Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8219472

Mark deprecated javax.security.cert APIs with forRemoval=true



    • CSR
    • Resolution: Approved
    • P3
    • 13
    • security-libs
    • None
    • minimal
    •  Low risk as this is a documentation only update.
    • Java API
    • SE



      Propose to mark the javax.security.cert APIs with forRemoval=true.


      JSSE 1.0.x was an un-bundled release that provided JDK 1.2/1.3 with SSL/TLS, and was eventually bundled in JDK 1.4.

      The javax.security.cert APIs were deprecated in JDK 9 but have had the following warning (since 1.4.2) in the description of each class:

      Note: The classes in the package javax.security.cert exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). New applications should instead use the standard Java SE certificate classes located in java.security.cert.

      Since these earlier versions of JSSE are no longer maintained or supported, there is no reason to retain these packages for compatibility and they should be removed in a future release.

      This update will add forRemoval=true to the deprecated javax.security.cert APIs.

      Note that in JDK 9, these APIs were originally marked for removal in JDK 9 but the change was backed out before 9 was released because some external projects needed more time to remove the dependencies. See also JDK-8157712 and CCC-8157712.


      Add forRemoval=true to the Deprecated annotation of the javax.security.cert classes.


      Add forRemoval=true to the Deprecated annotation of classes in the javax.security.cert package. The spec update is almost the same as:

        * @since 1.4
        * @see X509Certificate
        * @deprecated Use the classes in {@code java.security.cert} instead.
      + *      This class is subject to removal in a future version of Java SE.
        * @author Hemma Prafullchandra
      - @Deprecated(since="9")
      + @Deprecated(since="9", forRemoval=true)
        public abstract class Certificate {

      All public classes in the package get updated:

      • Certificate.java
      • CertificateEncodingException.java
      • CertificateException.java
      • CertificateExpiredException.java
      • CertificateNotYetValidException.java
      • CertificateParsingException.java
      • X509Certificate.java

      And the following methods:

      • javax.net.ssl.HandshakeCompletedEvent.getPeerCertificateChain()
      • javax.net.ssl.SSLSession.getPeerCertificateChain()

      Suggested release note

      The javax.security.cert API has been deprecated. The classes in this package should no longer be used. The java.security.cert package contains suitable replacements.


        Issue Links



              xuelei Xuelei Fan
              xuelei Xuelei Fan
              Sean Mullan
              0 Vote for this issue
              1 Start watching this issue