aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java26
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java8
2 files changed, 25 insertions, 9 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
index f27f549..2ba802d 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
@@ -8,19 +8,29 @@ import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
+import org.apache.log4j.Logger;
+
public final class LDAPClientImpl implements LDAPClient {
// constants
protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+ private static final long TIME_ON_BLACKLIST_IN_SECONDS = 300; // block failed urls for 5 min
+ private static final int READ_TIMEOUT = 15;
+ private static final int CONNECTION_TIMEOUT = 15;
+
+ private Logger log = Logger.getLogger(getClass());
+
// fields
private URL url;
private String serialNumberAttrName;
+ private long timeStampForBlackList;
// constructors
protected LDAPClientImpl() {
this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ this.timeStampForBlackList = 0;
}
protected LDAPClientImpl(URL url) {
@@ -94,11 +104,22 @@ public final class LDAPClientImpl implements LDAPClient {
}
X509Certificate[] certs = new X509Certificate[] { };
+
+ long now = System.currentTimeMillis();
+ if (this.timeStampForBlackList + TIME_ON_BLACKLIST_IN_SECONDS * 1000 >= now) {
+ long remaining = TIME_ON_BLACKLIST_IN_SECONDS - ((now - this.timeStampForBlackList) / 1000);
+ log.warn("LDAP connections to URL \"" + this.getUrl().toString() + "\" are blocked for " + remaining + " (" + TIME_ON_BLACKLIST_IN_SECONDS + ") seconds due to previous errors.");
+ return certs;
+ }
+
LdapURLConnection ldapURLConnection = null;
try {
this.validateData();
ldapURLConnection = (LdapURLConnection) this.url.openConnection();
-
+ log.debug("Setting timeout for LDAPClient: connection timeout = " + CONNECTION_TIMEOUT + " seconds, read timeout = " + READ_TIMEOUT + " seconds.");
+ ldapURLConnection.setReadTimeout(READ_TIMEOUT * 1000);
+ ldapURLConnection.setConnectTimeout(CONNECTION_TIMEOUT * 1000);
+
// search for end enity certificates
ldapURLConnection.setRequestProperty(
LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
@@ -118,8 +139,11 @@ public final class LDAPClientImpl implements LDAPClient {
);
// connect to the ldap server an read results
+ log.debug("Connecting to \"" + this.url.toString() + "\"...");
certs = (X509Certificate[]) ldapURLConnection.getContent();
} catch (IOException e) {
+ this.timeStampForBlackList = System.currentTimeMillis();
+ log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds.");
throw new LDAPException(e);
} finally {
if (ldapURLConnection != null) {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
index 9fb42b8..d341155 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
@@ -28,8 +28,6 @@ public class LDAPMapping {
private URL ldapURL;
private String serialNumberAttrName;
- private String cachedRFC2253String;
-
// static initialization
static {
LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
@@ -38,7 +36,6 @@ public class LDAPMapping {
// constructors
protected LDAPMapping() {
this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
- this.cachedRFC2253String = null;
}
public LDAPMapping(Name issuerName, URL ldapURL) {
@@ -96,11 +93,6 @@ public class LDAPMapping {
throw new NullPointerException("Issuer name must not be null.");
}
this.issuerName = issuerName;
- try {
- this.cachedRFC2253String = this.issuerName.getRFC2253String();
- } catch (RFC2253NameParserException e) {
- log.warn(e);
- }
}
public void setIssuerName(String issuerNameString) throws LDAPException {