Unable to create a X509Certificate2 from raw byte array in Xamarin on Android 10

Question

I haven't been able to create a simple X509Certificate2 from the corresponding byte array. This code shows that the byte array gets recognized as a X509ContentType.Cert, but the next statement throws an exception:

var rawCert = Convert.FromBase64String("MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTIyMDcwNzEyNDYwNVoXDTIzMDcwNzEyNDYwNVowNTELMAkGA1UEBhMCSVQxEjAQBgNVBAoMCVVzZXIgSW5jLjESMBAGA1UEAwwJVGVzdCBVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49Ph51FyIrd3rGW1OGG6273jDBPnVtQnDhxzWHzS3zi6OPoDfg2Gh8Bmujr01FsJcW7QC7Iq28Rd1S7K2GnDWFF0IrmN/VoUSpG02j/l3W1gl8ekiPx0gJBuOg0ZuJThctDB70KcNb072Rwlrm7SNQXlS0M50Z3l+3TdBEuDOqjEZb8wDcb4xbTyB+b/D2Jmd9dd1YuEn/YFGqot7LelQjP9TmeiWICWrZXu4ShE2trSyjydZvDwkZLXmYlu/TNV4lF/mWu3oQJuRV+Fpn6Ljeo7u8b9cEErpiNX2zsa3wp18/5TZ9wKbf7on/Oe6M0LkdLf+gWMnR4zM/oMTi3aGwIDAQABo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUDADxyqeMh75HrYONPmAG9S9w+o8wHwYDVR0jBBgwFoAUkCPgQIO7EpJR7I4UL0dmQW78wJowDQYJKoZIhvcNAQELBQADggEBAFNZnTb5ShnSUF/2jM4A1WDO3yD5K66FRftORNIzz126dZMmBiXpDAl8IiNrcIP+mFYPrvWnBCpdxf9qslHOd0Uw6xkZ5r4/WKeNhoZ1teJNEkSkJrluo6bI/SO9JJMl4RelR1qRestrdmGpfb3HVx5y6VAqYJuAke9mVZWLOIdjqXtL4lSlArhdfqHPtmJSG8S2MRZuJNf2UZfhpRpWMg93qUlmp17sW7ItrBu1jHdOZMw0dfMaCAT1ipuY3moxj6mcyo2alOsl9YFygzxzLSVTgAsgMsn698cv9BprqfaaOsWl+CTNNjlVLGDs/GAP+r0Ul5LvlHZybEseNoNe3VU=");
var type = X509Certificate2.GetCertContentType(rawCert);
var x509 = new X509Certificate2(rawCert);

The certificate in the code is a simple custom-made certificate but the same is true for any other certificate that I've tried, even self-signed ones.

The exception thrown by the X509Certificate2 constructor seems to indicate that a wrong type has been detected, contrary to the previous statement outcome:

System.Security.Cryptography.CryptographicException
    Message=\`MonoBtlsPkcs12.Import\` failed.

Obviously the same code works perfectly fine in any other .Net environment I've tried.

The complete stacktrace is this:

at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x00006] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsObject.cs:95 
at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsObject.cs:103 
at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0002e] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsPkcs12.cs:117 
at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0003e] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs:261 
at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00047] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs:103 

Answer 1

I digged in a little further and found out the cause of the problem, even though I didn't manage to isolate it and reproduce it.

A library in the App's solution, doing XML signatures, had the NuGet package System.Security.Cryptography.X509Certificate as a dependency, which wasn't necessary because the needed classes are already part of the System library of the MonoAndroid framework (the project just needs the System.Security.Cryptography.Xml NuGet package, otherwise the SignedXml and all the related classes are not available).

Uninstalling the System.Security.Cryptography.X509Certificate NuGet package unexpectedly solved the problem, don't kwnow whay, I need to investigate more, maybe there's some wierd mingling of libraries going on in the final APK package.