Summary

CommonNameLoggingTrustManagerFactoryWrapper.java in the clients module uses X509Certificate.getSubjectDN() and X509Certificate.getIssuerDN(), both deprecated since JDK 16. The build produces deprecation warnings:

CommonNameLoggingTrustManagerFactoryWrapper.java:374: warning: [deprecation] getSubjectDN() in X509Certificate has been deprecated 
CommonNameLoggingTrustManagerFactoryWrapper.java:375: warning: [deprecation] getSubjectDN() in X509Certificate has been deprecated 
CommonNameLoggingTrustManagerFactoryWrapper.java:324: warning: [deprecation] getIssuerDN() in X509Certificate has been deprecated 
CommonNameLoggingTrustManagerFactoryWrapper.java:325: warning: [deprecation] getIssuerDN() in X509Certificate has been deprecated

Fix

With respect to this: https://bugs.openjdk.org/browse/JDK-4959744, I think we can replace the deprecated methods with their recommended alternatives:
getSubjectDN() -> getSubjectX500Principal()
getIssuerDN() -> getIssuerX500Principal()

Both return X500Principal instead of Principal. The X500Principal class provides a well-defined getName() method with RFC 2253 output, whereas the old getSubjectDN() / getIssuerDN() had implementation-dependent behavior.