/**
   * Extracts the <tt>PublicKey</tt> from the provided CSR.
   *
   * <p>This method will throw a {@link RuntimeException} if the JRE is missing the RSA algorithm,
   * which is a required algorithm as defined by the JCA.
   *
   * @param csr the CSR to extract from.
   * @return the extracted <tt>PublicKey</tt>
   * @throws InvalidKeySpecException if the CSR is not using an RSA key.
   * @throws IOException if there is an error extracting the <tt>PublicKey</tt> parameters.
   */
  public static PublicKey getPublicKey(final PKCS10CertificationRequest csr)
      throws InvalidKeySpecException, IOException {
    SubjectPublicKeyInfo pubKeyInfo = csr.getSubjectPublicKeyInfo();
    RSAKeyParameters keyParams = (RSAKeyParameters) PublicKeyFactory.createKey(pubKeyInfo);
    KeySpec keySpec = new RSAPublicKeySpec(keyParams.getModulus(), keyParams.getExponent());

    KeyFactory kf;
    try {
      kf = KeyFactory.getInstance("RSA");
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException(e);
    }
    return kf.generatePublic(keySpec);
  }
  public static void testGenP12() throws Exception {

    String rootCerBase64 =
        "MIIDvTCCAqWgAwIBAgIEEioP6zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC"
            + "Q04xETAPBgNVBAgTCHNoYW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UE"
            + "Cgwq5LiK5rW36YeR6bm/6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQsw"
            + "CQYDVQQLEwJJVDEXMBUGA1UEAxMOb3Blbi5qbGZleC5jb20wHhcNMTQwODIxMDM0"
            + "NTQ5WhcNMjQwODE4MDM0NTQ5WjCBjjELMAkGA1UEBhMCQ04xETAPBgNVBAgTCHNo"
            + "YW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UECgwq5LiK5rW36YeR6bm/"
            + "6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQswCQYDVQQLEwJJVDEXMBUG"
            + "A1UEAxMOb3Blbi5qbGZleC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK"
            + "AoIBAQCQ4q4Yh8EPHbAP+BMiystXOEV56OE+IUwxSS7fRZ3ZrIEPImpnCiAe1txZ"
            + "vk0Lgv8ZWqrj4ErOT5FoOWfQW6Vva1DOXknCzFbypJMjqVnIS1/OwB64sYg4naLc"
            + "mM95GAHtEv9qxIWLbPhoLShz54znRNbM7mZJyT4BwLhKuKmfdo3UEuXvcoUFLN2l"
            + "f2wiTNmgMgpxcnCsWAx2nJaonPGCVXeQu0PXCVmCTyUUCWdT7P1io5yEpuRP/Dac"
            + "//g7Em8rkulgeO7e3gnEbrgrczsr2H1KJLTBjQmyWeWZg7LRYML6oHODrrDb0x++"
            + "yDT01p2BJHlvw/UzJq3I/CCci0lFAgMBAAGjITAfMB0GA1UdDgQWBBS1Lo57VqvU"
            + "BnfyJu51JO9csLJenjANBgkqhkiG9w0BAQsFAAOCAQEACcfPaVl5PIkBZ6cXyHuj"
            + "rJZkZH7Koqhx12DNeCoohdQkRda/gWeHVPsO7snK63sFhoY08OGVgvTRhgzwSBxJ"
            + "cx9GkCyojfHo5xZoOlSQ01PygyScd42DlseNiwXZGBfoxacLEYkIP6OXrDa+wNAP"
            + "gHnLI+37tzkafoPT0xoV/E9thvUUKX1jSIL5UCoGuso6FWLiZgDxD8wKgd22FcYo"
            + "T7B7DHG4R+0rgav81J9xjgOR3ayvNrb86iVvVBmrIiM7Gc2hf5PMiiAOaISST2cJ"
            + "x90X7TUA/f0qrYKveTvkRT77nLfzHV1a+PTS7PwkCXUt/NRm4VwseyGIgQ4FXH6W"
            + "zw==";

    // 解析root CA 证书
    X509Certificate rootcaCertificate =
        CertificateCoder.getX509Certificate(Base64.decodeBase64(rootCerBase64));
    // 解析root CA 私钥
    String rootcaDer = FileUtils.readFileToString(new File("d:\\rootcakey.pem"), "UTF-8");
    PrivateKey rootcaPrivateKey = PKCSCertificateCoder.getPrivateKeyFromPem(rootcaDer, "");
    System.out.println(rootcaPrivateKey);

    // 1.生成用户密钥对
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
    kpg.initialize(2048);
    KeyPair kp = kpg.genKeyPair();

    // 2.生成用户证书请求
    PKCS10CertificationRequest p10 = genPKCS10(kp);
    SubjectPublicKeyInfo subPublicKeyInfo = p10.getSubjectPublicKeyInfo();
    RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(subPublicKeyInfo);
    RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(), rsa.getExponent());
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PublicKey publicKey = kf.generatePublic(rsaSpec);

    // 3.生成用户证书
    X509Certificate clientCertificate =
        buildEndEntityCert(publicKey, rootcaPrivateKey, rootcaCertificate);
    FileUtils.writeByteArrayToFile(new File("d:\\client.cer"), clientCertificate.getEncoded());

    // 4.生成用户p12文件
    storeP12(
        kp,
        new X509Certificate[] {clientCertificate, rootcaCertificate},
        "d:\\client.p12",
        "123456");

    FileOutputStream fos = new FileOutputStream(new File("d:\\client1.p12"));
    X509Certificate[] chain =
        new X509Certificate[] {rootcaCertificate, clientCertificate, clientCertificate};
    genPKCS12File(fos, kp.getPrivate(), chain);
  }