所以我正在做一个Android应用程序,并且反对我们公司的OAuth2实施(到目前为止我的职业生涯更糟糕的整合,甚至还没有完成)。我要更换客户端凭证部分 - 我将PFX格式的凭证作为Base 64编码字符串取回。然后我尝试这样做:
CredentialResponse resp = ServerAccessLayer.SSO.Model.CredentialFromJson(json);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream cert = new ByteArrayInputStream(Base64.decode(resp.credential, Base64.DEFAULT));
X509Certificate x509 = (X509Certificate)cf.generateCertificate(cert);
我已经看到这个代码片段链接在SO和博客文章中的几个地方 - 尽管我可以告诉它应该可以工作,但我得到了这个:
java.security.cert.CertificateException:
org.apache.harmony.security.asn1.ASN1Exception:
DER: only definite length encoding MUST be used
我有点超出我的深度,是一个主要的网络/ Javascript UI程序员,已经被学习Android和编写这个应用程序。所以这可能是太多或太少的信息,但这里是Base64编码的字符串我将作为凭证回来:
MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSABIIDKzCCAycwggMjBgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEMAQMwGgQUttWa2nEvTrfVXeWDOCNh8qEpljYCAgQABIICgJwzIJFcp/NpJnxO9vh8cLUR7GsYOdm1CDzPZs+JplogTakQmiqlmwnybAIGaj6qXgDadYbG5k/fIrXW1OLRWWQFMUaYxH6lDDPKLqCsSwnhbxsvmp51EC+V5QwS9Am6zoNdAUE1SDQILuei7QOgmTcYM5uFo8pM+iVT6E4MC8S9EDCFppT75+w5PAhlYOURq2IF3HKAmT+VDa3ucB8P8me4k48HqP/6jEObiSEFA8ecz4Qx9jBSmqpBUVECpJXznThrexD7wUplyiWDcT7AUyaIBt+Nlhi8KZx4suuMaz6+1POqnKt938WPEKLOfzNA1+ApvonMl8K2QjHrHZzEc9DuQHw+gU+daR5xRfjxuYGn06GaC2SOQlbn70wyQ3LAEnCMN968ANHMY3a8EoZuHWUak/cWt/cJVTkI0TqaBGtfHFSyc9cWGLQyq+g3hpr0r8ISKlTGB1oEI7dKiD1Dk4PtGBVWcBJT3odxhZU0a48pqawRffFIf7kLB6I6u3lZVLbJyub7hSgMVRKn5MH0WIBlmun6tV7/P2Cs9lY2YQKnl4VLF7rWmnVIJCx32sOgQQauUOEo7DCyghtes555gbEJ3phaq56ujolC9COsbbKg6sdwB23iIqlUaXHr9yLi69KNV6WIeZmsU8fnMugKHzNSPJ5gS7MwyexChROfoMOuqV/ge2h94Xp1pNOv0ZDO2bQWgosvi/sXbbXBBwbIZk5R+GEmXuRAxQ6vNTi3NeKoA/PGN5FLCNP4rYuNVt6M/D8Up8r+Si2GapGxmTh+ZPHLfKD0aIpH9kKNStlcn6EXNow1Yu1o2EEU2au/C9u+9fu8Wdvo3cFb+ApbCC/BuvUxXjAjBgkqhkiG9w0BCRUxFgQUgRcjM00QWPwbORwmOWeAU9NZM18wNwYJKoZIhvcNAQkUMSoeKABTAGEAZwBlACAASQBkACAATwBBAHUAdABoACAAQwBsAGkAZQBuAHQAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIBADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBSjKTSvGU2SSUmstu0OR+VSgaFkrwICBACggASCBGjmzeEsfvEZ1tIFxM5ycEGrVIjxUftJdVxEZcT7xB1yrqLBlBGu4aQKiYwAQHSt