fix: replace deprecated X509Certificate.getSubjectDN() and getIssuerDN()

itsmohitnarayan · Copilot · itsmohitnarayan · commit 55efd62c5e28 · 2026-04-03T13:18:42.000+05:30
Replace deprecated methods with their X500Principal equivalents: - getSubjectDN() → getSubjectX500Principal() - getIssuerDN() → getIssuerX500Principal() Both deprecated methods have implementation-dependent behavior, while X500Principal provides well-defined RFC 2253 output via getName(). Fixes #3282 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
diff --git a/clients/src/main/java/org/apache/kafka/common/security/ssl/CommonNameLoggingTrustManagerFactoryWrapper.java b/clients/src/main/java/org/apache/kafka/common/security/ssl/CommonNameLoggingTrustManagerFactoryWrapper.java
@@ -29,7 +29,7 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.Principal;
+
 import java.security.PublicKey;
 import java.security.SignatureException;
 import java.security.cert.CertificateEncodingException;
@@ -321,8 +321,8 @@ public int getBasicConstraints() {
         }
 
         @Override
-        public Principal getIssuerDN() {
-            return this.origCertificate.getIssuerDN();
+        public X500Principal getIssuerDN() {
+            return this.origCertificate.getIssuerX500Principal();
         }
 
         @Override
@@ -371,8 +371,8 @@ public byte[] getSignature() {
         }
 
         @Override
-        public Principal getSubjectDN() {
-            return this.origCertificate.getSubjectDN();
+        public X500Principal getSubjectDN() {
+            return this.origCertificate.getSubjectX500Principal();
         }
 
         @Override
