1 files changed, 39 insertions, 28 deletions

diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
index 300e1140e1..4559687a7f 100644
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
@@ -426,17 +426,34 @@ namespace System.Security.Cryptography.X509Certificates {
 			}
 		}
 
-		private void ImportPkcs12 (byte[] rawData, string password)
+		private MX.X509Certificate ImportPkcs12 (byte[] rawData, string password)
 		{
 			MX.PKCS12 pfx = (password == null) ? new MX.PKCS12 (rawData) : new MX.PKCS12 (rawData, password);
-			if (pfx.Certificates.Count > 0) {
-				_cert = pfx.Certificates [0];
+			if (pfx.Certificates.Count == 0) {
+				// no certificate was found
+				return null;
+			} else if (pfx.Keys.Count == 0) {
+				// no key were found - pick the first certificate
+				return pfx.Certificates [0];
 			} else {
-				_cert = null;
-			}
-			if (pfx.Keys.Count > 0) {
-				_cert.RSA = (pfx.Keys [0] as RSA);
-				_cert.DSA = (pfx.Keys [0] as DSA);
+				// find the certificate that match the first key
+				MX.X509Certificate cert = null;
+				var keypair = (pfx.Keys [0] as AsymmetricAlgorithm);
+				string pubkey = keypair.ToXmlString (false);
+				foreach (var c in pfx.Certificates) {
+					if (((c.RSA != null) && (pubkey == c.RSA.ToXmlString (false))) ||
+						((c.DSA != null) && (pubkey == c.DSA.ToXmlString (false)))) {
+						cert = c;
+						break;
+					}
+				}
+				if (cert == null) {
+					cert = pfx.Certificates [0]; // no match, pick first certificate without keys
+				} else {
+					cert.RSA = (keypair as RSA);
+					cert.DSA = (keypair as DSA);
+				}
+				return cert;
 			}
 		}
 
@@ -448,14 +465,14 @@ namespace System.Security.Cryptography.X509Certificates {
 		[MonoTODO ("missing KeyStorageFlags support")]
 		public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
 		{
-			base.Import (rawData, password, keyStorageFlags);
+			MX.X509Certificate cert = null;
 			if (password == null) {
 				try {
-					_cert = new MX.X509Certificate (rawData);
+					cert = new MX.X509Certificate (rawData);
 				}
 				catch (Exception e) {
 					try {
-						ImportPkcs12 (rawData, null);
+						cert = ImportPkcs12 (rawData, null);
 					}
 					catch {
 						string msg = Locale.GetText ("Unable to decode certificate.");
@@ -466,14 +483,19 @@ namespace System.Security.Cryptography.X509Certificates {
 			} else {
 				// try PKCS#12
 				try {
-					ImportPkcs12 (rawData, password);
+					cert = ImportPkcs12 (rawData, password);
 				}
 				catch {
 					// it's possible to supply a (unrequired/unusued) password
 					// fix bug #79028
-					_cert = new MX.X509Certificate (rawData);
+					cert = new MX.X509Certificate (rawData);
 				}
 			}
+			// we do not have to fully re-decode the certificate since X509Certificate does not deal with keys
+			if (cert != null) {
+				base.Import (cert.RawData, (string) null, keyStorageFlags);
+				_cert = cert; // becuase base call will call Reset!
+			}
 		}
 
 		[MonoTODO ("SecureString is incomplete")]
@@ -484,35 +506,24 @@ namespace System.Security.Cryptography.X509Certificates {
 
 		public override void Import (string fileName) 
 		{
-			byte[] rawData = Load (fileName);
+			byte[] rawData = File.ReadAllBytes (fileName);
 			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
 		}
 
 		[MonoTODO ("missing KeyStorageFlags support")]
 		public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags) 
 		{
-			byte[] rawData = Load (fileName);
+			byte[] rawData = File.ReadAllBytes (fileName);
 			Import (rawData, password, keyStorageFlags);
 		}
 
 		[MonoTODO ("SecureString is incomplete")]
 		public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) 
 		{
-			byte[] rawData = Load (fileName);
+			byte[] rawData = File.ReadAllBytes (fileName);
 			Import (rawData, (string)null, keyStorageFlags);
 		}
 
-		private static byte[] Load (string fileName)
-		{
-			byte[] data = null;
-			using (FileStream fs = File.OpenRead (fileName)) {
-				data = new byte [fs.Length];
-				fs.Read (data, 0, data.Length);
-				fs.Close ();
-			}
-			return data;
-		}
-
 		public override void Reset () 
 		{
 			_cert = null;
@@ -654,7 +665,7 @@ namespace System.Security.Cryptography.X509Certificates {
 			if (fileName.Length == 0)
 				throw new ArgumentException ("fileName");
 
-			byte[] data = Load (fileName);
+			byte[] data = File.ReadAllBytes (fileName);
 			return GetCertContentType (data);
 		}