[#2089 ] upgrade bouncycastle

.travis.yml

@@ -2,19 +2,16 @@ sudo: required
 dist: trusty
 language: java
 jdk:
-  - oraclejdk8 
-#before_install:
-#  - cat /etc/hosts # optionally check the content *before*
-#  - sudo hostname "$(hostname | cut -c1-63)"
-#  - sed -e "s/^\\(127\\.0\\.0\\.1.*\\)/\\1 $(hostname | cut -c1-63)/" /etc/hosts | sudo tee /etc/hosts
-#  - sudo mv /tmp/hosts /etc/hosts
-#  - cat /etc/hosts # optionally check the content *after*
+  - oraclejdk8
+install:
+- sudo apt-get install ant-optional
 addons:
   hosts:
     - myshorthost
   hostname: myshorthost
 
-script: ant -buildfile ./framework/build.xml test
+script:
+- ant -buildfile ./framework/build.xml test
 
 after_failure:
     find samples-and-tests -name '*.failed.html' -exec echo {} \; -exec cat {} \;

documentation/manual/production.textile

@@ -189,7 +189,8 @@ bc. # X509 certificates
 certificate.key.file=conf/host.key
 certificate.file=conf/host.cert
 # In case your key file is password protected
-certificate.password=secret
+# certificate.key.file=conf/host.pass.key
+# certificate.password=secret
 trustmanager.algorithm=JKS
 
 If you are using keystore:
@@ -202,8 +203,13 @@ Note that the values above are the default values.
 
 You can generate self-signed certificates using *openssl*: 
 
-bc. openssl genrsa 1024 > host.key
-openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
+bc. openssl genrsa -des3 -passout pass:secret -out host.pass.key 2048
+openssl rsa -passin pass:secret -in host.pass.key -out host.key
+openssl req -new -key host.key -out host.csr -subj '/C=GB/ST=Test State or Province/L=Test Locality/O=Organization Name/OU=Organizational Unit Name/CN=Common Name/emailAddress=test@email.address'
+openssl x509 -req -days 3650 -in host.csr -signkey host.key -out host.cert
+
+note. the first command creates a password-protected-key ('host.pass.key').
+the second command converts/writes the same key ('host.key') without password protection.
 
 If you are using the Java keystore mechanism, then the following properties can be configured in your @application.conf@ file:
 

framework/build.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<project name="play! framework" default="jar" basedir=".">
+<project name="play! framework" default="jar" basedir="." xmlns:if="ant:if" xmlns:unless="ant:unless">
 
     <property name="baseversion" value="1.5.x" />
 
@@ -254,25 +254,33 @@
         <condition property="playExtension" value="">
             <and><os family="unix"/></and>
         </condition>
+        <condition property="pythonExecutable" value="${basedir}/../python/python.exe">
+            <and><os family="windows"/></and>
+        </condition>
+        <condition property="pythonExecutable" value="python">
+            <and><os family="unix"/></and>
+        </condition>
 
         <echo message="Testing unittests" />
 
         <antcall target="unittest" />
 
         <echo message="Testing development lifecycle (wait ...)" />
 
-        <exec executable="python" failonerror="true">
+        <exec executable="${pythonExecutable}" failonerror="true">
             <arg value="${basedir}/../samples-and-tests/i-am-a-developer/tests.py" />
         </exec>
 
-        <exec executable="python" failonerror="true">
+        <exec executable="${pythonExecutable}" failonerror="true">
             <arg value="${basedir}/../samples-and-tests/i-am-a-developer/test_jvm_version_flag.py" />
         </exec>
 
         <echo message="Using ${basedir}/../play${playExtension}" />
 
         <antcall target="play-test">
             <param name="testAppPath" value="${basedir}/../samples-and-tests/just-test-cases"/>
+            <param name="play.user.language" value="-Duser.language=en"/>
+            <param name="play.user.country" value="-Duser.country=US"/>
         </antcall>
 
