package ru.CryptoPro.reprov.certpath;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.JCP.tools.Encoder;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.utils.Cache;
import ru.CryptoPro.reprov.utils.GetPropertyAction;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X500Principal;
import ru.CryptoPro.reprov.x509.X509CertificatePair;

/* loaded from: classes5.dex */
public class LDAPCertStore extends CertStoreSpi {
    private static final int a = d();
    private static final int b = e();
    private static final String[] c = new String[0];
    private static final byte[][] d = new byte[0];
    private static final Attributes e = new BasicAttributes();
    private static final int f;
    private static final Cache n;
    private CertificateFactory g;
    private DirContext h;
    private boolean i;
    private final Cache j;
    private int k;
    private int l;
    private int m;

    /* loaded from: classes5.dex */
    class LDAPCRLSelector extends X509CRLSelector {
        private X509CRLSelector a;
        private Collection b;
        private Collection c;
        private HashSet d;

        /* JADX INFO: Access modifiers changed from: package-private */
        public LDAPCRLSelector(X509CRLSelector x509CRLSelector, Collection collection, String str) throws IOException {
            this.a = x509CRLSelector == null ? new X509CRLSelector() : x509CRLSelector;
            this.b = collection;
            HashSet hashSet = new HashSet();
            this.d = hashSet;
            hashSet.add(str);
            HashSet hashSet2 = new HashSet();
            this.c = hashSet2;
            hashSet2.add(new X500Name(str).asX500Principal());
        }

        @Override // java.security.cert.X509CRLSelector
        public X509Certificate getCertificateChecking() {
            return this.a.getCertificateChecking();
        }

        @Override // java.security.cert.X509CRLSelector
        public Date getDateAndTime() {
            return this.a.getDateAndTime();
        }

        @Override // java.security.cert.X509CRLSelector
        public Collection getIssuerNames() {
            return Collections.unmodifiableCollection(this.d);
        }

        @Override // java.security.cert.X509CRLSelector
        public Collection getIssuers() {
            return Collections.unmodifiableCollection(this.c);
        }

        @Override // java.security.cert.X509CRLSelector
        public BigInteger getMaxCRL() {
            return this.a.getMaxCRL();
        }

        @Override // java.security.cert.X509CRLSelector
        public BigInteger getMinCRL() {
            return this.a.getMinCRL();
        }

        @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
        public boolean match(CRL crl) {
            try {
                this.a.setIssuerNames(this.b);
            } catch (IOException unused) {
            }
            try {
                this.a.setIssuerNames(this.c);
            } catch (IOException unused2) {
            }
            return this.a.match(crl);
        }
    }

    /* loaded from: classes5.dex */
    class LDAPCertSelector extends X509CertSelector {
        private X500Principal a;
        private X509CertSelector b;
        private X500Principal c;

        /* JADX INFO: Access modifiers changed from: package-private */
        public LDAPCertSelector(X509CertSelector x509CertSelector, X500Principal x500Principal, String str) throws IOException {
            this.b = x509CertSelector == null ? new X509CertSelector() : x509CertSelector;
            this.a = x500Principal;
            this.c = new X500Name(str).asX500Principal();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public byte[] getAuthorityKeyIdentifier() {
            return this.b.getAuthorityKeyIdentifier();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public int getBasicConstraints() {
            return this.b.getBasicConstraints();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public X509Certificate getCertificate() {
            return this.b.getCertificate();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Date getCertificateValid() {
            return this.b.getCertificateValid();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Set getExtendedKeyUsage() {
            return this.b.getExtendedKeyUsage();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public byte[] getIssuerAsBytes() throws IOException {
            return this.b.getIssuerAsBytes();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public String getIssuerAsString() {
            return this.b.getIssuerAsString();
        }

        public X500Principal getIssuerInternal() {
            return new X500Principal(this.b.getIssuerAsString());
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public boolean[] getKeyUsage() {
            return this.b.getKeyUsage();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public boolean getMatchAllSubjectAltNames() {
            return this.b.getMatchAllSubjectAltNames();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public byte[] getNameConstraints() {
            return this.b.getNameConstraints();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Collection getPathToNames() {
            return this.b.getPathToNames();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Set getPolicy() {
            return this.b.getPolicy();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Date getPrivateKeyValid() {
            return this.b.getPrivateKeyValid();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public BigInteger getSerialNumber() {
            return this.b.getSerialNumber();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public Collection getSubjectAlternativeNames() {
            return this.b.getSubjectAlternativeNames();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public byte[] getSubjectAsBytes() throws IOException {
            return this.c.getEncoded();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public String getSubjectAsString() {
            return this.c.getName();
        }

