search

eclipse-pass / main

Catch all repository against which issues of general, cross cutting topics are logged.
Apache License 2.0
4 stars 8 forks source link

The cert for api.unpaywall.org has expired causing DOI service calls to fail #1061

Closed rpoet-jh closed 1 month ago

rpoet-jh commented 1 month ago

Environment

JHU PROD

Date/time occurred

2024-10-07 8:30PM

Description

Testing with a DOI in PROD, the lookup to get unpaywall manuscripts failed.

Steps to Reproduce

Start a new submission, enter DOI 10.1039/c7an01256j Go through all steps to File screen No manuscript appears, it should

Expected Results

Manuscript should appear for DOI on files screen.

Actual Results

Manuscript doesn't appear

Evidence

I went to https://api.unpaywall.org/v2/ and verified the cert expired tonight.

Error from pass-core log:

08-10-2024 00:42:20.754 [qtp1460298405-141] [pass-core, ] ERROR o.e.p.d.s.ExternalDoiServiceConnector.retrieveMetadata - PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
    at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
    at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
    at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
    at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
    at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
    at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
    at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
    at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
    at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
    at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
    at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
    at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
    at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
    at org.eclipse.pass.doi.service.ExternalDoiServiceConnector.retrieveMetadata(ExternalDoiServiceConnector.java:85)
    at org.eclipse.pass.doi.service.PassDoiServiceController.getUnpaywallMetadata(PassDoiServiceController.java:215)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    ...
    at java.base/java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
    at java.base/sun.security.validator.PKIXValidator.doValidate(Unknown Source)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at java.base/sun.security.validator.Validator.validate(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 170 common frames omitted
Caused by: java.security.cert.CertPathValidatorException: validity check failed
    at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
    at java.base/java.security.cert.CertPathValidator.validate(Unknown Source)
    ... 175 common frames omitted
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Oct 07 23:08:23 UTC 2024
    at java.base/sun.security.x509.CertificateValidity.valid(Unknown Source)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
    at java.base/sun.security.provider.certpath.BasicChecker.verifyValidity(Unknown Source)
    at java.base/sun.security.provider.certpath.BasicChecker.check(Unknown Source)
    ... 180 common frames omitted
08-10-2024 00:42:20.760 [qtp1460298405-141] [pass-core, ] WARN  o.e.p.d.s.PassDoiServiceController.getUnpaywallMetadata - There was an error getting the metadata from Unpaywall for 10.1039/c7an01256j

Estimated Severity

Major

rpoet-jh commented 1 month ago

Send email to unpaywall.org to inform them that the SSL cert has expired. Ticket opened with unpaywall.

rpoet-jh commented 1 month ago

unpaywall.org updated the cert, the issue is now fixed. I confirmed I see the manuscript for the DOI in PROD. I also ran the acceptance tests, and they are now all passing.