Add support for RFC 8954 (Online Certificate Status Protocol (OCSP) Nonce Extension) to the JDK PKIX implementation. Introduce a system property named
jdk.security.certpath.ocspNonce to enable use of the nonce extension.
PKIXRevocationChecker checks the revocation status of certificates with the OCSP responders. The current implementation has protections against replay attacks using the date-based approach of OCSP freshness determination specified in section 7.1 of RFC 5019 . Adding the nonce extension to bind the OCSP request and response is an improvement.
The current implementation in
PKIXRevocationChecker requires the OCSP response to be timely using the date-based approach against replay attacks. Defining a system property
jdk.security.certpath.ocspNonce to enable nonce extension is an improvement.
As RFC 8954  states that if the nonce extension is present, then the length of the nonce must be at least 1 octet and can be up to 32 octets, and OCSP responders must accept lengths of at least 16 octets. To have a conforming implementation, the default nonce length is defined as 16-byte by
jdk.security.certpath.ocspNonce=true, where 16-byte is also same as OpenSSL default.
jdk.security.certpath.ocspNonce is disabled by default for compatibility. This is because RFC 5019  states that clients should not include the requestExtensions structure, and if a requestExtensions structure is included, this profile recommends that it contain only the nonce extension.
"Java PKI Programmer's Guide" section in Security Developer's Guide:
Support for the nonce extension in OCSP requests can be configured with the system property
jdk.security.certpath.ocspNonce. It is disabled by default, and can be enabled by setting it to the value
true. If set to true, the JDK implementation of
PKIXRevocationChecker includes a Nonce extension containing a 16 byte nonce with each OCSP request.