[System]: Implement X509Certificate2.Export(X509ContentType.Pfx).

(cherry picked from commit e51b4ec6853e7e7ae6f7e862275a282a8c1e7904)

1 files changed, 36 insertions, 0 deletions

diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
index fdc87776e67..fd26add2fe2 100644
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
@@ -534,6 +534,42 @@ namespace System.Security.Cryptography.X509Certificates {
 			Import (rawData, (string)null, keyStorageFlags);
 		}
 
+		[MonoTODO ("X509ContentType.SerializedCert is not supported")]
+		public override byte[] Export (X509ContentType contentType, string password)
+		{
+			if (_cert == null)
+				throw new CryptographicException (empty_error);
+
+			switch (contentType) {
+			case X509ContentType.Cert:
+				return _cert.RawData;
+			case X509ContentType.Pfx: // this includes Pkcs12
+				return ExportPkcs12 (password);
+			case X509ContentType.SerializedCert:
+				// TODO
+				throw new NotSupportedException ();
+			default:
+				string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
+				throw new CryptographicException (msg);
+			}
+		}
+
+		byte[] ExportPkcs12 (string password)
+		{
+			var pfx = new MX.PKCS12 ();
+			try {
+				if (password != null)
+					pfx.Password = password;
+				pfx.AddCertificate (_cert);
+				var privateKey = PrivateKey;
+				if (privateKey != null)
+					pfx.AddPkcs8ShroudedKeyBag (privateKey);
+				return pfx.GetBytes ();
+			} finally {
+				pfx.Password = null;
+			}
+		}
+
 		public override void Reset () 
 		{
 			_cert = null;