImageView;

 import com.breadwallet.R;
-import com.breadwallet.presenter.BreadWalletApp;
 import com.breadwallet.presenter.entities.BRMerkleBlockEntity;
 import com.breadwallet.presenter.entities.BRTransactionEntity;
 import com.breadwallet.presenter.entities.BRTxInputEntity;
@ -24,10 +22,8 @@ import com.breadwallet.presenter.fragments.IntroRecoverWalletFragment;
 import com.breadwallet.presenter.fragments.IntroWarningFragment;
 import com.breadwallet.presenter.fragments.IntroWelcomeFragment;
 import com.breadwallet.tools.animation.BackgroundMovingAnimator;
-import com.breadwallet.tools.security.KeyStoreManager;
 import com.breadwallet.tools.sqlite.MerkleBlockDataSource;
 import com.breadwallet.tools.sqlite.TransactionDataSource;
-import com.breadwallet.wallet.BRWalletManager;

 import java.util.HashSet;
 import java.util.Iterator;
@ -87,8 +83,14 @@ public class IntroActivity extends FragmentActivity {
        if (savedInstanceState != null) {
            return;
        }
-//        KeyStoreManager.deleteKeyStoreEntry(KeyStoreManager.PHRASE_ALIAS);
-        KeyStoreManager.deleteAllKeyStoreEntries();
+
+    }
+
+    @Override
+    protected void onResume() {
+        super.onResume();
+        //        KeyStoreManager.deleteKeyStoreEntry(KeyStoreManager.PHRASE_ALIAS);
+//        KeyStoreManager.deleteAllKeyStoreEntries();
 //        m.generateRandomSeed(this);
        //testSQLiteConnectivity(this);   //do some SQLite testing
        app = this;
@ -211,25 +213,26 @@ public class IntroActivity extends FragmentActivity {
    }

    private void startTheWalletIfExists() {
-        final BRWalletManager m = BRWalletManager.getInstance();
-        if (!m.isPasscodeEnabled(this)) {
-            //Device passcode/password should be enabled for the app to work
-            ((BreadWalletApp) getApplication()).showDeviceNotSecuredWarning(this);
-        } else {
-            //now check if there is a wallet or should we create/restore one.
-            new Handler().postDelayed(new Runnable() {
-                @Override
-                public void run() {
-                    if (m.noWallet(app)) {
-                        Log.e(TAG, "should create new wallet");
-                        showRecoverNewWalletFragment();
-                    } else {
-                        Log.e(TAG, "should go to the current wallet");
-                        startMainActivity();
-                    }
-                }
-            }, 800);
-        }
+        startMainActivity(); // testing
+//        final BRWalletManager m = BRWalletManager.getInstance();
+//        if (!m.isPasscodeEnabled(this)) {
+//            //Device passcode/password should be enabled for the app to work
+//            ((BreadWalletApp) getApplication()).showDeviceNotSecuredWarning(this);
+//        } else {
+//            //now check if there is a wallet or should we create/restore one.
+//            new Handler().postDelayed(new Runnable() {
+//                @Override
+//                public void run() {
+//                    if (m.noWallet(app)) {
+//                        Log.e(TAG, "should create new wallet");
+//                        showRecoverNewWalletFragment();
+//                    } else {
+//                        Log.e(TAG, "should go to the current wallet");
+//                        startMainActivity();
+//                    }
+//                }
+//            }, 800);
+//        }
    }

    public void testSQLiteConnectivity(Activity context) {
--- a/app/src/main/java/com/breadwallet/presenter/fragments/FragmentDecoder.java
+++ b/app/src/main/java/com/breadwallet/presenter/fragments/FragmentDecoder.java
@ -59,7 +59,7 @@ import java.util.concurrent.TimeUnit;

 import static android.hardware.camera2.CameraCharacteristics.LENS_FACING;
 import static android.hardware.camera2.CameraCharacteristics.SCALER_STREAM_CONFIGURATION_MAP;
-import static android.hardware.camera2.CameraMetadata.CONTROL_AF_MODE_MACRO;
+import static android.hardware.camera2.CameraMetadata.CONTROL_AF_STATE_ACTIVE_SCAN;
 import static android.hardware.camera2.CameraMetadata.LENS_FACING_FRONT;
 import static android.hardware.camera2.CaptureRequest.CONTROL_AF_MODE;