         <antcall target="play-test">
@@ -322,9 +330,11 @@
 	</antcall>
         <echo message="play auto-test ${testAppPath} (wait)" />
         <exec executable="${basedir}/../play${playExtension}" failonerror="true">
-           <arg value="auto-test"/>
-           <arg value="${testAppPath}"/>
-	</exec>
+            <arg value="auto-test"/>
+            <arg value="${testAppPath}"/>
+            <arg value="${play.user.language}" if:set="play.user.language"/>
+            <arg value="${play.user.country}" if:set="play.user.country"/>
+        </exec>
         <available file="${testAppPath}/test-result/result.passed" property="${testAppPath}testPassed" />
         <fail message="Last test has failed ! (Check results in file://${testAppPath}/test-result)">
             <condition>

framework/dependencies.yml

@@ -42,7 +42,8 @@ require:    &allDependencies
     - oauth.signpost -> signpost-core 1.2.1.2
     - org.apache.geronimo.specs -> geronimo-servlet_2.5_spec 1.2
     - org.apache.ivy -> ivy 2.4.0
-    - org.bouncycastle -> bcprov-jdk15 1.46
+    - org.bouncycastle -> bcprov-jdk15on 1.57
+    - org.bouncycastle -> bcpkix-jdk15on 1.57
     - org.codehaus.groovy -> groovy-all 2.4.11
     - org.eclipse.jdt.core 3.12.3
     - org.hibernate -> hibernate-core 5.2.10.patched

framework/pym/play/commands/autotest.py

@@ -118,15 +118,17 @@ def autotest(app, args):
     if app.readConf('headlessBrowser'):
         headless_browser = app.readConf('headlessBrowser')
 
-    fpcp = [os.path.join(app.play_env["basedir"], 'modules/testrunner/lib/play-testrunner.jar')]
+    fpcp = []
+    fpcp.append(os.path.normpath(os.path.join(app.play_env["basedir"], 'modules/testrunner/conf')))
+    fpcp.append(os.path.join(app.play_env["basedir"], 'modules/testrunner/lib/play-testrunner.jar'))
     fpcp_libs = os.path.join(app.play_env["basedir"], 'modules/testrunner/firephoque')
     for jar in os.listdir(fpcp_libs):
         if jar.endswith('.jar'):
            fpcp.append(os.path.normpath(os.path.join(fpcp_libs, jar)))
     cp_args = ':'.join(fpcp)
     if os.name == 'nt':
-        cp_args = ';'.join(fpcp)    
-    java_cmd = [java_path()] + add_options + ['-classpath', cp_args, '-Dapplication.url=%s://localhost:%s' % (protocol, http_port), '-DheadlessBrowser=%s' % (headless_browser), 'play.modules.testrunner.FirePhoque']
+        cp_args = ';'.join(fpcp)
+    java_cmd = [java_path()] + add_options + ['-Djava.util.logging.config.file=logging.properties', '-classpath', cp_args, '-Dapplication.url=%s://localhost:%s' % (protocol, http_port), '-DheadlessBrowser=%s' % (headless_browser), 'play.modules.testrunner.FirePhoque']
     if protocol == 'https':
         java_cmd.insert(-1, '-Djavax.net.ssl.trustStore=' + app.readConf('keystore.file'))
     try:

framework/src/play/Logger.java

@@ -2,7 +2,10 @@
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URISyntaxException;
 import java.net.URL;
+import java.nio.file.FileSystemNotFoundException;
+import java.nio.file.Paths;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.List;
@@ -70,10 +73,11 @@ public static void init() {
             PropertyConfigurator.configure(shutUp);
         } else if (Logger.log4j == null) {
 
-            if (log4jConf.getFile().indexOf(Play.applicationPath.getAbsolutePath()) == 0) {
-                // The log4j configuration file is located somewhere in the application folder,
-                // so it's probably a custom configuration file
-                configuredManually = true;
+            try {
+                if (Paths.get(log4jConf.toURI()).startsWith(Play.applicationPath.toPath())) {
+                    configuredManually = true;
+                }
+            } catch (IllegalArgumentException | FileSystemNotFoundException | SecurityException | URISyntaxException e) {
             }
             if (isXMLConfig) {
                 DOMConfigurator.configure(log4jConf);

framework/src/play/server/ssl/SslHttpServerContextFactory.java

@@ -1,19 +1,24 @@
 package play.server.ssl;
 
+import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMReader;
-import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
 import play.Logger;
 import play.Play;
 
 import javax.net.ssl.*;
+import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileReader;
 import java.net.Socket;
 import java.security.*;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.Collection;
 import java.util.Properties;
 
 public class SslHttpServerContextFactory {
@@ -84,18 +89,22 @@ public PEMKeyManager() {
             final Properties p = Play.configuration;
             String keyFile = p.getProperty("certificate.key.file", "conf/host.key");
 
