尝试在 Android 中获取 X.509 证书

我正在使用 Keystore 在 Android 中制作，所以我需要创建一个 3072 位长度的 RSA 公钥和私钥（这个长度对我来说是强制性的，Android 文档说它完全有效）。

因此，我创建这些 RSA 密钥的第一选择（记住我需要 3072 位长）是使用这个在线工具 https://www.lddgo.net/en/encrypt/rsakey 我能够在其中创建这两个密钥键 ->

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlUObIaPCEJL0+DF1+eTu
yDvEpsi+xQGvjnxkoslTIF+jI4QCAPeGJ0usAn2vinw9XyEsFB5vgvZc+aJf60b7
uMRhQUlpEV8LWSe/HTdP4afAShJHO6pNqUuId7cHKhm4CKEkiNUfUVpvHL87nbpP
n2tGUgMaLO8QviBRQxVAxUpv+WZIx9PPMMjA27SB5t338mXaoCNYlMOReud/qR+m
o1mEwyS5BHg+sl/MVVwzl0JKO9wH8Kqz5ICDwswmlCsrxRD4IgPxAZgz5SBz0mUL
uIvpvNqSZFeCKKGbuo6cQ2CswuBZInarXb1Yoe92XGbqH9Z9mT7T2oyJjXDI54Hy
sI6lDJfVg5iMV/WpkzQj0aBRgT6EtQTrBGkHbpJ76PN2qryfUXisIirNoACIw2mN
KDKUqAHkTbuT+YjIwS0LoZlL2LkGdglyiUn9Tu8EUWTqhTZgRNY+bE3+qSIsESFA
iib4RE1mYRN75FpJc7xttL20I4VYHEynnwjReVmHRY9zAgMBAAE=
-----END PUBLIC KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCVQ5sho8IQkvT4
MXX55O7IO8SmyL7FAa+OfGSiyVMgX6MjhAIA94YnS6wCfa+KfD1fISwUHm+C9lz5
ol/rRvu4xGFBSWkRXwtZJ78dN0/hp8BKEkc7qk2pS4h3twcqGbgIoSSI1R9RWm8c
vzuduk+fa0ZSAxos7xC+IFFDFUDFSm/5ZkjH088wyMDbtIHm3ffyZdqgI1iUw5F6
53+pH6ajWYTDJLkEeD6yX8xVXDOXQko73AfwqrPkgIPCzCaUKyvFEPgiA/EBmDPl
IHPSZQu4i+m82pJkV4IooZu6jpxDYKzC4FkidqtdvVih73ZcZuof1n2ZPtPajImN
cMjngfKwjqUMl9WDmIxX9amTNCPRoFGBPoS1BOsEaQduknvo83aqvJ9ReKwiKs2g
AIjDaY0oMpSoAeRNu5P5iMjBLQuhmUvYuQZ2CXKJSf1O7wRRZOqFNmBE1j5sTf6p
IiwRIUCKJvhETWZhE3vkWklzvG20vbQjhVgcTKefCNF5WYdFj3MCAwEAAQKCAYA6
HAnG/OPOZAfuoALX+KJlXa9fZwOt2swn4pGjNlGgZtsyNnA5RCP8JF+g0KGIfnm+
EUIByx+KkrL7lJVXGVliQ0HBkvzOgHwAh5LFowT8Srx3mcoVlmWJpRhJ0v19DGoz
IdkBVEdO+rALNv/UlfXtkGvd/csw9xlDi31Xamy+4g3ZwFJRSUp+KYm7fvibkoq2
2aRVd61CrShz+rAefW34Zh9jgWZuMQnnk5gPG0gSeQJBb5W/whUqvkWNjsDuKifU
