From b1c6deacd8753431217caabbcc4a158ca0fce768 Mon Sep 17 00:00:00 2001
From: Mitchell Hwang <16830051+mdh1418@users.noreply.github.com>
Date: Tue, 17 Aug 2021 14:06:02 -0400
Subject: [PATCH] [Android][libraries] Throw PNSE for PersistKeySet flags
 (#57494)

* [Android][libraries] Throw PNSE for Exportable and PersistKeySet flags

* Ignore exportable flag

Co-authored-by: Mitchell Hwang <mitchell.hwang@microsoft.com>
---
 .../src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs
index 2a98750..d765cd0 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs
@@ -63,6 +63,11 @@ namespace Internal.Cryptography.Pal
                     // We don't support determining this on Android right now, so we throw.
                     throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
                 case X509ContentType.Pkcs12:
+                    if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet)
+                    {
+                        throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported);
+                    }
+
                     return ReadPkcs12(rawData, password, ephemeralSpecified);
                 case X509ContentType.Cert:
                 default:
-- 
2.7.4