Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I haven't been able to create a simple X509Certificate2 from the corresponding byte array. This code shows that the byte array gets recognized as a X509ContentType.Cert, but the next statement throws an exception:

var rawCert = Convert.FromBase64String("MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTIyMDcwNzEyNDYwNVoXDTIzMDcwNzEyNDYwNVowNTELMAkGA1UEBhMCSVQxEjAQBgNVBAoMCVVzZXIgSW5jLjESMBAGA1UEAwwJVGVzdCBVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49Ph51FyIrd3rGW1OGG6273jDBPnVtQnDhxzWHzS3zi6OPoDfg2Gh8Bmujr01FsJcW7QC7Iq28Rd1S7K2GnDWFF0IrmN/VoUSpG02j/l3W1gl8ekiPx0gJBuOg0ZuJThctDB70KcNb072Rwlrm7SNQXlS0M50Z3l+3TdBEuDOqjEZb8wDcb4xbTyB+b/D2Jmd9dd1YuEn/YFGqot7LelQjP9TmeiWICWrZXu4ShE2trSyjydZvDwkZLXmYlu/TNV4lF/mWu3oQJuRV+Fpn6Ljeo7u8b9cEErpiNX2zsa3wp18/5TZ9wKbf7on/Oe6M0LkdLf+gWMnR4zM/oMTi3aGwIDAQABo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUDADxyqeMh75HrYONPmAG9S9w+o8wHwYDVR0jBBgwFoAUkCPgQIO7EpJR7I4UL0dmQW78wJowDQYJKoZIhvcNAQELBQADggEBAFNZnTb5ShnSUF/2jM4A1WDO3yD5K66FRftORNIzz126dZMmBiXpDAl8IiNrcIP+mFYPrvWnBCpdxf9qslHOd0Uw6xkZ5r4/WKeNhoZ1teJNEkSkJrluo6bI/SO9JJMl4RelR1qRestrdmGpfb3HVx5y6VAqYJuAke9mVZWLOIdjqXtL4lSlArhdfqHPtmJSG8S2MRZuJNf2UZfhpRpWMg93qUlmp17sW7ItrBu1jHdOZMw0dfMaCAT1ipuY3moxj6mcyo2alOsl9YFygzxzLSVTgAsgMsn698cv9BprqfaaOsWl+CTNNjlVLGDs/GAP+r0Ul5LvlHZybEseNoNe3VU=");
var type = X509Certificate2.GetCertContentType(rawCert);
var x509 = new X509Certificate2(rawCert);
The certificate in the code is a simple custom-made certificate but the same is true for any other certificate that I've tried, even self-signed ones.
The exception thrown by the X509Certificate2 constructor seems to indicate that a wrong type has been detected, contrary to the previous statement outcome:
System.Security.Cryptography.CryptographicException
    Message=\`MonoBtlsPkcs12.Import\` failed.
Obviously the same code works perfectly fine in any other .Net environment I've tried.
The complete stacktrace is this:
at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x00006] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsObject.cs:95 
at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsObject.cs:103 
at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0002e] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsPkcs12.cs:117 
at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0003e] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs:261 
at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00047] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs:103 
                @Robert It's not supposed to be necessarily a pkcs12, the X509Cerificate2 constructor should parse a raw byte array of a DER encoded certificate, with the resulting object not having the private key available, as in any other .NET environment.
– riccardo
                Jul 14, 2022 at 3:57
                But the base64 data is definitely not a plain certificate, decoding it on lapo.it/asn1js shows that is has a password protected (encrypted) block inside. So my guess is that it is a PKCS#8 encrypted key with certificate.
– Robert
                Jul 14, 2022 at 7:00
I digged in a little further and found out the cause of the problem, even though I didn't manage to isolate it and reproduce it.
A library in the App's solution, doing XML signatures, had the NuGet package System.Security.Cryptography.X509Certificate as a dependency, which wasn't necessary because the needed classes are already part of the System library of the MonoAndroid framework (the project just needs the System.Security.Cryptography.Xml NuGet package, otherwise the SignedXml and all the related classes are not available).
Uninstalling the System.Security.Cryptography.X509Certificate NuGet package unexpectedly solved the problem, don't kwnow whay, I need to investigate more, maybe there's some wierd mingling of libraries going on in the final APK package.
                So it was a dependency problem: the library was hiding the X509Certificate functionality of Mono?
– Robert
                Jul 14, 2022 at 12:01
                @Robert, yes, that is what I think was happening, but I'm defenetly not expert on mobile development and I didn't think that was even possibile without some previous runtime/compile-time error or warning.
– riccardo
                Jul 14, 2022 at 12:18
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.