Remove getSubjectDN(), which is deprecated in Java 17

interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java

@@ -2208,7 +2208,7 @@ public abstract class AbstractInteropTest {
     X509Certificate x509cert = (X509Certificate) certificates.get(0);
 
     assertEquals(1, certificates.size());
-    assertEquals(tlsInfo, x509cert.getSubjectDN().toString());
+    assertEquals(tlsInfo, x509cert.getSubjectX500Principal().toString());
   }
 
   protected int operationTimeoutMillis() {

netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java

@@ -198,7 +198,7 @@ public class AdvancedTlsTest {
                   throw new CertificateException("peerCertChain is empty");
                 }
                 X509Certificate leafCert = peerCertChain[0];
-                if (!leafCert.getSubjectDN().getName().contains("testclient")) {
+                if (!leafCert.getSubjectX500Principal().getName().contains("testclient")) {
                   throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
                 }
               }
@@ -210,7 +210,7 @@ public class AdvancedTlsTest {
                   throw new CertificateException("peerCertChain is empty");
                 }
                 X509Certificate leafCert = peerCertChain[0];
-                if (!leafCert.getSubjectDN().getName().contains("testclient")) {
+                if (!leafCert.getSubjectX500Principal().getName().contains("testclient")) {
                   throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
                 }
               }
@@ -237,7 +237,8 @@ public class AdvancedTlsTest {
                   throw new CertificateException("peerCertChain is empty");
                 }
                 X509Certificate leafCert = peerCertChain[0];
-                if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
+                if (!leafCert.getSubjectX500Principal().getName()
+                    .contains("*.test.google.com.au")) {
                   throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
                 }
               }
@@ -249,7 +250,8 @@ public class AdvancedTlsTest {
                   throw new CertificateException("peerCertChain is empty");
                 }
                 X509Certificate leafCert = peerCertChain[0];
-                if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
+                if (!leafCert.getSubjectX500Principal().getName()
+                    .contains("*.test.google.com.au")) {
                   throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
                 }
               }

util/src/test/java/io/grpc/util/CertificateUtilsTest.java

@@ -53,7 +53,7 @@ public class CertificateUtilsTest {
     // Checks some information on the test certificate.
     assertThat(cert[0].getSerialNumber()).isEqualTo(new BigInteger(
         "6c97d344427a93affea089d6855d4ed63dd94f38", 16));
-    assertThat(cert[0].getSubjectDN().getName()).isEqualTo(
+    assertThat(cert[0].getSubjectX500Principal().toString()).isEqualTo(
         "CN=*.test.google.com.au, O=Internet Widgits Pty Ltd, ST=Some-State, C=AU");
   }
 
@@ -74,7 +74,7 @@ public class CertificateUtilsTest {
     // Checks some information on the test certificate.
     assertThat(cert[0].getSerialNumber()).isEqualTo(new BigInteger(
         "5ab3f456f1dccbe2cfe94b9836d88bf600610f9a", 16));
-    assertThat(cert[0].getSubjectDN().getName()).isEqualTo(
+    assertThat(cert[0].getSubjectX500Principal().toString()).isEqualTo(
         "CN=testca, O=Internet Widgits Pty Ltd, ST=Some-State, C=AU");
   }
 

xds/src/main/java/io/grpc/xds/internal/rbac/engine/GrpcAuthorizationEngine.java

@@ -334,10 +334,11 @@ public final class GrpcAuthorizationEngine {
             return Collections.unmodifiableCollection(principalNames);
           }
         }
-        if (cert.getSubjectDN() == null || cert.getSubjectDN().getName() == null) {
+        if (cert.getSubjectX500Principal() == null
+            || cert.getSubjectX500Principal().getName() == null) {
           return Collections.singleton("");
         }
-        return Collections.singleton(cert.getSubjectDN().getName());
+        return Collections.singleton(cert.getSubjectX500Principal().getName());
       } catch (SSLPeerUnverifiedException | CertificateParsingException ex) {
         log.log(Level.FINE, "Unexpected getPrincipalNames error.", ex);
         return Collections.singleton("");

xds/src/test/java/io/grpc/xds/internal/rbac/engine/GrpcAuthorizationEngineTest.java

@@ -51,13 +51,13 @@ import io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.PolicyMatcher;
 import io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.SourceIpMatcher;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
-import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
+import javax.security.auth.x500.X500Principal;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -279,7 +279,7 @@ public class GrpcAuthorizationEngineTest {
     X509Certificate mockCert = mock(X509Certificate.class);
     when(sslSession.getPeerCertificates()).thenReturn(new X509Certificate[]{mockCert});
     assertThat(engine.evaluate(HEADER, serverCall).decision()).isEqualTo(Action.DENY);
-    when(mockCert.getSubjectDN()).thenReturn(mock(Principal.class));
+    when(mockCert.getSubjectX500Principal()).thenReturn(new X500Principal(""));
     assertThat(engine.evaluate(HEADER, serverCall).decision()).isEqualTo(Action.DENY);
     when(mockCert.getSubjectAlternativeNames()).thenReturn(Arrays.<List<?>>asList(
         Arrays.asList(2, "*.test.google.fr")));