Certificate discovery not querying for domain cert if user cert is invalid.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Setup a domain with both user certs and a domain cert.
2. Query for a cert that is invalid (CRL revoked or expired)

What is the expected output? What do you see instead?
The resolver should fail validity checks against the user level cert and then 
check for an org level cert.  Instead, the code does not check for validity 
until after it would normally search for a domain cert.  

The issue has been reported by the Mod Spec Phase 3 team and visually validated 
by looking at the code.  The CertificateStore class should be checking validity 
of the user level certs immediately after discovering them, and then check for 
a domain cert if no user level certificates are found or no user level 
certificates are valid.

What version of the product are you using? On what operating system?
Issue occurs in all versions of the Java RI.

Original issue reported on code.google.com by gm2...@cerner.com on 8 Jun 2012 at 6:03

[GoogleCodeExporter]

Resolved and released in agent 1.4.2.  Verified working with the ModSpec web 
based certificate resolver test tool.

Original comment by gm2...@cerner.com on 6 Aug 2012 at 11:51

• Changed state: Verified