This is kind of related to my previous How does one inspect a digital certificate?, but my question now focuses more on how to go about checking the CRL (Certificate Revocation List) via the CRLDP (Certificate Revocation List Distribution Point).
I've found that i can get the URI for the CRL using the getCRLDistributionPointsExtension() method, but I don't know what to do with that URI. Again, I need to examine the list programmatically. I tried just browsing to the URI that I was given thinking that would just show me perhaps some XML or an on-screen listing of the revoked serial numbers, but instead my browser imported the list. I need to get at that list programmatically.
Can someone help me to understand how to do that?
Okay, so I think I partially figured this out. If I just do a cfhttp to the address of the .crl URI I get a java.io.ByteArrayOutputStream object in cfhttp.FileContent. It looks like this might be the CRL in the DER encoded format. I've got a toString() function and a toByteArray() function amongst other things.
So, now I'm wondering if all I need to do is figure out how to decode DER encoded content.
Anyone know how to do that??