@ -157,6 +157,7 @@ public class FragmentDecoder extends Fragment
                        BinaryBitmap bitmap = new BinaryBitmap(new HybridBinarizer(source));

                        rawResult = mQrReader.decode(bitmap);
+
                        if (rawResult == null) {
                            throw new NullPointerException("no QR code");
                        }
@ -492,7 +493,7 @@ public class FragmentDecoder extends Fragment
                            mCaptureSession = cameraCaptureSession;
                            try {
                                // Auto focus should be continuous for camera preview.
-                                mPreviewRequestBuilder.set(CONTROL_AF_MODE, CONTROL_AF_MODE_MACRO);
+                                mPreviewRequestBuilder.set(CONTROL_AF_MODE, CONTROL_AF_STATE_ACTIVE_SCAN);
                                // Flash is automatically enabled when necessary.
                                /**no need for flash_on now*/
                                //mPreviewRequestBuilder.set(CONTROL_AE_MODE, CONTROL_AE_MODE_ON_AUTO_FLASH);
--- a/app/src/main/java/com/breadwallet/presenter/fragments/FragmentScanResult.java
+++ b/app/src/main/java/com/breadwallet/presenter/fragments/FragmentScanResult.java
@ -19,8 +19,8 @@ import com.breadwallet.R;
 import com.breadwallet.presenter.BreadWalletApp;
 import com.breadwallet.presenter.activities.MainActivity;
 import com.breadwallet.presenter.entities.CurrencyEntity;
-import com.breadwallet.tools.AddressReader;
 import com.breadwallet.tools.CurrencyManager;
+import com.breadwallet.tools.security.RequestHandler;
 import com.breadwallet.tools.adapter.AmountAdapter;
 import com.breadwallet.tools.adapter.CurrencyListAdapter;
 import com.breadwallet.tools.animation.SpringAnimator;
@ -122,11 +122,9 @@ public class FragmentScanResult extends Fragment implements View.OnClickListener
    @Override
    public void onResume() {
        updateRateAndISO();
-        String result = address;
-        //Log.e(TAG, "This is the address: " + address);
-        //Log.e(TAG, "This is the result = address: " + result);
-        String cleanResult = AddressReader.getTheAddress(result);
+        String cleanResult = RequestHandler.getTheAddress(address);
        scanResult.setText("to: " + cleanResult);
+
        super.onResume();
    }

@ -285,12 +283,4 @@ public class FragmentScanResult extends Fragment implements View.OnClickListener
        Log.d(TAG, "ISO: " + ISO + ", rate: " + rate);
    }

