Iterator<Certificate> userCertIter = userCerts.iterator();
while(userCertIter.hasNext() && retval.size() <= resSize){
X509Certificate nextCert = (X509Certificate) userCertIter.next();
try {
// Check that the certificate is valid
nextCert.checkValidity(new Date());
// and not revoked
CertificateInfo certInfo = certificateStoreSession.getCertificateInfo(pubAdmin, CertTools.getFingerprintAsString(nextCert));
if(certInfo.getRevocationReason() == RevokedCertInfo.NOT_REVOKED){
if(fulfillsKeyUsageAndUseKeyWith(queryKeyBindingType,nextCert)){
retval.add(nextCert);