        public X500Principal getSubjectInternal() {
            return this.c;
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public byte[] getSubjectKeyIdentifier() {
            return this.b.getSubjectKeyIdentifier();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public PublicKey getSubjectPublicKey() {
            return this.b.getSubjectPublicKey();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector
        public String getSubjectPublicKeyAlgID() {
            return this.b.getSubjectPublicKeyAlgID();
        }

        @Override // ru.CryptoPro.reprov.certpath.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            try {
                this.b.setSubject(this.a.getName());
            } catch (IOException unused) {
            }
            boolean match = this.b.match(certificate);
            try {
                this.b.setSubject(this.c.getName());
            } catch (IOException unused2) {
            }
            return match;
        }
    }

    /* loaded from: classes5.dex */
    class LDAPCertStoreParams extends LDAPCertStoreParameters {
        private volatile int a = 0;

        LDAPCertStoreParams() {
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof LDAPCertStoreParameters)) {
                return false;
            }
            LDAPCertStoreParameters lDAPCertStoreParameters = (LDAPCertStoreParameters) obj;
            return getPort() == lDAPCertStoreParameters.getPort() && getServerName().equalsIgnoreCase(lDAPCertStoreParameters.getServerName());
        }

        public int hashCode() {
            if (this.a == 0) {
                this.a = ((629 + getPort()) * 37) + getServerName().toLowerCase().hashCode();
            }
            return this.a;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public class LDAPRequest {
        private final String b;
        private Map c;
        private final List d = new ArrayList(5);

        LDAPRequest(String str) {
            this.b = str;
        }

        private Map a() throws NamingException {
            Attributes attributes;
            Map map = this.c;
            if (map != null) {
                return map;
            }
            this.c = new HashMap(8);
            try {
                attributes = LDAPCertStore.this.h.getAttributes(this.b, (String[]) this.d.toArray(LDAPCertStore.c));
            } catch (NameNotFoundException unused) {
                attributes = LDAPCertStore.e;
            }
            for (String str : this.d) {
                byte[][] a = a(attributes.get(str));
                a(str, a);
                this.c.put(str, a);
            }
            return this.c;
        }

        private void a(String str, byte[][] bArr) {
            LDAPCertStore.this.j.put(this.b + "|" + str, bArr);
        }

        private byte[][] a(Attribute attribute) throws NamingException {
            if (attribute == null) {
                return LDAPCertStore.d;
            }
            byte[][] bArr = new byte[attribute.size()];
            int i = 0;
            NamingEnumeration all = attribute.getAll();
            while (all.hasMore()) {
                Object next = all.next();
                if (next instanceof String) {
                    JCPLogger.finer("LDAPCertStore.getAttrValues() enum.next is a string!: ", next);
                }
                bArr[i] = (byte[]) next;
                i++;
            }
            return bArr;
        }

        void a(String str) {
            if (this.c != null) {
                throw new IllegalStateException("Request already sent");
            }
            this.d.add(str);
        }

        byte[][] b(String str) throws NamingException {
            byte[][] bArr = (byte[][]) LDAPCertStore.this.j.get(this.b + "|" + str);
            if (bArr != null) {
                LDAPCertStore.b(LDAPCertStore.this);
                return bArr;
            }
            LDAPCertStore.c(LDAPCertStore.this);
            return (byte[][]) a().get(str);
        }
    }

    static {
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("ru.CryptoPro.reprov.ldap.cache.lifetime"));
        f = str != null ? Integer.parseInt(str) : 30;
        n = Cache.newSoftMemoryCache(185);
    }