-    /**
-     * Saves the y coordinate of the keyboard once it's created successfully the first time
-     */
-    private void saveKeyboardLocationInPrefs() {
-
-
-    }
-
 }
--- a/app/src/main/java/com/breadwallet/tools/security/EasyX509TrustManager.java
+++ b/app/src/main/java/com/breadwallet/tools/security/EasyX509TrustManager.java
@ -0,0 +1,106 @@
+package com.breadwallet.tools.security;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+public class EasyX509TrustManager implements X509TrustManager
+{
+    private X509TrustManager standardTrustManager = null;
+
+    /**
+     * Constructor for EasyX509TrustManager.
+     */
+    public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException
+    {
+        super();
+        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        factory.init(keystore);
+        TrustManager[] trustmanagers = factory.getTrustManagers();
+        if (trustmanagers.length == 0)
+        {
+            throw new NoSuchAlgorithmException("no trust manager found");
+        }
+        this.standardTrustManager = (X509TrustManager) trustmanagers[0];
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
+     */
+    public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException
+    {
+        standardTrustManager.checkClientTrusted(certificates, authType);
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
+     */
+    public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException
+    {
+        // Clean up the certificates chain and build a new one.
+        // Theoretically, we shouldn't have to do this, but various web servers
+        // in practice are mis-configured to have out-of-order certificates or
+        // expired self-issued root certificate.
+        int chainLength = certificates.length;
+        if (certificates.length > 1)
+        {
+            // 1. we clean the received certificates chain.
+            // We start from the end-entity certificate, tracing down by matching
+            // the "issuer" field and "subject" field until we can't continue.
+            // This helps when the certificates are out of order or
+            // some certificates are not related to the site.
+            int currIndex;
+            for (currIndex = 0; currIndex < certificates.length; ++currIndex)
+            {
+                boolean foundNext = false;
+                for (int nextIndex = currIndex + 1;
+                     nextIndex < certificates.length;
+                     ++nextIndex)
+                {
+                    if (certificates[currIndex].getIssuerDN().equals(
+                            certificates[nextIndex].getSubjectDN()))
+                    {
+                        foundNext = true;
+                        // Exchange certificates so that 0 through currIndex + 1 are in proper order
+                        if (nextIndex != currIndex + 1)
+                        {
+                            X509Certificate tempCertificate = certificates[nextIndex];
+                            certificates[nextIndex] = certificates[currIndex + 1];
+                            certificates[currIndex + 1] = tempCertificate;
+                        }
+                        break;
+                    }
+                }
+                if (!foundNext) break;
+            }
+
+            // 2. we exam if the last traced certificate is self issued and it is expired.
+            // If so, we drop it and pass the rest to checkServerTrusted(), hoping we might
+            // have a similar but unexpired trusted root.
+            chainLength = currIndex + 1;
+            X509Certificate lastCertificate = certificates[chainLength - 1];
+            Date now = new Date();
+            if (lastCertificate.getSubjectDN().equals(lastCertificate.getIssuerDN())
+                    && now.after(lastCertificate.getNotAfter()))
+            {
+                --chainLength;
+            }
+        }
+
+        standardTrustManager.checkServerTrusted(certificates, authType);
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
+     */
+    public X509Certificate[] getAcceptedIssuers()
+    {
+        return this.standardTrustManager.getAcceptedIssuers();
+    }
+}
--- a/app/src/main/java/com/breadwallet/tools/security/RequestHandler.java
+++ b/app/src/main/java/com/breadwallet/tools/security/RequestHandler.java
@ -1,21 +1,18 @@
-package com.breadwallet.tools;
+package com.breadwallet.tools.security;

+import android.os.AsyncTask;
 import android.util.Log;

-import com.android.volley.Request;
-import com.android.volley.Response;
-import com.android.volley.VolleyError;
-import com.android.volley.toolbox.StringRequest;
-import com.breadwallet.presenter.activities.MainActivity;
-
-import java.io.BufferedInputStream;
-import java.io.FileInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+import java.net.URL;
 import java.net.URLDecoder;
 import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertPath;
 import java.security.cert.CertPathBuilder;
@ -25,9 +22,7 @@ import java.security.cert.CertPathParameters;
 import java.security.cert.CertPathValidator;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertPathValidatorResult;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.util.ArrayList;

 /**
 * BreadWallet
@ -53,8 +48,8 @@ import java.security.cert.CertificateFactory;
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
-public class AddressReader {
-    public static final String TAG = AddressReader.class.getName();
+public class RequestHandler {
+    public static final String TAG = RequestHandler.class.getName();

