[System]: Implement X509Certificate2.Export(X509ContentType.Pfx).

(cherry picked from commit e51b4ec6853e7e7ae6f7e862275a282a8c1e7904)

diff --git a/mcs/class/Mono.Security/Mono.Security.X509/PKCS12.cs b/mcs/class/Mono.Security/Mono.Security.X509/PKCS12.cs
index 62ed9c7a3fc404104b19f30d9802fdc053eaf14c..fc8ac2bb306ec90519e2c0e4da4afd84d6a90bd1 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.X509/PKCS12.cs
+++ b/mcs/class/Mono.Security/Mono.Security.X509/PKCS12.cs
@@ -430,6 +430,10 @@ namespace Mono.Security.X509 {
 
                public string Password {
                        set {
+                               // Clear old password.
+                               if (_password != null)
+                                       Array.Clear (_password, 0, _password.Length);
+                               _password = null;
                                if (value != null) {
                                        if (value.Length > 0) {
                                                int size = value.Length;
@@ -447,9 +451,6 @@ namespace Mono.Security.X509 {
                                                // double-byte (Unicode) NULL (0x00) - see bug #79617
                                                _password = new byte[2];
                                        }
-                               } else {
-                                       // no password
-                                       _password = null;
                                }
                        }
                }

diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
index fdc87776e6796661479feb4458a03681d3069ba7..fd26add2fe2b93d2fbdc8a1ec6c8b32ac6fd2fec 100644 (file)
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
@@ -534,6 +534,42 @@ namespace System.Security.Cryptography.X509Certificates {
                        Import (rawData, (string)null, keyStorageFlags);
                }
 
+               [MonoTODO ("X509ContentType.SerializedCert is not supported")]
+               public override byte[] Export (X509ContentType contentType, string password)
+               {
+                       if (_cert == null)
+                               throw new CryptographicException (empty_error);
+
+                       switch (contentType) {
+                       case X509ContentType.Cert:
+                               return _cert.RawData;
+                       case X509ContentType.Pfx: // this includes Pkcs12
+                               return ExportPkcs12 (password);
+                       case X509ContentType.SerializedCert:
+                               // TODO
+                               throw new NotSupportedException ();
+                       default:
+                               string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
+                               throw new CryptographicException (msg);
+                       }
+               }
+
+               byte[] ExportPkcs12 (string password)
+               {
+                       var pfx = new MX.PKCS12 ();
+                       try {
+                               if (password != null)
+                                       pfx.Password = password;
+                               pfx.AddCertificate (_cert);
+                               var privateKey = PrivateKey;
+                               if (privateKey != null)
+                                       pfx.AddPkcs8ShroudedKeyBag (privateKey);
+                               return pfx.GetBytes ();
+                       } finally {
+                               pfx.Password = null;
+                       }
+               }
+
                public override void Reset () 
                {
                        _cert = null;