    public LDAPCertStore(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        this.i = false;
        this.k = 0;
        this.l = 0;
        this.m = 0;
        if (!(certStoreParameters instanceof LDAPCertStoreParameters)) {
            throw new InvalidAlgorithmParameterException("parameters must be LDAPCertStoreParameters");
        }
        LDAPCertStoreParameters lDAPCertStoreParameters = (LDAPCertStoreParameters) certStoreParameters;
        a(lDAPCertStoreParameters.getServerName(), lDAPCertStoreParameters.getPort());
        try {
            this.g = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
            int i = f;
            this.j = i == 0 ? Cache.newNullCache() : i < 0 ? Cache.newSoftMemoryCache(750) : Cache.newSoftMemoryCache(750, i);
        } catch (CertificateException unused) {
            throw new InvalidAlgorithmParameterException("unable to create CertificateFactory for X.509");
        }
    }

    private Collection a(LDAPRequest lDAPRequest, String str) throws CertStoreException {
        try {
            byte[][] b2 = lDAPRequest.b(str);
            int length = b2.length;
            if (length == 0) {
                return Collections.EMPTY_SET;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    arrayList.add(X509CertificatePair.generateCertificatePair(b2[i]));
                } catch (CertificateException e2) {
                    JCPLogger.warning("LDAPCertStore.getCertPairs() encountered exception while parsing cert, skipping the bad data: ", (Throwable) e2);
                    JCPLogger.warningFormat("[{0}]", new Encoder().encodeBuffer(b2[i]));
                }
            }
            return arrayList;
        } catch (NamingException e3) {
            throw new CertStoreException((Throwable) e3);
        }
    }

    private Collection a(LDAPRequest lDAPRequest, String str, X509CRLSelector x509CRLSelector) throws CertStoreException {
        try {
            byte[][] b2 = lDAPRequest.b(str);
            int length = b2.length;
            if (length == 0) {
                return Collections.EMPTY_SET;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    CRL generateCRL = this.g.generateCRL(new ByteArrayInputStream(b2[i]));
                    if (x509CRLSelector.match(generateCRL)) {
                        arrayList.add((X509CRL) generateCRL);
                    }
                } catch (CRLException e2) {
                    JCPLogger.warning("LDAPCertStore.getCRLs() encountered exception while parsing CRL, skipping the bad data: ", (Throwable) e2);
                    JCPLogger.warningFormat("[{0}]", new Encoder().encodeBuffer(b2[i]));
                }
            }
            return arrayList;
        } catch (NamingException e3) {
            throw new CertStoreException((Throwable) e3);
        }
    }

    private Collection a(LDAPRequest lDAPRequest, String str, X509CertSelector x509CertSelector) throws CertStoreException {
        try {
            byte[][] b2 = lDAPRequest.b(str);
            int length = b2.length;
            if (length == 0) {
                return Collections.EMPTY_SET;
            }
            ArrayList arrayList = new ArrayList(length);
            for (int i = 0; i < length; i++) {
                try {
                    Certificate generateCertificate = this.g.generateCertificate(new ByteArrayInputStream(b2[i]));
                    if (x509CertSelector.match(generateCertificate)) {
                        arrayList.add((X509Certificate) generateCertificate);
                    }
                } catch (CertificateException e2) {
                    JCPLogger.warning("LDAPCertStore.getCertificates() encountered exception while parsing cert, skipping the bad data: ", (Throwable) e2);
                    JCPLogger.warningFormat("[{0}]", new Encoder().encodeBuffer(b2[i]));
                }
            }
            return arrayList;
        } catch (NamingException e3) {
            throw new CertStoreException((Throwable) e3);
        }
    }

    private Collection a(LDAPRequest lDAPRequest, X509CertSelector x509CertSelector, X509CertSelector x509CertSelector2) throws CertStoreException {
        X509Certificate reverse;
        X509Certificate forward;
        Collection<X509CertificatePair> a2 = a(lDAPRequest, "crossCertificatePair;binary");
        ArrayList arrayList = new ArrayList();
        for (X509CertificatePair x509CertificatePair : a2) {
            if (x509CertSelector != null && (forward = x509CertificatePair.getForward()) != null && x509CertSelector.match(forward)) {
                arrayList.add(forward);
            }
            if (x509CertSelector2 != null && (reverse = x509CertificatePair.getReverse()) != null && x509CertSelector2.match(reverse)) {
                arrayList.add(reverse);
            }
        }
        return arrayList;
    }