    public static String getTheAddress(String address) {

@ -90,59 +85,57 @@ public class AddressReader {

    private static void processRequestURI(String url) {

-        String URL;
-        try {
-            URL = URLDecoder.decode(url, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            e.printStackTrace();
-            return;
-        }
-        Log.e(TAG, "URL = " + URL);
        // Request a string response from the provided URL.
-        StringRequest stringRequest = new StringRequest(Request.Method.GET, URL,
-                new Response.Listener<String>() {
-                    @Override
-                    public void onResponse(String response) {
-//                        String utfResponse = null;
+//        Request stringRequest = new StringRequest(Request.Method.GET, URL,
+//                new Response.Listener<String>() {
+//
+//                    @Override
+//                    public void onResponse(String response) {
+//
+//                        Log.e(TAG, "Data is: " + response.toString());
+//                        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+//                        byte[] certs;
 //                        try {
-//                            utfResponse = URLDecoder.decode(response, "UTF-16");
-//                        } catch (UnsupportedEncodingException e) {
-//                            e.printStackTrace();
+//                            byte[] serializedBytes = response.getBytes();
+//                            certs = getCertificatesFromPaymentRequest(serializedBytes, 0, true);
+//                        } finally {
+//                            try {
+//                                bos.close();
+//                            } catch (IOException ex) {
+//                                 ignore close exception
+//                            }
 //                        }
-
-                        Log.e(TAG, "Response is: " + response.toString());
-                        byte[] certs = getCertificatesFromPaymentRequest(response.getBytes(), 0);
-                        Log.e(TAG, "YAYYAYAYYAYYAY: " + certs.toString());
-
-                        try {
-                            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                            // chain is of type X509Certificate[]
+//
+//                        Log.e(TAG, "YAYYAYAYYAYYAY: " + certs.toString());
+//
+//                        try {
+//                            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+//                             chain is of type X509Certificate[]
 //                            CertPath cp = cf.generateCertPath(Arrays.asList(certs));
-
+//
 //                            CertPathValidator cpv = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
-                            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-
-                            FileInputStream fis = new FileInputStream("/system/etc/security/cacerts.bks");
-                            ks.load(fis, null);
-                            BufferedInputStream bis = new BufferedInputStream(fis);
-
-                            while (bis.available() > 0) {
-                                Certificate cert = cf.generateCertificate(bis);
-                                Log.e(TAG, "CERT: " + cert.toString());
-                            }
-
+//                            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+//
+//                            File fis = new File("/system/etc/security/cacerts");
+//                            printFiles(fis);
+//
+//
+//                            ks.load(fis, null);
+//                            BufferedInputStream bis = new BufferedInputStream(fis);
+//
+//                            while (bis.available() > 0) {
+//                                Certificate cert = cf.generateCertificate(bis);
+//                                Log.e(TAG, "CERT: " + cert.toString());
+//                            }
+//
 //                            PKIXParameters params = new PKIXParameters(ks);
 //                            CertPathValidatorResult cpvr = cpv.validate(cp, params);
-                        } catch (CertificateException e) {
-                            e.printStackTrace();
-                        } catch (NoSuchAlgorithmException e) {
-                            e.printStackTrace();
-                        } catch (KeyStoreException e) {
-                            e.printStackTrace();
-                        } catch (IOException e) {
-                            e.printStackTrace();
-                        }
-                        // Load CAs from an InputStream
+//                        } catch (CertificateException e) {
+//                            e.printStackTrace();
+//                        } catch (KeyStoreException e) {
+//                            e.printStackTrace();
+//                        }
+        // Load CAs from an InputStream
 //                        Certificate ca;
 //                        InputStream caInput = null;
 //                        try {
@ -185,16 +178,27 @@ public class AddressReader {
 //                            }
 //                        }

-                    }
-                },
-                new Response.ErrorListener() {
-                    @Override
-                    public void onErrorResponse(VolleyError error) {
-                        Log.e(TAG, "Response is: That didn't work!", error);
-                    }
-                });
-        // Add the request to the RequestQueue.
-        MainActivity.queue.add(stringRequest);
+//                    }
+//                },
+//                new Response.ErrorListener() {
+//                    @Override
+//                    public void onErrorResponse(VolleyError error) {
+//                        Log.e(TAG, "Response is: That didn't work!", error);
+//                    }
+//                }) {
+//            public String getBodyContentType() {
+//                return "application/bitcoin-paymentrequest";
+//            }
+//        };
+//         Add the request to the RequestQueue.
+//        MainActivity.queue.add(stringRequest);
+        String theURL = null;
+        try {
+            theURL = URLDecoder.decode(url, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        new RequestTask().execute(theURL);
    }

    private static boolean checkTheCleanAddress(String str) {
@ -230,6 +234,22 @@ public class AddressReader {
        return true;
    }

