From ac5265e4d34bdbf52a9546663c1814ece2cc9a9b Mon Sep 17 00:00:00 2001
From: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>
Date: Tue, 20 Mar 2007 10:09:01 +0000
Subject: minor improvements (e.g. ldap timeout)

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@60 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
---
 .../wag/egov/egiz/ldap/client/LDAPClientImpl.java  | 26 +++++++++++++++++++++-
 .../wag/egov/egiz/ldap/client/LDAPMapping.java     |  8 -------
 2 files changed, 25 insertions(+), 9 deletions(-)

(limited to 'src/main/java/at/knowcenter/wag/egov/egiz/ldap')

diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
index f27f549..2ba802d 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
@@ -8,19 +8,29 @@ import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.net.URL;
 
+import org.apache.log4j.Logger;
+
 public final class LDAPClientImpl implements LDAPClient {
 
 	// constants
 	protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER  = "eidCertificateSerialNumber";
 	private   static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
 	
+	private   static final long TIME_ON_BLACKLIST_IN_SECONDS = 300; // block failed urls for 5 min
+	private   static final int  READ_TIMEOUT = 15;
+	private   static final int  CONNECTION_TIMEOUT = 15;
+	
+	private Logger log = Logger.getLogger(getClass());
+	
 	//	fields
 	private URL url;
 	private String serialNumberAttrName;
+	private long timeStampForBlackList;
 	
 	// constructors
 	protected LDAPClientImpl() {
 		this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+		this.timeStampForBlackList = 0;
 	}
 	
 	protected LDAPClientImpl(URL url) {
@@ -94,11 +104,22 @@ public final class LDAPClientImpl implements LDAPClient {
 		}
 		
 		X509Certificate[] certs = new X509Certificate[] { };
+
+		long now = System.currentTimeMillis();  
+		if (this.timeStampForBlackList + TIME_ON_BLACKLIST_IN_SECONDS * 1000 >= now) {
+			long remaining = TIME_ON_BLACKLIST_IN_SECONDS - ((now - this.timeStampForBlackList) / 1000);
+			log.warn("LDAP connections to URL \"" + this.getUrl().toString() + "\" are blocked for " + remaining + " (" + TIME_ON_BLACKLIST_IN_SECONDS + ") seconds due to previous errors.");
+			return certs;
+		}
+		
 		LdapURLConnection ldapURLConnection = null;
 		try {
 			this.validateData();
 			ldapURLConnection = (LdapURLConnection) this.url.openConnection();
-
+			log.debug("Setting timeout for LDAPClient: connection timeout = " + CONNECTION_TIMEOUT + " seconds, read timeout = " + READ_TIMEOUT + " seconds.");
+			ldapURLConnection.setReadTimeout(READ_TIMEOUT * 1000);
+			ldapURLConnection.setConnectTimeout(CONNECTION_TIMEOUT * 1000);
+			
 			// search for end enity certificates
 			ldapURLConnection.setRequestProperty(
 					LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
@@ -118,8 +139,11 @@ public final class LDAPClientImpl implements LDAPClient {
 			);
 			
 			//	connect to the ldap server an read results
+			log.debug("Connecting to \"" + this.url.toString() + "\"...");
 			certs = (X509Certificate[]) ldapURLConnection.getContent();
 		} catch (IOException e) {
+			this.timeStampForBlackList = System.currentTimeMillis();
+			log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds.");
 			throw new LDAPException(e);
 		} finally {
 			if (ldapURLConnection != null) {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
index 9fb42b8..d341155 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
@@ -28,8 +28,6 @@ public class LDAPMapping {
 	private URL ldapURL;
 	private String serialNumberAttrName;
 	
-	private String cachedRFC2253String;
-	
 	// static initialization
 	static {
 		LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
@@ -38,7 +36,6 @@ public class LDAPMapping {
 	// constructors
 	protected LDAPMapping() {
 		this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
-		this.cachedRFC2253String = null;
 	}
 	
 	public LDAPMapping(Name issuerName, URL ldapURL) {
@@ -96,11 +93,6 @@ public class LDAPMapping {
 			throw new NullPointerException("Issuer name must not be null.");
 		}
 		this.issuerName = issuerName;
-		try {
-			this.cachedRFC2253String = this.issuerName.getRFC2253String();
-		} catch (RFC2253NameParserException e) {
-			log.warn(e);
-		}
 	}
 
 	public void setIssuerName(String issuerNameString) throws LDAPException {
-- 
cgit v1.2.3