    private void a(String str, int i) throws InvalidAlgorithmParameterException {
        String str2 = "ldap://" + str + ":" + i;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str2);
        hashtable.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(a));
        hashtable.put("com.sun.jndi.ldap.read.timeout", String.valueOf(b));
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            this.h = initialDirContext;
            if (initialDirContext.getEnvironment().get("java.naming.referral") == null) {
                this.h.addToEnvironment("java.naming.referral", "follow");
            }
        } catch (NamingException e2) {
            JCPLogger.warning("LDAPCertStore.engineInit about to throw InvalidAlgorithmParameterException", e2);
            InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException("unable to create InitialDirContext using supplied parameters");
            invalidAlgorithmParameterException.initCause(e2);
            throw invalidAlgorithmParameterException;
        }
    }

    static /* synthetic */ int b(LDAPCertStore lDAPCertStore) {
        int i = lDAPCertStore.k;
        lDAPCertStore.k = i + 1;
        return i;
    }

    static /* synthetic */ int c(LDAPCertStore lDAPCertStore) {
        int i = lDAPCertStore.l;
        lDAPCertStore.l = i + 1;
        return i;
    }

    private static int d() {
        Integer valueOf = Integer.valueOf(GetProperty.getIntegerProperty("ru.CryptoPro.ldap.connect.timeout", 15));
        if (valueOf == null || valueOf.intValue() < 0) {
            return 15000;
        }
        return valueOf.intValue() * 1000;
    }

    private static int e() {
        Integer valueOf = Integer.valueOf(GetProperty.getIntegerProperty("ru.CryptoPro.ldap.read.timeout", 10));
        if (valueOf == null || valueOf.intValue() < 0) {
            return 10000;
        }
        return valueOf.intValue() * 1000;
    }