P/A2Jz8CjyAvtu8UOz0OVELR1HzdgwZyGhaxfRfBD8p9LqfJvYX+3ka8DfzigD+0
Z70PvjI3SlRsRkVXWFZsCIqDP9p8aJihC9Ymb5qizj3yRlhGxM/ixOpi19Pl/B71
GK5vIBIGqaIZJUqDz/yZD1mmP3C9U8B63euaExmxpTyBnSe7hU0P8t+FG3BQYrAp
cEDMpS3Gox14vdzbx8OqzqcGTzjc2+YK7/vJVxwNCiPcjCKlDZk49JvTRu4XIREC
gcEA4p25EzCKF6A5FZ9AIYjTItWngZzju7aBHUsArnLfy9E8fU+6K2BAn0+0iPxb
SJ1T4cm1xR1r0eBMIqb8/+o9aYnzrUmoK5NwnNTlTml2WSFf+ulmm9AxrjZPiVmQ
v2wUhAA52rR2n7/oYb+I03Q8NxpGTHFzooVx0TcGWTM+wlazHlcvrJndvmmfsiZu
YpCHMPDfUUgk1MIl5QoIOBEh7EQLXT/CRHnfyJW+MJ+gr68cVcRPx/SDP9N++Cha
deu/AoHBAKieRCd0NelI9t5xlN2bfZ79bSJ28ptisfellUCGza7uTT6Mx0GvX5o+
d2yQNEHKaFd1+rRpTu9INOwtDcUPT+7pqBVLB3lXUGlZPpOt3sCMlO2yYqhbIF30
x1mH6qRxCfZ/WyGTQMescrXsCaixn+qnYS9YQvKQ9eHwXhbWEAKcDjv7HteX1KJr
0chrqMcql5Vds9+buLVWYtTMDGSGdnIySzCOyH49jTCjOY3vVY6TuzIcd8B8M1EK
2g+pxDgZTQKBwACh/h1OmmQcf2xPCIfPcP985z3WaVBh3xRs3DCgg313NRsIePWc
DDIlr9ReGAco4U4VGRvWzDFG1g+WtcglKEy+JN8MAJs2iy707Tr90mXHURRLSI0Q
1MKuxiQVCvFt5NTFh2PT8yzZBVYYidJFVdG1khKukmsWwk2aQLtJCFjUkyV3ituJ
hnP8qYR+1PoTez0ovwbkE65AaIiuMX2ulpCpU/rLrcgxKu3NdT1/hJxY+dRHew2M
4jzwYz9gJXiE0wKBwD1gNnCiBUmgDHQVpdkwUv5/Qq1L3K0gtKTu+a/eIZouFaHR
/mlzW3o6iJ/UsaDM+0PypsnqlxfUEadyEtQK6c6N8GenwtWxKYzfNj7tB+rQgRkw
WGbtnI92nOWC6q7mknjODK7g+bB0neCIRU/JL+tq954TI3NFvqp6ItVvH67DfQ7q
LmTNWFGyq06nmWy9nSV6URHwjcA77IeGqnAg3ZZdpi7LmkERSIZOs5Ftb5gRQA9S
e2huDQPPzmXrJohA9QKBwQDQSOpZhyu/6Ipv69esZujgfHdwXZ63t9fvQPyQwAgM
j33AusuKg3RSFLzGEie8vWiuJC0lQFK6iPU/XN5LZ2+e7Iw+RnHfpfnWUDqANU0+
DKHx3ylO3tFbfM+d9p6LuXzaUkIhAYuuUb4iSf9Gsd39xRqEsfJD6x52y0yw+2CH
NsuPF6MDXM8D8baRvOV4OAGGMr1Yyh+yESh0nka8tLuwCojOM+oHbwIcmp30k9Aa
anvHvJtg2tRFyGUukZG0chE=
-----END RSA PRIVATE KEY-----

