X509V1CertificateGeneratorからX509v1CertificateBuilderに移管

Question

こんにちは私はX509V1CertificateGeneratorクラスを使用して、タイプX509Certificateの証明書を生成しています。 今ではクラスX509V1CertificateGeneratorは推奨されておらず、推奨代替案はX509v1CertificateBuilderですが、移行の仕方はわかりません。ここで

コード：

X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); 

// set the necessary X500-fields 
X500Principal dnName = new X500Principal("CN=MyServerName"); 
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); 
certGen.setIssuerDN(dnName); 

// expire-date 
Calendar expireDate = Calendar.getInstance(); 
certGen.setNotBefore(expireDate.getTime()); 

// expires in 25 years 
expireDate.add(Calendar.YEAR, 25); 
certGen.setNotAfter(expireDate.getTime()); 

certGen.setSubjectDN(dnName); // note: same as issuer 
certGen.setPublicKey(pair.getPublic()); 

// set the right signature-algorithm ->RSA/DSA 
if (this.algorithm) 
    certGen.setSignatureAlgorithm("MD5withRSA"); 
else 
    certGen.setSignatureAlgorithm("SHA1withDSA"); 

// generate the X509-certificate 
X509Certificate cert = certGen.generate(pair.getPrivate(), "BC"); 

私は、移行を行うために何をすべきか？

Answer 1

keycloak CertificateUtils

SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()); 
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(
     subjectDN, 
     serialNumber, 
     validityStartDate, 
     validityEndDate, 
     subjectDN, 
     subPubKeyInfo); 

AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); 
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); 
ContentSigner contentSigner = 
     new BcRSAContentSignerBuilder(sigAlgId, digAlgId)     
       .build(PrivateKeyFactory.createKey(pair.getPrivate().getEncoded())); 

X509CertificateHolder holder = builder.build(contentSigner); 

X509Certificate cert = JcaX509CertificateConverter().getCertificate(holder); 

から抽出し、これを試してみてください