Creating an X509Certificate on Android from a String

Question

So I'm doing an Android app and banging my head against our company's OAuth2 implementation (worse integration of my professional career by far, and it's not even done yet). I'm up to the exchange of client credentials part -- I'm getting back the credential in PFX format as a Base 64 encoded string. I then attempt to do this:

CredentialResponse resp = ServerAccessLayer.SSO.Model.CredentialFromJson(json);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream cert = new ByteArrayInputStream(Base64.decode(resp.credential, Base64.DEFAULT));
X509Certificate x509 = (X509Certificate)cf.generateCertificate(cert);

I've seen this code snippet linked in several places both on SO and in blog posts -- as near as I can tell it should work, but I'm getting this:

java.security.cert.CertificateException: 
org.apache.harmony.security.asn1.ASN1Exception: 
DER: only definite length encoding MUST be used

I'm a bit out of my depth, being a mainly web/Javascript UI programmer that's been suckered into learning Android and writing this app. So this might be too much or too little information, but here's the Base64 encoded string I'm getting back as a credential:

MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSABIIDKzCCAycwggMjBgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEMAQMwGgQUttWa2nEvTrfVXeWDOCNh8qEpljYCAgQABIICgJwzIJFcp/NpJnxO9vh8cLUR7GsYOdm1CDzPZs+JplogTakQmiqlmwnybAIGaj6qXgDadYbG5k/fIrXW1OLRWWQFMUaYxH6lDDPKLqCsSwnhbxsvmp51EC+V5QwS9Am6zoNdAUE1SDQILuei7QOgmTcYM5uFo8pM+iVT6E4MC8S9EDCFppT75+w5PAhlYOURq2IF3HKAmT+VDa3ucB8P8me4k48HqP/6jEObiSEFA8ecz4Qx9jBSmqpBUVECpJXznThrexD7wUplyiWDcT7AUyaIBt+Nlhi8KZx4suuMaz6+1POqnKt938WPEKLOfzNA1+ApvonMl8K2QjHrHZzEc9DuQHw+gU+daR5xRfjxuYGn06GaC2SOQlbn70wyQ3LAEnCMN968ANHMY3a8EoZuHWUak/cWt/cJVTkI0TqaBGtfHFSyc9cWGLQyq+g3hpr0r8ISKlTGB1oEI7dKiD1Dk4PtGBVWcBJT3odxhZU0a48pqawRffFIf7kLB6I6u3lZVLbJyub7hSgMVRKn5MH0WIBlmun6tV7/P2Cs9lY2YQKnl4VLF7rWmnVIJCx32sOgQQauUOEo7DCyghtes555gbEJ3phaq56ujolC9COsbbKg6sdwB23iIqlUaXHr9yLi69KNV6WIeZmsU8fnMugKHzNSPJ5gS7MwyexChROfoMOuqV/ge2h94Xp1pNOv0ZDO2bQWgosvi/sXbbXBBwbIZk5R+GEmXuRAxQ6vNTi3NeKoA/PGN5FLCNP4rYuNVt6M/D8Up8r+Si2GapGxmTh+ZPHLfKD0aIpH9kKNStlcn6EXNow1Yu1o2EEU2au/C9u+9fu8Wdvo3cFb+ApbCC/BuvUxXjAjBgkqhkiG9w0BCRUxFgQUgRcjM00QWPwbORwmOWeAU9NZM18wNwYJKoZIhvcNAQkUMSoeKABTAGEAZwBlACAASQBkACAATwBBAHUAdABoACAAQwBsAGkAZQBuAHQAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIBADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBSjKTSvGU2SSUmstu0OR+VSgaFkrwICBACggASCBGjmzeEsfvEZ1tIFxM5ycEGrVIjxUftJdVxEZcT7xB1yrqLBlBGu4aQKiYwAQHSt7irJ3HFb3O5dJ1r9ZIdlq/F9eknv4AmuZHm/0DJA75GfBIID6IKf7T+sOgeP6+DUxMmK0X5gCl+gPZksWxIdwCM3X9kP/tDY7N6eQnUs+jgw7AZ9B8dGJ4jevKBRK5ObNGTMt5i7qbVD1fvM/ePALHwCUL1KRMmhcDF/d8Rbzf1VhYjDN66ZYYgOHFzQhv5Wxu6AlSmm0NTFccTNGSx955SH1uD/7hG64uu+1qj/CgUkEBO94Ru1bx9ls5q3xK9/5C4qR166mks0dGfcJNgU0R3zPqUmK8/dp8RHfWrjQY3ZYFN3LSpKtG7acU1eAgmFGvvo9UUUl6KiwlYYOENLNcPccV3fLi04LyWAo9nFBHijz1TK6zLgAQYP675hqsU7CdF+/dggTGhlRaifdKvxlRy+YciZMFJ+34KFHJ09+xLyJqyuD/cBM3A5Sk1n47MtRMotUKpyxVcUv7Ua2ok49sPmXULPRHl8pQBZOYJVSqjaQ/J32xleV9lS25c3B8jAAKnQpRJLBdkCM/DM8jY0qw9zLjBhmDAl2HlJNBqcge8Obk76oTCF+xOzK7b5L2/RTFrnEQr12gllmmAun/x/7+8Exn6etDc+SbgdVVcUK88c+dYmt761y2K4bXAYEJS6HfxFkmiXcFzC4FqZ6jlK7SgpX0ZdOy6v6xwHDjvM9+rfe/4hZuI4RHW88L+/eDmyBVvIYmU1E2SvLaHWFmEOXRHA71noXwyC3vgN3HrpEyxs7HgTUm46AySSktDO7Gc2puFZD7N/HOKrnpTuIqkmNbcNE8zfGtlB7y39VdRZES4fAQ8V1vvWs21Vv7SRXOBiIqXuaK6A3iZv46ARTJD0ooJZybs0PHpT/pHfoBZaBXscWN19AFYYClHNUSWgJ/0af66uK7WZnoqHfy1L/SanN0F2zvZgJ2IEjmOzFXX4zEwltEFu9K51gWgsfp23uJd5gzPUO4ChSd3DQarkpfXfhJsYfInrJE4mTy2hf6YQTrQOJaLvKvKpLGKplCjWIPyEnr2mr/8d6qLXT7OVY9VPtfh8X9LQabVFmNyPwt6R4Ih9zG6D0yZYzIJN7I1+YzSjmAchcs9ONmIDg9Yi3FfCScdZ/gxPYeGUGOLT2bizUkcMmMX6gDc1TTmcSxjIY+fRzfVrXx+l4k5ehfMjokI+Oi04ZvU4pQvoCralP9S08toh+52bFt1xn67PH33riEkpqkjNuWRgXjCsO63qXMJg6IIYkMi/zATsj9wpxd1wOJYtcFQHciKLbP1miBux0RlxnYGWrj/YZ1cK3LY89s725W/qNqJrckZPgvpJ1CRBC5LW6epLUlGBXWadqVtaWm0mU7GbBbFWluo97ziUcrxzHZ0M/qvuKAEWep5C/DsEPdlLODzc2eAB+BdDnktsF0N26uSPgNVsFWcPQqeor9JXquY54D/P4Reim9cr6f1WQ3sAAAAAAAAAAAAAAAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFKc7/KC56/8KHnEF46zNWh+L6HxLBBQ0t41WJfRszNhVGtti7Zi6m8/q9wICBAAAAA==

I have almost no ability to contact the people who actually wrote the SSO provider (they're in another country, and respond to even the most detailed e-mails with basically useless information and log entries that mean nothing to me), so I kind of have to figure this out myself. If anyone has anything on this process, this exception, something wrong with the encoded certificate or the code I'm using, please help out, I feel like I'm starting to go crazy from trying random things and having them not work.

Answer 1

Here is function made in Kotlin using CertificateFactory . Input could be as You mention (not DER).

private fun certificateFromString(base64: String): X509Certificate? {
    val decoded = Base64.decode(base64, Base64.NO_WRAP)
    val inputStream = ByteArrayInputStream(decoded)

    return CertificateFactory.getInstance("X.509").generateCertificate(inputStream) as? X509Certificate
}