Efforts have been done in the OpenJDK project to remove the long deprecated-for-removal classes in the package javax.security.cert. These classes were introduced for backwards compatibility concerns with the unbundled JSSE release for JDK 1.2/1.3, but their use have been discouraged since they were introduced.

It would be good to update Undertow to not depend on / use these archaic APIs.

See https://bugs.openjdk.org/browse/JDK-8227024 and the corresponding CSR https://bugs.openjdk.org/browse/JDK-8227395

Changes:

Remove SSLSessionInfo.getPeerCertificateChain and its overrides in BasicSSLSessionInfo, ConnectionSSLSessionInfo and Http2SslSessionInfo
Remove a catch of javax.security.cert.CertificateException in AjpRequestParseState.createSslSessionInfo
Remove the util method Certificates.toPem which takes javax.security.cert.X509Certificate as parameter and seems unused
SNISSLEngine.InitalState overrides SSLEngine.getHandshakeSession and returns a custom, mostly no-op SSLSession. Since getHandshakeSession does not seem to be called, I opted to simply remove this override and the custom SSLSession implementation. This way we also don't need to implement SSLSession.getPeerCertificateChain which returns javax.security.cert.X509Certificate[]. Please advice if this override actually has a purpose and we'll need to maintain it somehow.