因此,我正在开发一个 Android 应用程序,并且对我们公司的 OAuth2 实施进行了猛烈抨击(到目前为止,我的职业生涯的整合更糟糕,甚至还没有完成)。我负责交换客户端凭据部分——我将 PFX 格式的凭据作为 Base 64 编码字符串取回。然后我尝试这样做:
CredentialResponse resp = ServerAccessLayer.SSO.Model.CredentialFromJson(json);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream cert = new ByteArrayInputStream(Base64.decode(resp.credential, Base64.DEFAULT));
X509Certificate x509 = (X509Certificate)cf.generateCertificate(cert);
我已经在 SO 和博客文章中的几个地方看到了这个代码片段——据我所知,它应该可以工作,但我得到了这个:
java.security.cert.CertificateException:
org.apache.harmony.security.asn1.ASN1Exception:
DER: only definite length encoding MUST be used
作为一个主要是 web/Javascript UI 程序员,我有点不知所措,一直沉迷于学习 Android 和编写这个应用程序。所以这可能是太多或太少的信息,但这是我作为凭证返回的 Base64 编码字符串:
MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSABIIDKzCCAycwggMjBgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEMAQMwGgQUttWa2nEvTrfVXeWDOCNh8qEpljYCAgQABIICgJwzIJFcp/NpJnxO9vh8cLUR7GsYOdm1CDzPZs+JplogTakQmiqlmwnybAIGaj6qXgDadYbG5k/fIrXW1OLRWWQFMUaYxH6lDDPKLqCsSwnhbxsvmp51EC+V5QwS9Am6zoNdAUE1SDQILuei7QOgmTcYM5uFo8pM+iVT6E4MC8S9EDCFppT75+w5PAhlYOURq2IF3HKAmT+VDa3ucB8P8me4k48HqP/6jEObiSEFA8ecz4Qx9jBSmqpBUVECpJXznThrexD7wUplyiWDcT7AUyaIBt+Nlhi8KZx4suuMaz6+1POqnKt938WPEKLOfzNA1+ApvonMl8K2QjHrHZzEc9DuQHw+gU+daR5xRfjxuYGn06GaC2SOQlbn70wyQ3LAEnCMN968ANHMY3a8EoZuHWUak/cWt/cJVTkI0TqaBGtfHFSyc9cWGLQyq+g3hpr0r8ISKlTGB1oEI7dKiD1Dk4PtGBVWcBJT3odxhZU0a48pqawRffFIf7kLB6I6u3lZVLbJyub7hSgMVRKn5MH0WIBlmun6tV7/P2Cs9lY2YQKnl4VLF7rWmnVIJCx32sOgQQauUOEo7DCyghtes555gbEJ3phaq56ujolC9COsbbKg6sdwB23iIqlUaXHr9yLi69KNV6WIeZmsU8fnMugKHzNSPJ5gS7MwyexChROfoMOuqV/ge2h94Xp1pNOv0ZDO2bQWgosvi/sXbbXBBwbIZk5R+GEmXuRAxQ6vNTi3NeKoA/PGN5FLCNP4rYuNVt6M/D8Up8r+Si2GapGxmTh+ZPHLfKD0aIpH9kKNStlcn6EXNow1Yu1o2EEU2au/C9u+9fu8Wdvo3cFb+ApbCC/BuvUxXjAjBgkqhkiG9w0BCRUxFgQUgRcjM00QWPwbORwmOWeAU9NZM18wNwYJKoZIhvcNAQkUMSoeKABTAGEAZwBlACAASQBkACAATwBBAHUAdABoACAAQwBsAGkAZQBuAHQAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIBADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBSjKTSvGU2SSUmstu0OR+VSgaFkrwICBACggASCBGjmzeEsfvEZ1tIFxM5ycEGrVIjxUftJdVxEZcT7xB1yrqLBlBGu4aQKiYwAQHSt7irJ3HFb3O5dJ1r9ZIdlq/F9eknv4AmuZHm/0DJA75GfBIID6IKf7T+sOgeP6+DUxMmK0X5gCl+gPZksWxIdwCM3X9kP/tDY7N6eQnUs+jgw7AZ9B8dGJ4jevKBRK5ObNGTMt5i7qbVD1fvM/ePALHwCUL1KRMmhcDF/d8Rbzf1VhYjDN66ZYYgOHFzQhv5Wxu6AlSmm0NTFccTNGSx955SH1uD/7hG64uu+1qj/CgUkEBO94Ru1bx9ls5q3xK9/5C4qR166mks0dGfcJNgU0R3zPqUmK8/dp8RHfWrjQY3ZYFN3LSpKtG7acU1eAgmFGvvo9UUUl6KiwlYYOENLNcPccV3fLi04LyWAo9nFBHijz1TK6zLgAQYP675hqsU7CdF+/dggTGhlRaifdKvxlRy+YciZMFJ+34KFHJ09+xLyJqyuD/cBM3A5Sk1n47MtRMotUKpyxVcUv7Ua2ok49sPmXULPRHl8pQBZOYJVSqjaQ/J32xleV9lS25c3B8jAAKnQpRJLBdkCM/DM8jY0qw9zLjBhmDAl2HlJNBqcge8Obk76oTCF+xOzK7b5L2/RTFrnEQr12gllmmAun/x/7+8Exn6etDc+SbgdVVcUK88c+dYmt761y2K4bXAYEJS6HfxFkmiXcFzC4FqZ6jlK7SgpX0ZdOy6v6xwHDjvM9+rfe/4hZuI4RHW88L+/eDmyBVvIYmU1E2SvLaHWFmEOXRHA71noXwyC3vgN3HrpEyxs7HgTUm46AySSktDO7Gc2puFZD7N/HOKrnpTuIqkmNbcNE8zfGtlB7y39VdRZES4fAQ8V1vvWs21Vv7SRXOBiIqXuaK6A3iZv46ARTJD0ooJZybs0PHpT/pHfoBZaBXscWN19AFYYClHNUSWgJ/0af66uK7WZnoqHfy1L/SanN0F2zvZgJ2IEjmOzFXX4zEwltEFu9K51gWgsfp23uJd5gzPUO4ChSd3DQarkpfXfhJsYfInrJE4mTy2hf6YQTrQOJaLvKvKpLGKplCjWIPyEnr2mr/8d6qLXT7OVY9VPtfh8X9LQabVFmNyPwt6R4Ih9zG6D0yZYzIJN7I1+YzSjmAchcs9ONmIDg9Yi3FfCScdZ/gxPYeGUGOLT2bizUkcMmMX6gDc1TTmcSxjIY+fRzfVrXx+l4k5ehfMjokI+Oi04ZvU4pQvoCralP9S08toh+52bFt1xn67PH33riEkpqkjNuWRgXjCsO63qXMJg6IIYkMi/zATsj9wpxd1wOJYtcFQHciKLbP1miBux0RlxnYGWrj/YZ1cK3LY89s725W/qNqJrckZPgvpJ1CRBC5LW6epLUlGBXWadqVtaWm0mU7GbBbFWluo97ziUcrxzHZ0M/qvuKAEWep5C/DsEPdlLODzc2eAB+BdDnktsF0N26uSPgNVsFWcPQqeor9JXquY54D/P4Reim9cr6f1WQ3sAAAAAAAAAAAAAAAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFKc7/KC56/8KHnEF46zNWh+L6HxLBBQ0t41WJfRszNhVGtti7Zi6m8/q9wICBAAAAA==
我几乎没有能力联系实际编写 SSO 提供程序的人(他们在另一个国家,即使是最详细的电子邮件也回复了基本无用的信息和对我毫无意义的日志条目),所以我很友好必须自己弄清楚这一点。如果有人对此过程有任何疑问,此异常,编码证书或我正在使用的代码有问题,请帮忙,我觉得我开始因尝试随机事物而让它们无法正常工作而发疯。