From ac5265e4d34bdbf52a9546663c1814ece2cc9a9b Mon Sep 17 00:00:00 2001 From: tknall Date: Tue, 20 Mar 2007 10:09:01 +0000 Subject: minor improvements (e.g. ldap timeout) git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@60 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 26 +++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java index f27f549..2ba802d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -8,19 +8,29 @@ import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; +import org.apache.log4j.Logger; + public final class LDAPClientImpl implements LDAPClient { // constants protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber"; private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); + private static final long TIME_ON_BLACKLIST_IN_SECONDS = 300; // block failed urls for 5 min + private static final int READ_TIMEOUT = 15; + private static final int CONNECTION_TIMEOUT = 15; + + private Logger log = Logger.getLogger(getClass()); + // fields private URL url; private String serialNumberAttrName; + private long timeStampForBlackList; // constructors protected LDAPClientImpl() { this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER); + this.timeStampForBlackList = 0; } protected LDAPClientImpl(URL url) { @@ -94,11 +104,22 @@ public final class LDAPClientImpl implements LDAPClient { } X509Certificate[] certs = new X509Certificate[] { }; + + long now = System.currentTimeMillis(); + if (this.timeStampForBlackList + TIME_ON_BLACKLIST_IN_SECONDS * 1000 >= now) { + long remaining = TIME_ON_BLACKLIST_IN_SECONDS - ((now - this.timeStampForBlackList) / 1000); + log.warn("LDAP connections to URL \"" + this.getUrl().toString() + "\" are blocked for " + remaining + " (" + TIME_ON_BLACKLIST_IN_SECONDS + ") seconds due to previous errors."); + return certs; + } + LdapURLConnection ldapURLConnection = null; try { this.validateData(); ldapURLConnection = (LdapURLConnection) this.url.openConnection(); - + log.debug("Setting timeout for LDAPClient: connection timeout = " + CONNECTION_TIMEOUT + " seconds, read timeout = " + READ_TIMEOUT + " seconds."); + ldapURLConnection.setReadTimeout(READ_TIMEOUT * 1000); + ldapURLConnection.setConnectTimeout(CONNECTION_TIMEOUT * 1000); + // search for end enity certificates ldapURLConnection.setRequestProperty( LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION, @@ -118,8 +139,11 @@ public final class LDAPClientImpl implements LDAPClient { ); // connect to the ldap server an read results + log.debug("Connecting to \"" + this.url.toString() + "\"..."); certs = (X509Certificate[]) ldapURLConnection.getContent(); } catch (IOException e) { + this.timeStampForBlackList = System.currentTimeMillis(); + log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds."); throw new LDAPException(e); } finally { if (ldapURLConnection != null) { -- cgit v1.2.3