/** * Returns a collection of matching certificates from the LDAP location. * * <p>The selector must be a of type <code>X509CertStoreSelector</code>. If it is not an empty * collection is returned. * * <p>The implementation searches only for CA certificates, if the method {@link * java.security.cert.X509CertSelector#getBasicConstraints()} is greater or equal to 0. If it is * -2 only end certificates are searched. * * <p>The subject and the serial number for end certificates should be reasonable criterias for a * selector. * * @param selector The selector to use for finding. * @return A collection with the matches. * @throws StoreException if an exception occurs while searching. */ public Collection engineGetMatches(Selector selector) throws StoreException { if (!(selector instanceof X509CertStoreSelector)) { return Collections.EMPTY_SET; } X509CertStoreSelector xselector = (X509CertStoreSelector) selector; Set set = new HashSet(); // test if only CA certificates should be selected if (xselector.getBasicConstraints() > 0) { set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } // only end certificates should be selected else if (xselector.getBasicConstraints() == -2) { set.addAll(helper.getUserCertificates(xselector)); } // nothing specified else { set.addAll(helper.getUserCertificates(xselector)); set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } return set; }