this.certChain = certs!=null ? Arrays.asList(certs).toArray(new X509Certificate[0]) : null;
this.nonce = new byte[16];
{
final Hashtable exts = new Hashtable();
final SecureRandom randomSource = SecureRandom.getInstance("SHA1PRNG");
randomSource.nextBytes(nonce);
final X509Extension nonceext = new X509Extension(false, new DEROctetString(nonce));
exts.put(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, nonceext);
// Don't bother adding Unid extension if we are not using client authentication
if ( getfnr ) {
X509Extension ext = new X509Extension(false, new DEROctetString(new FnrFromUnidExtension("1")));