Fix certificate test failures on iOS(-likes)

Also don't run ExportMultiplePrivateKeys on platforms that don't have Exportable

Author: bartonjs

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.iOS.cs

@@ -22,7 +22,29 @@ private static partial ICertificatePal LoadCertificatePal(ReadOnlySpan<byte> dat
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
             }
 
-            return LoadX509(data);
+            ICertificatePal? result = null;
+
+            // If the data starts with 0x30, only try the DER loader.
+            // Otherwise, try PEM.
+            // If it's not PEM and not 0x30, still call the DER loader to get the system error.
+            if (data[0] != 0x30)
+            {
+                AppleCertificatePal.TryDecodePem(
+                    data,
+                    (derData, contentType) =>
+                    {
+                        if (contentType != X509ContentType.Cert)
+                        {
+                            // true: keep looking
+                            return true;
+                        }
+
+                        result = LoadX509(derData);
+                        return false;
+                    });
+            }
+
+            return result ?? LoadX509(data);
         }
 
         private static partial ICertificatePal LoadCertificatePalFromFile(string path)

src/libraries/System.Security.Cryptography/tests/X509Certificates/CollectionTests.cs

@@ -800,6 +800,7 @@ public static void MultipleImport()
         }
 
         [Fact]
+        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS, "The PKCS#12 Exportable flag is not supported on iOS/MacCatalyst/tvOS")]
         public static void ExportMultiplePrivateKeys()
         {
             var collection = new X509Certificate2Collection();