[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #QYQ-606991]: No longer able to access data on your server

Greetings Justin,

I believe this part of the stacktrace is key:

> Caused by: java.security.InvalidKeyException: No installed provider supports 
> this key:
> sun.security.rsa.RSAPublicKeyImpl

That seems to indicate that the version of Java that matlab is using, or 
another library included with matlab, is unable to connect to our site using 
https. We've recently removed some older, insecure cryptographic protocols, 
which matlab may have been relying upon for secure communication. Note that we 
do not require any special keys, passwords, etc., and our certificate is issued 
by a widely use certificate authority. The issue seems to be purely associated 
with the java environment used by your installation of matlab.

Cheers,

Sean

> Hi Sean,
> 
> What exactly do you mean by "abuse the service to the point of causing the 
> machine to be inaccessible?"
> 
> As for what my IP address is, I'm on a dhcp network so it's different all the 
> time. Plus, I don't know what you would be seeing my IP address to be since 
> it's not static.  Perhaps the issue needs to be discussed with Opendap as 
> it's there data url I'm trying to use. If you go to this link:
> 
> https://thredds.ucar.edu/thredds/dodsC/grib/NCEP/WW3/Global/WW3_Global_20191107_0000.grib2.html
> 
> I use the data URL found there to access the data using a NCTOOLBOX function 
> in MATLAB e.g.  ncgeodataset(url)
> 
> Does this mean anything to you?  When I try to open it, I get this stack 
> trace:
> 
> javax.net.ssl.SSLException: Server key
> at sun.security.ssl.Handshaker.throwSSLException(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
> at sun.security.ssl.AppOutputStream.write(Unknown Source)
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> at java.io.BufferedOutputStream.flush(Unknown Source)
> at 
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at 
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
> at 
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at 
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at 
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at 
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> at ucar.nc2.util.net.HTTPMethod.execute(HTTPMethod.java:284)
> at ucar.nc2.dataset.NetcdfDataset.checkIfDods(NetcdfDataset.java:762)
> at ucar.nc2.dataset.NetcdfDataset.disambiguateHttp(NetcdfDataset.java:713)
> at ucar.nc2.dataset.NetcdfDataset.openOrAcquireFile(NetcdfDataset.java:674)
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:424)
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:407)
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:392)
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:379)
> Caused by: java.security.InvalidKeyException: No installed provider supports 
> this key: sun.security.rsa.RSAPublicKeyImpl
> at java.security.Signature$Delegate.chooseProvider(Unknown Source)
> at java.security.Signature$Delegate.engineInitVerify(Unknown Source)
> at java.security.Signature.initVerify(Unknown Source)
> at sun.security.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(Unknown 
> Source)
> ... 25 more
> Error using ncdataset (line 97)
> Failed to open 
> https://thredds.ucar.edu/thredds/dodsC/grib/NCEP/WW3/Global/WW3_Global_20191107_0000.grib2
> 
> Error in cfdataset (line 59)
> obj = obj@ncdataset(url);
> 
> Error in ncgeodataset (line 74)
> obj = obj@cfdataset(url);
> 
> Error in swhFromNetCdf_NOAA_OpenDAP_30day_NearCast_Single_Output_JBB (line 47)
> nco=ncgeodataset(cell2mat(url(j)));
> 
> Caused by:
> Error using ncdataset (line 81)
> Java exception occurred:
> ucar.nc2.util.net.HTTPException: javax.net.ssl.SSLException: Server key
> 
> at ucar.nc2.util.net.HTTPMethod.execute(HTTPMethod.java:289)
> 
> at ucar.nc2.dataset.NetcdfDataset.checkIfDods(NetcdfDataset.java:762)
> 
> at ucar.nc2.dataset.NetcdfDataset.disambiguateHttp(NetcdfDataset.java:713)
> 
> at ucar.nc2.dataset.NetcdfDataset.openOrAcquireFile(NetcdfDataset.java:674)
> 
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:424)
> 
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:407)
> 
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:392)
> 
> at ucar.nc2.dataset.NetcdfDataset.openDataset(NetcdfDataset.java:379)
> 
> Caused by: javax.net.ssl.SSLException: Server key
> 
> at sun.security.ssl.Handshaker.throwSSLException(Unknown Source)
> 
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> 
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> 
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> 
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> 
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> 
> at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
> 
> at sun.security.ssl.AppOutputStream.write(Unknown Source)
> 
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> 
> at java.io.BufferedOutputStream.flush(Unknown Source)
> 
> at 
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> 
> at
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
> 
> at 
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> 
> at 
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> 
> at 
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> 
> at 
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> 
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> 
> at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> 
> at ucar.nc2.util.net.HTTPMethod.execute(HTTPMethod.java:284)
