[Https] Export the certificate in PEM format too (#23803)

* Changed `--key-format` to `--format`.
* Changed the format of the certificate to PEM when `--format pem` is indicated.

Author: javiercn

src/Shared/CertificateGeneration/CertificateManager.cs

@@ -440,7 +440,7 @@ internal void ExportCertificate(X509Certificate2 certificate, string path, bool
                             Array.Clear(keyBytes, 0, keyBytes.Length);
                             Array.Clear(pem, 0, pem.Length);
 
-                            bytes = certificate.Export(X509ContentType.Cert);
+                            bytes = Encoding.ASCII.GetBytes(PemEncoding.Write("CERTIFICATE", certificate.Export(X509ContentType.Cert)));
                             break;
                         default:
                             throw new InvalidOperationException("Unknown format.");

src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs

@@ -162,7 +162,7 @@ public void EnsureCreateHttpsCertificate_CanExportTheCertInPemFormat()
         {
             // Arrange
             var message = "plaintext";
-            const string CertificateName = nameof(EnsureCreateHttpsCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates) + ".pfx";
+            const string CertificateName = nameof(EnsureCreateHttpsCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates) + ".pem";
             var certificatePassword = Guid.NewGuid().ToString();
 
             _fixture.CleanupCertificates();
@@ -183,10 +183,7 @@ public void EnsureCreateHttpsCertificate_CanExportTheCertInPemFormat()
             Assert.Equal(EnsureCertificateResult.ValidCertificatePresent, result);
             Assert.True(File.Exists(CertificateName));
 
-            var key = RSA.Create();
-            key.ImportFromEncryptedPem(File.ReadAllText(Path.ChangeExtension(CertificateName, "key")), certificatePassword);
-            var exportedCertificate = new X509Certificate2(File.ReadAllBytes(CertificateName));
-            exportedCertificate = exportedCertificate.CopyWithPrivateKey(key);
+            var exportedCertificate = X509Certificate2.CreateFromEncryptedPemFile(CertificateName, certificatePassword, Path.ChangeExtension(CertificateName, "key"));
             Assert.NotNull(exportedCertificate);
             Assert.True(exportedCertificate.HasPrivateKey);
 
@@ -260,7 +257,7 @@ public void EnsureCreateHttpsCertificate_CanExportTheCertInPemFormat_WithoutPass
         {
             // Arrange
             var message = "plaintext";
-            const string CertificateName = nameof(EnsureCreateHttpsCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates) + ".pfx";
+            const string CertificateName = nameof(EnsureCreateHttpsCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates) + ".pem";
             _fixture.CleanupCertificates();
 
             var now = DateTimeOffset.UtcNow;
@@ -277,10 +274,7 @@ public void EnsureCreateHttpsCertificate_CanExportTheCertInPemFormat_WithoutPass
             Assert.Equal(EnsureCertificateResult.ValidCertificatePresent, result);
             Assert.True(File.Exists(CertificateName));
 
-            var key = RSA.Create();
-            key.ImportFromPem(File.ReadAllText(Path.ChangeExtension(CertificateName, "key")));
-            var exportedCertificate = new X509Certificate2(File.ReadAllBytes(CertificateName));
-            exportedCertificate = exportedCertificate.CopyWithPrivateKey(key);
+            var exportedCertificate = X509Certificate2.CreateFromPemFile(CertificateName, Path.ChangeExtension(CertificateName, "key"));
             Assert.NotNull(exportedCertificate);
             Assert.True(exportedCertificate.HasPrivateKey);
 

src/Tools/dotnet-dev-certs/src/Program.cs

@@ -92,9 +92,9 @@ public static int Main(string[] args)
                         "Imports the provided HTTPS development certificate into the machine. All other HTTPS developer certificates will be cleared out",
                         CommandOptionType.SingleValue);
 
-                    var keyFormat = c.Option(
-                        "--key-format",
-                        "Export the certificate key in the given format. Valid values are Pfx and Pem. Pfx is the default.",
+                    var format = c.Option(
+                        "--format",
+                        "Export the certificate in the given format. Valid values are Pfx and Pem. Pfx is the default.",
                         CommandOptionType.SingleValue);
 
                     CommandOption trust = null;
@@ -121,7 +121,7 @@ public static int Main(string[] args)
 
                         if (clean.HasValue())
                         {
-                            if (exportPath.HasValue() || trust?.HasValue() == true || keyFormat.HasValue() || noPassword.HasValue() || check.HasValue() ||
+                            if (exportPath.HasValue() || trust?.HasValue() == true || format.HasValue() || noPassword.HasValue() || check.HasValue() ||
                                (!import.HasValue() && password.HasValue()) ||
                                (import.HasValue() && !password.HasValue()))
                             {
@@ -132,7 +132,7 @@ public static int Main(string[] args)
 
                         if (check.HasValue())
                         {
-                            if (exportPath.HasValue() || password.HasValue() || noPassword.HasValue() || clean.HasValue() || keyFormat.HasValue() || import.HasValue())
+                            if (exportPath.HasValue() || password.HasValue() || noPassword.HasValue() || clean.HasValue() || format.HasValue() || import.HasValue())
                             {
                                 reporter.Error(InvalidUsageErrorMessage);
                                 return CriticalError;
@@ -147,7 +147,7 @@ public static int Main(string[] args)
                                 return CriticalError;
                             }
 
-                            if (noPassword.HasValue() && !(keyFormat.HasValue() && string.Equals(keyFormat.Value(), "PEM", StringComparison.OrdinalIgnoreCase)))
+                            if (noPassword.HasValue() && !(format.HasValue() && string.Equals(format.Value(), "PEM", StringComparison.OrdinalIgnoreCase)))
                             {
                                 reporter.Error(InvalidUsageErrorMessage);
                                 return CriticalError;
@@ -176,7 +176,7 @@ public static int Main(string[] args)
                             return ImportCertificate(import, password, reporter);
                         }
 
-                        return EnsureHttpsCertificate(exportPath, password, noPassword, trust, keyFormat, reporter);
+                        return EnsureHttpsCertificate(exportPath, password, noPassword, trust, format, reporter);
                     });
                 });