+    ///system/etc/security/cacerts/
+    public static void printFiles(File parentDir) {
+
+        ArrayList<File> inFiles = new ArrayList<>();
+        File[] files = parentDir.listFiles();
+        for (File file : files) {
+            if (file.isDirectory()) {
+                Log.e(TAG, "This one is a directory!");
+            } else {
+                Log.e(TAG, file.toString());
+            }
+        }
+    }
+
+    public static native byte[] getCertificatesFromPaymentRequest(byte[] req, int index);
+
    public CertPathValidatorResult certificateValidation(
            CertPath cp, CertPathParameters params, String algorithm) {
        CertPathValidator cpv = null;
@ -279,5 +299,59 @@ public class AddressReader {
        return null;
    }

-    private static native byte[] getCertificatesFromPaymentRequest(byte[] req, int index);
+    static class RequestTask extends AsyncTask<String, String, String> {
+        HttpURLConnection urlConnection;
+
+        @Override
+        protected String doInBackground(String... uri) {
+            InputStream in = null;
+            try {
+                Log.e(TAG, "the uri: " + uri[0]);
+                URL url = new URL(uri[0]);
+                urlConnection = (HttpURLConnection) url.openConnection();
+                urlConnection.setRequestProperty("Accept", "application/bitcoin-paymentrequest");
+                urlConnection.setUseCaches(false);
+                in = urlConnection.getInputStream();
+                if (in == null)
+                    return null;
+
+                byte[] serializedBytes = getBytes(in);
+                serializedBytes = getCertificatesFromPaymentRequest(serializedBytes, 0);
+                Log.e(TAG, "YAYYAYAYYAYYAY: " + serializedBytes.toString());
+            } catch (IOException e) {
+                e.printStackTrace();
+            } finally {
+                if (urlConnection != null) urlConnection.disconnect();
+            }
+
+            return null;
+        }
+
+        @Override
+        protected void onPostExecute(String result) {
+            super.onPostExecute(result);
+            //Do anything with response..
+        }
+    }
+
+    public static byte[] getBytes(InputStream is) throws IOException {
+
+        int len;
+        int size = 1024;
+        byte[] buf;
+
+        if (is instanceof ByteArrayInputStream) {
+            size = is.available();
+            buf = new byte[size];
+            len = is.read(buf, 0, size);
+        } else {
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            buf = new byte[size];
+            while ((len = is.read(buf, 0, size)) != -1)
+                bos.write(buf, 0, len);
+            buf = bos.toByteArray();
+        }
+        return buf;
+    }
+
 }
--- a/app/src/main/jni/Android.mk
+++ b/app/src/main/jni/Android.mk
@ -6,15 +6,15 @@ LOCAL_SRC_FILES := ./transition/core.c

 LOCAL_MODULE := core

-LOCAL_C_INCLUDES := /Users/Mihail/Library/Android/android-ndk-r10e/platforms/android-21/arch-arm64/usr/include
+LOCAL_LDLIBS := -llog -lm

-LOCAL_SHARED_LIBRARIES := bread stdlib
+LOCAL_SHARED_LIBRARIES := bread

 LOCAL_CFLAGS := -std=c99

 include $(BUILD_SHARED_LIBRARY)

-#static module______________________________
+#second module______________________________

 include $(CLEAR_VARS)

@ -38,11 +38,16 @@ LOCAL_SRC_FILES := \

 LOCAL_C_INCLUDES := \
 $(LOCAL_PATH)/breadwallet-core/secp256k1\
-$(LOCAL_PATH)/breadwallet-core\
+$(LOCAL_PATH)/breadwallet-core

 LOCAL_MODULE := bread

+LOCAL_LDLIBS := -llog -lm
+
+LOCAL_EXPORT_C_INCLUDES := \
+$(LOCAL_PATH)/breadwallet-core\
+$(LOCAL_PATH)/breadwallet-core/secp256k1
+
 LOCAL_CFLAGS := -std=c99

-LOCAL_EXPORT_LDLIBS := -llog
 include $(BUILD_SHARED_LIBRARY)
--- a/app/src/main/jni/Application.mk
+++ b/app/src/main/jni/Application.mk
@ -2,4 +2,4 @@ APP_PLATFORM := android-21
 APP_ABI := all
 NDK_TOOLCHAIN_VERSION := clang
 APP_BUILD_SCRIPT := src/main/jni/Android.mk
-APP_STL := stlport_shared
+APP_STL := stlport_shared
--- a/app/src/main/jni/transition/core.c
+++ b/app/src/main/jni/transition/core.c
@ -1,27 +1,31 @@
 #include <jni.h>
 #include "breadwallet-core/BRPaymentProtocol.h"
+//#include <android/log.h>