7irJ3HFb3O5dJ1r9ZIdlq/F9eknv4AmuZHm/0DJA75GfBIID6IKf7T+sOgeP6+DUxMmK0X5gCl+gPZksWxIdwCM3X9kP/tDY7N6eQnUs+jgw7AZ9B8dGJ4jevKBRK5ObNGTMt5i7qbVD1fvM/ePALHwCUL1KRMmhcDF/d8Rbzf1VhYjDN66ZYYgOHFzQhv5Wxu6AlSmm0NTFccTNGSx955SH1uD/7hG64uu+1qj/CgUkEBO94Ru1bx9ls5q3xK9/5C4qR166mks0dGfcJNgU0R3zPqUmK8/dp8RHfWrjQY3ZYFN3LSpKtG7acU1eAgmFGvvo9UUUl6KiwlYYOENLNcPccV3fLi04LyWAo9nFBHijz1TK6zLgAQYP675hqsU7CdF+/dggTGhlRaifdKvxlRy+YciZMFJ+34KFHJ09+xLyJqyuD/cBM3A5Sk1n47MtRMotUKpyxVcUv7Ua2ok49sPmXULPRHl8pQBZOYJVSqjaQ/J32xleV9lS25c3B8jAAKnQpRJLBdkCM/DM8jY0qw9zLjBhmDAl2HlJNBqcge8Obk76oTCF+xOzK7b5L2/RTFrnEQr12gllmmAun/x/7+8Exn6etDc+SbgdVVcUK88c+dYmt761y2K4bXAYEJS6HfxFkmiXcFzC4FqZ6jlK7SgpX0ZdOy6v6xwHDjvM9+rfe/4hZuI4RHW88L+/eDmyBVvIYmU1E2SvLaHWFmEOXRHA71noXwyC3vgN3HrpEyxs7HgTUm46AySSktDO7Gc2puFZD7N/HOKrnpTuIqkmNbcNE8zfGtlB7y39VdRZES4fAQ8V1vvWs21Vv7SRXOBiIqXuaK6A3iZv46ARTJD0ooJZybs0PHpT/pHfoBZaBXscWN19AFYYClHNUSWgJ/0af66uK7WZnoqHfy1L/SanN0F2zvZgJ2IEjmOzFXX4zEwltEFu9K51gWgsfp23uJd5gzPUO4ChSd3DQarkpfXfhJsYfInrJE4mTy2hf6YQTrQOJaLvKvKpLGKplCjWIPyEnr2mr/8d6qLXT7OVY9VPtfh8X9LQabVFmNyPwt6R4Ih9zG6D0yZYzIJN7I1+YzSjmAchcs9ONmIDg9Yi3FfCScdZ/gxPYeGUGOLT2bizUkcMmMX6gDc1TTmcSxjIY+fRzfVrXx+l4k5ehfMjokI+Oi04ZvU4pQvoCralP9S08toh+52bFt1xn67PH33riEkpqkjNuWRgXjCsO63qXMJg6IIYkMi/zATsj9wpxd1wOJYtcFQHciKLbP1miBux0RlxnYGWrj/YZ1cK3LY89s725W/qNqJrckZPgvpJ1CRBC5LW6epLUlGBXWadqVtaWm0mU7GbBbFWluo97ziUcrxzHZ0M/qvuKAEWep5C/DsEPdlLODzc2eAB+BdDnktsF0N26uSPgNVsFWcPQqeor9JXquY54D/P4Reim9cr6f1WQ3sAAAAAAAAAAAAAAAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFKc7/KC56/8KHnEF46zNWh+L6HxLBBQ0t41WJfRszNhVGtti7Zi6m8/q9wICBAAAAA==
我几乎没有能力联系实际编写SSO提供商的人(他们在另一个国家,甚至回复最详细的电子邮件,基本上没用的信息和日志条目对我来说毫无意义),所以我很亲切我必须自己解决这个问题。如果有人在这个过程中有任何东西,这个例外,编码证书或我正在使用的代码有问题,请帮忙,我觉得我开始疯狂尝试随机的东西,让他们不工作。
这是使用CertificateFactory在Kotlin制作的功能。输入可以像你提到的那样(不是DER)。
private fun certificateFromString(base64: String): X509Certificate? {
val decoded = Base64.decode(base64, Base64.NO_WRAP)
val inputStream = ByteArrayInputStream(decoded)
return CertificateFactory.getInstance("X.509").generateCertificate(inputStream) as? X509Certificate
}