Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

So I'm doing an Android app and banging my head against our company's OAuth2 implementation (worse integration of my professional career by far, and it's not even done yet). I'm up to the exchange of client credentials part -- I'm getting back the credential in PFX format as a Base 64 encoded string. I then attempt to do this:

CredentialResponse resp = ServerAccessLayer.SSO.Model.CredentialFromJson(json);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream cert = new ByteArrayInputStream(Base64.decode(resp.credential, Base64.DEFAULT));
X509Certificate x509 = (X509Certificate)cf.generateCertificate(cert);
I've seen this code snippet linked in several places both on SO and in blog posts -- as near as I can tell it should work, but I'm getting this:
java.security.cert.CertificateException: 
org.apache.harmony.security.asn1.ASN1Exception: 
DER: only definite length encoding MUST be used
I'm a bit out of my depth, being a mainly web/Javascript UI programmer that's been suckered into learning Android and writing this app.  So this might be too much or too little information, but here's the Base64 encoded string I'm getting back as a credential:
MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSABIIDKzCCAycwggMjBgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEMAQMwGgQUttWa2nEvTrfVXeWDOCNh8qEpljYCAgQABIICgJwzIJFcp/NpJnxO9vh8cLUR7GsYOdm1CDzPZs+JplogTakQmiqlmwnybAIGaj6qXgDadYbG5k/fIrXW1OLRWWQFMUaYxH6lDDPKLqCsSwnhbxsvmp51EC+V5QwS9Am6zoNdAUE1SDQILuei7QOgmTcYM5uFo8pM+iVT6E4MC8S9EDCFppT75+w5PAhlYOURq2IF3HKAmT+VDa3ucB8P8me4k48HqP/6jEObiSEFA8ecz4Qx9jBSmqpBUVECpJXznThrexD7wUplyiWDcT7AUyaIBt+Nlhi8KZx4suuMaz6+1POqnKt938WPEKLOfzNA1+ApvonMl8K2QjHrHZzEc9DuQHw+gU+daR5xRfjxuYGn06GaC2SOQlbn70wyQ3LAEnCMN968ANHMY3a8EoZuHWUak/cWt/cJVTkI0TqaBGtfHFSyc9cWGLQyq+g3hpr0r8ISKlTGB1oEI7dKiD1Dk4PtGBVWcBJT3odxhZU0a48pqawRffFIf7kLB6I6u3lZVLbJyub7hSgMVRKn5MH0WIBlmun6tV7/P2Cs9lY2YQKnl4VLF7rWmnVIJCx32sOgQQauUOEo7DCyghtes555gbEJ3phaq56ujolC9COsbbKg6sdwB23iIqlUaXHr9yLi69KNV6WIeZmsU8fnMugKHzNSPJ5gS7MwyexChROfoMOuqV/ge2h94Xp1pNOv0ZDO2bQWgosvi/sXbbXBBwbIZk5R+GEmXuRAxQ6vNTi3NeKoA/PGN5FLCNP4rYuNVt6M/D8Up8r+Si2GapGxmTh+ZPHLfKD0aIpH9kKNStlcn6EXNow1Yu1o2EEU2au/C9u+9fu8Wdvo3cFb+ApbCC/BuvUxXjAjBgkqhkiG9w0BCRUxFgQUgRcjM00QWPwbORwmOWeAU9NZM18wNwYJKoZIhvcNAQkUMSoeKABTAGEAZwBlACAASQBkACAATwBBAHUAdABoACAAQwBsAGkAZQBuAHQAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIBADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBSjKTSvGU2SSUmstu0OR+VSgaFkrwICBACggASCBGjmzeEsfvEZ1tIFxM5ycEGrVIjxUftJdVxEZcT7xB1yrqLBlBGu4aQKiYwAQHSt7irJ3HFb3O5dJ1r9ZIdlq/F9eknv4AmuZHm/0DJA75GfBIID6IKf7T+sOgeP6+DUxMmK0X5gCl+gPZksWxIdwCM3X9kP/tDY7N6eQnUs+jgw7AZ9B8dGJ4jevKBRK5ObNGTMt5i7qbVD1fvM/ePALHwCUL1KRMmhcDF/d8Rbzf1VhYjDN66ZYYgOHFzQhv5Wxu6AlSmm0NTFccTNGSx955SH1uD/7hG64uu+1qj