private Collection getCertificatesFromCrossCertificatePairs(X509CertStoreSelector xselector)
throws StoreException {
Set set = new HashSet();
X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
ps.setForwardSelector(xselector);
ps.setReverseSelector(new X509CertStoreSelector());
Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
Set forward = new HashSet();
Set reverse = new HashSet();
Iterator it = crossCerts.iterator();
while (it.hasNext()) {
X509CertificatePair pair = (X509CertificatePair) it.next();
if (pair.getForward() != null) {
forward.add(pair.getForward());
}
if (pair.getReverse() != null) {
reverse.add(pair.getReverse());
}
}
set.addAll(forward);
set.addAll(reverse);
return set;
}
/**
* Returns a collection of matching certificates from the LDAP location.
*
* <p>The selector must be a of type <code>X509CertStoreSelector</code>. If it is not an empty
* collection is returned.
*
* <p>The implementation searches only for CA certificates, if the method {@link
* java.security.cert.X509CertSelector#getBasicConstraints()} is greater or equal to 0. If it is
* -2 only end certificates are searched.
*
* <p>The subject and the serial number for end certificates should be reasonable criterias for a
* selector.
*
* @param selector The selector to use for finding.
* @return A collection with the matches.
* @throws StoreException if an exception occurs while searching.
*/
public Collection engineGetMatches(Selector selector) throws StoreException {
if (!(selector instanceof X509CertStoreSelector)) {
return Collections.EMPTY_SET;
}
X509CertStoreSelector xselector = (X509CertStoreSelector) selector;
Set set = new HashSet();
// test if only CA certificates should be selected
if (xselector.getBasicConstraints() > 0) {
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
// only end certificates should be selected
else if (xselector.getBasicConstraints() == -2) {
set.addAll(helper.getUserCertificates(xselector));
}
// nothing specified
else {
set.addAll(helper.getUserCertificates(xselector));
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
return set;
}
