/**
* Find the issuer certificates of a given certificate.
*
* @param cert The certificate for which an issuer should be found.
* @param pkixParams
* @return A <code>Collection</code> object containing the issuer <code>X509Certificate</code>s.
* Never <code>null</code>.
* @throws AnnotatedException if an error occurs.
*/
protected static Collection findIssuerCerts(
X509Certificate cert, ExtendedPKIXBuilderParameters pkixParams) throws AnnotatedException {
X509CertStoreSelector certSelect = new X509CertStoreSelector();
Set certs = new HashSet();
try {
certSelect.setSubject(cert.getIssuerX500Principal().getEncoded());
} catch (IOException ex) {
throw new AnnotatedException(
"Subject criteria for certificate selector to find issuer certificate could not be set.",
ex);
}
Iterator iter;
try {
List matches = new ArrayList();
matches.addAll(
CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getCertStores()));
matches.addAll(
CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getStores()));
matches.addAll(
CertPathValidatorUtilities.findCertificates(
certSelect, pkixParams.getAdditionalStores()));
iter = matches.iterator();
} catch (AnnotatedException e) {
throw new AnnotatedException("Issuer certificate cannot be searched.", e);
}
X509Certificate issuer = null;
while (iter.hasNext()) {
issuer = (X509Certificate) iter.next();
// issuer cannot be verified because possible DSA inheritance
// parameters are missing
certs.add(issuer);
}
return certs;
}
