From ac5265e4d34bdbf52a9546663c1814ece2cc9a9b Mon Sep 17 00:00:00 2001 From: tknall Date: Tue, 20 Mar 2007 10:09:01 +0000 Subject: minor improvements (e.g. ldap timeout) git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@60 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 26 +++++++++++++++++++++- .../wag/egov/egiz/ldap/client/LDAPMapping.java | 8 ------- 2 files changed, 25 insertions(+), 9 deletions(-) (limited to 'src/main/java/at/knowcenter/wag/egov') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java index f27f549..2ba802d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -8,19 +8,29 @@ import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; +import org.apache.log4j.Logger; + public final class LDAPClientImpl implements LDAPClient { // constants protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber"; private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); + private static final long TIME_ON_BLACKLIST_IN_SECONDS = 300; // block failed urls for 5 min + private static final int READ_TIMEOUT = 15; + private static final int CONNECTION_TIMEOUT = 15; + + private Logger log = Logger.getLogger(getClass()); + // fields private URL url; private String serialNumberAttrName; + private long timeStampForBlackList; // constructors protected LDAPClientImpl() { this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER); + this.timeStampForBlackList = 0; } protected LDAPClientImpl(URL url) { @@ -94,11 +104,22 @@ public final class LDAPClientImpl implements LDAPClient { } X509Certificate[] certs = new X509Certificate[] { }; + + long now = System.currentTimeMillis(); + if (this.timeStampForBlackList + TIME_ON_BLACKLIST_IN_SECONDS * 1000 >= now) { + long remaining = TIME_ON_BLACKLIST_IN_SECONDS - ((now - this.timeStampForBlackList) / 1000); + log.warn("LDAP connections to URL \"" + this.getUrl().toString() + "\" are blocked for " + remaining + " (" + TIME_ON_BLACKLIST_IN_SECONDS + ") seconds due to previous errors."); + return certs; + } + LdapURLConnection ldapURLConnection = null; try { this.validateData(); ldapURLConnection = (LdapURLConnection) this.url.openConnection(); - + log.debug("Setting timeout for LDAPClient: connection timeout = " + CONNECTION_TIMEOUT + " seconds, read timeout = " + READ_TIMEOUT + " seconds."); + ldapURLConnection.setReadTimeout(READ_TIMEOUT * 1000); + ldapURLConnection.setConnectTimeout(CONNECTION_TIMEOUT * 1000); + // search for end enity certificates ldapURLConnection.setRequestProperty( LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION, @@ -118,8 +139,11 @@ public final class LDAPClientImpl implements LDAPClient { ); // connect to the ldap server an read results + log.debug("Connecting to \"" + this.url.toString() + "\"..."); certs = (X509Certificate[]) ldapURLConnection.getContent(); } catch (IOException e) { + this.timeStampForBlackList = System.currentTimeMillis(); + log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds."); throw new LDAPException(e); } finally { if (ldapURLConnection != null) { diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java index 9fb42b8..d341155 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java @@ -28,8 +28,6 @@ public class LDAPMapping { private URL ldapURL; private String serialNumberAttrName; - private String cachedRFC2253String; - // static initialization static { LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); @@ -38,7 +36,6 @@ public class LDAPMapping { // constructors protected LDAPMapping() { this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER); - this.cachedRFC2253String = null; } public LDAPMapping(Name issuerName, URL ldapURL) { @@ -96,11 +93,6 @@ public class LDAPMapping { throw new NullPointerException("Issuer name must not be null."); } this.issuerName = issuerName; - try { - this.cachedRFC2253String = this.issuerName.getRFC2253String(); - } catch (RFC2253NameParserException e) { - log.warn(e); - } } public void setIssuerName(String issuerNameString) throws LDAPException { -- cgit v1.2.3