A DESCRIPTION OF THE REQUEST :
Attempting to parse the largest DoD CRL (From Email CA 11, downloadable from https://email-ca-11.c3pki.chamb.disa.mil/getInfo?template=toDisplayCRL, choose the option to "Download the latest CRL in binary form") results in an OutOfMemory exception under normal program execution.  Adding heap space using the VM option -Xmx<max heap size> allows the CRL to be parsed.

The CRL contains 834,474 serial numbers and using a profiler shows roughly 835,000 instances of the following objects:
LinkedHashMapEntry totaling 26MB
byte[] totaling 69MB
int[] totaling 13MB
BigInteger totaling 33MB
Date totaling 20MB
sun.security.x509.SerialNumber totaling 13MB
sun.security.x509.X509CRLImpl$X509IssuerSerial totaling 20MB
sun.security.x509.X509CRLEntryImpl totaling 26MB

The generateCRL method of CertificateFactory allocated 221MB in 6,675,868 allocations.

JUSTIFICATION :
This seems like way too much overhead to load up just one CRL to check for a few serial numbers for revocation.  It would be nice to populate a CertStore object with all DoD CRLs and let the CertPath API automatically do revocation checking but this needs an extremely large amount of memory and takes a very long time to load all the CRLs.


---------- BEGIN SOURCE ----------
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;

public class CrlTest {
  public static void main(String[] args) throws FileNotFoundException,
      CRLException, CertificateException {
    String crlFileName = "C:/usr/tra/crls/DODEMAILCA_11.crl";
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509CRL crl = (X509CRL) cf.generateCRL(new FileInputStream(crlFileName));
  }
}
---------- END SOURCE ----------