/CgUkEBO94Ru1bx9ls5q3xK9/5C4qR166mks0dGfcJNgU0R3zPqUmK8/dp8RHfWrjQY3ZYFN3LSpKtG7acU1eAgmFGvvo9UUUl6KiwlYYOENLNcPccV3fLi04LyWAo9nFBHijz1TK6zLgAQYP675hqsU7CdF+/dggTGhlRaifdKvxlRy+YciZMFJ+34KFHJ09+xLyJqyuD/cBM3A5Sk1n47MtRMotUKpyxVcUv7Ua2ok49sPmXULPRHl8pQBZOYJVSqjaQ/J32xleV9lS25c3B8jAAKnQpRJLBdkCM/DM8jY0qw9zLjBhmDAl2HlJNBqcge8Obk76oTCF+xOzK7b5L2/RTFrnEQr12gllmmAun/x/7+8Exn6etDc+SbgdVVcUK88c+dYmt761y2K4bXAYEJS6HfxFkmiXcFzC4FqZ6jlK7SgpX0ZdOy6v6xwHDjvM9+rfe/4hZuI4RHW88L+/eDmyBVvIYmU1E2SvLaHWFmEOXRHA71noXwyC3vgN3HrpEyxs7HgTUm46AySSktDO7Gc2puFZD7N/HOKrnpTuIqkmNbcNE8zfGtlB7y39VdRZES4fAQ8V1vvWs21Vv7SRXOBiIqXuaK6A3iZv46ARTJD0ooJZybs0PHpT/pHfoBZaBXscWN19AFYYClHNUSWgJ/0af66uK7WZnoqHfy1L/SanN0F2zvZgJ2IEjmOzFXX4zEwltEFu9K51gWgsfp23uJd5gzPUO4ChSd3DQarkpfXfhJsYfInrJE4mTy2hf6YQTrQOJaLvKvKpLGKplCjWIPyEnr2mr/8d6qLXT7OVY9VPtfh8X9LQabVFmNyPwt6R4Ih9zG6D0yZYzIJN7I1+YzSjmAchcs9ONmIDg9Yi3FfCScdZ/gxPYeGUGOLT2bizUkcMmMX6gDc1TTmcSxjIY+fRzfVrXx+l4k5ehfMjokI+Oi04ZvU4pQvoCralP9S08toh+52bFt1xn67PH33riEkpqkjNuWRgXjCsO63qXMJg6IIYkMi/zATsj9wpxd1wOJYtcFQHciKLbP1miBux0RlxnYGWrj/YZ1cK3LY89s725W/qNqJrckZPgvpJ1CRBC5LW6epLUlGBXWadqVtaWm0mU7GbBbFWluo97ziUcrxzHZ0M/qvuKAEWep5C/DsEPdlLODzc2eAB+BdDnktsF0N26uSPgNVsFWcPQqeor9JXquY54D/P4Reim9cr6f1WQ3sAAAAAAAAAAAAAAAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFKc7/KC56/8KHnEF46zNWh+L6HxLBBQ0t41WJfRszNhVGtti7Zi6m8/q9wICBAAAAA==
I have almost no ability to contact the people who actually wrote the SSO provider (they're in another country, and respond to even the most detailed e-mails with basically useless information and log entries that mean nothing to me), so I kind of have to figure this out myself.  If anyone has anything on this process, this exception, something wrong with the encoded certificate or the code I'm using, please help out, I feel like I'm starting to go crazy from trying random things and having them not work.
                According to docs.oracle.com/javase/6/docs/api/java/security/cert/… you need a DER format certificate. Is there a particular reason you are getting a PFX?
– PrimeNerd
                Feb 28, 2013 at 23:57
                The only format my Oauth provider can send back to the GetClientCredentials call is PFX.  From the documentation:  "The format that the client would like the client credential delivered in. This must be "pfx", which is the default."
– Gakidou
                Mar 1, 2013 at 0:01
Here is function made in Kotlin using CertificateFactory. Input could be as You mention (not DER).
private fun certificateFromString(base64: String): X509Certificate? {
    val decoded = Base64.decode(base64, Base64.NO_WRAP)
    val inputStream = ByteArrayInputStream(decoded)
    return CertificateFactory.getInstance("X.509").generateCertificate(inputStream) as? X509Certificate
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.