/**
   * Return a Collection of all certificates or attribute certificates found in the X509Store's that
   * are matching the certSelect criteriums.
   *
   * @param certSelect a {@link Selector} object that will be used to select the certificates
   * @param certStores a List containing only {@link X509Store} objects. These are used to search
   *     for certificates.
   * @return a Collection of all found {@link X509Certificate} or {@link
   *     org.bouncycastle.x509.X509AttributeCertificate} objects. May be empty but never <code>null
   *     </code>.
   */
  protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores)
      throws AnnotatedException {
    Set certs = new HashSet();
    Iterator iter = certStores.iterator();

    while (iter.hasNext()) {
      Object obj = iter.next();

      if (obj instanceof X509Store) {
        X509Store certStore = (X509Store) obj;
        try {
          certs.addAll(certStore.getMatches(certSelect));
        } catch (StoreException e) {
          throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
        }
      } else {
        CertStore certStore = (CertStore) obj;

        try {
          certs.addAll(certStore.getCertificates(certSelect));
        } catch (CertStoreException e) {
          throw new AnnotatedException(
              "Problem while picking certificates from certificate store.", e);
        }
      }
    }
    return certs;
  }
 protected static void addAdditionalStoreFromLocation(
     String location, ExtendedPKIXParameters pkixParams) {
   if (pkixParams.isAdditionalLocationsEnabled()) {
     try {
       if (location.startsWith("ldap://")) {
         // ldap://directory.d-trust.net/CN=D-TRUST
         // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
         // skip "ldap://"
         location = location.substring(7);
         // after first / baseDN starts
         String base = null;
         String url = null;
         if (location.indexOf("/") != -1) {
           base = location.substring(location.indexOf("/"));
           // URL
           url = "ldap://" + location.substring(0, location.indexOf("/"));
         } else {
           url = "ldap://" + location;
         }
         // use all purpose parameters
         X509LDAPCertStoreParameters params =
             new X509LDAPCertStoreParameters.Builder(url, base).build();
         pkixParams.addAdditionalStore(
             X509Store.getInstance(
                 "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
         pkixParams.addAdditionalStore(
             X509Store.getInstance("CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
         pkixParams.addAdditionalStore(
             X509Store.getInstance(
                 "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
         pkixParams.addAdditionalStore(
             X509Store.getInstance(
                 "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
       }
     } catch (Exception e) {
       // cannot happen
       throw new RuntimeException("Exception adding X.509 stores.");
     }
   }
 }