 //
 // Created by Mihail Gutan on 9/24/15.
 //

-JNIEXPORT jbyteArray Java_com_breadwallet_tools_AddressReader_getCertificatesFromPaymentRequest
+JNIEXPORT jbyteArray Java_com_breadwallet_tools_security_RequestHandler_getCertificatesFromPaymentRequest
        (JNIEnv *env, jobject obj, jbyteArray payment, jint index) {

-    struct BRPaymentProtocolRequest *nativeRequest;
-    jboolean b;
+    BRPaymentProtocolRequest *nativeRequest;
    int requestLength = (*env)->GetArrayLength(env, payment);
-    unsigned char *buff[requestLength];
-    jbyte *bytePayment = (*env)->GetByteArrayElements(env, payment, &b);
-    (*env)->GetByteArrayRegion(env, payment, 0, requestLength, buff);
+    jbyte* bytePayment = (*env)->GetByteArrayElements(env, payment, 0);
+    nativeRequest = BRPaymentProtocolRequestParse(bytePayment, requestLength);
+    BRPaymentProtocolRequestFree(nativeRequest);
+//    char buff = bytePayment;
+//    nativeRequest = (BRPaymentProtocolRequest*) buff;

-    nativeRequest = (BRPaymentProtocolRequest *) buff;
+//    uint8_t buf1[BRPaymentProtocolRequestCert(nativeRequest, NULL, 0, index)];
+//    BRPaymentProtocolRequestCert(nativeRequest, buf1, sizeof(buf1), index);

-    uint8_t buf1[BRPaymentProtocolRequestCert(nativeRequest, NULL, 0, index)];
-    BRPaymentProtocolRequestCert(nativeRequest, buf1, sizeof(buf1), index);
-
-    jbyteArray result = buf1;
-    (*env)->ReleaseByteArrayElements(env, payment, bytePayment, 0);
+//    jbyteArray result = buf1;
+    jbyte* bytesResult = (jbyte*)nativeRequest;
+    int size = sizeof(nativeRequest);
+    jbyteArray result = (*env)->NewByteArray(env, size);
+    (*env)->SetByteArrayRegion(env,result, 0, size, bytesResult);
+    (*env)->ReleaseByteArrayElements(env, payment, bytePayment, JNI_ABORT);
    return result;

 }
--- a/app/src/main/jni/transition/core.h
+++ b/app/src/main/jni/transition/core.h
@ -17,5 +17,5 @@ JNIEXPORT jbyteArray Java_com_breadwallet_wallet_BRWalletManager_encodePhrase
 JNIEXPORT jbyteArray Java_com_breadwallet_wallet_BRWalletManager_wallet
        (JNIEnv *env, jobject obj);

