/**
* Returns a collection of matching certificates from the LDAP location.
*
* <p>The selector must be a of type <code>X509CertStoreSelector</code>. If it is not an empty
* collection is returned.
*
* <p>The implementation searches only for CA certificates, if the method {@link
* java.security.cert.X509CertSelector#getBasicConstraints()} is greater or equal to 0. If it is
* -2 only end certificates are searched.
*
* <p>The subject and the serial number for end certificates should be reasonable criterias for a
* selector.
*
* @param selector The selector to use for finding.
* @return A collection with the matches.
* @throws StoreException if an exception occurs while searching.
*/
public Collection engineGetMatches(Selector selector) throws StoreException {
if (!(selector instanceof X509CertStoreSelector)) {
return Collections.EMPTY_SET;
}
X509CertStoreSelector xselector = (X509CertStoreSelector) selector;
Set set = new HashSet();
// test if only CA certificates should be selected
if (xselector.getBasicConstraints() > 0) {
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
// only end certificates should be selected
else if (xselector.getBasicConstraints() == -2) {
set.addAll(helper.getUserCertificates(xselector));
}
// nothing specified
else {
set.addAll(helper.getUserCertificates(xselector));
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
return set;
}