-            try (PEMReader keyReader = new PEMReader(new FileReader(Play.getFile(keyFile)), new PEMPasswordFinder())) {
-                key = ((KeyPair) keyReader.readObject()).getPrivate();
-
-                try (PEMReader reader = new PEMReader(new FileReader(Play.getFile(p.getProperty("certificate.file", "conf/host.cert"))))) {
-                    X509Certificate cert;
-                    List<X509Certificate> chainVector = new ArrayList<>();
-
-                    while ((cert = (X509Certificate) reader.readObject()) != null) {
-                        chainVector.add(cert);
-                    }
-                    chain = chainVector.toArray(new X509Certificate[1]);
+            try (PEMParser keyReader = new PEMParser(new FileReader(Play.getFile(keyFile)))) {
+                final Object object = keyReader.readObject();
+                JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
+                final KeyPair keyPair;
+                if (object instanceof PEMEncryptedKeyPair) {
+                    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
+                            .build(Play.configuration.getProperty("certificate.password", "secret").toCharArray());
+                    keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
+                } else {
+                    keyPair = converter.getKeyPair((PEMKeyPair) object);
                 }
+                key = keyPair.getPrivate();
+
+                final File hostCertFile = Play.getFile(p.getProperty("certificate.file", "conf/host.cert"));
+                final Collection collection = new CertificateFactory().engineGenerateCertificates(new FileInputStream(hostCertFile));
+                chain = (X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]);
             } catch (Exception e) {
                 Logger.error(e, "Failed to initialize PEMKeyManager from file %s", keyFile);
             }
@@ -136,12 +145,4 @@ public PrivateKey getPrivateKey(String s) {
             return key;
         }
     }
-
-    private static class PEMPasswordFinder implements PasswordFinder {
-        @Override
-        public char[] getPassword() {
-            return Play.configuration.getProperty("certificate.password", "secret").toCharArray();
-        }
-    }
-
 }

framework/test-src/play/templates/FastTagsTest.java

@@ -1,6 +1,7 @@
 package play.templates;
 
 import groovy.lang.Closure;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import play.mvc.Http;
@@ -18,15 +19,27 @@
 public class FastTagsTest {
 
     private StringWriter out = new StringWriter();
+    final String backupSystemLineBreak = System.getProperty("line.separator");
 
     @Before
     public void setUp() throws Exception {
+        //if you render html into out
+        // and expect results with line breaks
+        // take into account that your tests will fail on other platforms
+        // force line.separator be the same on any platform
+        // or use String.format in expected code with the placeholder '%n' for any expected line separation.
+        System.setProperty("line.separator","\n");
         Http.Response.current.set(new Http.Response());
         Http.Response.current().encoding = "UTF-8";
 
         Scope.Session.current.set(new Scope.Session());
         Scope.Session.current().put("___AT", "1234");
     }
+    @After
+    public void tearDown() throws Exception {
+        // restore line.separator
+        System.setProperty("line.separator", backupSystemLineBreak);
+    }
 
     @Test
     public void _form_simple() throws Exception {

modules/testrunner/conf/logging.properties

@@ -0,0 +1,61 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the INFO and above levels.
+handlers= java.util.logging.ConsoleHandler
+
+# To also add the FileHandler, use the following line instead.
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overriden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to INFO and above.
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+# Example to customize the SimpleFormatter output format
+# to print one-line log message like this:
+#     <level>: <log message> [<date/time>]
+#
+# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+com.gargoylesoftware.htmlunit.DefaultCssErrorHandler = OFF 
+com.gargoylesoftware.htmlunit = OFF 
+org.apache.http.impl.execchain.RetryExec = OFF 

modules/testrunner/src/play/modules/testrunner/FirePhoque.java

@@ -32,9 +32,6 @@ public class FirePhoque {
 
     public static void main(String[] args) throws Exception {
 
-        Logger.getLogger(DefaultCssErrorHandler.class.getName()).setLevel(Level.OFF);
-        Logger.getLogger("com.gargoylesoftware.htmlunit").setLevel(Level.OFF);
-
         String app = System.getProperty("application.url", "http://localhost:9000");
 
         // Tests description