Fix deprecated method getSubjectDN() with getSubjectX500Principal()

svenzik · mrts · commit 935f6978385d · 2025-04-07T15:30:01.000+03:00
WE2-960

Signed-off-by: Sven Mitt &lt;svenzik@users.noreply.github.com&gt;
diff --git a/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java b/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
@@ -30,7 +30,7 @@
 public class CertificateNotTrustedException extends AuthTokenException {
 
     public CertificateNotTrustedException(X509Certificate certificate, Throwable e) {
-        super("Certificate " + certificate.getSubjectDN() + " is not trusted", e);
+        super("Certificate " + certificate.getSubjectX500Principal() + " is not trusted", e);
     }
 
 }
diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
@@ -77,7 +77,7 @@ public AuthTokenValidatorBuilder withTrustedCertificateAuthorities(X509Certifica
         if (LOG.isDebugEnabled()) {
             LOG.debug("Trusted intermediate certificate authorities set to {}",
                 configuration.getTrustedCACertificates().stream()
-                    .map(X509Certificate::getSubjectDN)
+                    .map(X509Certificate::getSubjectX500Principal)
                     .collect(Collectors.toList()));
         }
         return this;
diff --git a/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java b/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
@@ -58,7 +58,7 @@ public static void validateHasSigningExtension(X509Certificate certificate) thro
         Objects.requireNonNull(certificate, "certificate");
         try {
             if (certificate.getExtendedKeyUsage() == null || !certificate.getExtendedKeyUsage().contains(OID_OCSP_SIGNING)) {
-                throw new OCSPCertificateException("Certificate " + certificate.getSubjectDN() +
+                throw new OCSPCertificateException("Certificate " + certificate.getSubjectX500Principal() +
                     " does not contain the key usage extension for OCSP response signing");
             }
         } catch (CertificateParsingException e) {

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@`
`30`	`30`	`public class CertificateNotTrustedException extends AuthTokenException {`
`31`	`31`
`32`	`32`	`public CertificateNotTrustedException(X509Certificate certificate, Throwable e) {`
`33`		`- super("Certificate " + certificate.getSubjectDN() + " is not trusted", e);`
	`33`	`+ super("Certificate " + certificate.getSubjectX500Principal() + " is not trusted", e);`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ public AuthTokenValidatorBuilder withTrustedCertificateAuthorities(X509Certifica`
`77`	`77`	`if (LOG.isDebugEnabled()) {`
`78`	`78`	`LOG.debug("Trusted intermediate certificate authorities set to {}",`
`79`	`79`	`configuration.getTrustedCACertificates().stream()`
`80`		`- .map(X509Certificate::getSubjectDN)`
	`80`	`+ .map(X509Certificate::getSubjectX500Principal)`
`81`	`81`	`.collect(Collectors.toList()));`
`82`	`82`	`}`
`83`	`83`	`return this;`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public static void validateHasSigningExtension(X509Certificate certificate) thro`
`58`	`58`	`Objects.requireNonNull(certificate, "certificate");`
`59`	`59`	`try {`
`60`	`60`	`if (certificate.getExtendedKeyUsage() == null \|\| !certificate.getExtendedKeyUsage().contains(OID_OCSP_SIGNING)) {`
`61`		`- throw new OCSPCertificateException("Certificate " + certificate.getSubjectDN() +`
	`61`	`+ throw new OCSPCertificateException("Certificate " + certificate.getSubjectX500Principal() +`
`62`	`62`	`" does not contain the key usage extension for OCSP response signing");`
`63`	`63`	`}`
`64`	`64`	`} catch (CertificateParsingException e) {`