I have a list of X509 CRL's. I need to identify some of them somehow. Right now I do it using issuer:
for(var crl: List<X509CRL> crls){
String issuer = c.getIssuerX500Principal().getName();
if(issuer.contains("searchString"))
result.add(crl);
}
But there's gotta be a better way to do that using knowledge of CRL file format, maybe with comparing public keys or something like that, but I don't know much about X509CRL's. Can someone help me out?
CodePudding user response:
If you have access to the public key of each certificate, you can utilize the verify(PublicKey key)
method to verify that the CRL was signed using the private key that corresponds to the given public key.
If the key is incorrect, it should throw an InvalidKeyException
, so surround it with a try-catch block, like this:
try {
crl.verify(<public_key>)
} catch(InvalidKeyException e) {
// handle exception
}