Hi again,
It seems there was a regression between v2.8 and v3.0 on OCSP support for nonce values.
With v2.8, when I executed:
```
New-Object PKI.OCSP.OCSPRequest $cert, $true
```
I got in return `Nonce=$true` and `NonceValue=random_value` but now with 3.0 `Nonce` is still `$true` but `NonceValue` is now empty.
When looking at the source, `NonceValue` indeed does not seem to be initialized anywhere and the private m_encode method was simplified and does not generate a nonce anymore.
Jordan
Comments: I checked previous version and it looks like this part was missing while I rewrote the code. But, as I said, Nonce is sent to the server. Also I found another related issue. Value property of X509NonceExtension has no setter, which should be and this accesser should be set from this constructor: ``` c# public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical) ``` therefore, returned nonce value is displayed (only displayed) as zero in all cases. I fixed this part already: OCSPResponse.cs, line replace line 256 - 262 with the collowing: ``` c# foreach (X509Extension item in exts) { Cryptography.AddExtensionToCollection(item, ref listExtensions); if (listExtensions[listExtensions.Count - 1].Oid.Value == "1.3.6.1.5.5.7.48.1.2") { NonceReceived = true; NonceValue = listExtensions[listExtensions.Count - 1].Format(false); } } ``` and here is new X509NonceExtension.cs file (with removed comments): ``` c# using PKI.ASN; using PKI.ManagedAPI; using System.Globalization; using System.Linq; using System.Text; namespace System.Security.Cryptography.X509Certificates { public sealed class X509NonceExtension : X509Extension { readonly Oid oid = new Oid("1.3.6.1.5.5.7.48.1.2", "OCSP Nonce"); public X509NonceExtension() { m_initialize(); } public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical) { Oid = oid; RawData = nonceValue.RawData; Critical = critical; ASN1 asn = new ASN1(nonceValue.RawData); Value = Crypt32Managed.CryptBinaryToString(asn.Payload, CryptEncoding.CRYPT_STRING_HEX, 0); } public String Value { get; private set; } void m_initialize() { Char[] noncechars = DateTime.Now.Ticks.ToString(CultureInfo.InvariantCulture).ToCharArray(); Critical = false; Oid = oid; Byte[] charBytes = noncechars.Select(Convert.ToByte).ToArray(); Value = Crypt32Managed.CryptBinaryToString(charBytes, CryptEncoding.CRYPT_STRING_HEX, 0); RawData = ASN1.Encode(charBytes.ToArray(), 4); } public override String Format(Boolean multiLine) { StringBuilder SB = new StringBuilder(); SB.Append("Nonce value: " + Value); if (multiLine) { SB.Append(Environment.NewLine); } return SB.ToString(); } } } ``` Value property is changed from "long" to "string" and added private setter. Second constructor and m_initialize() method update this property. this will fix all issues related to Nonce. Again, thanks for report.
It seems there was a regression between v2.8 and v3.0 on OCSP support for nonce values.
With v2.8, when I executed:
```
New-Object PKI.OCSP.OCSPRequest $cert, $true
```
I got in return `Nonce=$true` and `NonceValue=random_value` but now with 3.0 `Nonce` is still `$true` but `NonceValue` is now empty.
When looking at the source, `NonceValue` indeed does not seem to be initialized anywhere and the private m_encode method was simplified and does not generate a nonce anymore.
Jordan
Comments: I checked previous version and it looks like this part was missing while I rewrote the code. But, as I said, Nonce is sent to the server. Also I found another related issue. Value property of X509NonceExtension has no setter, which should be and this accesser should be set from this constructor: ``` c# public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical) ``` therefore, returned nonce value is displayed (only displayed) as zero in all cases. I fixed this part already: OCSPResponse.cs, line replace line 256 - 262 with the collowing: ``` c# foreach (X509Extension item in exts) { Cryptography.AddExtensionToCollection(item, ref listExtensions); if (listExtensions[listExtensions.Count - 1].Oid.Value == "1.3.6.1.5.5.7.48.1.2") { NonceReceived = true; NonceValue = listExtensions[listExtensions.Count - 1].Format(false); } } ``` and here is new X509NonceExtension.cs file (with removed comments): ``` c# using PKI.ASN; using PKI.ManagedAPI; using System.Globalization; using System.Linq; using System.Text; namespace System.Security.Cryptography.X509Certificates { public sealed class X509NonceExtension : X509Extension { readonly Oid oid = new Oid("1.3.6.1.5.5.7.48.1.2", "OCSP Nonce"); public X509NonceExtension() { m_initialize(); } public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical) { Oid = oid; RawData = nonceValue.RawData; Critical = critical; ASN1 asn = new ASN1(nonceValue.RawData); Value = Crypt32Managed.CryptBinaryToString(asn.Payload, CryptEncoding.CRYPT_STRING_HEX, 0); } public String Value { get; private set; } void m_initialize() { Char[] noncechars = DateTime.Now.Ticks.ToString(CultureInfo.InvariantCulture).ToCharArray(); Critical = false; Oid = oid; Byte[] charBytes = noncechars.Select(Convert.ToByte).ToArray(); Value = Crypt32Managed.CryptBinaryToString(charBytes, CryptEncoding.CRYPT_STRING_HEX, 0); RawData = ASN1.Encode(charBytes.ToArray(), 4); } public override String Format(Boolean multiLine) { StringBuilder SB = new StringBuilder(); SB.Append("Nonce value: " + Value); if (multiLine) { SB.Append(Environment.NewLine); } return SB.ToString(); } } } ``` Value property is changed from "long" to "string" and added private setter. Second constructor and m_initialize() method update this property. this will fix all issues related to Nonce. Again, thanks for report.