webMethods

 View Only
Expand all | Collapse all

Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

  • 1.  Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

    Posted Tue May 07, 2024 03:01 AM

    Hello,

    I am using nClient library to connect to Universal Messaging Realm, using SSL protocol, but I am getting error that fSSLSocketDriver in method createSocket calls javax deprecated method getPeerCertificateChain

    Caused by: java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
    at java.base/javax.net.ssl.SSLSession.getPeerCertificateChain(SSLSession.java:295)
    at com.pcbsys.foundation.drivers.fSSLSocketDriver.createSocket(fSSLSocketDriver.java:131)
    
    Caused by: java.io.IOException: java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
    at com.pcbsys.foundation.drivers.fSSLSocketDriver.createSocket(fSSLSocketDriver.java:145)
    at com.pcbsys.foundation.drivers.fSocketDriver.init(fSocketDriver.java:60)
    at com.pcbsys.foundation.drivers.fSSLSocketDriver.<init>(fSSLSocketDriver.java:66)
    at com.pcbsys.foundation.drivers.fDriverFactory.attemptConnection(fDriverFactory.java:290)
    ... 10 more
    

    We switched to Java 17 and this problem occurs. Is there any solution for that ? Our code looks like this:

    	nRealm umServerRealm = new nRealm(serverRealmName, connections);
    nSessionAttributes sessionAttributes = new nSessionAttributes(umServerRealm);
    sessionAttributes.setName(clientId + "_" + pidHost);
    sessionAttributes.setKeystore(keyStore, Decode.decrypt(encryptedPass));
    sessionAttributes.setTruststore(trustStore, null);
    nSessionFactory.create(sessionAttributes, new UMReconnectHandler(), umUser, Decode.decrypt(umPass));
    

    Thank you for any answer,

    Peter


    #API-Management
    #API-Gateway
    #Universal-Messaging-Broker
    #webMethods
    #ssl


  • 2.  RE: Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

    Posted Tue May 07, 2024 07:36 AM

    Hi Peter,

    I am not sure if there is already a Fix available for this, but you should check this with UpdateManager.
    Which version of UM are talking about?

    If you cannot find an appropriate Fix for this, please open a Support Ticket with SAG to get this sorted out.

    In general, it is not recommended to change JVM version for SAG installation when it is not deliverd with an official SAG Fix to avoid compatibility issues like this one.

    Regards,
    Holger


    #Universal-Messaging-Broker
    #API-Gateway
    #webMethods
    #API-Management
    #ssl


  • 3.  RE: Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

    Posted Tue May 07, 2024 08:29 AM

    Hello Holger,

    thank you for answering, we have latest UM 10.15, and JVM is 11. So I will try to downgrade client application to JVM 11 also and check whether this deprecated function getPeerCertificateChain is available there.


    #API-Management
    #API-Gateway
    #Universal-Messaging-Broker
    #ssl
    #webMethods


  • 4.  RE: Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

    Posted Tue May 07, 2024 09:11 AM

    Ok, it seems Java 17 is not yet supported, under java 11 it worked. I am closing ticket.


    #API-Management
    #Universal-Messaging-Broker
    #webMethods
    #API-Gateway
    #ssl


  • 5.  RE: Universal Messaging SSL with Java 17 calling deprecated getPeerCertificateChain javax method

    Posted Tue May 07, 2024 11:35 AM

    I would connect um server through integration server, instead of using the library. They are implementing them backwards compatible now but it is still a dependency. It may make your upgrade project a living nightmare if it doesn’t support a version you are upgrading. Even if it is backwards compatible now, the software life cycle may outlive the library itself. You may not even find the responsible teams several years after this implementation. If you wrap ip up with a web service, all you need to upgrade is the web service.


    #API-Gateway
    #ssl
    #API-Management
    #webMethods
    #Universal-Messaging-Broker