From 45246c90d2f98328c5eff15a873a285e8d92174a Mon Sep 17 00:00:00 2001 From: Mitchell Hwang Date: Mon, 16 Aug 2021 10:20:00 -0400 Subject: [PATCH 1/2] [Android][libraries] Throw PNSE for Exportable and PersistKeySet flags --- .../Cryptography/Pal.Android/AndroidCertificatePal.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs index 2a987506f1203e..4a95fc7a7c3ffc 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs @@ -63,6 +63,16 @@ public static ICertificatePal FromBlob(ReadOnlySpan rawData, SafePasswordH // We don't support determining this on Android right now, so we throw. throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner); case X509ContentType.Pkcs12: + if ((keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable) + { + throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_ExportableNotSupported); + } + + if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet) + { + throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported); + } + return ReadPkcs12(rawData, password, ephemeralSpecified); case X509ContentType.Cert: default: From 34b8aa9bc4ad189c96671cc6132dfb7f38f68302 Mon Sep 17 00:00:00 2001 From: Mitchell Hwang Date: Tue, 17 Aug 2021 10:59:52 -0400 Subject: [PATCH 2/2] Ignore exportable flag --- .../Cryptography/Pal.Android/AndroidCertificatePal.cs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs index 4a95fc7a7c3ffc..d765cd0b56a4da 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs @@ -63,11 +63,6 @@ public static ICertificatePal FromBlob(ReadOnlySpan rawData, SafePasswordH // We don't support determining this on Android right now, so we throw. throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner); case X509ContentType.Pkcs12: - if ((keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable) - { - throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_ExportableNotSupported); - } - if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet) { throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported);