Создание сертификата с bouncycastle

Question

Я пытаюсь создать самозаверяющий сертификат для S/MIME с библиотекой bouncycastle. Я использовал примеры и некоторые сообщения в Интернете. Код ниже.

SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); 
    Security.addProvider(new BouncyCastleProvider()); 
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");   
    kpGen.initialize(1024, random); 
    KeyPair keyPair = kpGen.generateKeyPair(); 
    PublicKey RSAPubKey = keyPair.getPublic(); 
    PrivateKey RSAPrivateKey = keyPair.getPrivate(); 
    X500Name subjectDN = new X500Name("CN =" + domain);   
    SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(RSAPubKey.getEncoded())); 
    X509v3CertificateBuilder v3CertBuild; 
    v3CertBuild = new X509v3CertificateBuilder(subjectDN, 
      BigInteger.valueOf(new SecureRandom().nextInt()), 
      new Date(System.currentTimeMillis()), 
      new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), 
      subjectDN, 
      pubKeyInfo); 
    DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); 
    X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); 
    v3CertBuild.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(pubKeyInfo).getKeyIdentifier()); 
    v3CertBuild.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(pubKeyInfo).getKeyIdentifier()); 
    v3CertBuild.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); 
    ASN1EncodableVector purposes = new ASN1EncodableVector(); 
    purposes.add(KeyPurposeId.id_kp_emailProtection); 
    v3CertBuild.addExtension(Extension.extendedKeyUsage, false, purposes.get(0)); 
    v3CertBuild.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); 
    GeneralName[] genNames = new GeneralName[1]; 
    genNames[0] = new GeneralName(GeneralName.rfc822Name, new DERIA5String(domain)); 
    v3CertBuild.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(genNames)); 
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(RSAPrivateKey); 
    X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertBuild.build(sigGen)); 
    PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) certificate; 
    bagAttr.setBagAttribute(
      PKCSObjectIdentifiers.pkcs_9_at_friendlyName, 
      new DERBMPString(domain)); 
    KeyStore kstore = KeyStore.getInstance("PKCS12", "BC"); 
    X509Certificate[] chain = new X509Certificate[1]; 
    chain[0] = certificate; 
    kstore.load(null, null);   
    FileOutputStream fOut = new FileOutputStream(domain+".p12"); 
    PKCS12BagAttributeCarrier bagAttr1 = (PKCS12BagAttributeCarrier) keyPair.getPrivate(); 
    bagAttr1.setBagAttribute(
      PKCSObjectIdentifiers.pkcs_9_at_friendlyName, 
      new DERBMPString(domain)); 
    bagAttr.setBagAttribute(
     PKCSObjectIdentifiers.pkcs_9_at_localKeyId, 
      new SubjectKeyIdentifier(RSAPubKey.getEncoded()));    
    kstore.setKeyEntry(domain, RSAPrivateKey, null, chain); 
    kstore.store(fOut, password.toCharArray()); 

И я это исключение:

java.lang.RuntimeException: java.io.IOException: DER length more than 4 bytes: 39 
at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineGetCertificateChain(Unknown Source) 
at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.getUsedCertificateSet(Unknown Source) 
at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.doStore(Unknown Source) 
at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineStore(Unknown Source) 
at java.security.KeyStore.store(KeyStore.java:1377) 
at javaapplication1.Certificate.createCert(Certificate.java:91) 
at javaapplication1.JavaApplication1.main(JavaApplication1.java:38) 

Или иногда:

java.lang.RuntimeException: java.io.IOException: unknown tag 29 encountered 
java.lang.RuntimeException: java.io.EOFException: DEF length 64 object truncated by 46 

Он останавливается наконец line.Searched много об этом исключении, но до сих пор не могу понять, что неправильно с моим кодом. Пожалуйста, помогите мне найти решение ...

Answer 1

misstake был:

v3CertBuild.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(pubKeyInfo).getKeyIdentifier()); 
v3CertBuild.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(pubKeyInfo).getKeyIdentifier()); 

getKeyIndentifier() не было необходимости ...