Hi,
SNAP supports corporate proxies, but sometimes the proxies have their own self-signed certificates because they intercept the internet traffic going through them. In my case, the self-signed certificate is on the host operating system’s (Windows) certificate manager. I have noticed that all other DEMs are correctly downloaded by operators like AddElevationOp and not affected by the proxy, but Copernicus 30m and 60m downloads fail silently and return just plain zeros or NaNs for the elevation.
My preliminary understanding is that an unhandled SSLHandshakeException is being thrown in the downloadTilesmethod of CopernicusDownloader.java. The exception is swallowed internally and never propagated or logged, and this leads to the method just returning without any user-visible error.
When the self-signed certificate is added to Java’s certificate store with keytool binary, the downloading works. While I don’t think this is necessarily a problem (the user should be able to insert their certs to Java’s cert store), I think the SSLHandshakeExceptionerror should be propagated to the user, because currently there’s no indication at all what went wrong.
The problematic line is here, I suspect: snap-engine/snap-dem/src/main/java/org/esa/snap/dem/dataio/copernicus/CopernicusDownloader.java at 74796bf93ff7f55b3f75d085a3e57fc62c234056 · senbox-org/snap-engine · GitHub
This code can be used as a minimal example:
import java.io.*;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.esa.snap.core.dataop.dem.ElevationModel;
import org.esa.snap.dem.dataio.DEMFactory;
import org.esa.snap.core.datamodel.GeoPos;
import org.esa.snap.dem.dataio.copernicus.CopernicusDownloader;
public class DemTest {
public static void main(String[] args) {
try {
String demName = "Copernicus 90m Global DEM";
String demResamplingMethod = "BILINEAR_INTERPOLATION";
ElevationModel dem = DEMFactory.createElevationModel(demName, demResamplingMethod);
GeoPos geoPos = new GeoPos(62.0, 25.0);
double elevation = dem.getElevation(geoPos);
// behind a proxy using self-signed certificates, returns 0.0 m and doesn't report an error
// normally returns ~130 m
System.out.println("Elevation at lat=62.0, lon=25.0: "
+ elevation + " m");
// mimics the problematic line in CopernicusDownloader.java
// fails with javax.net.ssl.SSLHandshakeException
BufferedInputStream is = new BufferedInputStream(new URL("https://copernicus-dem-30m.s3.eu-central-1.amazonaws.com/Copernicus_DSM_COG_10_S90_00_W172_00_DEM/Copernicus_DSM_COG_10_S90_00_W172_00_DEM.tif").openStream());
} catch (Exception e) {
e.printStackTrace();
}
}
}
Thanks!