From 93b01022c09fa7680cf932cc799dbd74bb541932 Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Mon, 3 Jul 2023 12:45:14 -0400
Subject: [PATCH] Permit trailing data after PKCS12

---
 .../X509Certificates/AppleCertificatePal.ImportExport.iOS.cs  | 4 +++-
 .../tests/X509Certificates/PfxIterationCountTests.cs          | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.ImportExport.iOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.ImportExport.iOS.cs
index c9c6ab2c49b0d..ca61622b3fadd 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.ImportExport.iOS.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.ImportExport.iOS.cs
@@ -22,7 +22,9 @@ private static bool IsPkcs12(ReadOnlySpan<byte> rawData)
                     {
                         using (var manager = new PointerMemoryManager<byte>(pin, rawData.Length))
                         {
-                            PfxAsn.Decode(manager.Memory, AsnEncodingRules.BER);
+                            // Permit trailing data after the PKCS12.
+                            AsnValueReader reader = new AsnValueReader(rawData, AsnEncodingRules.BER);
+                            PfxAsn.Decode(ref reader, manager.Memory, out _);
                         }
 
                         return true;
diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs
index bcf156cbaaea8..59339ab75b409 100644
--- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs
+++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs
@@ -130,7 +130,6 @@ public void ExportedPfxWithNullPassword_DecryptReturnsValidPaddingWithEmptyPassw
         }
 
         [Fact]
-        [ActiveIssue("https://github.com/dotnet/runtime/issues/88050", TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst)]
         public void Import_BlobHasMoreThanOnePfx_LoadsOnlyOne()
         {
             // These certs don't use PBES2 so they should be supported everywhere.