    @Override // java.security.cert.CertStoreSpi
    public synchronized Collection engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        HashSet hashSet;
        Collection<Object> issuerNames;
        String str;
        JCPLogger.finer("LDAPCertStore.engineGetCRLs() selector: ", cRLSelector);
        if (cRLSelector == null) {
            cRLSelector = new X509CRLSelector();
        }
        if (!(cRLSelector instanceof X509CRLSelector)) {
            throw new CertStoreException("need X509CRLSelector to find CRLs");
        }
        X509CRLSelector x509CRLSelector = (X509CRLSelector) cRLSelector;
        hashSet = new HashSet();
        X509Certificate certificateChecking = x509CRLSelector.getCertificateChecking();
        if (certificateChecking != null) {
            issuerNames = new HashSet<>();
            issuerNames.add(certificateChecking.getIssuerX500Principal().getName(X500Principal.RFC2253));
        } else {
            issuerNames = x509CRLSelector.getIssuerNames();
            if (issuerNames == null) {
                throw new CertStoreException("need issuerNames or certChecking to find CRLs");
            }
        }
        for (Object obj : issuerNames) {
            if (obj instanceof byte[]) {
                try {
                    str = new X500Principal((byte[]) obj).getName(X500Principal.RFC2253);
                } catch (IllegalArgumentException unused) {
                }
            } else {
                str = (String) obj;
            }
            Collection collection = Collections.EMPTY_SET;
            if (certificateChecking == null || certificateChecking.getBasicConstraints() != -1) {
                LDAPRequest lDAPRequest = new LDAPRequest(str);
                lDAPRequest.a("crossCertificatePair;binary");
                lDAPRequest.a("cACertificate;binary");
                lDAPRequest.a("authorityRevocationList;binary");
                if (this.i) {
                    lDAPRequest.a("certificateRevocationList;binary");
                }
                try {
                    collection = a(lDAPRequest, "authorityRevocationList;binary", x509CRLSelector);
                    if (collection.isEmpty()) {
                        this.i = true;
                    } else {
                        hashSet.addAll(collection);
                    }
                } catch (CertStoreException e2) {
                    JCPLogger.warning("LDAPCertStore.engineGetCRLs non-fatal error retrieving ARLs:", (Throwable) e2);
                }
            }
            if (collection.isEmpty() || certificateChecking == null) {
                LDAPRequest lDAPRequest2 = new LDAPRequest(str);
                lDAPRequest2.a("certificateRevocationList;binary");
                hashSet.addAll(a(lDAPRequest2, "certificateRevocationList;binary", x509CRLSelector));
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.CertStoreSpi
    public synchronized Collection engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        HashSet hashSet;
        JCPLogger.finer("LDAPCertStore.engineGetCertificates() selector: ", String.valueOf(certSelector));
        if (certSelector == null) {
            certSelector = new X509CertSelector();
        }
        if (!(certSelector instanceof X509CertSelector)) {
            throw new CertStoreException("LDAPCertStore needs an X509CertSelector to find certs");
        }
        X509CertSelector x509CertSelector = (X509CertSelector) certSelector;
        int basicConstraints = x509CertSelector.getBasicConstraints();
        String subjectAsString = x509CertSelector.getSubjectAsString();
        String issuerAsString = x509CertSelector.getIssuerAsString();
        hashSet = new HashSet();
        JCPLogger.finer("LDAPCertStore.engineGetCertificates() basicConstraints: ", Integer.valueOf(basicConstraints));
        if (subjectAsString != null) {
            JCPLogger.finer("LDAPCertStore.engineGetCertificates() subject is not null");
            LDAPRequest lDAPRequest = new LDAPRequest(subjectAsString);
            if (basicConstraints > -2) {
                lDAPRequest.a("crossCertificatePair;binary");
                lDAPRequest.a("cACertificate;binary");
                lDAPRequest.a("authorityRevocationList;binary");
                if (this.i) {
                    lDAPRequest.a("certificateRevocationList;binary");
                }
            }
            if (basicConstraints < 0) {
                lDAPRequest.a("userCertificate;binary");
            }
            if (basicConstraints > -2) {
                hashSet.addAll(a(lDAPRequest, x509CertSelector, (X509CertSelector) null));
                JCPLogger.finer("LDAPCertStore.engineGetCertificates() after getMatchingCrossCerts(subject,xsel,null),certs.size(): ", Integer.valueOf(hashSet.size()));
                hashSet.addAll(a(lDAPRequest, "cACertificate;binary", x509CertSelector));
                JCPLogger.finer("LDAPCertStore.engineGetCertificates() after getCertificates(subject,CA_CERT,xsel),certs.size(): ", Integer.valueOf(hashSet.size()));
            }
            if (basicConstraints < 0) {
                hashSet.addAll(a(lDAPRequest, "userCertificate;binary", x509CertSelector));
                JCPLogger.finer("LDAPCertStore.engineGetCertificates() after getCertificates(subject,USER_CERT, xsel),certs.size(): ", Integer.valueOf(hashSet.size()));
            }
        } else {
            JCPLogger.finer("LDAPCertStore.engineGetCertificates() subject is null");
            if (basicConstraints == -2) {
                throw new CertStoreException("need subject to find EE certs");
            }
            if (issuerAsString == null) {
                throw new CertStoreException("need subject or issuer to find certs");
            }
        }
        JCPLogger.finer("LDAPCertStore.engineGetCertificates() about to getMatchingCrossCerts...");
        if (issuerAsString != null && basicConstraints > -2) {
            LDAPRequest lDAPRequest2 = new LDAPRequest(issuerAsString);
            lDAPRequest2.a("crossCertificatePair;binary");
            lDAPRequest2.a("cACertificate;binary");
            lDAPRequest2.a("authorityRevocationList;binary");
            if (this.i) {
                lDAPRequest2.a("certificateRevocationList;binary");
            }
            hashSet.addAll(a(lDAPRequest2, (X509CertSelector) null, x509CertSelector));
            JCPLogger.finer("LDAPCertStore.engineGetCertificates() after getMatchingCrossCerts(issuer,null,xsel),certs.size(): ", Integer.valueOf(hashSet.size()));
            hashSet.addAll(a(lDAPRequest2, "cACertificate;binary", x509CertSelector));
            JCPLogger.finer("LDAPCertStore.engineGetCertificates() after getCertificates(issuer,CA_CERT,xsel),certs.size(): ", Integer.valueOf(hashSet.size()));
        }
        JCPLogger.finer("LDAPCertStore.engineGetCertificates() returning certs");
        return hashSet;
    }
}
