ClassCastException in FakeKeyStore.certificateTooWeak

[darabos]

I'm using Play Framework 2.8.7 and I think it pulled in com.typesafe.ssl-config-core_2.12-0.4.2.jar as a dependency. I also have gRPC 1.39.0 if that matters.

On my machine it's fine, but in the Google Cloud Dataproc environment Conscrypt is somehow added to the mix and I get this stack trace:

java.lang.ClassCastException: org.conscrypt.OpenSSLX509Certificate cannot be cast to sun.security.x509.X509CertImpl
        at com.typesafe.sslconfig.ssl.FakeKeyStore.certificateTooWeak(FakeKeyStore.scala:168)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.$anonfun$shouldGenerate$2(FakeKeyStore.scala:151)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.$anonfun$shouldGenerate$2$adapted(FakeKeyStore.scala:151)
        at scala.Option.exists(Option.scala:376)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.$anonfun$shouldGenerate$1(FakeKeyStore.scala:151)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.$anonfun$shouldGenerate$1$adapted(FakeKeyStore.scala:150)
        at scala.collection.Iterator.exists(Iterator.scala:969)
        at scala.collection.Iterator.exists$(Iterator.scala:967)
        at scala.collection.AbstractIterator.exists(Iterator.scala:1431)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.shouldGenerate(FakeKeyStore.scala:150)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.createKeyStore(FakeKeyStore.scala:178)
        at com.typesafe.sslconfig.ssl.FakeKeyStore.keyManagerFactory(FakeKeyStore.scala:217)
        at play.core.server.ssl.DefaultSSLEngineProvider.createSSLContext(DefaultSSLEngineProvider.scala:65)
        at play.core.server.ssl.DefaultSSLEngineProvider.<init>(DefaultSSLEngineProvider.scala:30)

While debugging an earlier issue I found some useful information on the Dataproc environment in grpc/grpc-java#6684 (comment). It's probably not great that I have a "fake" key store either. I'm trying to sort that out.

But the dangerous cast is pretty clearly there in certificateTooWeak().