> 
> ... 7 more
> 
> Caused by: java.security.InvalidKeyException: No installed provider supports 
> this key:
> sun.security.rsa.RSAPublicKeyImpl
> 
> at java.security.Signature$Delegate.chooseProvider(Unknown Source)
> 
> at java.security.Signature$Delegate.engineInitVerify(Unknown Source)
> 
> at java.security.Signature.initVerify(Unknown Source)
> 
> at sun.security.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(Unknown 
> Source)
> 
> ... 25 more
> 
> Now, that wasn't the original error I got. It started with something being 
> wrong with the protocol version, so I upgraded to Java 8., Then the DH Key 
> was wrong so I made some changes to the java.security file and that's got me 
> to this point.
> 
> I don't know if I am being "blocked" from accessing the data because I asked 
> a colleague to try opening the data in MATLAB and he was also unable to.
> 
> Please excuse my forthrightness, I have been trying to solve this issue for a 
> few days now and I'm at my wits end.  I apologize if I was rude.
> 
> Cheers,
> 
> Justin Barrow-Barmak
> 
> -----Original Message-----
> From: Unidata THREDDS Support <address@hidden>
> Sent: Thursday, December 5, 2019 4:32 PM
> To: Justin Barrow-Barmak <address@hidden>
> Cc: address@hidden
> Subject: [THREDDS #QYQ-606991]: No longer able to access data on your server
> 
> Greetings Justin,
> 
> Sorry to disappoint. I'm glad to hear you are familiar with the server and 
> rotation. The length of time you've been using our server did not clearly 
> come through in your email (you pointed to a very specific data file), so I 
> went with the assumption that you may not be familiar. The data are still 
> very much publicly accessible. Occasionally our systems administrators block 
> IPs who abuse the service to the point of causing the machine to be 
> inaccessible, which may or may not be the case here. If you share with me the 
> IP from which you typically make requests I can ask.
> 
> Cheers,
> 
> Sean
> 
> > Hello,
> >
> > I'm disappointed in your response.  The link I shared was an example of the 
> > data i'm attempting to access. It was meant to provide context. I would 
> > like to access data from that dataset regardless of the date.  And, I have 
> > been using the data long enough to understand that its on a rotation.
> >
> > What I'm trying to find out if there is a specific key that is needed
> > to access the data now that it has been moved to a secure server i.e.
> > https
> >
> > This is a fairly recent development. If I'm trying to access the data using 
> > a script in Matlab, what is required to access data from the Thredds 
> > archive now that it is held on an https?
> >
> > Cheers,
> >
> > Justin Barrow-Barmak
> >
> > Get Outlook for Android<https://aka.ms/ghei36>
> >
> > ________________________________
> > From: Unidata THREDDS Support <address@hidden>
> > Sent: Thursday, December 5, 2019 12:43:06 PM
> > To: address@hidden <address@hidden>
> > Cc: address@hidden
> > <address@hidden>
> > Subject: [THREDDS #QYQ-606991]: No longer able to access data on your
> > server
> >
> > Greetings!
> >
> > We maintain a roughly 4 week rolling archive of data on our server for
> > demonstration purposes, and it looks like the particular dataset you
> > are trying to access is no longer within that time window. Here is what we 
> > currently have:
> >
> > https://thredds.ucar.edu/thredds/catalog/grib/NCEP/WW3/Global/catalog.
> > html
> >
> > Cheers,
> >
> > Sean
> >
> > > Hello,
> > >
> > > I have been accessing data made public on your website, but
> > > recently, I am no longer able to read the URL in my matlab code to
> > > access the data found
> > > here:
> > >
> > > https://thredds.ucar.edu/thredds/dodsC/grib/NCEP/WW3/Global/WW3_Glob
> > > al_20191102_0000.grib2.html
> > >
> > > It looks like the data has been moved to a secure server, where up
> > > till now it has been on an http server.  Is there any way to access
> > > the data?  Do I require special permission to access the data? Is this a 
> > > known issue?
> > >
> > > Any information you can provide would be gratefully appreciated.
> > >
> > > Cheers,
> >
> > Ticket Details
> > ===================
> > Ticket ID: QYQ-606991
> > Department: Support THREDDS
> > Priority: Normal
> > Status: Open
> > ===================
> > NOTE: All email exchanges with Unidata User Support are recorded in the 
> > Unidata inquiry tracking system and then made publicly available through 
> > the web.  If you do not want to have your interactions made available in 
> > this way, you must let us know in each email you send to us.
> >
> >
> >
> >
> 
> 
> Ticket Details
> ===================
> Ticket ID: QYQ-606991
> Department: Support THREDDS
> Priority: Normal
> Status: Open
> ===================
> NOTE: All email exchanges with Unidata User Support are recorded in the 
> Unidata inquiry tracking system and then made publicly available through the 
> web.  If you do not want to have your interactions made available in this 
> way, you must let us know in each email you send to us.
> 
> 
> 


Ticket Details
===================
Ticket ID: QYQ-606991
Department: Support THREDDS
Priority: Normal
Status: Open
===================
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata 
inquiry tracking system and then made publicly available through the web.  If 
you do not want to have your interactions made available in this way, you must 
let us know in each email you send to us.