/** Build a sample V3 certificate to use as an end entity certificate */
 public static X509Certificate buildEndEntityCert(
     PublicKey entityKey, PrivateKey caKey, X509Certificate caCert) throws Exception {
   X509v3CertificateBuilder certBldr =
       new JcaX509v3CertificateBuilder(
           caCert.getSubjectX500Principal(),
           BigInteger.valueOf(1),
           new Date(System.currentTimeMillis()),
           new Date(System.currentTimeMillis() + VALIDITY_PERIOD),
           new X500Principal("CN=Test End Entity Certificate"),
           entityKey);
   JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
   certBldr
       .addExtension(
           Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert))
       .addExtension(
           Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(entityKey))
       .addExtension(Extension.basicConstraints, true, new BasicConstraints(false))
       .addExtension(
           Extension.keyUsage,
           true,
           new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
   ContentSigner signer =
       new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caKey);
   return new JcaX509CertificateConverter()
       .setProvider("BC")
       .getCertificate(certBldr.build(signer));
 }
 /** Build a sample V3 certificate to use as an intermediate CA certificate */
 public static X509Certificate buildIntermediateCert(
     PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception {
   X509v3CertificateBuilder certBldr =
       new JcaX509v3CertificateBuilder(
           caCert.getSubjectX500Principal(),
           BigInteger.valueOf(1),
           new Date(),
           sdf.parse("2016-07-06 06:06:06"),
           new X500Principal("CN=Test CA Certificate"),
           intKey);
   JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
   certBldr
       .addExtension(
           Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert))
       .addExtension(
           Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(intKey))
       .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
       .addExtension(
           Extension.keyUsage,
           true,
           new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
   ContentSigner signer =
       new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caKey);
   return new JcaX509CertificateConverter()
       .setProvider("BC")
       .getCertificate(certBldr.build(signer));
 }
  public static void genPKCS12File(OutputStream pfxOut, PrivateKey key, Certificate[] chain)
      throws Exception {

    OutputEncryptor encOut =
        new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC)
            .setProvider("BC")
            .build(KEY_PASSWD);

    PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate) chain[2]);
    taCertBagBuilder.addBagAttribute(
        PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Bouncy Primary Certificate"));

    //		PKCS12SafeBagBuilder caCertBagBuilder = new
    // JcaPKCS12SafeBagBuilder((X509Certificate)chain[1]);
    //		caCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new
    // DERBMPString("Bouncy Intermediate Certificate"));

    PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate) chain[0]);
    eeCertBagBuilder.addBagAttribute(
        PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key"));

    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(chain[0].getPublicKey());
    eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId);

    PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(key, encOut);
    keyBagBuilder.addBagAttribute(
        PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key"));
    keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId);

    PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
    builder.addData(keyBagBuilder.build());
    builder.addEncryptedData(
        new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC)
            .setProvider("BC")
            .build(KEY_PASSWD),
        new PKCS12SafeBag[] {
          eeCertBagBuilder.build(),
          // caCertBagBuilder.build(),
          taCertBagBuilder.build()
        });
    PKCS12PfxPdu pfx =
        builder.build(
            new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), KEY_PASSWD);
    // make sure we don't include indefinite length encoding
    pfxOut.write(pfx.getEncoded(ASN1Encoding.DL));
    pfxOut.close();
  }