之后，我执行我的代码，在测试的第一部分中，我尝试将这些 RSA 密钥导入到 Android 的密钥库中。为此，我需要创建或获取 X.509 证书，所以我尝试了

// this method import the private key, this is the first part of my test

 fun importPrivateKey() {
        val keyProtection = KeyProtection.Builder(
            listOf(KeyProperties.PURPOSE_ENCRYPT,
                KeyProperties.PURPOSE_DECRYPT,
                KeyProperties.PURPOSE_WRAP_KEY).sum()).run {

                setBlockModes(*listOf(BlockMode.ECB.value).toTypedArray())
                setEncryptionPaddings(*listOf(EncryptionPadding.RSA_PKCS1.value, EncryptionPadding.RSA_OAEP.value).toTypedArray())
                setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                setDigests(KeyProperties.DIGEST_SHA256)
                setKeyValidityStart(DateTime.now().toDate())
                setKeyValidityEnd(DateTime.now().plusYears(1).toDate())
                build()
        }
        // this method is the one that import the key to the keystore, but the issue is 
        // on getCertificate method.
        KeystoreWrapperUtil.importKey(privateKey3072, PRIVATE_KEY_ALIAS, getCertificate(publicKey3072), keyProtection)
    }

...

// this method get the X.509 certificate

    private fun getCertificate(certificateString : String) : Certificate {
        val certificateFactory = CertificateFactory.getInstance("X.509")
        val decoded = Base64.decode(certificateString, Base64.DEFAULT)
        val inputStream = ByteArrayInputStream(decoded)
        // here´s where i´m getting the exception
        return certificateFactory.generateCertificate(inputStream)
    }


// these are the keys ( same as above )
    private val publicKey3072 = "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmIGJKHqxEMVEb2xD4nhV\n" +
            "0Ps4lPVzvVGOO1OGOhabuZ2cDFeocpWhRUNWkswUNs0LBOG6tPRtEkiEkYerKxyk\n" +
            "i8j1vfzWMIsNeJm4Ol14D/PXXLe0r+K466DPWrrz0oZcbOhaoiP/Z8qgVCfS3hp1\n" +
            "nUgTn53qiI/VFUiIgA76HOeLI/TSnRVU3CYwz17eu3M99aTeuqkTD9Nm3JK4cVTi\n" +
            "KotaTt2D18mRvGh9UEluncJ3lGjfbOwhkEb0FXqxW339HhDyBTx1XZLJCPYbicDg\n" +
            "iucGw4lnEEoQQSjmrey7XtVZgFddNOuWpGnfLWnNi0iMo9s3d+s5qrnNk82TiEVb\n" +
            "5SaX0tKM/0Z/EHgKUz9T3O5di3Vo0wwIsbdR7DkpQvw5IOjRXE9KTW2nRyGpxFXX\n" +
            "TGv5RTJHSi2fodV3h47hNuDmh084Hm0mZrw02hsskCbpYAaUM0nw1TKx/57nbAZ2\n" +
            "LdPzeL8VZvEG647AOhGoworoj7bi24AqMX1sWArPWdszAgMBAAE="

    private val privateKey3072 = "MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCVQ5sho8IQkvT4\n" +
            "MXX55O7IO8SmyL7FAa+OfGSiyVMgX6MjhAIA94YnS6wCfa+KfD1fISwUHm+C9lz5\n" +
            "ol/rRvu4xGFBSWkRXwtZJ78dN0/hp8BKEkc7qk2pS4h3twcqGbgIoSSI1R9RWm8c\n" +
            "vzuduk+fa0ZSAxos7xC+IFFDFUDFSm/5ZkjH088wyMDbtIHm3ffyZdqgI1iUw5F6\n" +
            "53+pH6ajWYTDJLkEeD6yX8xVXDOXQko73AfwqrPkgIPCzCaUKyvFEPgiA/EBmDPl\n" +
            "IHPSZQu4i+m82pJkV4IooZu6jpxDYKzC4FkidqtdvVih73ZcZuof1n2ZPtPajImN\n" +
            "cMjngfKwjqUMl9WDmIxX9amTNCPRoFGBPoS1BOsEaQduknvo83aqvJ9ReKwiKs2g\n" +
            "AIjDaY0oMpSoAeRNu5P5iMjBLQuhmUvYuQZ2CXKJSf1O7wRRZOqFNmBE1j5sTf6p\n" +
            "IiwRIUCKJvhETWZhE3vkWklzvG20vbQjhVgcTKefCNF5WYdFj3MCAwEAAQKCAYA6\n" +
            "HAnG/OPOZAfuoALX+KJlXa9fZwOt2swn4pGjNlGgZtsyNnA5RCP8JF+g0KGIfnm+\n" +
            "EUIByx+KkrL7lJVXGVliQ0HBkvzOgHwAh5LFowT8Srx3mcoVlmWJpRhJ0v19DGoz"

但是，不幸的是，当我运行代码时，我遇到了这个异常 ->

java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
at com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:311)

它发生在这个特定的行 ->

return certificateFactory.generateCertificate(inputStream)

我尝试使用另一个 RSA 公钥（2048 位）进行同样的操作，它似乎有效。
我错误地获取了 3072 位 RSA 公钥？我做错了什么？

提前致谢。