Upgrade Play 2.9.0 and drop Java 8

[sentenza]

sun.security.x509.

This Play doc](https://www.playframework.com/documentation/2.9.x/Migration29#Generation-of-Self-Signed-Certificates-Fails-in-Java-17-and-Java-21) explains why we get the error in pipelines.

In fact, we set the https.port only in staging and so on, but we do not have any valid certificate.

In the process of binding an HTTPS port, Play typically generates a self-signed certificate as a default procedure. However, when using Java 17, this operation may lead to the following exception:

java.lang.IllegalAccessError: class com.typesafe.sslconfig.ssl.FakeKeyStore$ 
(in unnamed module @0x68c8dd0e) 
cannot access class sun.security.x509.X509CertInfo (in module java.base) 
because module java.base does not export sun.security.x509 to unnamed 
module @0x68c8dd0e (FakeKeyStore.scala:89)
com.typesafe.sslconfig.ssl.FakeKeyStore$.createSelfSignedCertificate(...

To solve this issue in production/staging we have to export a specific var:

    export JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS --add-exports=java.base/sun.security.x509=ALL-UNNAMED";

[sentenza]

@mkurz @ihostage Do you know how to solve the following error?

java.lang.IllegalArgumentException: GrpcClientSettings requires a server endpoint with ssl, but non provided (JavaAkkaGrpcClientHelpers.java:66)

[ihostage]

Hi, @sentenza!

@mkurz @ihostage Do you know how to solve the following error?

No, I haven't seen that yet 🤷‍♂️ I'll look this, but only when we will have released a 0.9.2 which is compatible with Play 2.8.x.

[sentenza]

The exception that is blocking tests for JDK 11 right now is:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This blog post describes this kind of errors.

As pointed out in this comment it should be also possible to avoid any check on SSL certs but I don't see where to put this kind of configuration in this project:

ws.acceptAnyCertificate = true play.ws.ssl.loose.acceptAnyCertificate = true

[mkurz]

Rebased etc, will try to make this working asap.

[mkurz]

@sentenza It seems you force pushed this branch which overrides changes that we had merged in the main branch already (and my rebase with fixed conflicts yesterday). I fixed that now and force pushed myself again, so we should have a clean state now. Can you do me a favor and make sure you are up to date locally? Fetch the changes and then when on your upgrade-play28 branch please run git reset --hard origin/upgrade-play28, if origin refers to the the remote of your github fork, should be like this:

$ git remote -v
origin        git@github.com:sentenza/play-grpc.git (fetch)
origin        git@github.com:sentenza/play-grpc.git (push)

[sentenza]

@sentenza It seems you force pushed this branch which overrides changes that we had merged in the main branch already (and my rebase with fixed conflicts yesterday). I fixed that now and force pushed myself again, so we should have a clean state now.

@mkurz I've double checked and the problem was generated by my previous pull strategy (ff). After switching to git config pull.rebase true this issue is gone. My remotes were already correct.

[mkurz]

Depends on

• https://github.com/playframework/scalatestplus-play/pull/479

[sentenza]

@mkurz I would have preferred to see my changes as well, but anyway thank you for solving the issues.

[sentenza]

@mkurz are you going to publish a new version targeting Play 2.9?

[ihostage]

@mkurz are you going to publish a new version targeting Play 2.9?

I think we should try to support Scala 3 before release a new version.

[mkurz]

@mkurz I would have preferred to see my changes as well, but anyway thank you for solving the issues.

Sorry, I was working on it since yesterday and diffed to your branch some things were similiar but I had already commited more locally. To save time I just pushed for now instead of reverting some of your changes that weren't necessary and to safe time solving conflicts. Usually I don't do that, just now I wanted to move on quickly.

@mkurz are you going to publish a new version targeting Play 2.9?

Actually it would be nice if we could cross compile to Scala 3 first... I started a PR for this. I will branch off a 0.11.x branch that will be for Play 2.9, the Pekko PR we can merge on main and then on top try to get Scala 3 working, because it is hard to get it working with 2.9 because akka-http 10.2 is not published for Scala 3, so this is more cumbersome. Once we have Scala 3 working in the main branch (on top of Pekko), we can backport the relevant Scala 3 changes to the 0.11.x branch and then figure out how to get things working with the old akka-http artifacts (probably using the cross(CrossVersion.for3Use2_13) workaround in some places.