Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

oethal75 · May 7, 2024, 7:01am

Hello,

I am using nClient library to connect to Universal Messaging Realm, using SSL protocol, but I am getting error that fSSLSocketDriver in method createSocket calls javax deprecated method getPeerCertificateChain

Caused by: java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
        at java.base/javax.net.ssl.SSLSession.getPeerCertificateChain(SSLSession.java:295)
        at com.pcbsys.foundation.drivers.fSSLSocketDriver.createSocket(fSSLSocketDriver.java:131)

Caused by: java.io.IOException: java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
        at com.pcbsys.foundation.drivers.fSSLSocketDriver.createSocket(fSSLSocketDriver.java:145)
        at com.pcbsys.foundation.drivers.fSocketDriver.init(fSocketDriver.java:60)
        at com.pcbsys.foundation.drivers.fSSLSocketDriver.<init>(fSSLSocketDriver.java:66)
        at com.pcbsys.foundation.drivers.fDriverFactory.attemptConnection(fDriverFactory.java:290)
        ... 10 more

We switched to Java 17 and this problem occurs. Is there any solution for that ? Our code looks like this:

	nRealm umServerRealm = new nRealm(serverRealmName, connections);
	nSessionAttributes sessionAttributes = new nSessionAttributes(umServerRealm);
        sessionAttributes.setName(clientId + "_" + pidHost);
	sessionAttributes.setKeystore(keyStore, Decode.decrypt(encryptedPass));
	sessionAttributes.setTruststore(trustStore, null);
	nSessionFactory.create(sessionAttributes, new UMReconnectHandler(), umUser, Decode.decrypt(umPass));

Thank you for any answer,

Peter

Holger_von_Thomsen · May 7, 2024, 11:36am

Hi Peter,

I am not sure if there is already a Fix available for this, but you should check this with UpdateManager.
Which version of UM are talking about?

If you cannot find an appropriate Fix for this, please open a Support Ticket with SAG to get this sorted out.

In general, it is not recommended to change JVM version for SAG installation when it is not deliverd with an official SAG Fix to avoid compatibility issues like this one.

Regards,
Holger

oethal75 · May 7, 2024, 12:28pm

Hello Holger,

thank you for answering, we have latest UM 10.15, and JVM is 11. So I will try to downgrade client application to JVM 11 also and check whether this deprecated function getPeerCertificateChain is available there.

oethal75 · May 7, 2024, 1:11pm

Ok, it seems Java 17 is not yet supported, under java 11 it worked. I am closing ticket.

engin_arlak · May 7, 2024, 3:34pm

I would connect um server through integration server, instead of using the library. They are implementing them backwards compatible now but it is still a dependency. It may make your upgrade project a living nightmare if it doesn’t support a version you are upgrading. Even if it is backwards compatible now, the software life cycle may outlive the library itself. You may not even find the responsible teams several years after this implementation. If you wrap ip up with a web service, all you need to upgrade is the web service.