Announcement

Collapse
No announcement yet.

Problem with neowms.sci.gsfc.nasa.gov

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with neowms.sci.gsfc.nasa.gov

    Hi all,
    I observe problems with neowms.sci.gsfc.nasa.gov, probably due to the change from http to https. I changed this protocol in my code, but i can't even get the list of layers (getCapabilities), the waiting cursor goes forever... The github code does not seem to have other changes than the protocol. The online demo (WMS Layer Manager) seems to work but only for some layers (I guess the cache is involved), new tiles when zooming don't come up. It seems it uses https but does not get back images at all...?

    Strangely the following in a browser (this new forum editor doesnt understand links in text?)
    Code:
    https://neo.sci.gsfc.nasa.gov/wms/wms?exceptions=application/vnd.ogc.se_xml&request=GetCapabilities&service=WMS&version=1.3.0
    gives correct info... Problem of timeout ?

    Something broken here, so.
    Thanks to take a look?
    -frenchy

    HTML Code:
    gov.nasa.worldwind.exception.WWRuntimeException: Exception attempting to parse XML https://neowms.sci.gsfc.nasa.gov/wms/wms?exceptions=application/vnd.ogc.se_xml&request=GetCapabilities&service=WMS&version=1.3.0
        at gov.nasa.worldwind.util.WWXML.openEventReaderURL(WWXML.java:447)
        at gov.nasa.worldwind.util.WWXML.openEventReader(WWXML.java:493)
        at gov.nasa.worldwind.util.WWXML.openEventReader(WWXML.java:466)
        at gov.nasa.worldwind.ogc.OGCCapabilities.createReader(OGCCapabilities.java:116)
        at gov.nasa.worldwind.ogc.OGCCapabilities.<init>(OGCCapabilities.java:88)
        at gov.nasa.worldwind.ogc.wms.WMSCapabilities.<init>(WMSCapabilities.java:74)
        at gov.nasa.worldwind.ogc.wms.WMSCapabilities.retrieve(WMSCapabilities.java:48)
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel.load(WMSLayersPanel.java:104)
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel$2.run(WMSLayersPanel.java:91)
        at java.lang.Thread.run(Unknown Source)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at java.net.URL.openStream(Unknown Source)
        at gov.nasa.worldwind.util.WWXML.openEventReaderURL(WWXML.java:443)
        ... 9 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 24 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 30 more
    gov.nasa.worldwind.exception.WWRuntimeException: Exception attempting to parse XML https://neowms.sci.gsfc.nasa.gov/wms/wms?exceptions=application/vnd.ogc.se_xml&request=GetCapabilities&service=WMS&version=1.3.0
        at gov.nasa.worldwind.util.WWXML.openEventReaderURL(WWXML.java:447)
        at gov.nasa.worldwind.util.WWXML.openEventReader(WWXML.java:493)
        at gov.nasa.worldwind.util.WWXML.openEventReader(WWXML.java:466)
        at gov.nasa.worldwind.ogc.OGCCapabilities.createReader(OGCCapabilities.java:116)
        at gov.nasa.worldwind.ogc.OGCCapabilities.<init>(OGCCapabilities.java:88)
        at gov.nasa.worldwind.ogc.wms.WMSCapabilities.<init>(WMSCapabilities.java:74)
        at gov.nasa.worldwind.ogc.wms.WMSCapabilities.retrieve(WMSCapabilities.java:48)
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel.load(WMSLayersPanel.java:104)
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel$2.run(WMSLayersPanel.java:91)
        at java.lang.Thread.run(Unknown Source)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at java.net.URL.openStream(Unknown Source)
        at gov.nasa.worldwind.util.WWXML.openEventReaderURL(WWXML.java:443)
        ... 9 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 24 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 30 more
    java.lang.NullPointerException
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel.load(WMSLayersPanel.java:105)
        at gov.nasa.worldwindx.examples.wms.WMSLayersPanel$2.run(WMSLayersPanel.java:91)
        at java.lang.Thread.run(Unknown Source)
    Last edited by frenchy; 03-16-2017, 11:34 PM. Reason: add error stack

  • #2
    Hey Frenchy,

    Thanks for bringing this up, as you mentioned on heidtmare's thread, I believe the two are related.

    First off, the neowms services aren't controlled by the World Wind development team. I'll be emailing our contact there, but we don't have any direct control of how their service operates or is configured.

    I'm pretty confident I understand why you are seeing this issue now. It looks like the neowms servers now support only https and automatically forward http connections to https (307 redirect). This is a good setup server side, but one small configuration issue is causing the exception in WWJ. If you look at your exception message, you'll see the address is actually slightly different than the one you see in the browser. Java isn't following the initial redirect to the new subdomain. Additionally, in the GetCapabilities document from the neowms, you'll see the OnlineResource for GetMap is an http connection. World Wind parses the GetCapabilities document and uses the endpoint provided in the GetMap OnlineResource for subsequent map requests. So, even if you added the new endpoint (the url your browser got to) WWJ will still attempt to connect via http for retrieving maps because of the GetCapabilities document.

    Now their server looks to be still accepting http connections but forwarding (via a 307 redirect) to the https endpoint. Here arises the problem, the core Java URLConnection class ignores protocol on redirects. If you look at the bug report filed against this, you'll see Sun engineers determined redirects following protocols redirects was a security issue, thus, the connection redirect is ignored and the exception is thrown. As to why the original redirect (neowms to neo) isn't being followed, that is something we need to look into.

    I just tried adding the new neo wms endpoint to the WMSLayerManager example (https://neo.sci.gsfc.nasa.gov/wms/wms). I see the layer list, but when I monitor my network traffic, I see http GetMap connections with redirect responses.

    The team did discuss adding the code to follow redirects but dismissed it, in part, to the decision of the java developers determining it may be a security issue. We've had a number of users comment on changing the code and we will likely discuss it again before another release.

    So, try the new neo endpoint and I'll contact their wms lead and see if I can't get them to update their GetMap endpoints to point to https instead of http.

    Zach
    Zach
    World Wind Team
    https://github.com/NASAWorldWind

    Comment


    • #3
      Thanks Zach for your complete explanation. I understand there not much to do from the client side, and that it will all work when there will be https protocol everywhere, which will be a good thing for security. Maybe your dev team could see the usgs implementation because their servers (mrdata and others) are just ok with https.
      Cheers

      Comment

      Working...
      X