-jbyteArray Java_com_breadwallet_tools_AddressReader_getCertificatesFromPaymentRequest
+jbyteArray Java_com_breadwallet_tools_security_RequestHandler_getCertificatesFromPaymentRequest
        (JNIEnv *env, jobject obj, jbyteArray payment, jint index);
--- a/app/src/main/jniLibs/arm64-v8a/libbread.so
+++ b/app/src/main/jniLibs/arm64-v8a/libbread.so
--- a/app/src/main/jniLibs/arm64-v8a/libcore.so
+++ b/app/src/main/jniLibs/arm64-v8a/libcore.so
--- a/app/src/main/jniLibs/armeabi-v7a/libbread.so
+++ b/app/src/main/jniLibs/armeabi-v7a/libbread.so
--- a/app/src/main/jniLibs/armeabi-v7a/libcore.so
+++ b/app/src/main/jniLibs/armeabi-v7a/libcore.so
--- a/app/src/main/jniLibs/armeabi/libbread.so
+++ b/app/src/main/jniLibs/armeabi/libbread.so
--- a/app/src/main/jniLibs/armeabi/libcore.so
+++ b/app/src/main/jniLibs/armeabi/libcore.so
--- a/app/src/main/jniLibs/mips/libbread.so
+++ b/app/src/main/jniLibs/mips/libbread.so
--- a/app/src/main/jniLibs/mips/libcore.so
+++ b/app/src/main/jniLibs/mips/libcore.so
--- a/app/src/main/jniLibs/mips64/libbread.so
+++ b/app/src/main/jniLibs/mips64/libbread.so
--- a/app/src/main/jniLibs/mips64/libcore.so
+++ b/app/src/main/jniLibs/mips64/libcore.so
--- a/app/src/main/jniLibs/x86/libbread.so
+++ b/app/src/main/jniLibs/x86/libbread.so
--- a/app/src/main/jniLibs/x86/libcore.so
+++ b/app/src/main/jniLibs/x86/libcore.so
--- a/app/src/main/jniLibs/x86_64/libbread.so
+++ b/app/src/main/jniLibs/x86_64/libbread.so
--- a/app/src/main/jniLibs/x86_64/libcore.so
+++ b/app/src/main/jniLibs/x86_64/libcore.so
--- a/trusted_roots_ICS.txt
+++ b/trusted_roots_ICS.txt
@ -0,0 +1,162 @@
+        Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
+        Issuer: C=CN, O=WoSign CA Limited, CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
+        Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
+        Issuer: C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
+        Issuer: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
+        Issuer: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
+        Issuer: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
+        Issuer: emailAddress=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
+        Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
+        Issuer: C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
+        Issuer: C=FR, O=Certplus, CN=Class 2 Primary CA
+        Issuer: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
+        Issuer: C=TW, O=Government Root Certification Authority
+        Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
+        Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
+        Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
+        Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
+        Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
+        Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1
+        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
+        Issuer: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
+        Issuer: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
+        Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
+        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
+        Issuer: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
+        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
+        Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
+        Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
+        Issuer: O=Cybertrust, Inc, CN=Cybertrust Global Root
+        Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
+        Issuer: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
+        Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
+        Issuer: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
+        Issuer: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
+        Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
+        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Issuer: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
+        Issuer: C=TR, L=Gebze - Kocaeli, O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK, OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
+        Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
+        Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
+        Issuer: C=ES, O=IZENPE S.A., CN=Izenpe.com
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
+        Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I
+        Issuer: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
+        Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
+        Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=Ankara, O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
+        Issuer: C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
+        Issuer: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
+        Issuer: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
+        Issuer: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
+        Issuer: O=TeliaSonera, CN=TeliaSonera Root CA v1
+        Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
+        Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
+        Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
+        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
+        Issuer: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorit\xC3\xA9 Racine
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
+        Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
+        Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
+        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
+        Issuer: O=RSA Security Inc, OU=RSA Security 2048 V3
+        Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=ANKARA, O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
+        Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Networking
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
+        Issuer: C=RO, O=certSIGN, OU=certSIGN ROOT CA
+        Issuer: C=CN, O=CNNIC, CN=CNNIC ROOT
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
+        Issuer: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee
+        Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
+        Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
+        Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
+        Issuer: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
+        Issuer: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
+        Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2
+        Issuer: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
+        Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
+        Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
+        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
+        Issuer: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
+        Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA
+        Issuer: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
+        Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
+        Issuer: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
+        Issuer: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
+        Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
+        Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
+        Issuer: CN=Atos TrustedRoot 2011, O=Atos, C=DE
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
+        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
+        Issuer: C=US, O=SecureTrust Corporation, CN=Secure Global CA
+        Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
+        Issuer: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A-Trust-nQual-03
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
+        Issuer: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
+        Issuer: C=TR, L=Ankara, O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
+        Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
+        Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
+        Issuer: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
+        Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
+        Issuer: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
+        Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
+        Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
+        Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=Ankara, O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007
+        Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
+        Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
+        Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
+        Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
+        Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
+        Issuer: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
+        Issuer: CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
+        Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
+        Issuer: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
+        Issuer: CN=ComSign Secured CA, O=ComSign, C=IL
+        Issuer: C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
+        Issuer: CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., C=TR
+        Issuer: C=JP, O=Japanese Government, OU=ApplicationCA
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
+        Issuer: C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
+        Issuer: C=FR, O=Dhimyotis, CN=Certigna
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware