// =(PKCS12BagAttributeCarrier) kp.getPrivate();
// bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
// new SubjectKeyIdentifier(kp.getPublic().getEncoded()));
// build the X500 name
final X500NameBuilder builder = new X500NameBuilder(
BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, countryCode);
builder.addRDN(BCStyle.O, organizationName);
builder.addRDN(BCStyle.OU, organizationName);
builder.addRDN(BCStyle.L, localityName);
builder.addRDN(BCStyle.ST, state);
builder.addRDN(BCStyle.E, emailAddress);
builder.addRDN(BCStyle.CN, commonName);
final ContentSigner sigGen = new JcaContentSignerBuilder(sa.name())
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(
kp.getPrivate());
// JcaX509v3CertificateBuilder parameters:
// issuer X500Name representing the issuer of this certificate.
// serial the serial number for the certificate.
// notBefore date before which the certificate is not valid.
// notAfter date after which the certificate is not valid.
// subject X500Name representing the subject of this certificate.
// publicKey the public key to be associated with the certificate.
final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
builder.build(),
generateSerialNumber(BigInteger.valueOf(KEY_SIZE)),
calBegin.getTime(), calEnd.getTime(), builder.build(),
kp.getPublic());
certGen.addExtension(X509Extension.subjectKeyIdentifier, false,
new SubjectKeyIdentifier(kp.getPublic().getEncoded()));
certGen.addExtension(X509Extension.basicConstraints, false,
new BasicConstraints(0));